From patchwork Mon Sep 28 14:54:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antoine Tenart X-Patchwork-Id: 1372694 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4C0QYJ4zwjz9s0b for ; Tue, 29 Sep 2020 00:55:16 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id DF480203F4; Mon, 28 Sep 2020 14:55:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TFpSaN8+ETvV; Mon, 28 Sep 2020 14:54:59 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id B6E1A2049C; Mon, 28 Sep 2020 14:54:53 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id C2AA91BF3A9 for ; Mon, 28 Sep 2020 14:54:49 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id BFC4784961 for ; Mon, 28 Sep 2020 14:54:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9oQFTxei9uVD for ; Mon, 28 Sep 2020 14:54:48 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 32BD1847E5 for ; Mon, 28 Sep 2020 14:54:48 +0000 (UTC) X-Originating-IP: 90.76.143.236 Received: from localhost (lfbn-tou-1-1075-236.w90-76.abo.wanadoo.fr [90.76.143.236]) (Authenticated sender: antoine.tenart@bootlin.com) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id 212D84000F; Mon, 28 Sep 2020 14:54:46 +0000 (UTC) From: Antoine Tenart To: buildroot@buildroot.org Date: Mon, 28 Sep 2020 16:54:24 +0200 Message-Id: <20200928145425.2109095-7-antoine.tenart@bootlin.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200928145425.2109095-1-antoine.tenart@bootlin.com> References: <20200928145425.2109095-1-antoine.tenart@bootlin.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH 6/7] support/testing: add tests for the packages SELinux functionalities X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: matthew.weber@rockwellcollins.com, thomas.petazzoni@bootlin.com Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Add tests to ensure the packages SELinux functionalities (being able to select an extra SELinux module in the refpolicy, and being able to provide a custom SELinux module) are working as expected. We use a BR2_EXTERNAL folder, provided in the tests, to use a custom SELinux enabled package. Signed-off-by: Antoine Tenart --- support/testing/tests/core/test_selinux.py | 22 +++++++++++++++++++ .../core/test_selinux/br2_external/Config.in | 1 + .../test_selinux/br2_external/external.desc | 1 + .../test_selinux/br2_external/external.mk | 1 + .../package/selinux-test/Config.in | 6 +++++ .../package/selinux-test/selinux-test.mk | 9 ++++++++ .../package/selinux-test/selinux/buildroot.fc | 0 .../package/selinux-test/selinux/buildroot.if | 1 + .../package/selinux-test/selinux/buildroot.te | 3 +++ 9 files changed, 44 insertions(+) create mode 100644 support/testing/tests/core/test_selinux/br2_external/Config.in create mode 100644 support/testing/tests/core/test_selinux/br2_external/external.desc create mode 100644 support/testing/tests/core/test_selinux/br2_external/external.mk create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if create mode 100644 support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te diff --git a/support/testing/tests/core/test_selinux.py b/support/testing/tests/core/test_selinux.py index bb6604590ab5..28d99d3a6912 100644 --- a/support/testing/tests/core/test_selinux.py +++ b/support/testing/tests/core/test_selinux.py @@ -58,3 +58,25 @@ class TestSELinuxCustomGit(TestSELinuxInfra): def test_run(self): pass + +class TestSELinuxPackage(TestSELinuxInfra): + br2_external = [infra.filepath("tests/core/test_selinux/br2_external")] + config = TestSELinuxInfra.config + \ + """ + BR2_PACKAGE_SELINUX_TEST=y + """ + + def test_run(self): + TestSELinuxInfra.base_test_run(self) + + out, ret = self.emulator.run("seinfo -t ntpd_t", 15) + self.assertEqual(ret, 0) + self.assertEqual(out[2].strip(), "ntpd_t") + + out, ret = self.emulator.run("seinfo -t tor_t", 15) + self.assertEqual(ret, 0) + self.assertEqual(out[2].strip(), "tor_t") + + out, ret = self.emulator.run("seinfo -t buildroot_test_t", 15) + self.assertEqual(ret, 0) + self.assertEqual(out[2].strip(), "buildroot_test_t") diff --git a/support/testing/tests/core/test_selinux/br2_external/Config.in b/support/testing/tests/core/test_selinux/br2_external/Config.in new file mode 100644 index 000000000000..9d9c84ee3cfe --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/Config.in @@ -0,0 +1 @@ +source "$BR2_EXTERNAL_SELINUX_PATH/package/selinux-test/Config.in" diff --git a/support/testing/tests/core/test_selinux/br2_external/external.desc b/support/testing/tests/core/test_selinux/br2_external/external.desc new file mode 100644 index 000000000000..44b5b95f5b4e --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/external.desc @@ -0,0 +1 @@ +name: SELINUX diff --git a/support/testing/tests/core/test_selinux/br2_external/external.mk b/support/testing/tests/core/test_selinux/br2_external/external.mk new file mode 100644 index 000000000000..54d2402d52e3 --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/external.mk @@ -0,0 +1 @@ +include $(sort $(wildcard $(BR2_EXTERNAL_SELINUX_PATH)/package/*/*.mk)) diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in new file mode 100644 index 000000000000..c50631bd3a5b --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in @@ -0,0 +1,6 @@ +config BR2_PACKAGE_SELINUX_TEST + bool "SELinux test package" + depends on BR2_PACKAGE_LIBSELINUX + depends on BR2_PACKAGE_REFPOLICY + help + Test package for SELinux Buildroot helpers. diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk new file mode 100644 index 000000000000..0100b718be3f --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk @@ -0,0 +1,9 @@ +################################################################################ +# +# SELinux test package +# +################################################################################ + +SELINUX_TEST_SELINUX_MODULES = ntp tor + +$(eval $(generic-package)) diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if new file mode 100644 index 000000000000..acf797e6044b --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if @@ -0,0 +1 @@ +## Buildroot rules diff --git a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te new file mode 100644 index 000000000000..266bc03be013 --- /dev/null +++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te @@ -0,0 +1,3 @@ +policy_module(buildroot, 1.0.0) + +type buildroot_test_t;