PERFORCE change 121047 for review
Zhouyi ZHOU
zhouzhouyi at FreeBSD.org
Wed Jun 6 09:05:28 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=121047
Change 121047 by zhouzhouyi at zhouzhouyi_mactest on 2007/06/06 09:05:04
Because mac/mls itself forbid the redirection of stderr, I use a tmp file to store the
result of stderr and stdout
Affected files ...
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/macproc.c#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/misc.sh#2 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/signal/00.t#2 edit
Differences ...
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/macproc.c#2 (text+ko) ====
@@ -59,10 +59,11 @@
fprintf(stderr, "Usage: <option(s)> \n");
fprintf(stderr, "\
- -w seconds Wait for n seconds before exits\n");
+ -w seconds Wait for n seconds before exits\n\
+ -f pidfile The pid file should be written to\n");
exit(1);
}
-const char *pid_file="pidfile";
+char *pid_file = NULL;
struct pidfh *pfh = NULL;
@@ -75,7 +76,7 @@
struct timeval begin,loop;
pid_t otherpid;
- while ((ch = getopt(argc, argv, "w:")) != -1) {
+ while ((ch = getopt(argc, argv, "w:f:")) != -1) {
switch(ch) {
case 'w':
seconds = (long)strtol(optarg, &endp, 0);
@@ -85,6 +86,9 @@
exit(1);
}
break;
+ case 'f':
+ pid_file = optarg;
+ break;
default:
usage();
}
@@ -97,6 +101,11 @@
usage();
}
+ if (pid_file == NULL){
+ fprintf(stderr, "must supply pid file\n");
+ usage();
+ }
+
gettimeofday(&begin, (struct timezone *)NULL);
pfh = pidfile_open(pid_file, 0600, &otherpid);
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/misc.sh#2 (text+ko) ====
@@ -3,6 +3,8 @@
ntest=1
pid=0
pid_file="`pwd`/pidfile"
+tmp_file="`pwd`/tmp"
+
echo ${dir} | egrep '^/' >/dev/null 2>&1
if [ $? -eq 0 ]; then
@@ -14,21 +16,21 @@
macproc="${maindir}/macproc"
. ${maindir}/tests/conf
-maccmdnotexpect()
+maccmdnotexpectanyerror()
{
- e="${1}"
- shift
m="${1}"
shift
c="${1}"
shift
- r=`setpmac ${m} ${c} $* 2>&1`
- echo ${r}|egrep ${e} >/dev/null 2>&1
- if [ $? -eq 0 ]; then
+# r=`setpmac ${m} ${c} $* 2>&1`
+ setpmac ${m} ${c} $* 2>${tmp_file} 1>>${tmp_file}
+ r=`cat ${tmp_file}`
+ if [ ${#r} -eq 0 ]; then
+ echo "ok ${ntest}"
+ else
echo ${r}
echo "not ok ${ntest}"
- else
- echo "ok ${ntest}"
+ exit
fi
ntest=`expr $ntest + 1`
}
@@ -41,12 +43,16 @@
shift
c="${1}"
shift
- r=`setpmac ${m} ${c} $* 2>&1`
- echo ${r}|egrep ${e} >/dev/null 2>&1
+# r=`setpmac ${m} ${c} $* 2>&1`
+ setpmac ${m} ${c} $* 2>${tmp_file} 1>>${tmp_file}
+ setfmac mls/equal ${tmp_file}
+ r=`cat ${tmp_file}`
+ echo ${r}|egrep "${e}" >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo "ok ${ntest}"
else
echo "not ok ${ntest}"
+ exit
fi
ntest=`expr $ntest + 1`
}
==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/zhouzhouyi_mactest_soc/tests/signal/00.t#2 (text+ko) ====
@@ -6,17 +6,29 @@
dir=`dirname $0`
. ${dir}/../misc.sh
+#following test case is to show, when subject's effective mls level does not dominate
+#object's effective mls level, a ESRCH is returned when signaling
+t=`sysctl security.mac.mls.enabled=0`
+maccmdnotexpectanyerror "mls/3(2-7)" ${macproc} -w 20 -f "${pid_file}"
+getmacprocpid
+t=`sysctl security.mac.mls.enabled=1`
+maccmdexpect "No such process" "mls/low" kill ${pid}
+maccmdnotexpectanyerror "mls/3(2-7)" kill ${pid}
+t=`sysctl security.mac.mls.enabled=0`
+rm ${pid_file}
+rm ${tmp_file}
-
-maccmdnotexpect "Invalid" "mls/3(2-7)" ${macproc} -w 20
-#not expect Invalide argument
+#following test case is to show, when object's effective mls level does not dominate
+#subject's effective mls level, a EACCES is returned when signaling
t=`sysctl security.mac.mls.enabled=0`
+maccmdnotexpectanyerror "mls/low(low-high)" ${macproc} -w 20 -f "${pid_file}"
getmacprocpid
t=`sysctl security.mac.mls.enabled=1`
-maccmdexpect "No" "mls/low" kill ${pid}
-#expect No such process
-maccmdnotexpect "No" "mls/3(2-7)" kill ${pid}
-#not expect No such process
+maccmdexpect "Permission denied" "mls/3(2-7)" kill ${pid}
+maccmdnotexpectanyerror "mls/low(low-high)" kill ${pid}
+t=`sysctl security.mac.mls.enabled=0`
+rm ${pid_file}
+rm ${tmp_file}
More information about the p4-projects
mailing list