On 1/12/20 2:24 PM, Richard Haines wrote:
Test filesystem permissions, setfscreatecon(3), file { quotaon } and
changing file context via 'name type_transition rule'.
From kernels 5.5 filesystem { watch } is also tested.
Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Aside from the travis-ci build failure when trying to build the test
policy against upstream refpolicy, this looks good to me. NB you can
reproduce such failures yourself by creating your own github clone of
selinux-testsuite, enabling travis-ci on your clone, and pushing your
change to a branch of our clone.
Possible room for improvement (but I won't insist) might include:
- test non-name based type transition rule with a different type and
confirm that both files are createdi in the right type (i.e. make sure
we are actually matching on the component name),
- test two different name-based type transition rules that only differ
in name (similar),
- add tests for the new mount API, fsopen(), fspick(), fsmount().
These could all be done as separate patches later.
---
defconfig | 6 +
policy/Makefile | 4 +
policy/test_filesystem.te | 343 +++++++
tests/Makefile | 7 +
tests/filesystem/.gitignore | 11 +
tests/filesystem/Makefile | 16 +
tests/filesystem/check_file_context.c | 75 ++
tests/filesystem/check_mount_context.c | 127 +++
tests/filesystem/create_file.c | 112 +++
tests/filesystem/create_file_change_context.c | 146 +++
tests/filesystem/fanotify_fs.c | 79 ++
tests/filesystem/fs_relabel.c | 138 +++
tests/filesystem/grim_reaper.c | 89 ++
tests/filesystem/mount.c | 130 +++
tests/filesystem/quotas_test.c | 143 +++
tests/filesystem/statfs_test.c | 65 ++
tests/filesystem/test | 929 ++++++++++++++++++
tests/filesystem/umount.c | 84 ++
18 files changed, 2504 insertions(+)
create mode 100644 policy/test_filesystem.te
create mode 100644 tests/filesystem/.gitignore
create mode 100644 tests/filesystem/Makefile
create mode 100644 tests/filesystem/check_file_context.c
create mode 100644 tests/filesystem/check_mount_context.c
create mode 100644 tests/filesystem/create_file.c
create mode 100644 tests/filesystem/create_file_change_context.c
create mode 100644 tests/filesystem/fanotify_fs.c
create mode 100644 tests/filesystem/fs_relabel.c
create mode 100644 tests/filesystem/grim_reaper.c
create mode 100644 tests/filesystem/mount.c
create mode 100644 tests/filesystem/quotas_test.c
create mode 100644 tests/filesystem/statfs_test.c
create mode 100755 tests/filesystem/test
create mode 100644 tests/filesystem/umount.c
