added SELinux enforcement validation and toggle tests#403
added SELinux enforcement validation and toggle tests#403Rohan-in-Qualcomm wants to merge 1 commit intoqualcomm-linux:mainfrom
Conversation
Rohan-in-Qualcomm
commented
Apr 15, 2026
Rohan-in-Qualcomm
commented
- Run-GetEnforce: Verifies SELinux is running in Permissive mode.
- Toggle-SetEnforce: Validates runtime switching between Enforcing and Permissive states.
Rohan-in-Qualcomm
force-pushed
the
linux-security
branch
from
d9cae69 to
096892c
Compare
- Run-GetEnforce: Verifies SELinux is running in Permissive mode. - Toggle-SetEnforce: Validates runtime switching between Enforcing and Permissive states. Signed-off-by: Rohan Dutta <rohadutt@qti.qualcomm.com>
Rohan-in-Qualcomm
force-pushed
the
linux-security
branch
from
096892c to
8c8bf87
Compare
| run: | ||
| steps: | ||
| - REPO_PATH=$PWD || true | ||
| - cd Runner/suites/Kernel/DEBUG/Run-GetEnforce || true |
There was a problem hiding this comment.
The testcase is being launched from the wrong path, and wrapper masking hides orchestration issues.
| run: | ||
| steps: | ||
| - REPO_PATH=$PWD || true | ||
| - cd Runner/suites/Kernel/DEBUG/Toggle-SetEnforce || true |
There was a problem hiding this comment.
The testcase is being launched from the wrong path, and wrapper masking hides orchestration issues.
|
|
||
| if [ -z "$INIT_ENV" ]; then | ||
| echo "[ERROR] Could not find init_env" >&2 | ||
| exit 1 |
There was a problem hiding this comment.
Write SKIP or FAIL to Run-GetEnforce.res first, then exit 0.
| exit 1 | ||
| fi | ||
|
|
||
| if [ -z "$__INIT_ENV_LOADED" ]; then |
There was a problem hiding this comment.
Current code expands "$__INIT_ENV_LOADED" directly and is less robust.
| cd "$test_path" || exit 1 | ||
| res_file="./$TESTNAME.res" | ||
| log_info "------------------------$TESTNAME Starting------------------------" | ||
|
|
There was a problem hiding this comment.
use check_dependencies "getenforce"
if getenforce is missing, SKIP
if getenforce returns Disabled, SKIP
only assert Permissive on SELinux-enabled builds
Also, use > instead of >> when writing the .res file so reruns do not append stale results.
|
|
||
| state1=$(getenforce) | ||
| log_info "Current state: $state1" | ||
|
|
There was a problem hiding this comment.
use check_dependencies "getenforce setenforce"
if getenforce returns Disabled, SKIP
if initial state is not one of Permissive or Enforcing, SKIP
after setenforce 1, explicitly check state2 = Enforcing
after setenforce 0, explicitly check state3 = Permissive
fail if either transition did not occur
| ## Script Location | ||
|
|
||
| ``` | ||
| Runner/suites/Kernel/DEBUG/Run-GetEnforce/run.sh |
There was a problem hiding this comment.
Update it to the actual path under Kernel Security.
| ## Script Location | ||
|
|
||
| ``` | ||
| Runner/suites/Kernel/DEBUG/Toggle-SetEnforce/run.sh |
There was a problem hiding this comment.
Update it to the actual path under Kernel Security.
2 participants
