Skip to content

Commit

Permalink
tests/extended_socket_class: test SMC sockets
Browse files Browse the repository at this point in the history
Enable SMC sockets and their dependencies in the defconfig and
exercise them as part of the extended socket class tests.
This only verifies that socket create permission is checked
against the correct class. The tests only cover AF_SMC,
not IPPROTO_SMC.

Signed-off-by: Stephen Smalley <[email protected]>
Signed-off-by: Ondrej Mosnacek <[email protected]>
  • Loading branch information
stephensmalley authored and WOnder93 committed Sep 10, 2024
1 parent 82cdcae commit f71a462
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 0 deletions.
5 changes: 5 additions & 0 deletions defconfig
Original file line number Diff line number Diff line change
Expand Up @@ -131,3 +131,8 @@ CONFIG_KEY_NOTIFICATIONS=y
# This is not required for SELinux operation itself.
CONFIG_TRACING=y
CONFIG_DEBUG_FS=y

# Test SMC sockets
CONFIG_INFINIBAND=m
CONFIG_SMC=m
CONFIG_SMC_LO=y
3 changes: 3 additions & 0 deletions policy/test_extended_socket_class.te
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ extended_socket_class_test(bluetooth_socket, socket)
# Test use of alg_socket for Alg (Crypto API) sockets instead of socket.
extended_socket_class_test(alg_socket, socket)

# Test use of smc_socket for SMC sockets instead of socket.
extended_socket_class_test(smc_socket, socket)

#
# Common rules for all extended_socket_class test domains.
#
Expand Down
1 change: 1 addition & 0 deletions tests/extended_socket_class/sockcreate.c
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ static struct nameval domains[] = {
#define AF_QIPCRTR 42
#endif
{ "qipcrtr", AF_QIPCRTR },
{ "smc", AF_SMC },
{ NULL, 0 }
};

Expand Down
22 changes: 22 additions & 0 deletions tests/extended_socket_class/test
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ BEGIN {
$test_count = 6;
$test_bluetooth = 0;
$test_sctp = 0;
$test_smc = 0;

# check if SCTP is enabled
if ( system("modprobe sctp 2>/dev/null && checksctp 2>/dev/null") eq 0 ) {
Expand All @@ -19,6 +20,12 @@ BEGIN {
$test_bluetooth = 1;
}

# check if SMC is supported
if ( system("modprobe smc 2>/dev/null") eq 0 ) {
$test_count += 2;
$test_smc = 1;
}

plan tests => $test_count;
}

Expand Down Expand Up @@ -131,3 +138,18 @@ $result = system(
"runcon -t test_no_alg_socket_t -- $basedir/sockcreate alg seqpacket default 2>&1"
);
ok($result);

if ($test_smc) {

# Verify that test_smc_socket_t can create a SMC socket (AF_SMC).
$result = system(
"runcon -t test_smc_socket_t -- $basedir/sockcreate smc stream default 2>&1"
);
ok( $result, 0 );

# Verify that test_no_smc_socket_t cannot create a SMC socket (AF_SMC).
$result = system(
"runcon -t test_no_smc_socket_t -- $basedir/sockcreate smc stream default 2>&1"
);
ok($result);
}

0 comments on commit f71a462

Please sign in to comment.