On 10/23/2023 8:52 PM, Paul Moore wrote:
On Oct 4, 2023 Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx> wrote:
Add various happy/unhappy unit tests for both IPE's parser.
I'm going to suggest: "... for IPE's policy parser."
Yeah this sounds more precise.
Also, aside from the policy parser tests, are there any other IPE
functional tests? We do have a testing guideline for new LSM
submissions:
"New LSMs must be accompanied by a test suite to verify basic
functionality and help identify regressions. The test suite
must be publicly available without download restrictions
requiring accounts, subscriptions, etc. Test coverage does
not need to reach a specific percentage, but core functionality
and any user interfaces should be well covered by the test
suite. Maintaining the test suite in a public git repository is
preferable over tarball snapshots. Integrating the test suite
with existing automated Linux kernel testing services is
encouraged."
https://github.com/LinuxSecurityModule/kernel/blob/main/README.md#new-lsm-guidelines
Yes we do have a test suite. I will add it in the next version.
-Fan
Signed-off-by: Deven Bowers <deven.desai@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Fan Wu <wufan@xxxxxxxxxxxxxxxxxxx>
---
v1-v6:
+ Not present
v7:
Introduced
v8:
+ Remove the kunit tests with respect to the fsverity digest, as these
require significant changes to work with the new method of acquiring
the digest at runtime.
v9:
+ Remove the kunit tests related to ipe_context
v10:
+ No changes
v11:
+ No changes
---
security/ipe/Kconfig | 17 +++
security/ipe/Makefile | 3 +
security/ipe/policy_tests.c | 294 ++++++++++++++++++++++++++++++++++++
3 files changed, 314 insertions(+)
create mode 100644 security/ipe/policy_tests.c
--
paul-moore.com