Kaigai, Are these tests ready to be added to LTP ? Regards-- Subrata On Wed, 2008-08-27 at 17:05 +0900, KaiGai Kohei wrote: > James Morris wrote: > > Could you also please add tests for this (at least one which should > fail > > and one which should succeed) to the Linux Test Project? > > > > > > - James > > The attached patch adds a new test case to check correctness of > boundary > feature. It contains four sub tests, as follows: > > test01: It tries to invoke setcon() with bounded domain in a > multi-threaded > process. The expected result is success. > test02: It tries to invoke setcon() with unrelated domain in a > multi-threaded > process. The expected result is fail. > test03: It makes a bounded domain try to read a file, when its bounds > domain > can read the file. The expected result is success. > test04: It makes a bounded domain try to write a file, when its bounds > domain > cannot write the file. The expected result is fail, even if > the bounded > domain is allowed to write the file. > > ---- The result of execution > [root@saba tests]# ./runtest.sh bounds > /home/kaigai/develop/ltp/testcases/kernel/security/selinux-testsuite/tests > Running with security > context=unconfined_u:unconfined_r:unconfined_t:SystemLow-SystemHigh > 1+0 records in > 1+0 records out > 1024 bytes (1.0 kB) copied, 8.6321e-05 s, 11.9 MB/s > All systems go > test01 PASS : thread dyntrans passed. > setcon() on multithread process failed: Operation not permitted > All systems go > test02 PASS : thread dyntrans to unbound domain failed. > 2+0 records in > 2+0 records out > 1024 bytes (1.0 kB) copied, 4.2932e-05 s, 23.9 MB/s > test03 PASS : unbounded action to be allowed. > dd: opening `/tmp/selinux/test_file': Permission denied > test04 PASS : bounded action to be denied. > Done. > [root@saba tests]# > > (*) I added a bit ad-hoc policy to invoke the script from the shell. > > -- > OSS Platform Development Division, NEC > KaiGai Kohei <kaigai@xxxxxxxxxxxxx> > > > > > > > > differences > between files > attachment > (ltp-selinux-bounds-tests.patch) > > Index: ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile > =================================================================== > --- > ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile (revision 2) > +++ > ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile (revision 3) > @@ -3,7 +3,7 @@ > ifeq (redhat-release-4, $(findstring redhat-release-4, > $(REDHAT_RELEASE))) > SUBDIRS=domain_trans entrypoint execshare exectrace > execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink > relabel rename rxdir sem setattr setnice shm sigkill stat sysctl > task_create task_setnice task_setscheduler task_getscheduler > task_getsid task_getpgid task_setpgid wait file ioctl capable_file > capable_net capable_sys > else > - SUBDIRS=domain_trans entrypoint execshare exectrace > execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink > relabel rename rxdir sem setattr setnice shm sigkill stat sysctl > task_create task_setnice task_setscheduler task_getscheduler > task_getsid task_getpgid task_setpgid wait file ioctl capable_file > capable_net capable_sys dyntrace dyntrans > + SUBDIRS=domain_trans entrypoint execshare exectrace > execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink > relabel rename rxdir sem setattr setnice shm sigkill stat sysctl > task_create task_setnice task_setscheduler task_getscheduler > task_getsid task_getpgid task_setpgid wait file ioctl capable_file > capable_net capable_sys dyntrace dyntrans bounds > endif > > all: > Index: > ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds_thread.c > =================================================================== > --- > ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds_thread.c (revision 0) > +++ > ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds_thread.c (revision 3) > @@ -0,0 +1,82 @@ > +/* > + * Copyright (c) 2008 NEC Corporation > + * > + * This program is free software; you can redistribute it and/or > modify it > + * under the terms of the GNU General Public License as published by > the Free > + * Software Foundation; either version 2 of the License, or (at your > option) > + * any later version. > + */ > + > +#include <stdio.h> > +#include <stdlib.h> > +#include <pthread.h> > +#include <selinux/selinux.h> > +#include <selinux/context.h> > + > +static int thread_status = 0; > + > +static void *worker(void *datap) > +{ > + security_context_t security_context = datap; > + int rc; > + > + rc = setcon(security_context); > + if (rc < 0) { > + perror("setcon() on multithread process failed"); > + thread_status = 1; > + } > + > + return NULL; > +} > + > +int main(int argc, char *argv[]) > +{ > + security_context_t security_context; > + context_t context; > + pthread_t thread; > + int rc; > + > + if (argc != 2) { > + fprintf(stderr, "usage: %s <new domain>\n", argv[0]); > + return 1; > + } > + > + rc = getcon(&security_context); > + if (rc < 0) { > + fprintf(stderr, "%s: unable to get my context\n", > argv[0]); > + return 1; > + } > + > + context = context_new(security_context); > + if (!context) { > + fprintf(stderr, "%s: unable to create context > structure\n", argv[0]); > + return 1; > + } > + > + if (context_type_set(context, argv[1])) { > + fprintf(stderr, "%s: unable to set new type\n", > argv[0]); > + return 1; > + } > + > + freecon(security_context); > + security_context = context_str(context); > + if (!security_context) { > + fprintf(stderr, "%s: unable to obtain new context > string\n", argv[0]); > + return 1; > + } > + > + rc = pthread_create(&thread, NULL, worker, security_context); > + if (rc) { > + fprintf(stderr, "%s: unable to kick a new thread\n", > argv[0]); > + return 1; > + } > + > + rc = pthread_join(thread, NULL); > + if (rc) { > + fprintf(stderr, "%s: unable to join its thread\n", > argv[0]); > + return 1; > + } > + > + printf("All systems go\n"); > + return thread_status; > +} > Index: > ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds.sh > =================================================================== > --- > ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds.sh (revision 0) > +++ > ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds.sh (revision 3) > @@ -0,0 +1,123 @@ > +#!/bin/sh > +# > +# Copyright (c) 2008 NEC Corporation > +# > +# This program is free software; you can redistribute it and/or > modify it > +# under the terms of the GNU General Public License as published by > the Free > +# Software Foundation; either version 2 of the License, or (at your > option) > +# any later version. > +# > + > +setup() > +{ > + export TCID="setup" > + export TST_COUNT=0 > + export TST_TOTAL=4 > + > + # Remove any leftover test directories from prior failed runs. > + rm -rf $SELINUXTMPDIR/test_file > + > + # Create a test files > + dd if=/dev/zero of=$SELINUXTMPDIR/test_file count=1 bs=1024 > + chcon -t test_bounds_file_t $SELINUXTMPDIR/test_file > +} > + > +test01() > +{ > + TCID="test01" > + TST_COUNT=1 > + RC=0 > + > + runcon -t test_bounds_parent_t \ > + -- selinux_bounds_thread test_bounds_child_t 2>&1 > + RC=$? > + if [ $RC -eq 0 ]; > + then > + echo "$TCID PASS : thread dyntrans passed." > + else > + echo "$TCID FAIL : thread dynstrans failed." > + fi > + return $RC > +} > + > +test02() > +{ > + TCID="test02" > + TST_COUND=2 > + RC=0 > + > + runcon -t test_bounds_parent_t \ > + -- selinux_bounds_thread test_bounds_unbound_t 2>&1 > + RC=$? > + if [ $RC -ne 0 ]; # we expect this to fail > + then > + echo "$TCID PASS : thread dyntrans to unbound domain > failed." > + RC=0 > + else > + echo "$TCID FAIL : thread dyntrans to unbound domain > succeeded." > + RC=1 > + fi > + return $RC > +} > + > +test03() > +{ > + TCID="test03" > + TST_COUND=3 > + RC=0 > + > + runcon -t test_bounds_child_t \ > + -- dd if=$SELINUXTMPDIR/test_file of=/dev/null > + RC=$? > + if [ $RC -eq 0 ]; > + then > + echo "$TCID PASS : unbounded action to be allowed." > + else > + echo "$TCID FAIL : unbounded action to be allowed." > + fi > + return $RC > +} > + > +test04() > +{ > + TCID="test04" > + TST_COUNT=4 > + RC=0 > + > + runcon -t test_bounds_child_t \ > + -- dd if=/dev/zero of=$SELINUXTMPDIR/test_file count=1 > bs=1024 > + RC=$? > + if [ $RC -ne 0 ]; # we expect this to fail > + then > + echo "$TCID PASS : bounded action to be denied." > + RC=0 > + else > + echo "$TCID FAIL : bounded action to be denied." > + RC=1 > + fi > + return $RC > +} > + > +cleanup() > +{ > + # Cleanup > + rm -rf $SELINUXTMPDIR/test_file > +} > + > +# Function: main > +# > +# Description: - Execute all tests, exit with test status. > +# > +# Exit: - zero on success > +# - non-zero on failure. > +# > +RC=0 # Return value from setup, and test functions. > +EXIT_VAL=0 > + > +setup > +test01 || EXIT_VAL=$RC > +test02 || EXIT_VAL=$RC > +test03 || EXIT_VAL=$RC > +test04 || EXIT_VAL=$RC > +cleanup > +exit $EXIT_VAL > > Property changes on: > ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds.sh > ___________________________________________________________________ > Added: svn:executable > + * > > Index: > ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/Makefile > =================================================================== > --- > ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/Makefile (revision 0) > +++ > ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/Makefile (revision 3) > @@ -0,0 +1,11 @@ > +TARGETS=$(patsubst %.c,%,$(wildcard *.c)) > +LDLIBS += -lselinux -lpthread > + > +all: $(TARGETS) > + > +install: > + @set -e; for i in $(TARGETS); do ln -f > $$i ../../../../../bin/$$i; done > + ln -f selinux_bounds.sh ../../../../../bin/ > + > +clean: > + rm -f $(TARGETS) > \ No newline at end of file > Index: > ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile > =================================================================== > --- > ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile (revision 2) > +++ > ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile (revision 3) > @@ -1,7 +1,7 @@ > POLICYDEVEL = /usr/share/selinux/devel > SEMODULE = /usr/sbin/semodule > > -TARGETS=test_global.te test_capable_file.te test_capable_net.te \ > +TARGETS=test_global.te test_bounds.te test_capable_file.te > test_capable_net.te \ > test_capable_sys.te test_dyntrace.te test_dyntrans.te > test_entrypoint.te \ > test_execshare.te test_exectrace.te test_execute_no_trans.te \ > test_fdreceive.te test_file.te test_inherit.te test_ioctl.te > test_ipc.te \ > Index: > ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_bounds.te > =================================================================== > --- > ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_bounds.te (revision 0) > +++ > ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_bounds.te (revision 3) > @@ -0,0 +1,65 @@ > +################################# > +# > +# Policy for testing boundary features > +# > + > +attribute test_bounds_domain; > + > +# Domain for process that allows to other domains > +type test_bounds_parent_t; > +domain_type(test_bounds_parent_t) > +typeattribute test_bounds_parent_t test_bounds_domain; > +typeattribute test_bounds_parent_t testdomain; > + > +# Domain for process that has a bounds type > +type test_bounds_child_t; > +domain_type(test_bounds_child_t) > +typeattribute test_bounds_child_t test_bounds_domain; > +typeattribute test_bounds_child_t testdomain; > + > +# Domain for process that does not have any bounds type > +type test_bounds_unbound_t; > +domain_type(test_bounds_unbound_t) > +typeattribute test_bounds_unbound_t test_bounds_domain; > +typeattribute test_bounds_unbound_t testdomain; > + > +# Types for test files > +type test_bounds_file_t; > +files_type(test_bounds_file_t) > + > +# Definition of boundary relationship > +typebounds test_bounds_parent_t test_bounds_child_t; > + > +# Allow the test_bounds_parent_t to dyntrans > +allow test_bounds_parent_t test_bounds_child_t : process > { dyntransition }; > +allow test_bounds_parent_t test_bounds_unbound_t : process > { dyntransition }; > + > +# Allow domains to access test_bounds_file_t > +allow test_bounds_parent_t test_bounds_file_t : file > { read_file_perms }; > +allow test_bounds_child_t test_bounds_file_t : file > { rw_file_perms }; > +allow test_bounds_unbound_t test_bounds_file_t : file > { rw_file_perms }; > + > +# Allow execution of helper programs. > +corecmd_exec_bin(test_bounds_domain) > +allow test_bounds_domain bin_t : file { entrypoint }; > +libs_use_ld_so(test_bounds_domain) > +libs_use_shared_libs(test_bounds_domain) > +libs_exec_ld_so(test_bounds_domain) > +libs_exec_lib_files(test_bounds_domain) > + > +# Allow all of these domains to be entered from sysadm domain > +miscfiles_domain_entry_test_files(test_bounds_domain) > +sysadm_entry_spec_domtrans(test_bounds_domain) > + > +# Allow to invoke script on targeted policy > +optional_policy(` > + gen_require(` > + role unconfined_r; > + type unconfined_t; > + ') > + > + role unconfined_r types test_bounds_domain; > + allow unconfined_t test_bounds_domain : process > { transition }; > + > + userdom_use_user_terminals(unconfined, test_bounds_domain) > +') > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.