tests/misc/selinux.sh

   1 #!/bin/sh
   2 # Test SELinux-related options.
   3
   4 # Copyright (C) 2007-2024 Free Software Foundation, Inc.
   5
   6 # This program is free software: you can redistribute it and/or modify
   7 # it under the terms of the GNU General Public License as published by
   8 # the Free Software Foundation, either version 3 of the License, or
   9 # (at your option) any later version.
  10
  11 # This program is distributed in the hope that it will be useful,
  12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 # GNU General Public License for more details.
  15
  16 # You should have received a copy of the GNU General Public License
  17 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
  18
  19 . "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
  20 print_ver_ chcon cp ls mv stat
  21
  22 require_root_
  23 require_selinux_
  24 skip_if_mcstransd_is_running_
  25
  26 # Create a regular file, dir, fifo.
  27 touch f || framework_failure_
  28 mkdir d s1 s2 || framework_failure_
  29 mkfifo_or_skip_ p
  30
  31
  32 # special context that works both with and without mcstransd
  33 ctx='root:object_r:tmp_t'
  34 mls_enabled_ && ctx="$ctx:s0"
  35
  36 chcon $ctx f d p || skip_ "Failed to set context: $ctx"
  37
  38 # inspect that context with both ls -Z and stat.
  39 for i in d f p; do
  40   c=$(ls -dogZ $i|cut -d' ' -f3); test x$c = x$ctx || fail=1
  41   c=$(stat --printf %C $i); test x$c = x$ctx || fail=1
  42 done
  43
  44 # ensure that ls -l output includes the ".".
  45 c=$(ls -l f|cut -c11); test "$c" = . || fail=1
  46
  47 # Copy with an invalid context and ensure it fails
  48 # Note this may succeed when root and selinux is in permissive mode
  49 if test "$(getenforce)" = Enforcing; then
  50   returns_ 1 cp --context='invalid-selinux-context' f f.cp || fail=1
  51 fi
  52
  53 # Copy each to a new directory and ensure that context is preserved.
  54 cp -r --preserve=all d f p s1 || fail=1
  55 for i in d f p; do
  56   c=$(stat --printf %C s1/$i); test x$c = x$ctx || fail=1
  57 done
  58
  59 # Now, move each to a new directory and ensure that context is preserved.
  60 mv d f p s2 || fail=1
  61 for i in d f p; do
  62   c=$(stat --printf %C s2/$i); test x$c = x$ctx || fail=1
  63 done
  64
  65 Exit $fail