On Tue, Mar 3, 2020 at 3:54 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: > > Adds a basic test for the "glblub" default_range mode introduced in > kernel commit [1] and userspace commit [2]. The test vectors are taken > from the original commit messages. > > [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42345b68c2e3e2b6549fc34b937ff44240dfc3b6 > [2] https://github.com/SELinuxProject/selinux/commit/9ba35fe8c280b7c91ec65b138d9f13e44ededaa9 > > Cc: Joshua Brindle <joshua.brindle@xxxxxxxxxxxxxxx> > Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx> This raises some interesting possibilities by directly adding a CIL module to the testsuite policy for the first time. We could do likewise to define recently added classes (e.g. lockdown, perf_event) even if they aren't defined by the base policy in order to exercise those tests; in fact, such .cil modules were posted along with the original patches adding those tests in order to allow testing them so we could just extract them from the list archives. Unfortunately, we can't easily do the same for adding new permissions to existing classes IIUC, so it isn't an option for the watch permissions.
