[PATCH testsuite] tests/ioctl: Update ioctl tests

Richard Haines <richard_c_haines@xxxxxxxxxxxxxx> · Thu, 24 Feb 2022 12:42:27 +0000

This change replaces the ioctl check FIOCLEX with FIOQSIZE as the
kernel will always allow FIOCLEX if policy capability 'ioctl_skip_cloexec'
is set true.

Also updated policy to test xperm ioctl FIOQSIZE.

Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
---
 policy/test_ioctl_xperms.te | 7 ++++---
 tests/ioctl/test_ioctl.c    | 4 ++--
 tests/ioctl/test_noioctl.c  | 4 ++--
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/policy/test_ioctl_xperms.te b/policy/test_ioctl_xperms.te
index f9bc8d5..5f570c3 100644
--- a/policy/test_ioctl_xperms.te
+++ b/policy/test_ioctl_xperms.te
@@ -1,4 +1,4 @@
-define(`FIOCLEX', `{ 0x00006601 0x00005451 }')
+define(`FIOQSIZE', `{ 0x00005460 }')
 
 # Domain for process that is allowed the required ioctl xperms.
 type test_ioctl_xperm_t;
@@ -7,7 +7,7 @@ unconfined_runs_test(test_ioctl_xperm_t)
 typeattribute test_ioctl_xperm_t ioctldomain;
 typeattribute test_ioctl_xperm_t testdomain;
 allow test_ioctl_xperm_t test_ioctl_file_t:file { open read write ioctl getattr setattr };
-allowxperm test_ioctl_xperm_t test_ioctl_file_t:file ioctl FIOCLEX;
+allowxperm test_ioctl_xperm_t test_ioctl_file_t:file ioctl FIOQSIZE;
 
 # Domain for process that is not allowed the required ioctl xperms.
 type test_ioctl_noxperm_t;
@@ -15,4 +15,5 @@ domain_type(test_ioctl_noxperm_t)
 unconfined_runs_test(test_ioctl_noxperm_t)
 typeattribute test_ioctl_noxperm_t ioctldomain;
 typeattribute test_ioctl_noxperm_t testdomain;
-allowxperm test_ioctl_noxperm_t test_ioctl_file_t:file ioctl ~FIOCLEX;
+allow test_ioctl_noxperm_t test_ioctl_file_t:file { open read getattr setattr ioctl };
+allowxperm test_ioctl_noxperm_t test_ioctl_file_t:file ioctl ~FIOQSIZE;
diff --git a/tests/ioctl/test_ioctl.c b/tests/ioctl/test_ioctl.c
index 366d09c..6fff2d0 100644
--- a/tests/ioctl/test_ioctl.c
+++ b/tests/ioctl/test_ioctl.c
@@ -35,9 +35,9 @@ int main(int argc, char **argv)
 	}
 
 	/* This one should hit the FILE__IOCTL test */
-	rc = ioctl(fd, FIOCLEX);
+	rc = ioctl(fd, FIOQSIZE, &val);
 	if( rc < 0 ) {
-		perror("test_ioctl:FIOCLEX");
+		perror("test_ioctl:FIOQSIZE");
 		exit(1);
 	}
 
diff --git a/tests/ioctl/test_noioctl.c b/tests/ioctl/test_noioctl.c
index ddce457..4b67e9a 100644
--- a/tests/ioctl/test_noioctl.c
+++ b/tests/ioctl/test_noioctl.c
@@ -51,9 +51,9 @@ int main(int argc, char **argv)
 	}
 
 	/* This one should hit the FILE__IOCTL test and fail. */
-	rc = ioctl(fd, FIOCLEX);
+	rc = ioctl(fd, FIOQSIZE, &val);
 	if( rc == 0 ) {
-		printf("test_noioctl:FIOCLEX");
+		printf("test_noioctl:FIOQSIZE");
 		exit(1);
 	}
 
-- 
2.35.1







