From patchwork Thu Oct 27 18:28:45 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stephen Smalley <sds@tycho.nsa.gov>
X-Patchwork-Id: 9400179
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	EC68E6057E for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 27 Oct 2016 18:30:50 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DD01E2A367
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 27 Oct 2016 18:30:50 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id CFA7D2A37D; Thu, 27 Oct 2016 18:30:50 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE
	autolearn=ham version=3.3.1
Received: from emsm-gh1-uea10.nsa.gov (emsm-gh1-uea10.nsa.gov [8.44.101.8])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 202282A367
	for <patchwork-selinux@patchwork.kernel.org>;
	Thu, 27 Oct 2016 18:30:50 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.31,553,1473120000"; d="scan'208";a="347634"
IronPort-PHdr: =?us-ascii?q?9a23=3AhOJLwR8nbU0iCf9uRHKM819IXTAuvvDOBiVQ1KB9?=
	=?us-ascii?q?1uscTK2v8tzYMVDF4r011RmSDN+dtKsP0rOK+4nbGkU4qa6bt34DdJEeHzQksu?=
	=?us-ascii?q?4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2WVTerzWI4CIIHV2nbEwu?=
	=?us-ascii?q?d76zRdeZ1p3rn8mJuLTrKz1SgzS8Zb4gZD6Xli728vcsvI15N6wqwQHIqHYbM8?=
	=?us-ascii?q?5fxGdvOE7B102kvpT4wYRnuxh0l7phspQYEPayQ6NtVrFcDTI7I0gp9cbrsl/F?=
	=?us-ascii?q?VgLJ6XwCAUsMlR8dOBTI9BH3WN/KtyL+sudskH2BMdbeUaE/WTPk6bxiDhDvln?=
	=?us-ascii?q?FUZHYC7GjLh5ko3+pgqxW7qkk6mdbZ?=
X-IPAS-Result: =?us-ascii?q?A2EpBgA9RxJY/wHyM5BcGwEBAQMBAQEJAQEBFgEBAQMBAQE?=
	=?us-ascii?q?JAQEBgn8BAQEBAR2BRQULum8piA1TAQEBAQEBAQECAQJfKEISAYFeBAMTBYIRA?=
	=?us-ascii?q?gQBAjcUIAsDAwkBARcpCAgDAS0VEQ4LBRgEiDPAWwELASSPKxEBaIUTBZoWkCM?=
	=?us-ascii?q?CgWyIGwyFb0mQQ1RRBgiFJVaFCIEueIExAQEB?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea10.nsa.gov with ESMTP; 27 Oct 2016 18:30:27 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u9RIUIFT022078;
	Thu, 27 Oct 2016 14:30:20 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u9RIQ4q6118639 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Thu, 27 Oct 2016 14:26:04 -0400
Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto
	[192.168.25.131])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id
	u9RIQ0eE021361; Thu, 27 Oct 2016 14:26:03 -0400
From: Stephen Smalley <sds@tycho.nsa.gov>
To: selinux@tycho.nsa.gov
Subject: [PATCH 2/2] selinux-testsuite: mmap: fix shmat SHM_EXEC test for old
	policies
Date: Thu, 27 Oct 2016 14:28:45 -0400
Message-Id: <1477592925-9693-2-git-send-email-sds@tycho.nsa.gov>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1477592925-9693-1-git-send-email-sds@tycho.nsa.gov>
References: <1477592925-9693-1-git-send-email-sds@tycho.nsa.gov>
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Cc: Stephen Smalley <sds@tycho.nsa.gov>, toiwoton@gmail.com
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

Policies need not allow domains to create and use shared memory
objects by default, so we should not assume that in the test policy.
Allow it explicitly.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 policy/test_mmap.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/policy/test_mmap.te b/policy/test_mmap.te
index 8eed390..3b92853 100644
--- a/policy/test_mmap.te
+++ b/policy/test_mmap.te
@@ -31,6 +31,8 @@ allow test_execmem_t self:process execmem;
 allow test_execmem_t test_mmap_file_t:file { open read execute };
 # For mmap_hugetlb_anon_shared test.
 allow test_execmem_t hugetlbfs_t:file { read write execute };
+# For shmat test.
+allow test_execmem_t self:shm create_shm_perms;
 # For shmat test on old kernels.
 allow test_execmem_t tmpfs_t:file { read write execute };
 
@@ -43,6 +45,8 @@ typeattribute test_no_execmem_t mmaptestdomain;
 allow test_no_execmem_t test_mmap_file_t:file { open read };
 # For mmap_hugetlb_anon_shared test.
 allow test_no_execmem_t hugetlbfs_t:file { read write };
+# For shmat test.
+allow test_no_execmem_t self:shm create_shm_perms;
 # For shmat test on old kernels: no execmem check, only tmpfs write+execute.
 allow test_no_execmem_t tmpfs_t:file { read write };