diff mbox series

[v3,2/5] ima_violations.sh: Update validate() to support multiple violations

Message ID 20250305145421.638857-2-zohar@linux.ibm.com (mailing list archive)
State New
Headers show
Series [v3,1/5] ima_violations.sh: force $LOG ToMToU violation earlier | expand

Commit Message

Mimi Zohar March 5, 2025, 2:54 p.m. UTC
Add optional support for the number of expected violations.  Include the
expected number of violations in the output.

Limit the new expected violations to the new tests, so that the existing
tests continue to work properly with/without the kernel changes.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 .../security/integrity/ima/tests/ima_violations.sh    | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
index 22863fb72..37bf2182b 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_violations.sh
@@ -72,20 +72,27 @@  validate()
 	local num_violations="$1"
 	local count="$2"
 	local search="$3"
+	local expected_violations="$4"
 	local max_attempt=3
 	local count2 i num_violations_new
 
 	for i in $(seq 1 $max_attempt); do
 		read num_violations_new < $IMA_VIOLATIONS
 		count2="$(get_count $search)"
-		if [ $(($num_violations_new - $num_violations)) -gt 0 ]; then
+		if [ -z "$expected_violations" ] && \
+		   [ $(($num_violations_new - $num_violations)) -gt 0 ] || \
+		   [ $(($num_violations_new - $num_violations)) -eq $expected_violations ]; then
+			[ -z "$expected_violations" ] && expected_violations=1
 			if [ $count2 -gt $count ]; then
-				tst_res TPASS "$search violation added"
+				tst_res TPASS "$expected_violations $search violation(s) added"
 				return
 			else
 				tst_res TINFO "$search not found in $LOG ($i/$max_attempt attempt)..."
 				tst_sleep 1s
 			fi
+		elif [ $(($num_violations_new - $num_violations)) -gt 0 ]; then
+			tst_res $IMA_FAIL "$search too many violations added: $num_violations_new - $num_violations"
+			return
 		else
 			tst_res $IMA_FAIL "$search violation not added"
 			return