tests: stop stubbing libselinux APIs for purpose of data overrides

We currently create stub 'setcon', 'setcon_raw' and 'security_disable'
APIs in the securityselinuxhelper.c mock, which set env variables to
control how other mock'd libselinux APIs respond.  These stubs merely
set some env variables, and we have no need to call these stubs from
the library code, only test code.

The 'security_disable' API is now deprecated in libselinux, so we
stubbing it generates compiler warnings. Rather than workaround that,
just stop stubbing these APIs and set the required env variables
directly. With this change, we now only mock API calls we actually
use from the library code.

Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
index c32c90c17e13deefb84700edac1ca124895339d2..e5ded964851826b4a2b42bec13d94bc43f0a8ac0 100644 (file)
--- a/tests/securityselinuxhelper.c
+++ b/tests/securityselinuxhelper.c
@@ -131,21 +131,6 @@ int getpidcon(pid_t pid, char **context)
     return getpidcon_raw(pid, context);
 }
 
-int setcon_raw(const char *context)
-{
-    if (!is_selinux_enabled()) {
-        errno = EINVAL;
-        return -1;
-    }
-    return g_setenv("FAKE_SELINUX_CONTEXT", context, TRUE) == TRUE ? 0 : -1;
-}
-
-int setcon(const char *context)
-{
-    return setcon_raw(context);
-}
-
-
 int setfilecon_raw(const char *path, const char *con)
 {
     const char *constr = con;
@@ -209,16 +194,6 @@ int is_selinux_enabled(void)
     return getenv("FAKE_SELINUX_DISABLED") == NULL;
 }
 
-int security_disable(void)
-{
-    if (!is_selinux_enabled()) {
-        errno = ENOENT;
-        return -1;
-    }
-
-    return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) == TRUE ? 0 : -1;
-}
-
 int security_getenforce(void)
 {
     if (!is_selinux_enabled()) {

diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c
index 43db128b3a6404896247425e98f951fc319ee287..666e942630a497d6a225c027a144199135c0ccef 100644 (file)
--- a/tests/securityselinuxlabeltest.c
+++ b/tests/securityselinuxlabeltest.c
@@ -333,7 +333,10 @@ mymain(void)
     if (virTestRun("Labelling " # name, testSELinuxLabeling, name) < 0) \
         ret = -1;
 
-    setcon("system_r:system_u:libvirtd_t:s0:c0.c1023");
+    if (!g_setenv("FAKE_SELINUX_CONTEXT", "system_r:system_u:libvirtd_t:s0:c0.c1023", TRUE)) {
+        perror("Cannot set process security context");
+        return EXIT_FAILURE;
+    }
 
     DO_TEST_LABELING("disks");
     DO_TEST_LABELING("kernel");

diff --git a/tests/securityselinuxtest.c b/tests/securityselinuxtest.c
index 6aadc6154f43ecb9f20716a9e79ba4f5586d8147..a4b2c3683d0552cb9f2f52ccfad67c2be0b3ba72 100644 (file)
--- a/tests/securityselinuxtest.c
+++ b/tests/securityselinuxtest.c
@@ -211,7 +211,7 @@ testSELinuxGenLabel(const void *opaque)
     context_t con = NULL;
     context_t imgcon = NULL;
 
-    if (setcon_raw(data->pidcon) < 0) {
+    if (!g_setenv("FAKE_SELINUX_CONTEXT", data->pidcon, TRUE)) {
         perror("Cannot set process security context");
         return -1;
     }

diff --git a/tests/viridentitytest.c b/tests/viridentitytest.c
index 74e3a03619eb0e2cd49f817bb9c32e00066d33a9..a971f8bd182aca7a0a852d20d397f614c1d8d2d6 100644 (file)
--- a/tests/viridentitytest.c
+++ b/tests/viridentitytest.c
@@ -124,7 +124,7 @@ static int testIdentityGetSystem(const void *data)
 static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED)
 {
 #if WITH_SELINUX
-    return setcon_raw(data);
+    return g_setenv("FAKE_SELINUX_CONTEXT", data, TRUE) == TRUE ? 0 : -1;
 #else
     VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
     return EXIT_AM_SKIP;
@@ -134,7 +134,7 @@ static int testSetFakeSELinuxContext(const void *data G_GNUC_UNUSED)
 static int testDisableFakeSELinux(const void *data G_GNUC_UNUSED)
 {
 #if WITH_SELINUX
-    return security_disable();
+    return g_setenv("FAKE_SELINUX_DISABLED", "1", TRUE) == TRUE ? 0 : -1;
 #else
     VIR_DEBUG("libvirt not compiled with SELinux, skipping this test");
     return EXIT_AM_SKIP;