Kaigai,
Are these tests ready to be added to LTP ?
Regards--
Subrata
On Wed, 2008-08-27 at 17:05 +0900, KaiGai Kohei wrote:
> James Morris wrote:
> > Could you also please add tests for this (at least one which should
> fail
> > and one which should succeed) to the Linux Test Project?
> >
> >
> > - James
>
> The attached patch adds a new test case to check correctness of
> boundary
> feature. It contains four sub tests, as follows:
>
> test01: It tries to invoke setcon() with bounded domain in a
> multi-threaded
> process. The expected result is success.
> test02: It tries to invoke setcon() with unrelated domain in a
> multi-threaded
> process. The expected result is fail.
> test03: It makes a bounded domain try to read a file, when its bounds
> domain
> can read the file. The expected result is success.
> test04: It makes a bounded domain try to write a file, when its bounds
> domain
> cannot write the file. The expected result is fail, even if
> the bounded
> domain is allowed to write the file.
>
> ---- The result of execution
> [root@saba tests]# ./runtest.sh bounds
> /home/kaigai/develop/ltp/testcases/kernel/security/selinux-testsuite/tests
> Running with security
> context=unconfined_u:unconfined_r:unconfined_t:SystemLow-SystemHigh
> 1+0 records in
> 1+0 records out
> 1024 bytes (1.0 kB) copied, 8.6321e-05 s, 11.9 MB/s
> All systems go
> test01 PASS : thread dyntrans passed.
> setcon() on multithread process failed: Operation not permitted
> All systems go
> test02 PASS : thread dyntrans to unbound domain failed.
> 2+0 records in
> 2+0 records out
> 1024 bytes (1.0 kB) copied, 4.2932e-05 s, 23.9 MB/s
> test03 PASS : unbounded action to be allowed.
> dd: opening `/tmp/selinux/test_file': Permission denied
> test04 PASS : bounded action to be denied.
> Done.
> [root@saba tests]#
>
> (*) I added a bit ad-hoc policy to invoke the script from the shell.
>
> --
> OSS Platform Development Division, NEC
> KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
>
>
>
>
>
>
>
> differences
> between files
> attachment
> (ltp-selinux-bounds-tests.patch)
>
> Index: ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile
> ===================================================================
> ---
> ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile (revision 2)
> +++
> ltp/testcases/kernel/security/selinux-testsuite/tests/Makefile (revision 3)
> @@ -3,7 +3,7 @@
> ifeq (redhat-release-4, $(findstring redhat-release-4,
> $(REDHAT_RELEASE)))
> SUBDIRS=domain_trans entrypoint execshare exectrace
> execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink
> relabel rename rxdir sem setattr setnice shm sigkill stat sysctl
> task_create task_setnice task_setscheduler task_getscheduler
> task_getsid task_getpgid task_setpgid wait file ioctl capable_file
> capable_net capable_sys
> else
> - SUBDIRS=domain_trans entrypoint execshare exectrace
> execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink
> relabel rename rxdir sem setattr setnice shm sigkill stat sysctl
> task_create task_setnice task_setscheduler task_getscheduler
> task_getsid task_getpgid task_setpgid wait file ioctl capable_file
> capable_net capable_sys dyntrace dyntrans
> + SUBDIRS=domain_trans entrypoint execshare exectrace
> execute_no_trans fdreceive inherit link mkdir msg open ptrace readlink
> relabel rename rxdir sem setattr setnice shm sigkill stat sysctl
> task_create task_setnice task_setscheduler task_getscheduler
> task_getsid task_getpgid task_setpgid wait file ioctl capable_file
> capable_net capable_sys dyntrace dyntrans bounds
> endif
>
> all:
> Index:
> ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds_thread.c
> ===================================================================
> ---
> ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds_thread.c (revision 0)
> +++
> ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds_thread.c (revision 3)
> @@ -0,0 +1,82 @@
> +/*
> + * Copyright (c) 2008 NEC Corporation
> + *
> + * This program is free software; you can redistribute it and/or
> modify it
> + * under the terms of the GNU General Public License as published by
> the Free
> + * Software Foundation; either version 2 of the License, or (at your
> option)
> + * any later version.
> + */
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <pthread.h>
> +#include <selinux/selinux.h>
> +#include <selinux/context.h>
> +
> +static int thread_status = 0;
> +
> +static void *worker(void *datap)
> +{
> + security_context_t security_context = datap;
> + int rc;
> +
> + rc = setcon(security_context);
> + if (rc < 0) {
> + perror("setcon() on multithread process failed");
> + thread_status = 1;
> + }
> +
> + return NULL;
> +}
> +
> +int main(int argc, char *argv[])
> +{
> + security_context_t security_context;
> + context_t context;
> + pthread_t thread;
> + int rc;
> +
> + if (argc != 2) {
> + fprintf(stderr, "usage: %s <new domain>\n", argv[0]);
> + return 1;
> + }
> +
> + rc = getcon(&security_context);
> + if (rc < 0) {
> + fprintf(stderr, "%s: unable to get my context\n",
> argv[0]);
> + return 1;
> + }
> +
> + context = context_new(security_context);
> + if (!context) {
> + fprintf(stderr, "%s: unable to create context
> structure\n", argv[0]);
> + return 1;
> + }
> +
> + if (context_type_set(context, argv[1])) {
> + fprintf(stderr, "%s: unable to set new type\n",
> argv[0]);
> + return 1;
> + }
> +
> + freecon(security_context);
> + security_context = context_str(context);
> + if (!security_context) {
> + fprintf(stderr, "%s: unable to obtain new context
> string\n", argv[0]);
> + return 1;
> + }
> +
> + rc = pthread_create(&thread, NULL, worker, security_context);
> + if (rc) {
> + fprintf(stderr, "%s: unable to kick a new thread\n",
> argv[0]);
> + return 1;
> + }
> +
> + rc = pthread_join(thread, NULL);
> + if (rc) {
> + fprintf(stderr, "%s: unable to join its thread\n",
> argv[0]);
> + return 1;
> + }
> +
> + printf("All systems go\n");
> + return thread_status;
> +}
> Index:
> ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds.sh
> ===================================================================
> ---
> ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds.sh (revision 0)
> +++
> ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds.sh (revision 3)
> @@ -0,0 +1,123 @@
> +#!/bin/sh
> +#
> +# Copyright (c) 2008 NEC Corporation
> +#
> +# This program is free software; you can redistribute it and/or
> modify it
> +# under the terms of the GNU General Public License as published by
> the Free
> +# Software Foundation; either version 2 of the License, or (at your
> option)
> +# any later version.
> +#
> +
> +setup()
> +{
> + export TCID="setup"
> + export TST_COUNT=0
> + export TST_TOTAL=4
> +
> + # Remove any leftover test directories from prior failed runs.
> + rm -rf $SELINUXTMPDIR/test_file
> +
> + # Create a test files
> + dd if=/dev/zero of=$SELINUXTMPDIR/test_file count=1 bs=1024
> + chcon -t test_bounds_file_t $SELINUXTMPDIR/test_file
> +}
> +
> +test01()
> +{
> + TCID="test01"
> + TST_COUNT=1
> + RC=0
> +
> + runcon -t test_bounds_parent_t \
> + -- selinux_bounds_thread test_bounds_child_t 2>&1
> + RC=$?
> + if [ $RC -eq 0 ];
> + then
> + echo "$TCID PASS : thread dyntrans passed."
> + else
> + echo "$TCID FAIL : thread dynstrans failed."
> + fi
> + return $RC
> +}
> +
> +test02()
> +{
> + TCID="test02"
> + TST_COUND=2
> + RC=0
> +
> + runcon -t test_bounds_parent_t \
> + -- selinux_bounds_thread test_bounds_unbound_t 2>&1
> + RC=$?
> + if [ $RC -ne 0 ]; # we expect this to fail
> + then
> + echo "$TCID PASS : thread dyntrans to unbound domain
> failed."
> + RC=0
> + else
> + echo "$TCID FAIL : thread dyntrans to unbound domain
> succeeded."
> + RC=1
> + fi
> + return $RC
> +}
> +
> +test03()
> +{
> + TCID="test03"
> + TST_COUND=3
> + RC=0
> +
> + runcon -t test_bounds_child_t \
> + -- dd if=$SELINUXTMPDIR/test_file of=/dev/null
> + RC=$?
> + if [ $RC -eq 0 ];
> + then
> + echo "$TCID PASS : unbounded action to be allowed."
> + else
> + echo "$TCID FAIL : unbounded action to be allowed."
> + fi
> + return $RC
> +}
> +
> +test04()
> +{
> + TCID="test04"
> + TST_COUNT=4
> + RC=0
> +
> + runcon -t test_bounds_child_t \
> + -- dd if=/dev/zero of=$SELINUXTMPDIR/test_file count=1
> bs=1024
> + RC=$?
> + if [ $RC -ne 0 ]; # we expect this to fail
> + then
> + echo "$TCID PASS : bounded action to be denied."
> + RC=0
> + else
> + echo "$TCID FAIL : bounded action to be denied."
> + RC=1
> + fi
> + return $RC
> +}
> +
> +cleanup()
> +{
> + # Cleanup
> + rm -rf $SELINUXTMPDIR/test_file
> +}
> +
> +# Function: main
> +#
> +# Description: - Execute all tests, exit with test status.
> +#
> +# Exit: - zero on success
> +# - non-zero on failure.
> +#
> +RC=0 # Return value from setup, and test functions.
> +EXIT_VAL=0
> +
> +setup
> +test01 || EXIT_VAL=$RC
> +test02 || EXIT_VAL=$RC
> +test03 || EXIT_VAL=$RC
> +test04 || EXIT_VAL=$RC
> +cleanup
> +exit $EXIT_VAL
>
> Property changes on:
> ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/selinux_bounds.sh
> ___________________________________________________________________
> Added: svn:executable
> + *
>
> Index:
> ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/Makefile
> ===================================================================
> ---
> ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/Makefile (revision 0)
> +++
> ltp/testcases/kernel/security/selinux-testsuite/tests/bounds/Makefile (revision 3)
> @@ -0,0 +1,11 @@
> +TARGETS=$(patsubst %.c,%,$(wildcard *.c))
> +LDLIBS += -lselinux -lpthread
> +
> +all: $(TARGETS)
> +
> +install:
> + @set -e; for i in $(TARGETS); do ln -f
> $$i ../../../../../bin/$$i; done
> + ln -f selinux_bounds.sh ../../../../../bin/
> +
> +clean:
> + rm -f $(TARGETS)
> \ No newline at end of file
> Index:
> ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile
> ===================================================================
> ---
> ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile (revision 2)
> +++
> ltp/testcases/kernel/security/selinux-testsuite/refpolicy/Makefile (revision 3)
> @@ -1,7 +1,7 @@
> POLICYDEVEL = /usr/share/selinux/devel
> SEMODULE = /usr/sbin/semodule
>
> -TARGETS=test_global.te test_capable_file.te test_capable_net.te \
> +TARGETS=test_global.te test_bounds.te test_capable_file.te
> test_capable_net.te \
> test_capable_sys.te test_dyntrace.te test_dyntrans.te
> test_entrypoint.te \
> test_execshare.te test_exectrace.te test_execute_no_trans.te \
> test_fdreceive.te test_file.te test_inherit.te test_ioctl.te
> test_ipc.te \
> Index:
> ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_bounds.te
> ===================================================================
> ---
> ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_bounds.te (revision 0)
> +++
> ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_bounds.te (revision 3)
> @@ -0,0 +1,65 @@
> +#################################
> +#
> +# Policy for testing boundary features
> +#
> +
> +attribute test_bounds_domain;
> +
> +# Domain for process that allows to other domains
> +type test_bounds_parent_t;
> +domain_type(test_bounds_parent_t)
> +typeattribute test_bounds_parent_t test_bounds_domain;
> +typeattribute test_bounds_parent_t testdomain;
> +
> +# Domain for process that has a bounds type
> +type test_bounds_child_t;
> +domain_type(test_bounds_child_t)
> +typeattribute test_bounds_child_t test_bounds_domain;
> +typeattribute test_bounds_child_t testdomain;
> +
> +# Domain for process that does not have any bounds type
> +type test_bounds_unbound_t;
> +domain_type(test_bounds_unbound_t)
> +typeattribute test_bounds_unbound_t test_bounds_domain;
> +typeattribute test_bounds_unbound_t testdomain;
> +
> +# Types for test files
> +type test_bounds_file_t;
> +files_type(test_bounds_file_t)
> +
> +# Definition of boundary relationship
> +typebounds test_bounds_parent_t test_bounds_child_t;
> +
> +# Allow the test_bounds_parent_t to dyntrans
> +allow test_bounds_parent_t test_bounds_child_t : process
> { dyntransition };
> +allow test_bounds_parent_t test_bounds_unbound_t : process
> { dyntransition };
> +
> +# Allow domains to access test_bounds_file_t
> +allow test_bounds_parent_t test_bounds_file_t : file
> { read_file_perms };
> +allow test_bounds_child_t test_bounds_file_t : file
> { rw_file_perms };
> +allow test_bounds_unbound_t test_bounds_file_t : file
> { rw_file_perms };
> +
> +# Allow execution of helper programs.
> +corecmd_exec_bin(test_bounds_domain)
> +allow test_bounds_domain bin_t : file { entrypoint };
> +libs_use_ld_so(test_bounds_domain)
> +libs_use_shared_libs(test_bounds_domain)
> +libs_exec_ld_so(test_bounds_domain)
> +libs_exec_lib_files(test_bounds_domain)
> +
> +# Allow all of these domains to be entered from sysadm domain
> +miscfiles_domain_entry_test_files(test_bounds_domain)
> +sysadm_entry_spec_domtrans(test_bounds_domain)
> +
> +# Allow to invoke script on targeted policy
> +optional_policy(`
> + gen_require(`
> + role unconfined_r;
> + type unconfined_t;
> + ')
> +
> + role unconfined_r types test_bounds_domain;
> + allow unconfined_t test_bounds_domain : process
> { transition };
> +
> + userdom_use_user_terminals(unconfined, test_bounds_domain)
> +')
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
