Re: [PATCH] Fix MLS handling in selinux tests

Subrata Modak <subrata@xxxxxxxxxxxxxxxxxx> · Mon, 11 May 2009 12:14:33 +0530

On Thu, 2009-04-30 at 11:20 -0400, Stephen Smalley wrote:
> Some of the selinux tests were using full security contexts but predated
> MCS/MLS and thus lacked a MLS field.  This broke testing if MLS was
> enabled in the policy but mcstransd was not running.  Change some of the
> tests to avoid the need to use full contexts at all, and others to
> conditionally append a MLS suffix if MLS is enabled.
> 
> Signed-off-by:  Stephen Smalley <sds@xxxxxxxxxxxxx>

Thanks. Merged.

Regards--
Subrata

> 
>  testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh       |    2 -
>  testcases/kernel/security/selinux-testsuite/tests/mkdir/selinux_mkdir.sh     |   16 ++++++++--
>  testcases/kernel/security/selinux-testsuite/tests/relabel/selinux_relabel.sh |    2 -
>  testcases/kernel/security/selinux-testsuite/tests/rename/selinux_rename.sh   |    9 +++--
>  testcases/kernel/security/selinux-testsuite/tests/rxdir/selinux_rxdir.sh     |    3 +
>  5 files changed, 24 insertions(+), 8 deletions(-)
> 
> Index: testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh,v
> retrieving revision 1.5
> diff -u -r1.5 selinux_file.sh
> --- testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh	21 Apr 2009 09:39:58 -0000	1.5
> +++ testcases/kernel/security/selinux-testsuite/tests/file/selinux_file.sh	30 Apr 2009 15:18:04 -0000
> @@ -53,7 +53,7 @@
>  	#
>  	# Get the SID of the good file.
>  	#
> -	good_file_sid="system_u:object_r:fileop_file_t"
> +	good_file_sid=`ls -Z $SELINUXTMPDIR/temp_file | awk '{print $4}'`
>  }
> 
>  test01()
> Index: testcases/kernel/security/selinux-testsuite/tests/mkdir/selinux_mkdir.sh
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/mkdir/selinux_mkdir.sh,v
> retrieving revision 1.4
> diff -u -r1.4 selinux_mkdir.sh
> --- testcases/kernel/security/selinux-testsuite/tests/mkdir/selinux_mkdir.sh	21 Apr 2009 09:39:59 -0000	1.4
> +++ testcases/kernel/security/selinux-testsuite/tests/mkdir/selinux_mkdir.sh	30 Apr 2009 15:18:04 -0000
> @@ -89,12 +89,18 @@
>  	TCID="test04"
>  	TST_COUNT=4
>  	RC=0
> +	SUFFIX=""
> +	MLS=x`cat /selinux/mls`
> +	if [ "$MLS" == "x1" ]
> +	then
> +	    SUFFIX=":s0"
> +	fi
> 
>  	# Verify that test_create_t can create a subdirectory
>  	# with a different type.
>  	# This requires add_name to test_mkdir_dir_t and create
>  	# to test_create_dir_t.
> -	runcon -t test_create_t -- mkdir --context=system_u:object_r:test_create_dir_t $SELINUXTMPDIR/test_dir/test3 2>&1
> +	runcon -t test_create_t -- mkdir --context=system_u:object_r:test_create_dir_t$SUFFIX $SELINUXTMPDIR/test_dir/test3 2>&1
>  	RC=$?
>  	if [ $RC -eq 0 ]
>  	then
> @@ -110,11 +116,17 @@
>  	TCID="test05"
>  	TST_COUNT=5
>  	RC=0
> +	SUFFIX=""
> +	MLS=x`cat /selinux/mls`
> +	if [ "$MLS" == "x1" ]
> +	then
> +	    SUFFIX=":s0"
> +	fi
> 
>  	# Verify that test_nocreate_t cannot create 
>  	# a subdirectory with a different type.
>  	# Should fail on create check to the new type.
> -	runcon -t test_nocreate_t -- mkdir --context=system_u:object_r:test_create_dir_t $SELINUXTMPDIR/test_dir/test4 2>&1
> +	runcon -t test_nocreate_t -- mkdir --context=system_u:object_r:test_create_dir_t$SUFFIX $SELINUXTMPDIR/test_dir/test4 2>&1
>  	RC=$?
>  	if [ $RC -ne 0 ]
>  	then
> Index: testcases/kernel/security/selinux-testsuite/tests/relabel/selinux_relabel.sh
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/relabel/selinux_relabel.sh,v
> retrieving revision 1.4
> diff -u -r1.4 selinux_relabel.sh
> --- testcases/kernel/security/selinux-testsuite/tests/relabel/selinux_relabel.sh	21 Apr 2009 09:39:59 -0000	1.4
> +++ testcases/kernel/security/selinux-testsuite/tests/relabel/selinux_relabel.sh	30 Apr 2009 15:18:04 -0000
> @@ -31,7 +31,7 @@
>  	RC=0
> 
>  	# Verify that test_relabel_t can relabel the file.
> -	runcon -t test_relabel_t chcon system_u:object_r:test_relabel_newtype_t $SELINUXTMPDIR/test_file 2>&1
> +	runcon -t test_relabel_t chcon -t test_relabel_newtype_t $SELINUXTMPDIR/test_file 2>&1
>          RC=$?
>          if [ $RC -eq 0 ]
>          then
> Index: testcases/kernel/security/selinux-testsuite/tests/rename/selinux_rename.sh
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/rename/selinux_rename.sh,v
> retrieving revision 1.4
> diff -u -r1.4 selinux_rename.sh
> --- testcases/kernel/security/selinux-testsuite/tests/rename/selinux_rename.sh	21 Apr 2009 09:39:59 -0000	1.4
> +++ testcases/kernel/security/selinux-testsuite/tests/rename/selinux_rename.sh	30 Apr 2009 15:18:04 -0000
> @@ -19,15 +19,18 @@
>  	chcon -t test_file_t $SELINUXTMPDIR
> 
>  	# Create the source and destination test directories for the rename.
> -	mkdir --context=system_u:object_r:test_rename_src_dir_t $SELINUXTMPDIR/src_dir 2>&1
> -	mkdir --context=system_u:object_r:test_rename_dst_dir_t $SELINUXTMPDIR/dst_dir 2>&1
> +	mkdir $SELINUXTMPDIR/src_dir
> +	chcon -t test_rename_src_dir_t $SELINUXTMPDIR/src_dir
> +	mkdir $SELINUXTMPDIR/dst_dir
> +	chcon -t test_rename_dst_dir_t $SELINUXTMPDIR/dst_dir
> 
>  	# Create a test file to try renaming.
>  	touch $SELINUXTMPDIR/src_dir/test_file
>  	chcon -t test_rename_file_t $SELINUXTMPDIR/src_dir/test_file
> 
>  	# Create a test directory to try renaming.
> -	mkdir --context=system_u:object_r:test_rename_dir_t $SELINUXTMPDIR/src_dir/test_dir
> +	mkdir $SELINUXTMPDIR/src_dir/test_dir
> +	chcon -t test_rename_dir_t $SELINUXTMPDIR/src_dir/test_dir
> 
>  }
> 
> Index: testcases/kernel/security/selinux-testsuite/tests/rxdir/selinux_rxdir.sh
> ===================================================================
> RCS file: /cvsroot/ltp/ltp/testcases/kernel/security/selinux-testsuite/tests/rxdir/selinux_rxdir.sh,v
> retrieving revision 1.4
> diff -u -r1.4 selinux_rxdir.sh
> --- testcases/kernel/security/selinux-testsuite/tests/rxdir/selinux_rxdir.sh	21 Apr 2009 09:39:59 -0000	1.4
> +++ testcases/kernel/security/selinux-testsuite/tests/rxdir/selinux_rxdir.sh	30 Apr 2009 15:18:04 -0000
> @@ -20,7 +20,8 @@
> 
>  	# Create a test dir with the test_rxdir_dir_t type
>  	# for use in the tests.
> -	mkdir --context=system_u:object_r:test_rxdir_dir_t $SELINUXTMPDIR/test_dir
> +	mkdir $SELINUXTMPDIR/test_dir
> +	chcon -t test_rxdir_dir_t $SELINUXTMPDIR/test_dir
> 
>  	# Touch a file in the directory.
>  	touch $SELINUXTMPDIR/test_dir/test_file
> 
> 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.