From 6a777019bcc92ee9a25b10e92d99c1481f3e8742 Mon Sep 17 00:00:00 2001
From: Milos Malik <mmalik@redhat.com>
Date: Mar 27 2024 10:57:41 +0000
Subject: improve the incorrectly written io_uring checks


I wrote certain io_uring checks incorrectly, because I misunderstood
the comments in the RHEL-11792 ticket. They should be correct now.

In order to properly test the io_uring feature, the feature needs to
be enabled (it is by default on Fedora). If the kernel command line
does not contain the "io_uring" string, the automated test adds the
necessary options and reboots the machine.

---

diff --git a/selinux-policy/anon_inode-and-similar/Makefile b/selinux-policy/anon_inode-and-similar/Makefile
index d9db08b..0e381d6 100644
--- a/selinux-policy/anon_inode-and-similar/Makefile
+++ b/selinux-policy/anon_inode-and-similar/Makefile
@@ -54,7 +54,7 @@ $(METADATA): Makefile
 	@echo "Type:            Regression" >> $(METADATA)
 	@echo "TestTime:        30m" >> $(METADATA)
 	@echo "RunFor:          selinux-policy" >> $(METADATA)
-	@echo "Requires:        libselinux policycoreutils selinux-policy selinux-policy-targeted gcc glibc-headers setools-console audit fio" >> $(METADATA)
+	@echo "Requires:        libselinux policycoreutils selinux-policy selinux-policy-targeted gcc glibc-headers setools-console audit fio grubby" >> $(METADATA)
 	@echo "RhtsRequires:    library(selinux-policy/common)" >> $(METADATA)
 	@echo "Priority:        Normal" >> $(METADATA)
 	@echo "License:         GPLv2" >> $(METADATA)
diff --git a/selinux-policy/anon_inode-and-similar/main.fmf b/selinux-policy/anon_inode-and-similar/main.fmf
index 56e34d1..755b0cd 100644
--- a/selinux-policy/anon_inode-and-similar/main.fmf
+++ b/selinux-policy/anon_inode-and-similar/main.fmf
@@ -16,6 +16,7 @@ recommend:
   - setools-console
   - audit
   - fio
+  - grubby
 environment:
     AVC_ERROR: +no_avc_check
 duration: 30m
@@ -27,6 +28,7 @@ tag:
   - NoRHEL7
   - NoRHEL8
   - targeted
+  - reboot
 link:
   - verifies: https://bugzilla.redhat.com/show_bug.cgi?id=1954145
   - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1974559
diff --git a/selinux-policy/anon_inode-and-similar/runtest.sh b/selinux-policy/anon_inode-and-similar/runtest.sh
index 583c1ec..9359ba3 100755
--- a/selinux-policy/anon_inode-and-similar/runtest.sh
+++ b/selinux-policy/anon_inode-and-similar/runtest.sh
@@ -29,6 +29,15 @@
 # Include rhts environment
 . /usr/share/beakerlib/beakerlib.sh
 
+if rlIsRHEL 9 || rlIsCentOS 9 ; then
+    if ! grep io_uring /proc/cmdline ; then
+        grubby --update-kernel ALL --args io_uring.enable=y
+        grubby --update-kernel ALL --args sysctl.kernel.io_uring_disabled=0
+        sync
+        rhts-reboot
+    fi
+fi
+
 PACKAGE="selinux-policy"
 
 rlJournalStart
@@ -80,11 +89,12 @@ rlJournalStart
       fi
 
         rlRun "fio --filename=/root/pokus --iodepth=16 --rw=write --ioengine=io_uring --bs=16k --size=2G --numjobs=30 --runtime=100s --group_reporting=1 --name=mytest" 0-255
+        rlRun "fio --filename=/root/pokus --iodepth=16 --rw=write --ioengine=io_uring_cmd --bs=16k --size=2G --numjobs=30 --runtime=100s --group_reporting=1 --name=mytest" 0-255
     rlPhaseEnd
 
     rlPhaseStartTest "RHEL-11792"
-        rlSEMatchPathCon "/dev/ng0n1" "fixed_disk_device_t"
-        rlSESearchRule "allow unconfined_t fixed_disk_device_t : io_uring { cmd } [ ]"
+        rlSESearchRule "allow unconfined_t unconfined_t : io_uring { cmd } [ ]"
+        rlSESearchRule "allow unconfined_service_t unconfined_service_t : io_uring { cmd } [ ]"
     rlPhaseEnd
 
     rlPhaseStartCleanup