Re: [PATCH testsuite v2] tests/extended_socket_class: test SMC sockets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 29, 2024 at 9:27 AM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
>
> Enable SMC sockets and their dependencies in the defconfig and
> exercise them as part of the extended socket class tests.
> This only verifies that socket create permission is checked
> against the correct class. The tests only cover AF_SMC,
> not IPPROTO_SMC.
>
> Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>

Ping on this patch?

> ---
> v2 drops the tests for IPPROTO_SMC since apparently that patch isn't
> going anywhere.
>
>  defconfig                                |  5 +++++
>  policy/test_extended_socket_class.te     |  3 +++
>  tests/extended_socket_class/sockcreate.c |  1 +
>  tests/extended_socket_class/test         | 22 ++++++++++++++++++++++
>  4 files changed, 31 insertions(+)
>
> diff --git a/defconfig b/defconfig
> index 47938c1..b2d4a90 100644
> --- a/defconfig
> +++ b/defconfig
> @@ -131,3 +131,8 @@ CONFIG_KEY_NOTIFICATIONS=y
>  # This is not required for SELinux operation itself.
>  CONFIG_TRACING=y
>  CONFIG_DEBUG_FS=y
> +
> +# Test SMC sockets
> +CONFIG_INFINIBAND=m
> +CONFIG_SMC=m
> +CONFIG_SMC_LO=y
> diff --git a/policy/test_extended_socket_class.te b/policy/test_extended_socket_class.te
> index c8840b4..6f0ebaa 100644
> --- a/policy/test_extended_socket_class.te
> +++ b/policy/test_extended_socket_class.te
> @@ -48,6 +48,9 @@ extended_socket_class_test(bluetooth_socket, socket)
>  # Test use of alg_socket for Alg (Crypto API) sockets instead of socket.
>  extended_socket_class_test(alg_socket, socket)
>
> +# Test use of smc_socket for SMC sockets instead of socket.
> +extended_socket_class_test(smc_socket, socket)
> +
>  #
>  # Common rules for all extended_socket_class test domains.
>  #
> diff --git a/tests/extended_socket_class/sockcreate.c b/tests/extended_socket_class/sockcreate.c
> index ee1d8f3..e3bbf0b 100644
> --- a/tests/extended_socket_class/sockcreate.c
> +++ b/tests/extended_socket_class/sockcreate.c
> @@ -47,6 +47,7 @@ static struct nameval domains[] = {
>  #define AF_QIPCRTR 42
>  #endif
>         { "qipcrtr", AF_QIPCRTR },
> +       { "smc", AF_SMC },
>         { NULL, 0 }
>  };
>
> diff --git a/tests/extended_socket_class/test b/tests/extended_socket_class/test
> index 86c706b..1e6299f 100755
> --- a/tests/extended_socket_class/test
> +++ b/tests/extended_socket_class/test
> @@ -6,6 +6,7 @@ BEGIN {
>      $test_count     = 6;
>      $test_bluetooth = 0;
>      $test_sctp      = 0;
> +    $test_smc       = 0;
>
>      # check if SCTP is enabled
>      if ( system("modprobe sctp 2>/dev/null && checksctp 2>/dev/null") eq 0 ) {
> @@ -19,6 +20,12 @@ BEGIN {
>          $test_bluetooth = 1;
>      }
>
> +    # check if SMC is supported
> +    if ( system("modprobe smc 2>/dev/null") eq 0 ) {
> +        $test_count += 2;
> +        $test_smc = 1;
> +    }
> +
>      plan tests => $test_count;
>  }
>
> @@ -131,3 +138,18 @@ $result = system(
>  "runcon -t test_no_alg_socket_t -- $basedir/sockcreate alg seqpacket default 2>&1"
>  );
>  ok($result);
> +
> +if ($test_smc) {
> +
> +    # Verify that test_smc_socket_t can create a SMC socket (AF_SMC).
> +    $result = system(
> +"runcon -t test_smc_socket_t -- $basedir/sockcreate smc stream default 2>&1"
> +    );
> +    ok( $result, 0 );
> +
> +    # Verify that test_no_smc_socket_t cannot create a SMC socket (AF_SMC).
> +    $result = system(
> +"runcon -t test_no_smc_socket_t -- $basedir/sockcreate smc stream default 2>&1"
> +    );
> +    ok($result);
> +}
> --
> 2.40.1
>





[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux