[LTP] [PATCH v2] tst_security.sh: Use enforce toggle to trigger SELinux measurement

[Avinesh Kumar]

Upstream kernel commit
644132a48f4e ("selinux: prune /sys/fs/selinux/checkreqprot") [0]
removed the selinux_ima_measure_state() call from the checkreqprot
write handler.
This broke tst_update_selinux_state() which relied on writing to
checkreqprot to trigger IMA measurements of SELinux state.

Switch to toggling the enforce value instead, which still triggers
selinux_ima_measure_state() on all kernel versions >= 5.12.

[0] https://github.com/torvalds/linux/commit/644132a48f4e28a1d949d162160869286f3e75de
Signed-off-by: Avinesh Kumar <avinesh.kumar@suse.com>
---
 testcases/lib/tst_security.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/testcases/lib/tst_security.sh b/testcases/lib/tst_security.sh
index 820736c72..8c23bc5a0 100644
--- a/testcases/lib/tst_security.sh
+++ b/testcases/lib/tst_security.sh
@@ -142,10 +142,13 @@ tst_get_enforce()
 
 tst_update_selinux_state()
 {
-	local val
+	local val orig_val
 	local dir=$(tst_get_selinux_dir)
 	[ -n "$dir" ] || return 1
 
-	val=$(cat $dir/checkreqprot)
-	echo $val > $dir/checkreqprot
+	# Toggle enforce to trigger SELinux state measurement
+	orig_val=$(cat $dir/enforce)
+	val=$((1 - orig_val))
+	echo $val > $dir/enforce
+	echo $orig_val > $dir/enforce
 }
-- 
2.54.0