On 8/25/2023 8:01 AM, Mickaël Salaün wrote: > These tests look good! > > I suggested other tests to add in my previous emails. Some of the tests you've suggested will be very difficult to implement in the face of varying LSM configurations. I need to defer them until a later date. > I'd suggest to re-run clang-format -i on them though. I assume you're recommending a set of options to clang-format beyond just "-i". The result of clang-format -i by itself is horrific. > > On Wed, Aug 02, 2023 at 10:44:34AM -0700, Casey Schaufler wrote: >> Add selftests for the three system calls supporting the LSM >> infrastructure. This set of tests is limited by the differences >> in access policy enforced by the existing security modules. >> >> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx> >> --- >> MAINTAINERS | 1 + >> tools/testing/selftests/Makefile | 1 + >> tools/testing/selftests/lsm/Makefile | 19 ++ >> tools/testing/selftests/lsm/common.c | 81 ++++++ >> tools/testing/selftests/lsm/common.h | 33 +++ >> tools/testing/selftests/lsm/config | 3 + >> .../selftests/lsm/lsm_get_self_attr_test.c | 240 ++++++++++++++++++ >> .../selftests/lsm/lsm_list_modules_test.c | 140 ++++++++++ >> .../selftests/lsm/lsm_set_self_attr_test.c | 74 ++++++ >> 9 files changed, 592 insertions(+) >> create mode 100644 tools/testing/selftests/lsm/Makefile >> create mode 100644 tools/testing/selftests/lsm/common.c >> create mode 100644 tools/testing/selftests/lsm/common.h >> create mode 100644 tools/testing/selftests/lsm/config >> create mode 100644 tools/testing/selftests/lsm/lsm_get_self_attr_test.c >> create mode 100644 tools/testing/selftests/lsm/lsm_list_modules_test.c >> create mode 100644 tools/testing/selftests/lsm/lsm_set_self_attr_test.c >> >> diff --git a/MAINTAINERS b/MAINTAINERS >> index aca4db11dd02..c96f1c388d22 100644 >> --- a/MAINTAINERS >> +++ b/MAINTAINERS >> @@ -19158,6 +19158,7 @@ W: http://kernsec.org/ >> T: git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm.git >> F: include/uapi/linux/lsm.h >> F: security/ >> +F: tools/testing/selftests/lsm/ >> X: security/selinux/ >> >> SELINUX SECURITY MODULE >> diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile >> index 666b56f22a41..bde7c217b23f 100644 >> --- a/tools/testing/selftests/Makefile >> +++ b/tools/testing/selftests/Makefile >> @@ -39,6 +39,7 @@ TARGETS += landlock >> TARGETS += lib >> TARGETS += livepatch >> TARGETS += lkdtm >> +TARGETS += lsm >> TARGETS += membarrier >> TARGETS += memfd >> TARGETS += memory-hotplug >> diff --git a/tools/testing/selftests/lsm/Makefile b/tools/testing/selftests/lsm/Makefile >> new file mode 100644 >> index 000000000000..bae6c1e3bba4 >> --- /dev/null >> +++ b/tools/testing/selftests/lsm/Makefile >> @@ -0,0 +1,19 @@ >> +# SPDX-License-Identifier: GPL-2.0 >> +# >> +# First run: make -C ../../../.. headers_install >> + >> +CFLAGS += -Wall -O2 $(KHDR_INCLUDES) >> +LOCAL_HDRS += common.h >> + >> +TEST_GEN_PROGS := lsm_get_self_attr_test lsm_list_modules_test \ >> + lsm_set_self_attr_test >> + >> +include ../lib.mk >> + >> +$(TEST_GEN_PROGS): > This target can be removed. > >> + >> +$(OUTPUT)/lsm_get_self_attr_test: lsm_get_self_attr_test.c common.c >> +$(OUTPUT)/lsm_set_self_attr_test: lsm_set_self_attr_test.c common.c >> +$(OUTPUT)/lsm_list_modules_test: lsm_list_modules_test.c common.c >> + >> +EXTRA_CLEAN = $(OUTPUT)/common.o
