All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH testsuite] tests/ioctl: Update ioctl tests
@ 2022-02-24 12:42 Richard Haines
  2022-04-20 12:22 ` Ondrej Mosnacek
  0 siblings, 1 reply; 2+ messages in thread
From: Richard Haines @ 2022-02-24 12:42 UTC (permalink / raw)
  To: selinux; +Cc: paul, demiobenour, Richard Haines

This change replaces the ioctl check FIOCLEX with FIOQSIZE as the
kernel will always allow FIOCLEX if policy capability 'ioctl_skip_cloexec'
is set true.

Also updated policy to test xperm ioctl FIOQSIZE.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
---
 policy/test_ioctl_xperms.te | 7 ++++---
 tests/ioctl/test_ioctl.c    | 4 ++--
 tests/ioctl/test_noioctl.c  | 4 ++--
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/policy/test_ioctl_xperms.te b/policy/test_ioctl_xperms.te
index f9bc8d5..5f570c3 100644
--- a/policy/test_ioctl_xperms.te
+++ b/policy/test_ioctl_xperms.te
@@ -1,4 +1,4 @@
-define(`FIOCLEX', `{ 0x00006601 0x00005451 }')
+define(`FIOQSIZE', `{ 0x00005460 }')
 
 # Domain for process that is allowed the required ioctl xperms.
 type test_ioctl_xperm_t;
@@ -7,7 +7,7 @@ unconfined_runs_test(test_ioctl_xperm_t)
 typeattribute test_ioctl_xperm_t ioctldomain;
 typeattribute test_ioctl_xperm_t testdomain;
 allow test_ioctl_xperm_t test_ioctl_file_t:file { open read write ioctl getattr setattr };
-allowxperm test_ioctl_xperm_t test_ioctl_file_t:file ioctl FIOCLEX;
+allowxperm test_ioctl_xperm_t test_ioctl_file_t:file ioctl FIOQSIZE;
 
 # Domain for process that is not allowed the required ioctl xperms.
 type test_ioctl_noxperm_t;
@@ -15,4 +15,5 @@ domain_type(test_ioctl_noxperm_t)
 unconfined_runs_test(test_ioctl_noxperm_t)
 typeattribute test_ioctl_noxperm_t ioctldomain;
 typeattribute test_ioctl_noxperm_t testdomain;
-allowxperm test_ioctl_noxperm_t test_ioctl_file_t:file ioctl ~FIOCLEX;
+allow test_ioctl_noxperm_t test_ioctl_file_t:file { open read getattr setattr ioctl };
+allowxperm test_ioctl_noxperm_t test_ioctl_file_t:file ioctl ~FIOQSIZE;
diff --git a/tests/ioctl/test_ioctl.c b/tests/ioctl/test_ioctl.c
index 366d09c..6fff2d0 100644
--- a/tests/ioctl/test_ioctl.c
+++ b/tests/ioctl/test_ioctl.c
@@ -35,9 +35,9 @@ int main(int argc, char **argv)
 	}
 
 	/* This one should hit the FILE__IOCTL test */
-	rc = ioctl(fd, FIOCLEX);
+	rc = ioctl(fd, FIOQSIZE, &val);
 	if( rc < 0 ) {
-		perror("test_ioctl:FIOCLEX");
+		perror("test_ioctl:FIOQSIZE");
 		exit(1);
 	}
 
diff --git a/tests/ioctl/test_noioctl.c b/tests/ioctl/test_noioctl.c
index ddce457..4b67e9a 100644
--- a/tests/ioctl/test_noioctl.c
+++ b/tests/ioctl/test_noioctl.c
@@ -51,9 +51,9 @@ int main(int argc, char **argv)
 	}
 
 	/* This one should hit the FILE__IOCTL test and fail. */
-	rc = ioctl(fd, FIOCLEX);
+	rc = ioctl(fd, FIOQSIZE, &val);
 	if( rc == 0 ) {
-		printf("test_noioctl:FIOCLEX");
+		printf("test_noioctl:FIOQSIZE");
 		exit(1);
 	}
 
-- 
2.35.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-04-20 12:23 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-24 12:42 [PATCH testsuite] tests/ioctl: Update ioctl tests Richard Haines
2022-04-20 12:22 ` Ondrej Mosnacek

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.