From 299287cb5351a8416f23072cac38bac2c0257317 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 21 Oct 2020 13:47:46 +0200
Subject: [PATCH] tests: Add decentralized SELinux policy test

- Test for unsound/dangerous SELinux policy practices
- Perform static policy code check using SELint

For more details and debugging tips see
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Testing
---
 tests/tests-DSP.yml | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 tests/tests-DSP.yml

diff --git a/tests/tests-DSP.yml b/tests/tests-DSP.yml
new file mode 100644
index 0000000..b124082
--- /dev/null
+++ b/tests/tests-DSP.yml
@@ -0,0 +1,38 @@
+- hosts: localhost
+
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    repositories:
+      - repo: https://pagure.io/DSP_test.git
+        dest: DSP_test
+        version: master
+
+    tests:
+    - DSP_test
+    environment:
+      # RPM package containing the policy module
+      TEST_RPM: freeipa-selinux
+      # policy module name
+      TEST_POLICY: ipa
+      # policy sources will be extracted from corresponding .src.rpm
+      # policy tar filename regexp (e.g. "usbguard-selinux*.tar.gz") 
+      # or empty string if policy sources are not inside a tar archive
+      POLICY_TAR: 'freeipa-*.tar.gz'
+      # path to policy sources (in of the tar archive) -- <POLICY_TAR>/<POLICY_PATH>/<TEST_POLICY>.(te|if|fc)
+      # or path in the src.rpm if there is no tar archive -- <src.rpm>/<POLICY_PATH>/<TEST_POLICY>.(te|if|fc)
+      # can contain wildcards (e.g. for versions etc.)
+      POLICY_PATH: 'freeipa-*/selinux'
+
+    required_packages:
+    - policycoreutils
+    - selinux-policy
+    - selinux-policy-targeted
+    - setools-console
+    - libselinux-utils
+    - rpm
+    - tar
+    - git
+    - freeipa-selinux
+