From 6a53350cabe860d4e3e6bce65c81c6f4c990b24f Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Jun 09 2021 17:09:04 +0000
Subject: tests: Add decentralized SELinux policy test


- Test for unsound/dangerous SELinux policy practices
- Perform static policy code check using SELint

For more details and debugging tips see
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Testing

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

---

diff --git a/tests/tests-DSP.yml b/tests/tests-DSP.yml
new file mode 100644
index 0000000..89935c3
--- /dev/null
+++ b/tests/tests-DSP.yml
@@ -0,0 +1,37 @@
+- hosts: localhost
+
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    repositories:
+      - repo: https://pagure.io/DSP_test.git
+        dest: DSP_test
+        version: master
+
+    tests:
+    - DSP_test
+    environment:
+      # RPM package containing the policy module
+      TEST_RPM: cockpit-selinux
+      # policy module name
+      TEST_POLICY: cockpit
+      # policy sources will be extracted from corresponding .src.rpm
+      # policy tar filename regexp (e.g. "usbguard-selinux*.tar.gz")
+      # or empty string if policy sources are not inside a tar archive
+      POLICY_TAR: 'cockpit-*.tar.xz'
+      # path to policy sources (in of the tar archive) -- <POLICY_TAR>/<POLICY_PATH>/<TEST_POLICY>.(te|if|fc)
+      # or path in the src.rpm if there is no tar archive -- <src.rpm>/<POLICY_PATH>/<TEST_POLICY>.(te|if|fc)
+      # can contain wildcards (e.g. for versions etc.)
+      POLICY_PATH: 'cockpit-*/selinux'
+
+    required_packages:
+    - policycoreutils
+    - selinux-policy
+    - selinux-policy-targeted
+    - setools-console
+    - libselinux-utils
+    - rpm
+    - tar
+    - git
+    - cockpit-selinux