From 4fe09f4cabcd59bd9fb5f46c5160cc17b79377ed Mon Sep 17 00:00:00 2001 From: Antoine Tenart Date: Mon, 28 Sep 2020 16:54:22 +0200 Subject: [PATCH] support/testing/tests/core/test_selinux: new test for BR2_REFPOLICY_EXTRA_MODULES_DIRS Add a test for the BR2_REFPOLICY_EXTRA_MODULES_DIRS functionality (which allows to provide custom SELinux modules). Signed-off-by: Antoine Tenart Signed-off-by: Thomas Petazzoni --- DEVELOPERS | 1 + support/testing/tests/core/test_selinux.py | 13 +++++++++++++ .../core/test_selinux/extra_modules/buildroot.fc | 0 .../core/test_selinux/extra_modules/buildroot.if | 1 + .../core/test_selinux/extra_modules/buildroot.te | 3 +++ 5 files changed, 18 insertions(+) create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.fc create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.if create mode 100644 support/testing/tests/core/test_selinux/extra_modules/buildroot.te diff --git a/DEVELOPERS b/DEVELOPERS index ba96174670..53b476501b 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -255,6 +255,7 @@ F: package/gnuplot/ N: Antoine Ténart F: package/wf111/ +F: support/testing/tests/core/test_selinux/ F: support/testing/tests/core/test_selinux.py F: support/testing/tests/init/test_systemd_selinux/ F: support/testing/tests/init/test_systemd_selinux.py diff --git a/support/testing/tests/core/test_selinux.py b/support/testing/tests/core/test_selinux.py index 10be30d791..9e189d6114 100644 --- a/support/testing/tests/core/test_selinux.py +++ b/support/testing/tests/core/test_selinux.py @@ -34,3 +34,16 @@ class TestSELinuxExtraModules(TestSELinuxInfra): out, ret = self.emulator.run("seinfo -t tor_t", 15) self.assertEqual(ret, 0) self.assertEqual(out[2].strip(), "tor_t") + +class TestSELinuxExtraModulesDirs(TestSELinuxInfra): + config = TestSELinuxInfra.config + \ + """ + BR2_REFPOLICY_EXTRA_MODULES_DIRS="{}" + """.format(infra.filepath("tests/core/test_selinux/extra_modules")) + + def test_run(self): + TestSELinuxInfra.base_test_run(self) + + out, ret = self.emulator.run("seinfo -t buildroot_test_t", 15) + self.assertEqual(ret, 0) + self.assertEqual(out[2].strip(), "buildroot_test_t") diff --git a/support/testing/tests/core/test_selinux/extra_modules/buildroot.fc b/support/testing/tests/core/test_selinux/extra_modules/buildroot.fc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/support/testing/tests/core/test_selinux/extra_modules/buildroot.if b/support/testing/tests/core/test_selinux/extra_modules/buildroot.if new file mode 100644 index 0000000000..acf797e604 --- /dev/null +++ b/support/testing/tests/core/test_selinux/extra_modules/buildroot.if @@ -0,0 +1 @@ +## Buildroot rules diff --git a/support/testing/tests/core/test_selinux/extra_modules/buildroot.te b/support/testing/tests/core/test_selinux/extra_modules/buildroot.te new file mode 100644 index 0000000000..266bc03be0 --- /dev/null +++ b/support/testing/tests/core/test_selinux/extra_modules/buildroot.te @@ -0,0 +1,3 @@ +policy_module(buildroot, 1.0.0) + +type buildroot_test_t; -- 2.30.2