On Thu, Aug 29, 2024 at 9:27 AM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
>
> Enable SMC sockets and their dependencies in the defconfig and
> exercise them as part of the extended socket class tests.
> This only verifies that socket create permission is checked
> against the correct class. The tests only cover AF_SMC,
> not IPPROTO_SMC.
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
Ping on this patch?
> ---
> v2 drops the tests for IPPROTO_SMC since apparently that patch isn't
> going anywhere.
>
> defconfig | 5 +++++
> policy/test_extended_socket_class.te | 3 +++
> tests/extended_socket_class/sockcreate.c | 1 +
> tests/extended_socket_class/test | 22 ++++++++++++++++++++++
> 4 files changed, 31 insertions(+)
>
> diff --git a/defconfig b/defconfig
> index 47938c1..b2d4a90 100644
> --- a/defconfig
> +++ b/defconfig
> @@ -131,3 +131,8 @@ CONFIG_KEY_NOTIFICATIONS=y
> # This is not required for SELinux operation itself.
> CONFIG_TRACING=y
> CONFIG_DEBUG_FS=y
> +
> +# Test SMC sockets
> +CONFIG_INFINIBAND=m
> +CONFIG_SMC=m
> +CONFIG_SMC_LO=y
> diff --git a/policy/test_extended_socket_class.te b/policy/test_extended_socket_class.te
> index c8840b4..6f0ebaa 100644
> --- a/policy/test_extended_socket_class.te
> +++ b/policy/test_extended_socket_class.te
> @@ -48,6 +48,9 @@ extended_socket_class_test(bluetooth_socket, socket)
> # Test use of alg_socket for Alg (Crypto API) sockets instead of socket.
> extended_socket_class_test(alg_socket, socket)
>
> +# Test use of smc_socket for SMC sockets instead of socket.
> +extended_socket_class_test(smc_socket, socket)
> +
> #
> # Common rules for all extended_socket_class test domains.
> #
> diff --git a/tests/extended_socket_class/sockcreate.c b/tests/extended_socket_class/sockcreate.c
> index ee1d8f3..e3bbf0b 100644
> --- a/tests/extended_socket_class/sockcreate.c
> +++ b/tests/extended_socket_class/sockcreate.c
> @@ -47,6 +47,7 @@ static struct nameval domains[] = {
> #define AF_QIPCRTR 42
> #endif
> { "qipcrtr", AF_QIPCRTR },
> + { "smc", AF_SMC },
> { NULL, 0 }
> };
>
> diff --git a/tests/extended_socket_class/test b/tests/extended_socket_class/test
> index 86c706b..1e6299f 100755
> --- a/tests/extended_socket_class/test
> +++ b/tests/extended_socket_class/test
> @@ -6,6 +6,7 @@ BEGIN {
> $test_count = 6;
> $test_bluetooth = 0;
> $test_sctp = 0;
> + $test_smc = 0;
>
> # check if SCTP is enabled
> if ( system("modprobe sctp 2>/dev/null && checksctp 2>/dev/null") eq 0 ) {
> @@ -19,6 +20,12 @@ BEGIN {
> $test_bluetooth = 1;
> }
>
> + # check if SMC is supported
> + if ( system("modprobe smc 2>/dev/null") eq 0 ) {
> + $test_count += 2;
> + $test_smc = 1;
> + }
> +
> plan tests => $test_count;
> }
>
> @@ -131,3 +138,18 @@ $result = system(
> "runcon -t test_no_alg_socket_t -- $basedir/sockcreate alg seqpacket default 2>&1"
> );
> ok($result);
> +
> +if ($test_smc) {
> +
> + # Verify that test_smc_socket_t can create a SMC socket (AF_SMC).
> + $result = system(
> +"runcon -t test_smc_socket_t -- $basedir/sockcreate smc stream default 2>&1"
> + );
> + ok( $result, 0 );
> +
> + # Verify that test_no_smc_socket_t cannot create a SMC socket (AF_SMC).
> + $result = system(
> +"runcon -t test_no_smc_socket_t -- $basedir/sockcreate smc stream default 2>&1"
> + );
> + ok($result);
> +}
> --
> 2.40.1
>
