support/testing/tests/core/test_selinux: new tests for the packages SELinux functionalities

Add tests to ensure the packages SELinux functionalities (being able to select an extra SELinux module in the refpolicy, and being able to provide a custom SELinux module) are working as expected. We use a BR2_EXTERNAL folder, provided in the tests, to use a custom SELinux enabled package. Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-09-28 16:54:24 +02:00 · 2020-09-28 16:54:24 +02:00 · 751b660c1f
parent 0f3b931624
commit 751b660c1f
9 changed files with 42 additions and 0 deletions
--- a/support/testing/tests/core/test_selinux.py
+++ b/support/testing/tests/core/test_selinux.py
@ -58,3 +58,25 @@ class TestSELinuxCustomGit(TestSELinuxInfra):

    def test_run(self):
        pass
+
+class TestSELinuxPackage(TestSELinuxInfra):
+    br2_external = [infra.filepath("tests/core/test_selinux/br2_external")]
+    config = TestSELinuxInfra.config + \
+             """
+             BR2_PACKAGE_SELINUX_TEST=y
+             """
+
+    def test_run(self):
+        TestSELinuxInfra.base_test_run(self)
+
+        out, ret = self.emulator.run("seinfo -t ntpd_t", 15)
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[2].strip(), "ntpd_t")
+
+        out, ret = self.emulator.run("seinfo -t tor_t", 15)
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[2].strip(), "tor_t")
+
+        out, ret = self.emulator.run("seinfo -t buildroot_test_t", 15)
+        self.assertEqual(ret, 0)
+        self.assertEqual(out[2].strip(), "buildroot_test_t")
--- a/support/testing/tests/core/test_selinux/br2_external/Config.in
+++ b/support/testing/tests/core/test_selinux/br2_external/Config.in
@ -0,0 +1 @@
+source "$BR2_EXTERNAL_SELINUX_PATH/package/selinux-test/Config.in"
--- a/support/testing/tests/core/test_selinux/br2_external/external.desc
+++ b/support/testing/tests/core/test_selinux/br2_external/external.desc
@ -0,0 +1 @@
+name: SELINUX
--- a/support/testing/tests/core/test_selinux/br2_external/external.mk
+++ b/support/testing/tests/core/test_selinux/br2_external/external.mk
@ -0,0 +1 @@
+include $(sort $(wildcard $(BR2_EXTERNAL_SELINUX_PATH)/package/*/*.mk))
--- a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in
+++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/Config.in
@ -0,0 +1,4 @@
+config BR2_PACKAGE_SELINUX_TEST
+	bool "SELinux test package"
+	help
+	  Test package for SELinux Buildroot helpers.
--- a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk
+++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux-test.mk
@ -0,0 +1,9 @@
+################################################################################
+#
+# SELinux test package
+#
+################################################################################
+
+SELINUX_TEST_SELINUX_MODULES = ntp tor
+
+$(eval $(generic-package))
--- a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc
+++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.fc
--- a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if
+++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.if
@ -0,0 +1 @@
+## <summary>Buildroot rules</summary>
--- a/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te
+++ b/support/testing/tests/core/test_selinux/br2_external/package/selinux-test/selinux/buildroot.te
@ -0,0 +1,3 @@
+policy_module(buildroot, 1.0.0)
+
+type buildroot_test_t;
				`@ -0,0 +1 @@`
				`source "$BR2_EXTERNAL_SELINUX_PATH/package/selinux-test/Config.in"`
				`@ -0,0 +1 @@`
				`include $(sort $(wildcard $(BR2_EXTERNAL_SELINUX_PATH)/package//.mk))`