On Thu, Aug 29, 2024 at 9:27 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > Enable SMC sockets and their dependencies in the defconfig and > exercise them as part of the extended socket class tests. > This only verifies that socket create permission is checked > against the correct class. The tests only cover AF_SMC, > not IPPROTO_SMC. > > Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> Ping on this patch? > --- > v2 drops the tests for IPPROTO_SMC since apparently that patch isn't > going anywhere. > > defconfig | 5 +++++ > policy/test_extended_socket_class.te | 3 +++ > tests/extended_socket_class/sockcreate.c | 1 + > tests/extended_socket_class/test | 22 ++++++++++++++++++++++ > 4 files changed, 31 insertions(+) > > diff --git a/defconfig b/defconfig > index 47938c1..b2d4a90 100644 > --- a/defconfig > +++ b/defconfig > @@ -131,3 +131,8 @@ CONFIG_KEY_NOTIFICATIONS=y > # This is not required for SELinux operation itself. > CONFIG_TRACING=y > CONFIG_DEBUG_FS=y > + > +# Test SMC sockets > +CONFIG_INFINIBAND=m > +CONFIG_SMC=m > +CONFIG_SMC_LO=y > diff --git a/policy/test_extended_socket_class.te b/policy/test_extended_socket_class.te > index c8840b4..6f0ebaa 100644 > --- a/policy/test_extended_socket_class.te > +++ b/policy/test_extended_socket_class.te > @@ -48,6 +48,9 @@ extended_socket_class_test(bluetooth_socket, socket) > # Test use of alg_socket for Alg (Crypto API) sockets instead of socket. > extended_socket_class_test(alg_socket, socket) > > +# Test use of smc_socket for SMC sockets instead of socket. > +extended_socket_class_test(smc_socket, socket) > + > # > # Common rules for all extended_socket_class test domains. > # > diff --git a/tests/extended_socket_class/sockcreate.c b/tests/extended_socket_class/sockcreate.c > index ee1d8f3..e3bbf0b 100644 > --- a/tests/extended_socket_class/sockcreate.c > +++ b/tests/extended_socket_class/sockcreate.c > @@ -47,6 +47,7 @@ static struct nameval domains[] = { > #define AF_QIPCRTR 42 > #endif > { "qipcrtr", AF_QIPCRTR }, > + { "smc", AF_SMC }, > { NULL, 0 } > }; > > diff --git a/tests/extended_socket_class/test b/tests/extended_socket_class/test > index 86c706b..1e6299f 100755 > --- a/tests/extended_socket_class/test > +++ b/tests/extended_socket_class/test > @@ -6,6 +6,7 @@ BEGIN { > $test_count = 6; > $test_bluetooth = 0; > $test_sctp = 0; > + $test_smc = 0; > > # check if SCTP is enabled > if ( system("modprobe sctp 2>/dev/null && checksctp 2>/dev/null") eq 0 ) { > @@ -19,6 +20,12 @@ BEGIN { > $test_bluetooth = 1; > } > > + # check if SMC is supported > + if ( system("modprobe smc 2>/dev/null") eq 0 ) { > + $test_count += 2; > + $test_smc = 1; > + } > + > plan tests => $test_count; > } > > @@ -131,3 +138,18 @@ $result = system( > "runcon -t test_no_alg_socket_t -- $basedir/sockcreate alg seqpacket default 2>&1" > ); > ok($result); > + > +if ($test_smc) { > + > + # Verify that test_smc_socket_t can create a SMC socket (AF_SMC). > + $result = system( > +"runcon -t test_smc_socket_t -- $basedir/sockcreate smc stream default 2>&1" > + ); > + ok( $result, 0 ); > + > + # Verify that test_no_smc_socket_t cannot create a SMC socket (AF_SMC). > + $result = system( > +"runcon -t test_no_smc_socket_t -- $basedir/sockcreate smc stream default 2>&1" > + ); > + ok($result); > +} > -- > 2.40.1 >