Extend the sockcreate test program to support other address families.
This is what I used to manually confirm the other extended socket classes.
However, to avoid bloating the required kernel configuration for the
selinux-testsuite and because some of the required kernel config options
are not enabled in current Fedora kernels, I am not adding tests of these
individual address families to the test script or policy. We already test
a representative sampling of the extended socket classes.
IUCV is only supported on s390 and QIPCRTR is only supported on qcom.
I did not test creating sockets with these two families but confirmed
that they are supported socket families from the sources.
Config options not already enabled in the Fedora kernel configs required
to test creating sockets with these address families:
CONFIG_CAIF=m
CONFIG_DECNET=m
CONFIG_LLC2=m
CONFIG_PHONET=m
CONFIG_X25=m
CONFIG_AF_RXRPC=m
Config options already enabled in the Fedora kernel configs required to
test creating sockets with these address families:
CONFIG_AX25=m
CONFIG_NETROM=m
CONFIG_ROSE=m
CONFIG_ATM=m
CONFIG_RDS=m
CONFIG_IRDA=m
CONFIG_MISDN=m
CONFIG_LLC=m
CONFIG_IPX=m
CONFIG_CAN=m
CONFIG_CAN_RAW=m
CONFIG_TIPC=m
CONFIG_L2TP=m
CONFIG_L2TP_PPPOL2TP=m
CONFIG_IEEE802154=m
CONFIG_IEEE802154_SOCKET=m
CONFIG_NFC=m
CONFIG_VSOCKETS=m
CONFIG_VMWARE_VMCI_VSOCKETS=m
CONFIG_AF_KCM=m
Sample invocation of sockcreate for each address family that should
succeed (no output, exit 0):
sockcreate atmpvc dgram default
sockcreate atmsvc dgram default
sockcreate ax25 dgram default
sockcreate caif stream default
sockcreate can raw can_raw
sockcreate decnet stream default
sockcreate ieee802154 dgram default
sockcreate ipx dgram default
sockcreate irda stream default
sockcreate isdn raw default
sockcreate kcm dgram default
sockcreate llc stream default
sockcreate netrom seqpacket default
sockcreate nfc seqpacket default
sockcreate phonet dgram default
sockcreate pppox stream default
sockcreate rds seqpacket default
sockcreate rose seqpacket default
sockcreate rxrpc dgram default
sockcreate tipc stream default
sockcreate vsock stream default
sockcreate x25 seqpacket default
Note that CAN required adding an explicit protocol value since it
did not support creating sockets with the default/0 protocol value.
Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
---
tests/extended_socket_class/sockcreate.c | 34 ++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/tests/extended_socket_class/sockcreate.c b/tests/extended_socket_class/sockcreate.c
index c5802ae..ee1d8f3 100644
--- a/tests/extended_socket_class/sockcreate.c
+++ b/tests/extended_socket_class/sockcreate.c
@@ -17,6 +17,36 @@ static struct nameval domains[] = {
{ "inet6", AF_INET6 },
{ "bluetooth", AF_BLUETOOTH },
{ "alg", AF_ALG },
+ { "ax25", AF_AX25 },
+ { "ipx", AF_IPX },
+ { "netrom", AF_NETROM },
+ { "atmpvc", AF_ATMPVC },
+ { "x25", AF_X25 },
+ { "rose", AF_ROSE },
+ { "decnet", AF_DECnet },
+ { "atmsvc", AF_ATMSVC },
+ { "rds", AF_RDS },
+ { "irda", AF_IRDA },
+ { "pppox", AF_PPPOX },
+ { "llc", AF_LLC },
+ { "can", AF_CAN },
+ { "tipc", AF_TIPC },
+ { "iucv", AF_IUCV },
+ { "rxrpc", AF_RXRPC },
+ { "isdn", AF_ISDN },
+ { "phonet", AF_PHONET },
+ { "ieee802154", AF_IEEE802154 },
+ { "caif", AF_CAIF },
+ { "nfc", AF_NFC },
+ { "vsock", AF_VSOCK },
+#ifndef AF_KCM
+#define AF_KCM 41
+#endif
+ { "kcm", AF_KCM },
+#ifndef AF_QIPCRTR
+#define AF_QIPCRTR 42
+#endif
+ { "qipcrtr", AF_QIPCRTR },
{ NULL, 0 }
};
@@ -32,6 +62,10 @@ static struct nameval protocols[] = {
{ "icmp", IPPROTO_ICMP },
{ "icmpv6", IPPROTO_ICMPV6 },
{ "sctp", IPPROTO_SCTP },
+#ifndef CAN_RAW
+#define CAN_RAW 1
+#endif
+ { "can_raw", CAN_RAW },
{ "default", 0 },
{ NULL, 0 }
};
--
2.7.4
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
