tests: Add decentralized SELinux policy test

- Test for unsound/dangerous SELinux policy practices
- Perform static policy code check using SELint

For more details and debugging tips see
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Testing

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

tests/tests-DSP.yml

@@ -0,0 +1,42 @@
+- hosts: localhost
+
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    repositories:
+      - repo: https://pagure.io/DSP_test.git
+        dest: DSP_test
+        version: master
+
+    tests:
+    - DSP_test
+    environment:
+      # RPM package containing the policy module
+      TEST_RPM: tigervnc-selinux
+      # policy module name
+      TEST_POLICY: vncsession
+      # policy sources will be extracted from corresponding .src.rpm
+      # policy tar filename regexp (e.g. "usbguard-selinux*.tar.gz")
+      # or empty string if policy sources are not inside a tar archive
+      POLICY_TAR: 'tigervnc-*.tar.gz'
+      # path to policy sources (in of the tar archive) -- <POLICY_TAR>/<POLICY_PATH>/<TEST_POLICY>.(te|if|fc)
+      # or path in the src.rpm if there is no tar archive -- <src.rpm>/<POLICY_PATH>/<TEST_POLICY>.(te|if|fc)
+      # can contain wildcards (e.g. for versions etc.)
+      POLICY_PATH: 'tigervnc-*/unix/vncserver/selinux'
+      # allow rules ignored by "Unsound/dangerous policy practices" test
+      IGNORE_RULES: >-
+        vnc_session_t:security_t:file
+        userdomain:user_home_dir_t:dir
+        vnc_session_t:user_home_dir_t:dir
+
+    required_packages:
+    - policycoreutils
+    - selinux-policy
+    - selinux-policy-targeted
+    - setools-console
+    - libselinux-utils
+    - rpm
+    - tar
+    - git
+    - tigervnc-selinux