On 1/19/20 6:17 AM, Richard Haines wrote:
Test filesystem permissions, setfscreatecon(3), file { quotaon } and
changing file context via non and name-based type_transition rules.
The name-based rules only apply to:
(MOD_POL_VERS >= 11 and POL_VERS >= 25 and MAX_KERNEL_POLICY >= 25)
From kernels 5.5 filesystem { watch } is also tested.
Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
---
defconfig | 6 +
policy/Makefile | 7 +
policy/test_filesystem.te | 373 +++++++
policy/test_filesystem_name_trans.te | 20 +
tests/Makefile | 7 +
tests/filesystem/.gitignore | 11 +
tests/filesystem/Makefile | 16 +
tests/filesystem/check_file_context.c | 75 ++
tests/filesystem/check_mount_context.c | 127 +++
tests/filesystem/create_file.c | 117 +++
tests/filesystem/create_file_change_context.c | 146 +++
tests/filesystem/fanotify_fs.c | 79 ++
tests/filesystem/fs_relabel.c | 138 +++
tests/filesystem/grim_reaper.c | 89 ++
tests/filesystem/mount.c | 130 +++
tests/filesystem/quotas_test.c | 143 +++
tests/filesystem/statfs_test.c | 65 ++
tests/filesystem/test | 968 ++++++++++++++++++
tests/filesystem/umount.c | 84 ++
19 files changed, 2601 insertions(+)
create mode 100644 policy/test_filesystem.te
create mode 100644 policy/test_filesystem_name_trans.te
create mode 100644 tests/filesystem/.gitignore
create mode 100644 tests/filesystem/Makefile
create mode 100644 tests/filesystem/check_file_context.c
create mode 100644 tests/filesystem/check_mount_context.c
create mode 100644 tests/filesystem/create_file.c
create mode 100644 tests/filesystem/create_file_change_context.c
create mode 100644 tests/filesystem/fanotify_fs.c
create mode 100644 tests/filesystem/fs_relabel.c
create mode 100644 tests/filesystem/grim_reaper.c
create mode 100644 tests/filesystem/mount.c
create mode 100644 tests/filesystem/quotas_test.c
create mode 100644 tests/filesystem/statfs_test.c
create mode 100755 tests/filesystem/test
create mode 100644 tests/filesystem/umount.c
[...]
