mbox series

[RFC,0/1] selinux-testsuite: Add additional key permission tests

Message ID 20200202193508.15056-1-richard_c_haines@btinternet.com (mailing list archive)
Headers show
Series selinux-testsuite: Add additional key permission tests | expand

Message

Richard Haines Feb. 2, 2020, 7:35 p.m. UTC 
This patch allows the new key permissions to be tested as discussed in [1].

To test:
1) Build and install kernel from [2].

2) Run the selinux-testsuite to check ok.

3) Update selinux-testsuite with this patch.

4) Update libsepol with: libsepol-Add-key_perms-policy-capability.patch

5) Add the following CIL statements to test_keys.cil and install:
semodule -i test_keys.cil

(policycap key_perms) ; comment out to test original permission translation
(common key (inval revoke join clear))
(classcommon key key)

6) Edit /usr/share/selinux/devel/include/support/all_perms.spt
   and insert the 'inval revoke join clear' permissions:

define(`all_key_perms',`{ view read write ...}')

7) Run 'make test'

[1] https://lore.kernel.org/selinux/459818a9ad1c808298bf3d7c9bcb130323d30e97.camel@btinternet.com/
[2] https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit/?h=keys-next

Richard Haines (1):
  selinux-testsuite: Add additional key permission tests

 policy/test_keys.te          | 139 ++++++++++++++++++++++++++++-------
 tests/keys/keyctl.c          |  39 ++++++++++
 tests/keys/keyring_service.c |  12 ++-
 tests/keys/request_keys.c    |  70 ++++++++++++++----
 tests/keys/test              |  63 ++++++++++++++--
 5 files changed, 273 insertions(+), 50 deletions(-)