From patchwork Thu Oct 27 18:28:44 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stephen Smalley X-Patchwork-Id: 9400171 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 9D8606057E for ; Thu, 27 Oct 2016 18:27:14 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 90B7A2A367 for ; Thu, 27 Oct 2016 18:27:14 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 84F412A37D; Thu, 27 Oct 2016 18:27:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E38432A367 for ; Thu, 27 Oct 2016 18:27:13 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.31,553,1473120000"; d="scan'208";a="347434" IronPort-PHdr: =?us-ascii?q?9a23=3A1hK2VxUbBDKCgGpBz/6hFtgOjLHV8LGtZVwlr6E/?= =?us-ascii?q?grcLSJyIuqrYZhGGt8tkgFKBZ4jH8fUM07OQ6PG6HzNZqs/Y7DgrS99lb1c9k8?= =?us-ascii?q?IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUiv2OQc9?= =?us-ascii?q?HOnpAIma153xjLHovcKKKFwR2HKUWvBbFF2OtwLft80b08NJC50a7V/3mEZOYP?= =?us-ascii?q?lc3mhyJFiezF7W78a0+4N/oWwL46pyv/NaVe3GW4hwDfkCVHV1e1wysdbmsRjF?= =?us-ascii?q?UBun+moXUmJQlAFBRQfC8kLURJD05xDmu/J91S/SBsj/SbQ5SHz29KtwYAP5gy?= =?us-ascii?q?cAcTgi+SfYjdIm3/ETmw6ouxEqm92cW4qSLvcrO/mFcA=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2EqBgATRhJY/wHyM5BcGwEBAQMBAQEJAQEBFwEBBAEBCgE?= =?us-ascii?q?Bgn8BAQEBAR2BRQULum8piA1TAQEBAQEBAQECAQJfKEISAYFeBAMTBYIYAjcUI?= =?us-ascii?q?AsDAwkCFykICAMBLRUfCwUYBIgzwGAljysRAWiFEwWaFpAjAoFsiBsMhW9JkEN?= =?us-ascii?q?UUQYIhSVWhQiBLniBMQEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 27 Oct 2016 18:27:10 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u9RIQ5k8021393; Thu, 27 Oct 2016 14:26:16 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u9RIQ1bp118629 for ; Thu, 27 Oct 2016 14:26:01 -0400 Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto [192.168.25.131]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u9RIQ0eD021361; Thu, 27 Oct 2016 14:26:00 -0400 From: Stephen Smalley To: selinux@tycho.nsa.gov Subject: [PATCH 1/2] selinux-testsuite: mmap: fix shmat SHM_EXEC test for old kernels Date: Thu, 27 Oct 2016 14:28:44 -0400 Message-Id: <1477592925-9693-1-git-send-email-sds@tycho.nsa.gov> X-Mailer: git-send-email 2.7.4 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Cc: Stephen Smalley , toiwoton@gmail.com MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Older kernels checked read+write+execute to the backing tmpfs file for shmat SHM_EXEC instead of execmem. Adjust the test policy to allow the tests to pass on these older kernels. Signed-off-by: Stephen Smalley --- policy/test_mmap.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/policy/test_mmap.te b/policy/test_mmap.te index e039f76..8eed390 100644 --- a/policy/test_mmap.te +++ b/policy/test_mmap.te @@ -31,6 +31,8 @@ allow test_execmem_t self:process execmem; allow test_execmem_t test_mmap_file_t:file { open read execute }; # For mmap_hugetlb_anon_shared test. allow test_execmem_t hugetlbfs_t:file { read write execute }; +# For shmat test on old kernels. +allow test_execmem_t tmpfs_t:file { read write execute }; type test_no_execmem_t; domain_type(test_no_execmem_t) @@ -41,6 +43,8 @@ typeattribute test_no_execmem_t mmaptestdomain; allow test_no_execmem_t test_mmap_file_t:file { open read }; # For mmap_hugetlb_anon_shared test. allow test_no_execmem_t hugetlbfs_t:file { read write }; +# For shmat test on old kernels: no execmem check, only tmpfs write+execute. +allow test_no_execmem_t tmpfs_t:file { read write }; type test_mprotect_anon_shared_t; domain_type(test_mprotect_anon_shared_t)