ci: add module storage test

Add test to verify modular policies can be successfully installed from
a module storage.

Signed-off-by: Christian Göttsche <[email protected]>

.github/workflows/build-policy.yml

@@ -108,6 +108,15 @@ jobs:
       run: |
         make validate
 
+    - name: Test module storage
+      working-directory: ${{ inputs.path }}
+      shell: bash
+      if: ${{ matrix.monolithic == 'n' }}
+      run: |
+        echo compiler-directory = "${TEST_TOOLCHAIN}/usr/libexec/selinux/hll" | sudo tee -a /etc/selinux/semanage.conf
+        find / -name pp 2> /dev/null
+        make test-module-storage
+
     - name: Build docs
       working-directory: ${{ inputs.path }}
       shell: bash

Rules.modular

@@ -230,6 +230,16 @@ validate: $(base_pkg) $(mod_pkgs) $(tmpdir)/all_mods.fc $(builtappfiles)
 	$(verbose) $(validateappconfig) $(builtappconf) $(tmpdir)/policy.bin
 	@echo "Success."
 
+########################################
+#
+# Test converting to module storage
+#
+test-module-storage: $(base_pkg) $(mod_pkgs)
+	@echo "Testing module storage for $(NAME)."
+	@test -d $(tmpdir)/policy_root/var/lib/selinux/$(NAME) || mkdir -p $(tmpdir)/policy_root/var/lib/selinux/$(NAME)
+	$(verbose) $(SEMODULE) --noreload --store $(NAME) --path $(tmpdir)/policy_root --install *.pp
+	$(verbose) $(SETFILES) -c $(tmpdir)/policy_root/var/lib/selinux/$(NAME)/policy/policy.* $(tmpdir)/policy_root/var/lib/selinux/$(NAME)/contexts/files/file_contexts
+
 ########################################
 #
 # Clean the sources
@@ -241,4 +251,4 @@ clean:
 	$(verbose) rm -f $(net_contexts) $(net_contexts_nft)
 	$(verbose) rm -fR $(tmpdir)
 
-.PHONY: default all policy base modules install load pure-load clean validate
+.PHONY: default all policy base modules install load pure-load clean validate test-module-storage