From patchwork Wed Sep 22 02:07:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Henrie X-Patchwork-Id: 12509281 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71AE5C433FE for ; Wed, 22 Sep 2021 02:09:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 46DCA61184 for ; Wed, 22 Sep 2021 02:09:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229752AbhIVCK6 (ORCPT ); Tue, 21 Sep 2021 22:10:58 -0400 Received: from mail-bn1nam07on2051.outbound.protection.outlook.com ([40.107.212.51]:15239 "EHLO NAM02-BN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S229594AbhIVCK6 (ORCPT ); Tue, 21 Sep 2021 22:10:58 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GgA05g6vQQqx4vPGFAagdsJGu4Bl/UwPelzoT1o3Oq/ZTxMhBnwfNGtv6S5xRTew1eApKKgwvzojLz0OqC0rope/yKzqMBdhAWyx0mSyVP7ucSnsS7XCImp0L+Cv0GtFnUS880YzgLgGmaJ6dPmPwOF++FHtVxJz/FtJ7pu63O3OqIqomnT5Cc5rIdQc4RNZZK3uhC22vgdcErpcnq62PDdruhIC4Pq4/I+Qafbt6e32v7j5OSx2eBXN67fIDaZ+tmbAfzBYhAkd590mWpqhr/mZ9xz+luyYuHKXRC8D5MkkC0GOj/L6ukb4qTVjLi8qeSJa8tCrAyxD8nRIVH94xQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=zMxu75s0OhBb/Yj7WUME2AQQ2gmO12Nyk27SSpLlHuk=; b=IAPjxVQMjjj+XvgIWk8oosAAsBjAklZQM7Qjb6jbojk0ku7KwILaLPn6tt61tOm6L89JHeUFDDSzPKDy2xqwuPfqHP3/2/FVFVRbYykJjOeA/8I0o00GRbmayHwbhU6gih43xZcTa9HHUq05Y+IoZSQqUGz6JsSgb50OBQs1V//1Jgwi1LQ+VogUz02aN8XwKzYEuVK7/SLQmAcsnfDv9qpf7NE7mmuGKSpo0LroU9Iw/VHvSoJn00eXQVnREYGI33P2b8BZGDUjGPhd4M0K7bKLzG06tVXmg2RrXXQg/66FT69XymsU+R3cL5BgkG5apBr3giEjylqyCrmyka+PIg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vpitech.com; dmarc=pass action=none header.from=vpitech.com; dkim=pass header.d=vpitech.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vpitech.onmicrosoft.com; s=selector2-vpitech-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zMxu75s0OhBb/Yj7WUME2AQQ2gmO12Nyk27SSpLlHuk=; b=nrZueeN319AN3CReihtmrX0oiZfWFoikn6Gj7KuiJyB0k5cvLcYMV+SG0Nf+i1GSLCRXEFqbpJhDr+9DQWPy4Wu3fZe8MPx/Xo0xv6vB+NJSh+gvapX/L4qmo+wKhJdJ8wJBJ/mFx0vQFMtrjrL0aos0TlIJQLOpvJyntV6mbKE= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=vpitech.com; Received: from MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) by MWHPR07MB3149.namprd07.prod.outlook.com (2603:10b6:300:e8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.16; Wed, 22 Sep 2021 02:09:23 +0000 Received: from MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014]) by MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014%4]) with mapi id 15.20.4544.013; Wed, 22 Sep 2021 02:09:23 +0000 From: Alex Henrie To: linux-integrity@vger.kernel.org, ltp@lists.linux.it, zohar@linux.ibm.com, pvorel@suse.cz, alexhenrie24@gmail.com Cc: Alex Henrie Subject: [PATCH ltp v5 1/3] IMA: Move check_policy_writable to ima_setup.sh and rename it Date: Tue, 21 Sep 2021 20:07:59 -0600 Message-Id: <20210922020801.466936-1-alexh@vpitech.com> X-Mailer: git-send-email 2.33.0 X-ClientProxiedBy: MW4PR04CA0222.namprd04.prod.outlook.com (2603:10b6:303:87::17) To MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) MIME-Version: 1.0 Received: from demeter.ad.vpitech.com (66.60.105.30) by MW4PR04CA0222.namprd04.prod.outlook.com (2603:10b6:303:87::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Wed, 22 Sep 2021 02:09:22 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e0251680-5475-47ef-dd5a-08d97d6dfefb X-MS-TrafficTypeDiagnostic: MWHPR07MB3149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:962; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: NMvK88vb9NfV68IyIFPWq3RjN3oF2A3Jv8DJBDJGQeqgbCiz+49JIotLxeI+DmfqA0rPRNICWDhRK+m1FbnzUlOCAGc+dsc94c9MPEGmMJYOA7sUjGS1IVHNYBgszD7gKDDHGi39M95X2YrK7Loa2ieg4+AU7mxGxdaZuwW9NE2w226bwHhLVKkOwrNt7DgzEcHzaMS5aexYAeYHtxTJ6gouimp45g9l4XALdTFQE9ZCxHdRPaOeVp98jMGxxiyUoq/7nZRuu6f1CogCCT0sbYlYuguI9Ico7EeDs3TTuDTCdiUbSqw4FCqKTt/G3IWOjnbWT0+6GEwHZtiMmQ8weZRXl68NqS1NsLkerC7DJdgFLlSVXAXC7ox7TiPErEDKnvuvhk3Gfl0wMvOhHxC1SWEqn+G/h4G/nElD0wSB63oaBASi2NuVAJmEJ9itCYcQIBPsDFCHtBB8uzY/JnOjcjQHUEZmaEzOU9NCKGAE0KKlQewvSSq2CmuUO83gn+VZC51vQGSGJbMERHfGWc6LbTlEx4YtO+V0b7yHuD+o6XNIixDff3BdmXgDplwe10cjJA8pkiuEOjh1mbLJuwlsF63MiWoNPp/hWjM9ecqVYJ994mkoWQmH+wnkCDrfTv38fExBpGjI3DftPNCsZb5CN3AyD2pwEyQBdMggSFdueysX/QykvZOkMvx29duHh9lO5H7SCRBsCbw8ja6HzyQenw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW2PR07MB3980.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(346002)(39830400003)(136003)(376002)(396003)(366004)(66946007)(36756003)(66476007)(66556008)(1076003)(5660300002)(52116002)(7696005)(316002)(6666004)(2616005)(956004)(86362001)(2906002)(83380400001)(26005)(107886003)(508600001)(8676002)(8936002)(6486002)(186003)(38100700002)(38350700002)(4326008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: n/ovwJi2GkvBnG9xk2AtUEmSO8bsl9LxgzUNk7+hEL290agVDpVdLsO/K2fIkoT6QGMJbCyrZILHCt3Blx28gp6mloBpBwZfUa/OVVPe+5UF19V/jt6uRsdcR2OUY8ocAYk3/jBn8vu87chHjAngENBsy0qWDUzX2HF59numNAl7pCkJrfsOPKPBVCINeCl8sINM52POI/pnRP5CXgwl0WtjjCfDUprkTlmvvfRIk1xxUA/bS/kSPzLD+yiX/ePsyam6hyfRGUHIREGihLowwks/9xU8FJyJ6re9NRNiR/QBHOZvNtovtV55s0KfEUe6efVaJ1BAKBEgyhg1TK4PbqvVDKVlYy/5+tksWCOMqJKh8rkfCVmj1lpF97oW31oqR9am/nIkLE2SiAm5cLWOFqmdQE9tCCqQodQE8Y3hQ83R3Dc/4sywQhHLyODpZdNsZs1j1oIlHDxf0OGTfuYtxI3pT6+l352GkRIHrOHHd7J6kLraP2DwK57pumL8byAt7RfMEvtHMPNcEQWtBFlXEGWDDh9e7z+5s4sFkM6a5eg/DdzlmV9YRjPHzI0Cf0TB3gU8pm3TPE2t1bSyVC43SdYsazCfzZj014UWspWEtKXhDv7nh/9c7eOLKh7si8GfAHtCrsPDs0rBmv39xhWKqp2RMGwrtvGhO1P+MkBE+a/IIMcRgNtbBv18Hpdbzlln3bzPT7K1j9VV6P1bRkWZ9vvV0BpvRZ7YM5mdTTWyZ+y/da+If3TQezU6VinqDcUpZYNkLp2d0TncpxSy8QnZyED+VN1FcsxmkkuJmmpMJnO2x9MBVlvKbKjom+d9NiIm/OEtg9D+S/ZjBbQcMS0henGMKDT2FN3XzpzLKNfAcd8gVz/LKJ9KG67dfL3bpzOTHT7XjnpZdIuRuSJ/ANNf9rBuoCXaSc6RS39X769ObprWxgfGOkHjNFWO0+jQso7BSGDsCplqQa0zlnt9NYftFHhYMgIVZhQmfl2KE04yqdiszqkonVg4O2OK4WKxnWiKxRXGQx+FkkwlkOBX+DMLgsHsNjp1z5U81AC4KHCnC27gca29wYHnW1Cj18J17cYKuG3bZVpwaRjCLUAk5bHZDePL2rEhIDaqp+pn+El9doy1w61HIoktZSQ4ce1tHQvVWu+hAH6yfQOV9V7NdqXgh/1DWvl0oheRtitC+E+VDs1sDZ/WcrdT05GBIqf/fsCnwj3tPNur2iVWQg5PxcyO6kIAMp2EKooKh/lCk+BghlTZQK47hL9NzebhHORr0Idf5Z1+Y85O1tSJthED35VFfn82ywO9Rm48/6KKH5YVXolNG678J/UKfBaU4cgiURhJ X-OriginatorOrg: vpitech.com X-MS-Exchange-CrossTenant-Network-Message-Id: e0251680-5475-47ef-dd5a-08d97d6dfefb X-MS-Exchange-CrossTenant-AuthSource: MW2PR07MB3980.namprd07.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Sep 2021 02:09:23.5080 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 130d6264-38b7-4474-a9bf-511ff1224fac X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 6Y8EjFfloOtc0YpHxwss+2odNhSjM87vl/nuKxnE7AjNiXtnv4p/npdwEFxO4AUv9djdOH1jlvj8rJOR4H1w/Q== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR07MB3149 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Signed-off-by: Alex Henrie --- .../security/integrity/ima/tests/ima_policy.sh | 16 +++------------- .../security/integrity/ima/tests/ima_setup.sh | 10 ++++++++++ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_policy.sh b/testcases/kernel/security/integrity/ima/tests/ima_policy.sh index 244cf081d..8924549df 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_policy.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_policy.sh @@ -11,19 +11,9 @@ TST_CNT=2 . ima_setup.sh -check_policy_writable() -{ - local err="IMA policy already loaded and kernel not configured to enable multiple writes to it (need CONFIG_IMA_WRITE_POLICY=y)" - - [ -f $IMA_POLICY ] || tst_brk TCONF "$err" - # CONFIG_IMA_READ_POLICY - echo "" 2> log > $IMA_POLICY - grep -q "Device or resource busy" log && tst_brk TCONF "$err" -} - setup() { - check_policy_writable + require_policy_writable VALID_POLICY="$TST_DATAROOT/measure.policy" [ -f $VALID_POLICY ] || tst_brk TCONF "missing $VALID_POLICY" @@ -55,7 +45,7 @@ test1() local p1 - check_policy_writable + require_policy_writable load_policy $INVALID_POLICY & p1=$! wait "$p1" if [ $? -ne 0 ]; then @@ -71,7 +61,7 @@ test2() local p1 p2 rc1 rc2 - check_policy_writable + require_policy_writable load_policy $VALID_POLICY & p1=$! load_policy $VALID_POLICY & p2=$! wait "$p1"; rc1=$? diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh index 565f0bc3e..9c25d634d 100644 --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh @@ -73,6 +73,16 @@ require_policy_readable() fi } +require_policy_writable() +{ + local err="IMA policy already loaded and kernel not configured to enable multiple writes to it (need CONFIG_IMA_WRITE_POLICY=y)" + + [ -f $IMA_POLICY ] || tst_brk TCONF "$err" + # CONFIG_IMA_READ_POLICY + echo "" 2> log > $IMA_POLICY + grep -q "Device or resource busy" log && tst_brk TCONF "$err" +} + check_ima_policy_content() { local pattern="$1" From patchwork Wed Sep 22 02:08:00 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Henrie X-Patchwork-Id: 12509283 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 069FDC433F5 for ; Wed, 22 Sep 2021 02:09:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D7CA560F4C for ; Wed, 22 Sep 2021 02:09:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229587AbhIVCK7 (ORCPT ); Tue, 21 Sep 2021 22:10:59 -0400 Received: from mail-bn1nam07on2051.outbound.protection.outlook.com ([40.107.212.51]:15239 "EHLO NAM02-BN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S229734AbhIVCK6 (ORCPT ); Tue, 21 Sep 2021 22:10:58 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S98XOJAj99CEhaiwnW8vkKvQO/ccnEnY6VuKTlSng5UKGWucqDCa8U/8as1VSNmjPmW+Cv2m3E8hvBP5H/f/+VlFRQvmCB+q3EN+dLmaqXzb5U1IVspJuwAOv3yTFJQwGz8A50UjT7K7g7jyshtohAV8K0Yvcld1oHcQcDGzwkVE3AKy38l8XslQVOqstfUIpA9C2vpT2AgMs6+YCkFIJmN4+eWznBsWgjliM7UVcjsYvUGk6G7CwodSOgs7gd+ofRs6NFPehFoAqW7e3KxPzMQRvg4F5a25lKahHZCiNE5b+QJLnCRS9AkmIcVriNZwUGocmcOi0XgWnfoEfXVIAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=94+usKn4g49TnEjBKT4BXod0UFimzkXERUq4i/vApW0=; b=l8DkTOl2nmrd/pLt6Itf2lZ65z1g17Qr/QWBxgOZHvt+WJd2BA86MFo3zvnYDiTgdiHi0H2qoWZXv3zlL8AsxXg9feZaEJdkLfs8eUls68V9nLuKAWkwtIqoOZrnSo0G6agvME0gogFgNDCZ5taRANsNlshqHvXzj1xyrBOyetzHho+VVTcS8jmiKwLxNrFzGE7D8aooXYz62H9lxN6ntVpBDd6ZzfnXWEzgkeukkwUxmxShGFAiT/ancNUsZlZdBynyr7rkt2hp4C4keTM2qoq2w2LPEb8XBzNjBRqK+HdAGjilJCoPgmdcHWaiA/WC+Vxqh3iYJ8DnMFB5z6YS8A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vpitech.com; dmarc=pass action=none header.from=vpitech.com; dkim=pass header.d=vpitech.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vpitech.onmicrosoft.com; s=selector2-vpitech-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=94+usKn4g49TnEjBKT4BXod0UFimzkXERUq4i/vApW0=; b=PfOebaN+mV5Mg1WIrDH6d+u1alZsyrlou/iDlI7mAmFFl1jqF5PHfOoohvXP+iAvbrSVYJaRImlgjnYmwxREhDiqQvOy+22uGfiXUW/KpS+r5MfnP+fwvFQSz1YpgjJTYtAJfauP2c76z6ukpg3uvXep/I8PhbOyVmH3qrtD8Ro= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=vpitech.com; Received: from MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) by MWHPR07MB3149.namprd07.prod.outlook.com (2603:10b6:300:e8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.16; Wed, 22 Sep 2021 02:09:24 +0000 Received: from MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014]) by MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014%4]) with mapi id 15.20.4544.013; Wed, 22 Sep 2021 02:09:24 +0000 From: Alex Henrie To: linux-integrity@vger.kernel.org, ltp@lists.linux.it, zohar@linux.ibm.com, pvorel@suse.cz, alexhenrie24@gmail.com Cc: Alex Henrie Subject: [PATCH ltp v5 2/3] IMA: Move ima_check to ima_setup.sh Date: Tue, 21 Sep 2021 20:08:00 -0600 Message-Id: <20210922020801.466936-2-alexh@vpitech.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210922020801.466936-1-alexh@vpitech.com> References: <20210922020801.466936-1-alexh@vpitech.com> X-ClientProxiedBy: MW4PR04CA0222.namprd04.prod.outlook.com (2603:10b6:303:87::17) To MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) MIME-Version: 1.0 Received: from demeter.ad.vpitech.com (66.60.105.30) by MW4PR04CA0222.namprd04.prod.outlook.com (2603:10b6:303:87::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Wed, 22 Sep 2021 02:09:23 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: c2d49815-71c9-4763-8b6d-08d97d6dff6e X-MS-TrafficTypeDiagnostic: MWHPR07MB3149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:4714; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Pz2wpT49GXqs6fEC4jAN8zntuXePnUjb4nsziZErWYjkBX8N0OmF0gF6ollfT2WK1UO1c20qp0BvU9zvNIAtOCaPVXLVP6PnEcWQyvfwPY+860Ny22jfDDBJ0cpn3n9IH5sej5ac1ZY+Mu4Z5MLpdXBp6rnDFBeo8LR/bjMztdz+OAyyN1+cA+zI6KQT1NiitLMltVOrtGrK66Nyv+zi5VR18e5FXGYBM4s5pi99D7KBXm3feTN70cBXcnanJPiAtYPc26rxfztCnlT4qEczU5rrcb7qoFFttlAYu7Yvi7/OH9EK5lCRCGTKXkPcTwho9fkRWc9LCWCQfEbF3xrkHZ4tybSle9XCZJa6/z57g2dXPRcKuJhpnLVwAm1Rqe2/nyGLmhEHs4K0w/603HigY6yTveAgohENNsbcYwtdOqSAbv3tkGPSFf6iykV0rwWS7tjqR8mv2CMQYYofLsC+IYtcoMK3Nv1J5qDBoOX1qcerKgW/z2mJBzxXCtB4Ei5vwn5xsWMj+fO1ALH2CNoMLOnsFycFZgIj8tiimNdK8cxANIWQqiIiRe1MgRub6AolOzLTZiQ8nDGnDu4BHh/Y0TWVY8FPwqrLHQ6/u9pkAJaDr625ttUwDSQYZWML9rnPcvYUVklXNkKeZpHu6eeOEnBxAVIZqr3QtdZ1rtMh4cUZLF1JQX67E4DqgisPjhI6vjYO4D9ASvCETcLh/vz+hQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW2PR07MB3980.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(346002)(39830400003)(136003)(376002)(396003)(366004)(66946007)(36756003)(66476007)(66556008)(1076003)(5660300002)(52116002)(7696005)(316002)(6666004)(2616005)(956004)(86362001)(2906002)(83380400001)(26005)(107886003)(508600001)(8676002)(8936002)(6486002)(186003)(38100700002)(38350700002)(4326008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: qOLFMxyGJ/iwhn7LmTClh6MIQq6FCtNbOZkF+lyFEoqhWI0F+XN+oekXCIzVEA4ACfX904cc903F8OqFShAkG+E7hhMhy8JtW82geLsEVvY8raZ8qZAClLgPEyWGddfq9EyJJbYGb9Q8NyO0mICTWO6pCwSue7TdaIgFJTFgOvp8/NN4Y1HE4HUpfbed/eKH4ycK0vqurbzqCFPOto7iyneo/oJQD2BWWzY/FU6TwZe6mgr75XOujRnLK/tnvH0YXvouJsxfLpmoLOYaCoOIwDJ9yvHqt+f4lwS4PbU//My0bWm22dMlA7xqT9IE3+2HsdQmT0RydtWc6ds59VuuSs1qCuJZ8vjELqpeW+03+BNLqv2BbY0fC1Q9iEzITepNWmYj7K0aB6v4LLSj3a1ZD3iw7zhEo20BiUa7kPLICL9/kGRiJ7dWbtKAY3XUi9YbmL7x2HEeb+yNBswSf8Jfc+EfeJXHXGFbz7DkYByyKmMl6RQ3BOZ3npOljma6CiN1vBg41FyDjF188qKdfaDb3ilLhfm6Xnh7V4dzBNBo7uVM8q4ysrkQrd8vvVpnTHUgNaBgDFh1dQRPkU6WqurquwaAfgW2fsY52pmS+JbzPaPXmkqUNc/CIJouXI/5J2HzTTrFtSTNHoWYdUKQ/fA+ZRarkvInxr886eSWIi3Xxn8BTRbsiYGgfmHFE5NNZve/rSzxMklkqg71kqtZ0RGiBb311eNuw7YDT4qfkxAoQ5CLiLKtYqBpXzXQgBAfZEYcNcK++sktsmJPnH7zGWvyEHWAnFBilYPDtvah5er6JX+B8ED1wCocD0o+FANCWWiEb/JsFcePB2f+RMobGVeimkPwhVggtxAkze7wQKFeJBoyC85f8iLcp2I0GpL9PJdgZrlHKygmYMQ79S9E4Dh6OaId/EeAk67dCvQpivT5iMnOMxTRKYtV+cHQcRLaAQiEvnOukFYIsQoDQSMOJDYxJrZoBznD+NlGUgwVMOc6cR9MOal/mXQT3wqCoT2xFQN/UNbm5Neh7Le06NAkUZoSutGFnrwfbD/Avi7nx/SkNaVyU5REJ9CHxph5OO01FPiEBmluTgYnIlUR9kSaftShmMZhVQs4JL8TJh6RZGXPFpClfanr/7q0bAws9hu3YwfJOGGm1wJVUpyLiEy+pa4+HwYOOxXbZJt17yBurxtne4JQKHupBdN4YYJNP/u5bS9GvEE4ROpHjl89ExHIOFJsBPVM8ygPbjm+0spL1ALwvW4S6NlJM/aGkuSKkEnCcHeLIGEaUzNG0m8v9BTxkZeIP9nbGsJQ/zYKm/uxtAbD8JnHtigZzPJW3f6EYokS9Jie X-OriginatorOrg: vpitech.com X-MS-Exchange-CrossTenant-Network-Message-Id: c2d49815-71c9-4763-8b6d-08d97d6dff6e X-MS-Exchange-CrossTenant-AuthSource: MW2PR07MB3980.namprd07.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Sep 2021 02:09:24.2756 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 130d6264-38b7-4474-a9bf-511ff1224fac X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fSXk4eJm3M7vZysFfgSUHrZnECGB2b4h78eJEyB2oE1nZUrupW6lR/pN2ELDUNiHOuaOuKYwYyZJbeJmGLVl1g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR07MB3149 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Signed-off-by: Alex Henrie --- .../integrity/ima/tests/ima_measurements.sh | 28 ------------------- .../security/integrity/ima/tests/ima_setup.sh | 28 +++++++++++++++++++ 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh index 1927e937c..807c5f57b 100755 --- a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh @@ -17,38 +17,10 @@ setup() { require_ima_policy_cmdline "tcb" - TEST_FILE="$PWD/test.txt" POLICY="$IMA_DIR/policy" [ -f "$POLICY" ] || tst_res TINFO "not using default policy" } -ima_check() -{ - local algorithm digest expected_digest line tmp - - # need to read file to get updated $ASCII_MEASUREMENTS - cat $TEST_FILE > /dev/null - - line="$(grep $TEST_FILE $ASCII_MEASUREMENTS | tail -1)" - - if tmp=$(get_algorithm_digest "$line"); then - algorithm=$(echo "$tmp" | cut -d'|' -f1) - digest=$(echo "$tmp" | cut -d'|' -f2) - else - tst_res TBROK "failed to get algorithm/digest for '$TEST_FILE': $tmp" - fi - - tst_res TINFO "computing digest for $algorithm algorithm" - expected_digest="$(compute_digest $algorithm $TEST_FILE)" || \ - tst_brk TCONF "cannot compute digest for $algorithm algorithm" - - if [ "$digest" = "$expected_digest" ]; then - tst_res TPASS "correct digest found" - else - tst_res TFAIL "digest not found" - fi -} - check_iversion_support() { local device mount fs diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh index 9c25d634d..976c6a86c 100644 --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh @@ -188,6 +188,7 @@ ima_setup() if [ "$TST_NEEDS_DEVICE" = 1 ]; then tst_res TINFO "\$TMPDIR is on tmpfs => run on loop device" mount_loop_device + TEST_FILE="$PWD/test.txt" fi [ -n "$TST_SETUP_CALLER" ] && $TST_SETUP_CALLER @@ -279,6 +280,33 @@ get_algorithm_digest() echo "$algorithm|$digest" } +ima_check() +{ + local algorithm digest expected_digest line tmp + + # need to read file to get updated $ASCII_MEASUREMENTS + cat $TEST_FILE > /dev/null + + line="$(grep $TEST_FILE $ASCII_MEASUREMENTS | tail -1)" + + if tmp=$(get_algorithm_digest "$line"); then + algorithm=$(echo "$tmp" | cut -d'|' -f1) + digest=$(echo "$tmp" | cut -d'|' -f2) + else + tst_res TBROK "failed to get algorithm/digest for '$TEST_FILE': $tmp" + fi + + tst_res TINFO "computing digest for $algorithm algorithm" + expected_digest="$(compute_digest $algorithm $TEST_FILE)" || \ + tst_brk TCONF "cannot compute digest for $algorithm algorithm" + + if [ "$digest" = "$expected_digest" ]; then + tst_res TPASS "correct digest found" + else + tst_res TFAIL "digest not found" + fi +} + # check_evmctl REQUIRED_TPM_VERSION # return: 0: evmctl is new enough, 1: version older than required (or version < v0.9) check_evmctl() From patchwork Wed Sep 22 02:08:01 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Henrie X-Patchwork-Id: 12509279 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,MSGID_FROM_MTA_HEADER,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2103C433EF for ; Wed, 22 Sep 2021 02:09:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9BB4360F43 for ; Wed, 22 Sep 2021 02:09:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229640AbhIVCK6 (ORCPT ); Tue, 21 Sep 2021 22:10:58 -0400 Received: from mail-bn1nam07on2051.outbound.protection.outlook.com ([40.107.212.51]:15239 "EHLO NAM02-BN1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S229587AbhIVCK5 (ORCPT ); Tue, 21 Sep 2021 22:10:57 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PI3q5N/bFCRCpxl2REp6rjdAz0PjhfmbneBkz4I5L+7fEneMVS++lgsxQvBnyTmuzL1SX5/VdDA4/0v6a3dsIaKWADpKz66S17r+BGfzYLAqf9fQxLiLBTtXtOBrqy3/+JvrFf0+8E7Zu9T9GF1tq3tOnJ5yAbvMWPA2epl7/I3vlD6FWj1v+A8fiVwFH3MClLg6+BK6HKgmnJ0W4d3vwuo9J6jJquUvD2vc1aPm9IHYrBWWncBEvCB1ReWa9+VlvL6pX671wcHqC7feHeiawJdn4mizEWwG9MUVmc+rsNQi7az60r+8qXPzTwaC+1/nKtV5bDEUrBGV3CzMfixEyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=q82MiURpCg3wYsHmeiNsNe7Rf/gZWspLeepH6kdLtXo=; b=cY0jWfOcULln8t0otund3jY0o2WimIuLLVcalD9RtMz1k2EARCLb3lEI7+TlIkbRLGNF+9+76a3XKccZyFS2zM+1RdxpKcyIv8Om9YpP8ukjijHFkeLXCXq4c2w2M7lKZBp2UbPttiNSIPAr1wq4+OM+M9A8GJB5pY9E92wLeZVIndH0fyC6SbTMhysD1I1ZdDD+jZpykfJ/s15GYuds5eGoJ7S6iPrutJu1XI1ZclBhSBYxnUtbv/v0cDmLRNtcyF//WMMmKaJck6AHEDcqc4Do+Gr6ozjD6sCdYPOAy1Sz9CQOR6L58Ul7er5ETft5YfiZiAUHl5XgTBYPRv4ySQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=vpitech.com; dmarc=pass action=none header.from=vpitech.com; dkim=pass header.d=vpitech.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vpitech.onmicrosoft.com; s=selector2-vpitech-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q82MiURpCg3wYsHmeiNsNe7Rf/gZWspLeepH6kdLtXo=; b=SUerteztQvg7qzSrQyAK9/S0FR90ZltAw8ft91hyVZbh8r9Xs9sQFmGemW8SsspL84xawWc6Pi7uNrsWEGuTv5eno3Q8kBkJQuOJwzZvEBuSEv0xLld5kh1GAS6t6FZpgWhuYLLimPDQ/fNzfQtA5baV7bKD8nvj+VjzrVvtCQs= Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=vpitech.com; Received: from MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) by MWHPR07MB3149.namprd07.prod.outlook.com (2603:10b6:300:e8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.16; Wed, 22 Sep 2021 02:09:24 +0000 Received: from MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014]) by MW2PR07MB3980.namprd07.prod.outlook.com ([fe80::cc48:9777:4f07:6014%4]) with mapi id 15.20.4544.013; Wed, 22 Sep 2021 02:09:24 +0000 From: Alex Henrie To: linux-integrity@vger.kernel.org, ltp@lists.linux.it, zohar@linux.ibm.com, pvorel@suse.cz, alexhenrie24@gmail.com Cc: Alex Henrie Subject: [PATCH ltp v5 3/3] IMA: Add tests for uid, gid, fowner, and fgroup options Date: Tue, 21 Sep 2021 20:08:01 -0600 Message-Id: <20210922020801.466936-3-alexh@vpitech.com> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210922020801.466936-1-alexh@vpitech.com> References: <20210922020801.466936-1-alexh@vpitech.com> X-ClientProxiedBy: MW4PR04CA0222.namprd04.prod.outlook.com (2603:10b6:303:87::17) To MW2PR07MB3980.namprd07.prod.outlook.com (2603:10b6:907:a::32) MIME-Version: 1.0 Received: from demeter.ad.vpitech.com (66.60.105.30) by MW4PR04CA0222.namprd04.prod.outlook.com (2603:10b6:303:87::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4523.14 via Frontend Transport; Wed, 22 Sep 2021 02:09:24 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ec431f4b-d0e5-436f-4f4a-08d97d6dffe0 X-MS-TrafficTypeDiagnostic: MWHPR07MB3149: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:130; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hsWjKml9r3E4Ni0gohMWKLjI9K7E7FLiPPShotQxFtt5ng4JieHcsYNs9l2iW7zqyLTYKMlnZmAla/R9qrqsYc8WYcUq7VDCc87GJRGeFmcxHu8KLo/x43lc4nTalefMBKC7tDu97EM47UDgriSUB/Tny3Vmp2Eu3nXYC4mA2BgXNAXjJenuWGfAhiz0vodELofD1O9cCJ+8h9jZB4wGu8ZP1DNunPO1K8QsNIhdgoCIP+9lwczzdxsX2IEz+euI9s2m4CgnGfV+XzwG13MZ+VpT44mfOWjz9WgXmUbIVZnU+vsXJhrXTbdOJ6mosNEWGA6YKiS47SZuA4eQC1IPmKgtDpN66tSX0oP03KflxAFbEVQMcVS1IHE9H8vr+Ut7eFUUFxWf7DL4abK4IONsCxuT4ECKG3xzxit3z7X9cZBOLLo30VGS8rV2/wHeqzMpUds1MlHLejmwQRxHH/vtZmHF0/SLfxUrGunm9lnCrY45euoE8e4X8v7w7iHMYKl33zuKdKthLJCginZbVOI94ivH+RseuRbKymAAkNKRIzh+ms1tc7YY/oa0J++La+R+Les5Y5qTO++8CGaMrmi9UGPhrA00k5Fz7lsBQpSZ2jqlbfuAPIcSnLuOPv00fgPylJO8EUYyd3NaWUX/SZN+FJrNm7i5uSCtju3WMhjLN2AwHqktj8zDUUu+Q41r195/SAtJ7A4eNyBoowp9UHTDiA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW2PR07MB3980.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(346002)(39830400003)(136003)(376002)(396003)(366004)(66946007)(36756003)(66476007)(66556008)(1076003)(5660300002)(52116002)(7696005)(316002)(6666004)(2616005)(956004)(86362001)(2906002)(83380400001)(26005)(107886003)(508600001)(8676002)(8936002)(6486002)(186003)(38100700002)(38350700002)(4326008);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: +aRfdaR0yGwybwSgyBrGnZTVIIvZVLTuAxzsm9h641HuOQWwmVdROCkVMWt5BOMjBopkRPw7QOfkbpIdMM0uwcjUTmRMORpnVU44CyorqKEo84Hl8nnJU8ceQvrz13imaySvAfF53e0jsENAsDkoVlPUPwdW8SsyfkxSNCxzSavDHjuFPONYSKkaTtVfu1R8wVlDVQi1NUU9eCTldIvS5pZxuzqvY0nhkoKNI5Dq7/V5MHf8rMJiUmR7BLYTN65voZZREErMLVNl8nGm/+Dms+lSn73o4kBI0b/d/9gbQFfHJThh14rqfTowFJjcltq10NrSiHowDS0THpKNPQCX/OxIcbqsTN3VnRB1hv3uAhuqiZ6adrPVfGKPjIwguhcRvXNDr3V3yvNQTgYjfmGfPWvxn2/rxe5jl6TBDXe5U6JTJ+/7rBq1ebEntvfS3tXnz6dHv+hX2TFc7I4mhwvDkQ7yqXst8Q4w1reXIzFeUQZeGtKrhh5uzv6TMBzYdkwRD6XqkTBI6ckpoBV1YvKDTg5+Ri4/xz9TTN85YnmcZQOTqEBupW2C3nWSFEYe8BZ9Sy2tMyEbl3UWjoOMgsivlvp10KBKK2TLqB0y4xwvAjcpSIC4DRdxPt+S5viQgqnnbaJ+tkfK9jaPISmQ0M0JHy+Jqt7ZZslSQR8dbVhl9bbWfmqhN1nqvyNkkqgl19AdsebIdVxizjT8oHHi7auo47rwHRXsKMFXa4oWT7q0vTmrsXF5xV1nK3B/CQXzif0uY+7jm3VtYv+FPrdWNIl8mns3RBmkuB8UdmSGM3u0xqCE7rH4+aWZ6W+/D2M37yFK1sPeCjzTGOXtSFKQ74bLNFEyGdyq/rnzxOdsElJxeSYnzRI9WX5Ka4xzNk46BHcy/IJO/wrCa0LHqY8uE+3bImpc9JCZvDiUqnNG+Ni7q+TZZYHI9g40mNk14AXD+kQ66Y/RN08QZUuT3SKS6MOSPsVfHdd442D1KY1dVnHWR0utuASbaGKU/C2Wp6dBukX/kHOMxZjblo/mN+9pXJn69d00ZwQOj3id/PnFf6xEE/SuEjkxQcKYT3zRL0n3gRRSdMzQWRRIJjxFDmHg10aADbPJLo/RUSuQ5Gu39C3G61vpa23hiytQGFSf5wTmK6F542n1dfjWtvjcWUpt8Wo66wQKRz7obSUAewhNEnIvxPbC//BJwvF1MKCeQLA8z6k9SqQUUZWFVq9TNrUAoBA/VnaNYThGsM78Q42Kl54j4CXA69DBacA3AlsgbzaTktY/hB+kJ1AyawqBPkS7TP4Y5tQCe3PAEPTA+K291pnHhGXupb9p0aBXT6hoISXrJF1x X-OriginatorOrg: vpitech.com X-MS-Exchange-CrossTenant-Network-Message-Id: ec431f4b-d0e5-436f-4f4a-08d97d6dffe0 X-MS-Exchange-CrossTenant-AuthSource: MW2PR07MB3980.namprd07.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Sep 2021 02:09:24.9042 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 130d6264-38b7-4474-a9bf-511ff1224fac X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: XAdM9Z6v9Z7wePpFXUxGSn1MqcM4FXXDcBmt43k1wDVECqmAf6Vk715OiN85OKt/WEoWPy9Z7ArOnqUBf/Wl5A== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR07MB3149 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org Requires "ima: add gid support". Signed-off-by: Alex Henrie --- v5: Omit awk and cut from TST_NEEDS_CMDS --- runtest/ima | 1 + .../integrity/ima/tests/ima_conditionals.sh | 57 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100755 testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh diff --git a/runtest/ima b/runtest/ima index 29caa034a..01942eefa 100644 --- a/runtest/ima +++ b/runtest/ima @@ -6,4 +6,5 @@ ima_violations ima_violations.sh ima_keys ima_keys.sh ima_kexec ima_kexec.sh ima_selinux ima_selinux.sh +ima_conditionals ima_conditionals.sh evm_overlay evm_overlay.sh diff --git a/testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh b/testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh new file mode 100755 index 000000000..657f4d244 --- /dev/null +++ b/testcases/kernel/security/integrity/ima/tests/ima_conditionals.sh @@ -0,0 +1,57 @@ +#!/bin/sh +# SPDX-License-Identifier: GPL-2.0-or-later +# Copyright (c) 2021 VPI Technology +# Author: Alex Henrie +# +# Verify that conditional rules work. + +TST_NEEDS_CMDS="chgrp chown sg sudo" +TST_CNT=1 +TST_NEEDS_DEVICE=1 + +. ima_setup.sh + +test1() +{ + local user="nobody" + + require_policy_writable + ROD rm -f $TEST_FILE + tst_res TINFO "verify measuring user files when requested via uid" + ROD echo "measure uid=$(id -u $user)" \> $IMA_POLICY + ROD echo "$(date) uid test" \> $TEST_FILE + sudo -n -u $user sh -c "cat $TEST_FILE > /dev/null" + ima_check + + require_policy_writable + ROD rm -f $TEST_FILE + tst_res TINFO "verify measuring user files when requested via fowner" + ROD echo "measure fowner=$(id -u $user)" \> $IMA_POLICY + ROD echo "$(date) fowner test" \> $TEST_FILE + chown $user $TEST_FILE + cat $TEST_FILE > /dev/null + ima_check + + if tst_kvcmp -lt 5.16; then + tst_brk TCONF "gid and fgroup options require kernel 5.16 or newer" + fi + + require_policy_writable + ROD rm -f $TEST_FILE + tst_res TINFO "verify measuring user files when requested via gid" + ROD echo "measure gid=$(id -g $user)" \> $IMA_POLICY + ROD echo "$(date) gid test" \> $TEST_FILE + sudo sg $user "sh -c 'cat $TEST_FILE > /dev/null'" + ima_check + + require_policy_writable + ROD rm -f $TEST_FILE + tst_res TINFO "verify measuring user files when requested via fgroup" + ROD echo "measure fgroup=$(id -g $user)" \> $IMA_POLICY + ROD echo "$(date) fgroup test" \> $TEST_FILE + chgrp $user $TEST_FILE + cat $TEST_FILE > /dev/null + ima_check +} + +tst_run