[v4,testsuite,10/15] policy: Add defaultrange rules for overlay tests

Commit Message

Stephen Smalley May 8, 2020, 3:41 p.m. UTC

Some of the overlay tests assume that files inherit their MCS/MLS
labels from the parent directory rather than the process.  This is
true on Fedora which defines defaultrange rules for this purpose but
not in refpolicy.  Add the defaultrange rules explicitly to the test
policy as a CIL module to provide consistent behavior on Debian.

Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
---
 policy/Makefile                      | 2 +-
 policy/test_overlay_defaultrange.cil | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 policy/test_overlay_defaultrange.cil

Patch

diff --git a/policy/Makefile b/policy/Makefile
index 8f43427..17e9da3 100644
--- a/policy/Makefile
+++ b/policy/Makefile
@@ -36,7 +36,7 @@  SUPPORTS_CIL = n
 endif
 
 ifeq ($(SUPPORTS_CIL),y)
-CIL_TARGETS = test_mlsconstrain.cil
+CIL_TARGETS = test_mlsconstrain.cil test_overlay_defaultrange.cil
 ifeq ($(shell [[ $(MAX_KERNEL_POLICY) -ge 32 && $(POL_VERS) -ge 32 ]] && echo true),true)
 # If other MLS tests get written this can be moved outside of the glblub test
 ifeq ($(POL_TYPE), MLS)
diff --git a/policy/test_overlay_defaultrange.cil b/policy/test_overlay_defaultrange.cil
new file mode 100644
index 0000000..d1c18db
--- /dev/null
+++ b/policy/test_overlay_defaultrange.cil
@@ -0,0 +1,7 @@ 
+(defaultrange file target low)
+(defaultrange dir target low)
+(defaultrange lnk_file target low)
+(defaultrange chr_file target low)
+(defaultrange blk_file target low)
+(defaultrange sock_file target low)
+(defaultrange fifo_file target low)