From patchwork Tue Sep 21 00:41:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Henrie X-Patchwork-Id: 12506689 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF27EC433F5 for ; Tue, 21 Sep 2021 00:49:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A86E8611ED for ; Tue, 21 Sep 2021 00:49:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344013AbhIUAvU (ORCPT ); Mon, 20 Sep 2021 20:51:20 -0400 Received: from mail-mw2nam12on2055.outbound.protection.outlook.com ([40.107.244.55]:33729 "EHLO NAM12-MW2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S233451AbhIUAtU (ORCPT ); Mon, 20 Sep 2021 20:49:20 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cEeXCgfhlKyk5ClZ0TIjsBLSJeyL40xrLRXpsEq+hw/eUu/35dd+b3+SBQpsikgc8A2Gy8atlSaKReNRFuM0GBQVJ6nOa2lHbSaSq7jWS1KoQRqvyQLXpGN1obTcwJ3cps2zJdkwFroLRkWIRSA++tm9LEw05zEp5l0uknV8fAwSGTKLpi+z0+SpzjjReD7A+ty+/EyJHvY4raEgy3dl/wgFc1V5yQvtAzISX3wy1AIWn/hQfJCehk0kQ642H6pCjtekSl2dYJhUo+KViML5oZw3ofpWnBRZDJAE0Sb+JQAx6WvL6Mvnhdu0dGSEWyN1A6JhD9aGFkcXx+uOKvfRcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=zMxu75s0OhBb/Yj7WUME2AQQ2gmO12Nyk27SSpLlHuk=; b=YX0WgQ5UXjXqCfrnDeNrghXB4LkHydeNL6OmBwXEVia6gaS27NZKd28nEIE7IyG9o37eB2d8hcSMT6E4uz7WHqyOv8HjUJalA8gp638fK1qfilLhvxl99KOdY5jbbIsM9skucb5kkSuHdoUWWuXtNhHY0Xmz90pEn0LCgrsgcO744qYIfcpQNp4wj/AJ14gvJVc7wS6E5nNG0LJJaGejyHEoOxtLX44lfdqgK8NKe/ZQZ7zSMkerAzKtCwTVP85rYPt6Xev0FRqndzX0vwTAWLVDQ3KoCqIpmC05CFURn2L2cwjJFvLZ9K9G56ctyXxmnFoNn44EIRp3JKF0kJ/THw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vpitech.com; dmarc=pass action=none header.from=vpitech.com; dkim=pass header.d=vpitech.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vpitech.onmicrosoft.com; s=selector2-vpitech-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zMxu75s0OhBb/Yj7WUME2AQQ2gmO12Nyk27SSpLlHuk=; b=KXhP/acd/glxdodOhswOOxiXCxZHaW+H2GfByxuyLVC5jxt+u0s28dgs1wcWUw2DgHNfKux2gx1OGm+eZVvJ8iVqvMD5vAxpgYA8Iocx/PaUCx51wN2GiY3d3vMuKD+V9JdfOvo0SYV4KQGKWnBfPoJ7H8alUiVVqKTGpkO4//Y= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=vpitech.com; Received: from MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) by MW4PR07MB8666.namprd07.prod.outlook.com (2603:10b6:303:103::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14; Tue, 21 Sep 2021 00:47:51 +0000 Received: from MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014]) by MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014%4]) with mapi id 15.20.4523.018; Tue, 21 Sep 2021 00:47:50 +0000 From: Alex Henrie To: linux-integrity@vger.kernel.org, ltp@lists.linux.it, zohar@linux.ibm.com, pvorel@suse.cz, alexhenrie24@gmail.com Cc: Alex Henrie Subject: [PATCH ltp v4 1/3] IMA: Move check_policy_writable to ima_setup.sh and rename it Date: Mon, 20 Sep 2021 18:41:38 -0600 Message-Id: <20210921004140.15041-1-alexh@vpitech.com> X-Mailer: git-send-email 2.33.0 X-ClientProxiedBy: CY4PR16CA0008.namprd16.prod.outlook.com (2603:10b6:903:102::18) To MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) MIME-Version: 1.0 Received: from demeter.localdomain (66.60.105.30) by CY4PR16CA0008.namprd16.prod.outlook.com (2603:10b6:903:102::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Tue, 21 Sep 2021 00:47:49 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 129b5346-4465-4638-f901-08d97c99700a X-MS-TrafficTypeDiagnostic: MW4PR07MB8666: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:962; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Vj8eUIq9CC/NR2CTMvAB3mCJChBz/4GhcOaQ26fKkzcbwsII6mVbNTPou4uj88NjnljFg5ciCkYM+6xMbMlxRr6dsvU0KLaWM+Abh9wLREo2ZJzZe1i53Vj6VVk2WHG4lhcPny+H1CJEukTZqVn/6VRZeq1rpbtMUOHBhIxhlKuaMelfK7PE+DmOa4KlKpnTpprM68415ofHk5t8svGdn4LJtCEFLoVk8nr5dX1SOA/z6tniKeyOywTMK/nLrYQsDnN7oh9mhf+3hoXvpFdfJUrbX3cMHM9Dky9frap2cMTL0D1p3X4rzzEBaRW9lPPy9ZkVJ0r3anTTouu8IwmEVOzvfP0lrTd8yQ4tDfvAp8lFWCjXqGUKaME9QMqqpIUdyqXtV5qQ4q0IRJvq3Tix5lXcOIKKUBIMNuDs7+ymhSH509QUnuHSBPqESPmx9keGycgjaPcukVOFqPiaHgBpM1fL/WP3LpJuuFf5CcVQ87nHeuzW0cV7ndLuqJav0t3S3AfXb++XUFa42OsQ/h+AGBUfyZHJ+Vumciboy1eizTJYDfSdR+jAU+ICpBiinxh3dI5mB1z3wRkt1Fj6PlYAC9X/qlQTwXbieLCLnKamoTBozicuv2Gx+DyLhzh2uiGqdt4oTV/Hf6bEoTSKLsWj/2650JF3HcY8mmohb+A1uipxRAUkQxSqg+X3/QKQuVWcH75h17kPGWgX/BXlTOAC4Q== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW2PR07MB3980.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(136003)(366004)(39840400004)(396003)(346002)(376002)(6486002)(1076003)(4326008)(36756003)(38350700002)(38100700002)(86362001)(5660300002)(6506007)(316002)(508600001)(52116002)(66946007)(66556008)(66476007)(6512007)(186003)(2906002)(8676002)(83380400001)(8936002)(26005)(6666004)(2616005)(107886003)(956004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: jb/PMe9wEIAHstVrNqUHWN6+CCrYE27mK/QGj/jGlbWS3L2zrKB9yrNLYq7dScSebIoW5bPPhZsfBVRiLD3B5QRHGC+DpfPn0XU8yWrwUZqeP4RqWZwJFRK7olcdp1YJx1FI4pJ2RxKJHCLVYl0fip1bKZQrHfUWoy9BXOi5BMwMk2Aaq2dzORn1Gy5SqpX2/gB2+HDKLj8NmArcGgbezP3JOGw5F9j9iPSLaeaM4/W+CoKNa8Nd/JUA5Krb0cy0WRbKVSr8arhz7p5nDPvswa/SIWh7gRpggDi2MdKfhAxF0jknloYONmbu98pXJ0tb8Nz/ADTqOxtDOBaYTNNgSdqf4AjSpYMyQxF1X3zGaFSP1sqweOpqqzzP3d828HpAtJUDLGkrVYJhma+Lvy0DtJWE8Df79Yisyf3jPFdIl61FOdP9Q6rqP7GiVfDeCOgG99CAKzOVFixxfMrLxIfDAwkNF7s3s7jlMrzAFSxZ9F32FcxQyIw9BEkFEXt3As9ntrzkOIfkYD//OtCAYQGP4/oGxC8zHiSzC0TK+bf+NrMbPMiV1rwOV5STypKQZ/q+ZrwoO3BQd/+fxqV4E1x/QDgZmAZi8ovT8bfFSl8tJ2xCWie2Uk/cX8bllzu3es4d8I4SqBKVr4NDpqvDuXFJnjU2HfsCVlAeK/1+9pGVSO5TamLSt+gaMCeA6GDzYlu3XpLAf6lzHph8ifwoKBdgj+u9cQJmNQKVysn/uR7+T8Z5oUzYLAC7lBdyhDUWH2WIuNegstNY0BHruXs1QO+6xUT85z2TaQ4+ojKZMz94EUgMCvfl5KONTCM4hpEPuu/mTMDBvYOx9wERcwcY7s/FlVSQye3jYN9qUqxrefEABz0KdUjlYQvn41iOl6FMz8jnFKcw/3IaBXqIJjTnid4GVqHs/N4n4bYG3uLDCvcoJh6phQrUlen6T+5qg/16NvUQExevYKi8DtyHovo4MxB4qczRiUL7LhTF4nq518lgKcBiZ+oV1xa84RuIb2CpAHGDYi/1zd164RCNqfSV+JcLiBkZVZjvRdT1KnT6YqqqZ7xU58xvRdNrjoo6s6PTeEC3kfjkIwi4be9xNv0m/LH3q2MGGviR+cnuQwtrk4FVVp5tmNJ9w6IE4FPqc9UY+AE/PqMdjPZBjmBA/qyxp0lTnh1WZMOnz3mLTXUrzWfZQNEdpEYUQg/mQ8YhEi6kZIK+H5ySKss9cNqKctmiZwZCVO3gGbxJ8PDsj6w0LHuVKyok26XClAfKzrmLbakwOU8ftVsT/g1Aq8uNGqwCz51qGNy6brs6T9Fhke7kTVcnN/fNVNSfy+q2JpgJO3OBqK2g X-OriginatorOrg: vpitech.com X-MS-Exchange-CrossTenant-Network-Message-Id: 129b5346-4465-4638-f901-08d97c99700a X-MS-Exchange-CrossTenant-AuthSource: MW2PR07MB3980.namprd07.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Sep 2021 00:47:50.3462 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 130d6264-38b7-4474-a9bf-511ff1224fac X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: TeuyzNJecz0YLxCypFj2PcHXvcvmbi4VBgxFlpCZfT9ssY+RXLYLhWySY2WJJOpyhacJ6Q+bd9BRI7XLxEi/Zg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR07MB8666 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Signed-off-by: Alex Henrie --- .../security/integrity/ima/tests/ima_policy.sh | 16 +++------------- .../security/integrity/ima/tests/ima_setup.sh | 10 ++++++++++ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_policy.sh b/testcases/kernel/security/integrity/ima/tests/ima_policy.sh index 244cf081d..8924549df 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_policy.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_policy.sh @@ -11,19 +11,9 @@ TST_CNT=2 . ima_setup.sh -check_policy_writable() -{ - local err="IMA policy already loaded and kernel not configured to enable multiple writes to it (need CONFIG_IMA_WRITE_POLICY=y)" - - [ -f $IMA_POLICY ] || tst_brk TCONF "$err" - # CONFIG_IMA_READ_POLICY - echo "" 2> log > $IMA_POLICY - grep -q "Device or resource busy" log && tst_brk TCONF "$err" -} - setup() { - check_policy_writable + require_policy_writable VALID_POLICY="$TST_DATAROOT/measure.policy" [ -f $VALID_POLICY ] || tst_brk TCONF "missing $VALID_POLICY" @@ -55,7 +45,7 @@ test1() local p1 - check_policy_writable + require_policy_writable load_policy $INVALID_POLICY & p1=$! wait "$p1" if [ $? -ne 0 ]; then @@ -71,7 +61,7 @@ test2() local p1 p2 rc1 rc2 - check_policy_writable + require_policy_writable load_policy $VALID_POLICY & p1=$! load_policy $VALID_POLICY & p2=$! wait "$p1"; rc1=$? diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh index 565f0bc3e..9c25d634d 100644 --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh @@ -73,6 +73,16 @@ require_policy_readable() fi } +require_policy_writable() +{ + local err="IMA policy already loaded and kernel not configured to enable multiple writes to it (need CONFIG_IMA_WRITE_POLICY=y)" + + [ -f $IMA_POLICY ] || tst_brk TCONF "$err" + # CONFIG_IMA_READ_POLICY + echo "" 2> log > $IMA_POLICY + grep -q "Device or resource busy" log && tst_brk TCONF "$err" +} + check_ima_policy_content() { local pattern="$1" From patchwork Tue Sep 21 00:41:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Henrie X-Patchwork-Id: 12506691 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D6CFBC433EF for ; Tue, 21 Sep 2021 00:49:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BA766611ED for ; Tue, 21 Sep 2021 00:49:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344061AbhIUAvW (ORCPT ); Mon, 20 Sep 2021 20:51:22 -0400 Received: from mail-bn1nam07on2063.outbound.protection.outlook.com ([40.107.212.63]:26025 "EHLO NAM02-BN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S233453AbhIUAtW (ORCPT ); Mon, 20 Sep 2021 20:49:22 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XK4KYd6UB/+WWyQ8rpcMa138va7dYofAkLPMfS5P/7PoljcIV3rYXMUE1qVVaY06toemHDG8oRrA6/dNHsenO3Fgk5MlTdK21RPXOjdqxEU9KAM2GJLlkDzT/zYlCvpdYDG3eR+HYqGkYG/WQUV7N7g3MhsFGjH7ItFSlmM4FL6KVVFBWC4IVIj3tdDc990i7wsnGfoBBrhJWkemlBt+IqGoPMMYs1pgmWHxeuvWYeOfWMSSMQtREiraZio6lRRTljhDJifeVhOx9Mk0LIylLqHQPSb8duEmv15mrZKqFuZBc5ggnNzoRjf+Oy+cCYC58LmXtAgD3pus+rld1fB/tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=94+usKn4g49TnEjBKT4BXod0UFimzkXERUq4i/vApW0=; b=kpSZFxLIYahj3pvH4ZkyTJCesyVQUeTWDxmyWmchpW57jvZ6o+7czG8+KMBLp0Mp29vYFjH4Q+VAaeyJKqfkJoEUhYaRnfF9X91gtFGtJ/WmzENfxkBrKKAWfjkldBeqYHd9ZP1cALVK7O8PqSEsWnHsYJVlmhphieFLaEd0R+mq2Gb+dMLRKqMRRF3aQ+To2ZnP20eBNmPz5mtuOeh+EnudUCDpwQG228SM+fnsBG9ckTil56S1mVn1TfShkYu6kccDA4xiA0Mx35bsue3dV52HsW37hgh5Nfib+UODspqp/PNQyH78RY6FBYP2q3JInROZIxerWxEwKnmPCDVQQg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vpitech.com; dmarc=pass action=none header.from=vpitech.com; dkim=pass header.d=vpitech.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vpitech.onmicrosoft.com; s=selector2-vpitech-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=94+usKn4g49TnEjBKT4BXod0UFimzkXERUq4i/vApW0=; b=XsjG58L8a0NWdUjB9GYk83gmOiK7enmu040+mnSFVcfWU3hJ54qkOAYq8EjuNI5cOqL8DC512isgCfyoukvq242+ET3NgYYTSU0twbEhiTaOG1Lm2uSSaBoBLuGBmPq/DCEjqHV3VVc+zDORpgVZGsm1jpncNEgzP+6hJN5nUZw= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=vpitech.com; Received: from MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) by MW2PR07MB3977.namprd07.prod.outlook.com (2603:10b6:907:5::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4500.18; Tue, 21 Sep 2021 00:47:51 +0000 Received: from MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014]) by MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014%4]) with mapi id 15.20.4523.018; Tue, 21 Sep 2021 00:47:51 +0000 From: Alex Henrie To: linux-integrity@vger.kernel.org, ltp@lists.linux.it, zohar@linux.ibm.com, pvorel@suse.cz, alexhenrie24@gmail.com Cc: Alex Henrie Subject: [PATCH ltp v4 2/3] IMA: Move ima_check to ima_setup.sh Date: Mon, 20 Sep 2021 18:41:39 -0600 Message-Id: <20210921004140.15041-2-alexh@vpitech.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210921004140.15041-1-alexh@vpitech.com> References: <20210921004140.15041-1-alexh@vpitech.com> X-ClientProxiedBy: CY4PR16CA0008.namprd16.prod.outlook.com (2603:10b6:903:102::18) To MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) MIME-Version: 1.0 Received: from demeter.localdomain (66.60.105.30) by CY4PR16CA0008.namprd16.prod.outlook.com (2603:10b6:903:102::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Tue, 21 Sep 2021 00:47:50 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a88f12b0-705c-4b9d-e798-08d97c997083 X-MS-TrafficTypeDiagnostic: MW2PR07MB3977: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4714; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: q90fr3/zppLSySFIxRcd9mBc8aG4d9W9KU+qNCs5Z2vOwl96ybSfEXvrYn5Y21eC3CbQlJ/EhDmqhq2f751tR9N/+5Amew/44Neo8KmeFw9Rrz8rfLJRc75qq4Un9X933DB+OqqhBNvotVSlwYWw0lXs3PGw+0noalM+yVRc8s3UYAmX0248mE/ExWyHFmkAGIViegWUU6pRvYj6arebwIfn0ik0Q7YlbEbSniFtKzLvtxdjr5zQWuILYK8rdss2iDwbRo5ez1HmOKX67FI2VVhedAdlda5u9OhBQLAFYeEp0XYLIdZDhtSs9LfWoeTZ34AtdA7Lzncd7PwXEzOa33KRr3y/x6oQAhgW/RnSE8WWsm715Z8a0MwCCEybZtPtpOf/cOeAKhjg6wI0GBmUrcXEEaYm33pzbrYw+UdefmCxaRL/6Zg/j5vfvBsNtgqrpIMoFwJEKOnXmPnf1R39HW7atDOjvBcqS3LNjwBU6xnPwRl+MHbuljzM7Yqt/YxyQQALZI8eBylTtGuifO70b3fps2A1dYaqutgOQeamPlmZ9QIRxqaYB3lFCtzd4tPxPHEiXVbfnYRn/FEoqOAS+2kcdjAS78QrC5X/l7fS3kwRnmjidGRMupCJS3G+Z0x4caWleV9OrvoO6HuOv/jVl4d1jV32nMC9EwOsJH0EByFqQNjs7vjo1+JPhxvgnPNy3JAkRCP64ONtFZTde5QDAw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW2PR07MB3980.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(396003)(136003)(376002)(346002)(366004)(39840400004)(66476007)(66556008)(8936002)(66946007)(83380400001)(316002)(26005)(2616005)(52116002)(956004)(107886003)(6486002)(38100700002)(6512007)(508600001)(38350700002)(186003)(8676002)(6666004)(4326008)(1076003)(5660300002)(6506007)(36756003)(86362001)(2906002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: liyxJRd4VeiEmmTO00/3rdLZ6P2dFy8vLnM0fHAjSJ8QI4sinMP2avISxDawFyBrcyF4CPT7mKeXDfnzPw9ObDa4TepqnPywphfQq4bEWodSfps66GFX71EGdAb6I23uq7iGeiO1gJAImNoX46cG8Uxip43Ynmnz95zps/t89WkcXMAXZh6Jxmp0akMzFUTx5RAkfzLu4suq8gcL1tsbhA+u3ppJpRaKIYfUJA0KCwu1P5pKsbYJTmy/rpNmFGef/Me9MbI0dJvVh1lGsxxN1OxMAL83/K0pEnuI+bmqyyjN0rCJxIbnsl8W483LmQRwGNjcGK/6+OZdcn3MdP0VymnLtaywXrq1mor9QmdJQ4UnKtmP2l+saaVcHGhyoqB3hNu7yrsFzAkHm8rV3XmgZIOLWtzpfKSiIOuOY1VT3YtxFURA0onF/l3ujc1Zvjc3pPiMDtf/rr/X+3hmpw8pA6Jwv1+yZ9t2vDF1FuVd4F7yocfDDsFpshy/1m0bWBaj4oupXUTNh+uiylBmTlliORKorPvw3jBLsRGB8XmEfUW6WIgBzbYne/v4ndanJ31G7j2u8q9XxMNmb2rziO4bZMRHzEoUGYCMaOuUsZ2BNAoeD5QHfeIgJ1UX431skSTwpBxLQkmFK3q0i3SIHlhbXlHWeAb2/uX0J4RndrDdeHwdJKfk+y8dmkquGjfW2mnqwh9sM6VXaqO2pAjp4HGJqjpkgYHYqygIuGMLj6Rvu3F06KoOmlD/DPNPeSCgGJLLF3H62UXdvchOOwk72rz9dBYng0KxdcxymfprjLUj9eivdKOCCz7nHFVKjyP/Kz/YK16Q0CbudTBHDMpPU3rUgMLVpNz7bw6dsro7B3jVBJEc7QR+qE70sHuDqAmtL46mD3bDWN0jEo+1Ev0RplWBsZfX7TwOS6ssSUCOJowUrr3Xn3l29zfm1r6sXl7I6zQBG5nNHo1IPQilvI5bPjN97lYVoNCyelvRik/2fkscmKR6DXyrn3OaEy+zGCE+27I3CxXSqeUpp5ZLjNXdTW2c+sGxgmPduayIJbD0XICIs7urazYBccO1wCeTW/amLolNlnwBdBED4YK5nnS9cYjSRsXTThl1h8XAWeWHC5JiWX/t6jfBD33Hcay4BaPQpPOPiZ4svSxCKnclFokBtyoueVRlnJ906RkNO2bK4219SjNpQuuxxffKPYYC6uE/4i16kVR34soJAkHVY0gVu8XZ/TiVp8E68nreQ7J4Z2YkByOH9GmPwCu8nLCXX8ERQVbR8B/vDBkCnygZAmuq24bgzgrbIv25Sgqcd/gm8uwDc4fN15B2c0LELrhwr+ONiX5e X-OriginatorOrg: vpitech.com X-MS-Exchange-CrossTenant-Network-Message-Id: a88f12b0-705c-4b9d-e798-08d97c997083 X-MS-Exchange-CrossTenant-AuthSource: MW2PR07MB3980.namprd07.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Sep 2021 00:47:51.2157 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 130d6264-38b7-4474-a9bf-511ff1224fac X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ox6LYq08DS/RuJ+7eMpWWnToQV4VDdGvUCS8k9m8UzKqzpiXFxFpB/la6LyzMGUEVkhS00WrgVhwtryf5bPtVA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR07MB3977 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Signed-off-by: Alex Henrie --- .../integrity/ima/tests/ima_measurements.sh | 28 ------------------- .../security/integrity/ima/tests/ima_setup.sh | 28 +++++++++++++++++++ 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh index 1927e937c..807c5f57b 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh @@ -17,38 +17,10 @@ setup() { require_ima_policy_cmdline "tcb" - TEST_FILE="$PWD/test.txt" POLICY="$IMA_DIR/policy" [ -f "$POLICY" ] || tst_res TINFO "not using default policy" } -ima_check() -{ - local algorithm digest expected_digest line tmp - - # need to read file to get updated $ASCII_MEASUREMENTS - cat $TEST_FILE > /dev/null - - line="$(grep $TEST_FILE $ASCII_MEASUREMENTS | tail -1)" - - if tmp=$(get_algorithm_digest "$line"); then - algorithm=$(echo "$tmp" | cut -d'|' -f1) - digest=$(echo "$tmp" | cut -d'|' -f2) - else - tst_res TBROK "failed to get algorithm/digest for '$TEST_FILE': $tmp" - fi - - tst_res TINFO "computing digest for $algorithm algorithm" - expected_digest="$(compute_digest $algorithm $TEST_FILE)" || \ - tst_brk TCONF "cannot compute digest for $algorithm algorithm" - - if [ "$digest" = "$expected_digest" ]; then - tst_res TPASS "correct digest found" - else - tst_res TFAIL "digest not found" - fi -} - check_iversion_support() { local device mount fs diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh index 9c25d634d..976c6a86c 100644 --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh @@ -188,6 +188,7 @@ ima_setup() if [ "$TST_NEEDS_DEVICE" = 1 ]; then tst_res TINFO "\$TMPDIR is on tmpfs => run on loop device" mount_loop_device + TEST_FILE="$PWD/test.txt" fi [ -n "$TST_SETUP_CALLER" ] && $TST_SETUP_CALLER @@ -279,6 +280,33 @@ get_algorithm_digest() echo "$algorithm|$digest" } +ima_check() +{ + local algorithm digest expected_digest line tmp + + # need to read file to get updated $ASCII_MEASUREMENTS + cat $TEST_FILE > /dev/null + + line="$(grep $TEST_FILE $ASCII_MEASUREMENTS | tail -1)" + + if tmp=$(get_algorithm_digest "$line"); then + algorithm=$(echo "$tmp" | cut -d'|' -f1) + digest=$(echo "$tmp" | cut -d'|' -f2) + else + tst_res TBROK "failed to get algorithm/digest for '$TEST_FILE': $tmp" + fi + + tst_res TINFO "computing digest for $algorithm algorithm" + expected_digest="$(compute_digest $algorithm $TEST_FILE)" || \ + tst_brk TCONF "cannot compute digest for $algorithm algorithm" + + if [ "$digest" = "$expected_digest" ]; then + tst_res TPASS "correct digest found" + else + tst_res TFAIL "digest not found" + fi +} + # check_evmctl REQUIRED_TPM_VERSION # return: 0: evmctl is new enough, 1: version older than required (or version < v0.9) check_evmctl() From patchwork Tue Sep 21 00:41:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Henrie X-Patchwork-Id: 12506693 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 238C4C433F5 for ; Tue, 21 Sep 2021 00:49:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 032BD6115B for ; Tue, 21 Sep 2021 00:49:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233453AbhIUAvW (ORCPT ); Mon, 20 Sep 2021 20:51:22 -0400 Received: from mail-bn8nam11on2064.outbound.protection.outlook.com ([40.107.236.64]:44257 "EHLO NAM11-BN8-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S233464AbhIUAtW (ORCPT ); Mon, 20 Sep 2021 20:49:22 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=M0GQTMIfuNFYJ9vv/rpzp1iYqH6s1ZCyDyzQO+DOHPUBgIYmq3oOLkcD8CnaowJWbOQmVnJXrcc5BWwrYgS5bJHZjhL/7t/WEfMbE08wO2IUsaKBCj0suX5WTKGltWRwnvl2p5s5dzD2lTFB40JgKjBE9E0m+wH4bzwLMqQL4ev5HH/En9qz62ZC7rv72430nffDrRDjzDQLTbB/Y3hENrN7p5OCdg7oM6MIraReluf6Dh/RJdRerCa445hrJnwdJ9eFZAV+2ftXb1uCgzut3IpSOPQ2sPJAJSY0rRWxiZEha4m5H82Q4aDGdeXt7OM1iTGIrJ3QE6tNzCuTJDnL7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/pRxB72ThmHgtBZDYxC1LKX2gi41fuaGVWF2G7K0LSc=; b=UIWriSMJr+5Cf2lDpj6EjL9rLVILqQx8kyx0XO+UqIi/ogbW8xN4fjUb6jeHgtsasCCB2e5DfWPo9rLTffVTNxqJjUt6lAaXPujUkjPxFAwxTkvXpUVM0T7yIQx6DImDP7yx6f6Kj8i27tHsrEvSEcsGDwKpCGVTHOtOOC89o8EEZUxylG7XRq/nGBqASmcrggsbr/pf6R97dDxmqQ+yv9TkcmbaDPcLc5DleDHu7ftB0OIFliyC3Ln7IznrSbO91maKsJOVXBFKBMW4Ew++2XJXZYYjDSsxcLn+JaX+iGXr6glSydTo3u9wsOZZj9B2660H+dBVPdzycq7GrhWjmA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vpitech.com; dmarc=pass action=none header.from=vpitech.com; dkim=pass header.d=vpitech.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vpitech.onmicrosoft.com; s=selector2-vpitech-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/pRxB72ThmHgtBZDYxC1LKX2gi41fuaGVWF2G7K0LSc=; b=RLxxKwvMGF3rdMq3MSXY4jNqAfUF8mJvnwopo89gv1yAcY8eiICQNYZLI6Ux5iPwYGsfxOAx4cYLhwuaDO7nwi/BpHwMJ8Ioq2xPxX/xyzQldGj/b75dbBM1I/ww8G+iq3KLSQ3to5Yhia6n9YztajoYn0FqqxTjxX/4pGxg4nQ= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=vpitech.com; Received: from MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) by MW2PR07MB3915.namprd07.prod.outlook.com (2603:10b6:907:2::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14; Tue, 21 Sep 2021 00:47:52 +0000 Received: from MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014]) by MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014%4]) with mapi id 15.20.4523.018; Tue, 21 Sep 2021 00:47:52 +0000 From: Alex Henrie To: linux-integrity@vger.kernel.org, ltp@lists.linux.it, zohar@linux.ibm.com, pvorel@suse.cz, alexhenrie24@gmail.com Cc: Alex Henrie Subject: [PATCH ltp v4 3/3] IMA: Add tests for uid, gid, fowner, and fgroup options Date: Mon, 20 Sep 2021 18:41:40 -0600 Message-Id: <20210921004140.15041-3-alexh@vpitech.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210921004140.15041-1-alexh@vpitech.com> References: <20210921004140.15041-1-alexh@vpitech.com> X-ClientProxiedBy: CY4PR16CA0008.namprd16.prod.outlook.com (2603:10b6:903:102::18) To MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) MIME-Version: 1.0 Received: from demeter.localdomain (66.60.105.30) by CY4PR16CA0008.namprd16.prod.outlook.com (2603:10b6:903:102::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Tue, 21 Sep 2021 00:47:51 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 5c0d15dc-373f-4d78-995d-08d97c9970fd X-MS-TrafficTypeDiagnostic: MW2PR07MB3915: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:275; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: yRw+8wOSB3VLwJVbcKssxBvDeVTIIqnmy5dyMyfCT/3d9xrXojFvzXkoFQrqNqFGuGJCineOrxmWb/rTa2XN9Z90udM4fPHHrrUBqiaZPZHmBsgo2/U8H+gBRxDoUwM+QKEvA1sjcTdh8goPLVFRBtWvQhl8GuAozc3e7DW7UjekiPa6L0Mv8U3WHNZP4pLCSQwaPwV28T+RkwoIF1kuTkR54U20Qk72wWJ1afMs1waY7w6vSZCIMmmyyCe0HG0H12d7SvBP/TR9EMrFrOMe2/usbmxpAIXeliWQI8PZbQUo5F4n5r0gU5E9sYY8F3z8v2vWmuYCigJT2wjQZNeX+YJ1b1tzeQJo/AKSoQjxTB6tp018SukcfUTmHw3SoZxNCrweWEL0CRFx6Mbn/RCrwKYdRhokPLrgKgqf1vjekXCzQtTTlKHV/3uYRnhsvpTG4w9OWm928PnJCt1+fuZNoXjJoHC+QpHRrKfday4EJZOj/qeL+kKKtVt9N7nOrVo21829Awc1VU6TU03Gl5Xan7jbixqKqT5rLx49v9MCUcnjM8o2M4Nm6ce3auKSrGzCGxMkVN1uMopQ8gGCqzH748r84CjC4kfEXckazTFiatYcJvbITtaVRxAJrwSW07rvmUJBl4EJePwT/W6Lv1/xjMFfbg4ylxQ79lVX3Kdf+tTvJ/15aGR3HmwpIVSQRkYIr7JgQ8OVdnBfHF8SnHIpjg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW2PR07MB3980.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(376002)(39840400004)(136003)(346002)(396003)(366004)(6512007)(2906002)(8936002)(8676002)(478600001)(6486002)(107886003)(6666004)(316002)(38350700002)(4326008)(5660300002)(36756003)(6506007)(66556008)(66946007)(66476007)(2616005)(52116002)(38100700002)(956004)(186003)(26005)(83380400001)(1076003)(86362001);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: coXamiMotQisqu7SUqrAoVB20nPo3bHyrdtdhudebhoz3Ak9fTR9trw24QT2L23WHL+3EFuU74ajvMgTSX1Yqo+/gVenMQFUUjLfkEsyIbI4Y78jzU2myespC3wIdPaqNKQH6E15ACRTK2ZztLMB75bZJOrm1ORWEVTjPn/DmpEdDWEg75AFPSEHGQBZcdLSrDnBhnRraCiVU+nVANqAJWeO7/nFXINBd+WmRrObmwbZmVZ95u4YkW3OZQyrj9L5Uk2mjPdiIVm6GOgBUwlpHuc6XDlbwAGAtJNdMPu7k9DHbH25nmSR3E9/ww2vVS6G2FHtOElozEz2yvOop7rS1hMFC+0Rg1rlUsvLPOHpNawb7CtHr0496TntpkQwyzcP2h9bTkEexlNH7BehznYBd4qRt1TfZ6BUUnGssX52QUqiNFU1xT930ymFybQCYPvZPoXdNsr/P+WcMbnnjaYE+PtREX98g1QM3DDg3ypigG+e0Kihr/Bul4iq8vfTSgy1pjM3ZKEpFBgo9QyKl+dZilI8eXh36kh4SuVYPkPpc1dCbmcXhltIxE45GYegb53QN6vtUWxSgqBcDGH3lfOaLRebbHtfdm8SC/ScQ1FTaUmxfqisunV1Oq5DF2o2JBTohw6WwQXwAQ+4n0UcXSv3f7hSmQuM22Bj+/NfwDvJ4YN4c5LypmS55R9ZBYTDysKVBQDzYAJ6ypuOpnY0RquHKlcVcby9d/qozVnQ1A395uYKCDU2Udpm2nmS+rpIW4mrmbK2tCQPpP7OXV83tgPbYci8N0qmL1lgncy6HInw3JHMEiAS2kqeHpTTscyy5fpdpRziC5IC4FvyDsw4qIsdkTKmpCAFe6DVoUuMP7yvO/B0COuKVSXMF35gsikiB+t7NsdTs+tJ9gBoIxMzaCQOx0MAYObPWKD7ZfYRJIWvMXpCMRzedhIhVrhZH13BIWyFeq8fvKVnPH8UMoefXTgnHlNLosiSS4r/w/PTSiCnUqUVKA+UFW1l2pn+JBxOP20jmSteINyk1tKnlpkrVFgdfKgq5G/TBwGPRfhazIy6/ar0FTEzWv6UiQ5iEoAcAt0YhkGc88OYvTggSxohIji+T/qmO7kyspOwhfIUNpQCDMkcfd6VQRmzTU8lbF6j0qgaCo7/HGDMLuuLuecUjilq3U7uPUmyc9t5SLUYvWIOflYGM1XgxMbnqU9jBc7aYQ+glUBGSot9kG3BC+OgoTFrzJNgiIjs8OXK7xPUrGvK7i/aiAB/U/+maOtzlOZmpUbI2wUG4J0y1BSe/pkgy0PKlJk7OxTs8wzUSwSf0a074Oyz5dTD1G9hiTUOgOoLpmXu X-OriginatorOrg: vpitech.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5c0d15dc-373f-4d78-995d-08d97c9970fd X-MS-Exchange-CrossTenant-AuthSource: MW2PR07MB3980.namprd07.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Sep 2021 00:47:51.8353 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 130d6264-38b7-4474-a9bf-511ff1224fac X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: DKMGn7MIHFRnrLxk+gFSqADBuwNay5hYljo5RhY0WEM2detgVS3HrXiG3zf6AsFN0ZzEy3+NZB+hiSdhVgMUiw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR07MB3915 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Requires "ima: add gid support". Signed-off-by: Alex Henrie --- v4: - Put new tests in their own file - Check for policy writability before each test instead of once before all tests --- runtest/ima | 1 + .../integrity/ima/tests/ima_conditionals.sh | 57 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100755 testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh diff --git a/runtest/ima b/runtest/ima index 29caa034a..01942eefa 100644 --- a/runtest/ima +++ b/runtest/ima @@ -6,4 +6,5 @@ ima_violations ima_violations.sh ima_keys ima_keys.sh ima_kexec ima_kexec.sh ima_selinux ima_selinux.sh +ima_conditionals ima_conditionals.sh evm_overlay evm_overlay.sh diff --git a/testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh b/testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh new file mode 100755 index 000000000..5eb8859b2 --- /dev/null +++ b/testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh @@ -0,0 +1,57 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (c) 2021 VPI Technology +# Author: Alex Henrie +# +# Verify that conditional rules work. + +TST_NEEDS_CMDS="awk chgrp chown cut sg sudo" +TST_CNT=1 +TST_NEEDS_DEVICE=1 + +. ima_setup.sh + +test1() +{ + local user="nobody" + + require_policy_writable + ROD rm -f $TEST_FILE + tst_res TINFO "verify measuring user files when requested via uid" + ROD echo "measure uid=$(id -u $user)" \> $IMA_POLICY + ROD echo "$(date) uid test" \> $TEST_FILE + sudo -n -u $user sh -c "cat $TEST_FILE > /dev/null" + ima_check + + require_policy_writable + ROD rm -f $TEST_FILE + tst_res TINFO "verify measuring user files when requested via fowner" + ROD echo "measure fowner=$(id -u $user)" \> $IMA_POLICY + ROD echo "$(date) fowner test" \> $TEST_FILE + chown $user $TEST_FILE + cat $TEST_FILE > /dev/null + ima_check + + if tst_kvcmp -lt 5.16; then + tst_brk TCONF "gid and fgroup options require kernel 5.16 or newer" + fi + + require_policy_writable + ROD rm -f $TEST_FILE + tst_res TINFO "verify measuring user files when requested via gid" + ROD echo "measure gid=$(id -g $user)" \> $IMA_POLICY + ROD echo "$(date) gid test" \> $TEST_FILE + sudo sg $user "sh -c 'cat $TEST_FILE > /dev/null'" + ima_check + + require_policy_writable + ROD rm -f $TEST_FILE + tst_res TINFO "verify measuring user files when requested via fgroup" + ROD echo "measure fgroup=$(id -g $user)" \> $IMA_POLICY + ROD echo "$(date) fgroup test" \> $TEST_FILE + chgrp $user $TEST_FILE + cat $TEST_FILE > /dev/null + ima_check +} + +tst_run