[prev in list] [next in list] [prev in thread] [next in thread]
List: ltp-cvs
Subject: [Ltp-cvs] ltp/testcases/kernel/security/integrity/ima/tests
From: Subrata <subrata_modak () users ! sourceforge ! net>
Date: 2009-03-31 13:58:16
Message-ID: E1LoeTo-0005Y1-6r () ddv4jf1 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Update of /cvsroot/ltp/ltp/testcases/kernel/security/integrity/ima/tests
In directory ddv4jf1.ch3.sourceforge.com:/tmp/cvs-serv21227/ltp/testcases/kernel/security/integrity/ima/tests
Added Files:
Makefile ima_measurements.sh ima_policy.sh ima_setup.sh
ima_tpm.sh ima_violations.sh
Log Message:
This patch adds Integrity Measurement Architecture(IMA) testing support:
Changes:
- updated README
- add test for existence of openssl-devel (m4/ltp-crypto.m4)
- add support for finding an audit message in different log files
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>.
--- NEW FILE: ima_setup.sh ---
#!/bin/sh
################################################################################
## ##
## Copyright (C) 2009 IBM Corporation ##
## ##
## This program is free software; you can redistribute it and#or modify ##
## it under the terms of the GNU General Public License as published by ##
## the Free Software Foundation; either version 2 of the License, or ##
## (at your option) any later version. ##
## ##
## This program is distributed in the hope that it will be useful, but ##
## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ##
## for more details. ##
## ##
## You should have received a copy of the GNU General Public License ##
## along with this program; if not, write to the Free Software ##
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ##
## ##
################################################################################
#
# File : ima_setup.sh
#
# Description: setup/cleanup routines for the integrity tests.
#
# Author: Mimi Zohar, zohar@ibm.vnet.ibm.com
#
# Return - zero on success
# - non zero on failure. return value from commands ($RC)
################################################################################
mount_sysfs()
{
SYSFS=`mount | grep sysfs` || RC=$?
if [ $RC -eq 1 ]; then
SYSFS=/sys
mkdir -p $SYSFS
`mount -t sysfs sysfs $SYSFS`
RC=$?
return $RC
else
SYSFS=`echo $SYSFS | sed 's/sysfs on //' | sed 's/ type .*//'`
fi
return 0
}
mount_securityfs()
{
SECURITYFS=`mount | grep securityfs` || RC=$?
if [ $RC == 1 ]; then
SECURITYFS=$SYSFS/kernel/security
`mkdir -p $SECURITYFS`
`mount -t securityfs securityfs $SECURITYFS`
RC=$?
return $RC
else
SECURITYFS=`echo $SECURITYFS | sed 's/securityfs on //' \
| sed 's/ type .*//'`
fi
return 0
}
setup()
{
export TST_TOTAL=1
export TCID="setup"
export TST_COUNT=0
trap "cleanup" 0
if [ -z $TMP ]; then
LTPTMP=/tmp
else
LTPTMP=${TMP}
fi
if [ -z $LTPBIN ]; then
LTPBIN=../../../../../bin
PATH=$PATH:$LTPBIN
fi
# Must be root
if [ $UID -ne 0 ]; then
tst_brkm TBROK $LTPTMP/imalog.$$ \
"$TCID: Must be root to execute test"
return 1
fi
if [ -z $TMP ]; then
LTPTMP=/tmp
else
LTPTMP=${TMP}
fi
# create the temporary directory used by this testcase
LTPIMA=$LTPTMP/ima
umask 077
mkdir $LTPIMA &>/dev/null || RC=$?
if [ $RC -ne 0 ]; then
tst_brk TBROK "$TCID: Unable to create temporary directory"
return $RC
fi
# mount sysfs if it is not already mounted
mount_sysfs || RC=$?
if [ $RC -ne 0 ]; then
tst_brkm TBROK $LTPTMP/imalog.$$ "$TCID: cannot mount sysfs"
return $RC
fi
# mount securityfs if it is not already mounted
mount_securityfs || RC=$?
if [ $RC -ne 0 ]; then
tst_brkm TBROK $LTPTMP/imalog.$$ "$TCID: cannot mount securityfs"
return $RC
fi
SECURITYFS=`echo $SECURITYFS | sed 's/securityfs on //' \
| sed 's/ type .*//'`
# IMA must be configured in the kernel
IMA_DIR=$SECURITYFS/ima
if [ ! -d $IMA_DIR ]; then
tst_brkm TBROK $LTPTMP/imalog.$$\
"INIT: IMA not enabled in kernel"
RC=1
fi
return $RC
}
# Function: cleanup
#
# Description - remove temporary files and directories.
#
# Return - zero on success
# - non zero on failure. return value from commands ($RC)
cleanup()
{
tst_resm TINFO "CLEAN: removing $LTPIMA"
rm -rf $LTPIMA || RC $?
return $RC
}
--- NEW FILE: ima_violations.sh ---
#!/bin/sh
################################################################################
## ##
## Copyright (C) 2009 IBM Corporation ##
## ##
## This program is free software; you can redistribute it and#or modify ##
## it under the terms of the GNU General Public License as published by ##
## the Free Software Foundation; either version 2 of the License, or ##
## (at your option) any later version. ##
## ##
## This program is distributed in the hope that it will be useful, but ##
## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ##
## for more details. ##
## ##
## You should have received a copy of the GNU General Public License ##
## along with this program; if not, write to the Free Software ##
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ##
## ##
################################################################################
#
# File : ima_violations.sh
#
# Description: This file tests ToMToU and open_writer violations invalidate
# the PCR and are logged.
#
# Author: Mimi Zohar, zohar@ibm.vnet.ibm.com
#
# Return - zero on success
# - non zero on failure. return value from commands ($RC)
################################################################################
open_file_read()
{
exec 3< $1
if [ $? -ne 0 ]; then
exit 1
fi
}
close_file_read()
{
exec 3>&-
}
open_file_write()
{
exec 4> $1
if [ $? -ne 0 ]; then
exit 1
echo 'testing, testing, ' >&4
fi
}
close_file_write()
{
exec 4>&-
}
init()
{
export TST_TOTAL=3
export TCID="init"
export TST_COUNT=0
RC=0
service auditd status &> /dev/null || RC=$?
if [ $RC -ne 0 ]; then
log=/var/log/messages
else
log=/var/log/audit/audit.log
tst_res TINFO $LTPTMP/imalog.$$\
"$TCID: requires integrity auditd patch"
fi
}
# Function: test01
# Description - Verify ToMToU violation
test01()
{
TCID="test01"
TST_COUNT=1
RC=0
ima_violations=$SECURITYFS/ima/violations
read num_violations < $ima_violations
TMPFN=$LTPIMA/test.txt-$$
open_file_write $TMPFN
open_file_read $TMPFN
close_file_read
close_file_write
read num_violations_new < $ima_violations
num=$((`expr $num_violations_new - $num_violations`))
if [ $num -gt 0 ]; then
tail $log | grep test.txt-$$ | \
grep 1>/dev/null 'open_writers' || RC=$?
if [ $RC -eq 0 ]; then
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: open_writers violation added"
return $RC
fi
fi
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: open_writers violation not added"
return $RC
}
# Function: test02
# Description - Verify open writers violation
test02()
{
TCID="test02"
TST_COUNT=2
RC=0
ima_violations=$SECURITYFS/ima/violations
read num_violations < $ima_violations
TMPFN=$LTPIMA/test.txt-$$
open_file_read $TMPFN
open_file_write $TMPFN
close_file_write
close_file_read
read num_violations_new < $ima_violations
num=$((`expr $num_violations_new - $num_violations`))
if [ $num -gt 0 ]; then
tail $log | grep test.txt-$$ | \
grep 'ToMToU' 1>/dev/null || RC=$?
if [ $RC -eq 0 ]; then
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: ToMToU violation added"
return $RC
fi
fi
tst_res TFAIL $LTPTMP/imalog.$$ "$TCID: ToMToU violation not added"
return $RC
}
# Function: test03
# Description - verify open_writers using mmapped files
test03()
{
TCID="test03"
TST_COUNT=3
RC=0
ima_violations=$SECURITYFS/ima/violations
read num_violations < $ima_violations
TMPFN=$LTPIMA/test.txtb-$$
mkdir -p $LTPIMA
echo 'testing testing ' > $TMPFN
ima_mmap $TMPFN & p1=$!
sleep 1 # got to wait for ima_mmap to mmap the file
open_file_read $TMPFN
read num_violations_new < $ima_violations
num=$((`expr $num_violations_new - $num_violations`))
if [ $num -gt 0 ]; then
tail $log | grep test.txtb-$$ | \
grep 1>/dev/null 'open_writers' || RC=$?
if [ $RC -eq 0 ]; then
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: mmapped open_writers violation added"
return $RC
fi
fi
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: mmapped open_writers violation not added"
close_file_read
return $RC
}
# Function: main
#
# Description: - Execute all tests, exit with test status.
#
# Exit: - zero on success
# - non-zero on failure.
#
RC=0 # Return value from setup, init, and test functions.
EXIT_VAL=0
source `dirname $0`\/ima_setup.sh
setup || exit $RC
init || exit $RC
test01 || EXIT_VAL=$RC
test02 || EXIT_VAL=$RC
test03 || EXIT_VAL=$RC
exit $EXIT_VAL
--- NEW FILE: Makefile ---
all:
install:
chmod 755 *.sh; cp *.sh ../../../../../bin/
clean:
--- NEW FILE: ima_tpm.sh ---
#!/bin/sh
################################################################################
## ##
## Copyright (C) 2009 IBM Corporation ##
## ##
## This program is free software; you can redistribute it and#or modify ##
## it under the terms of the GNU General Public License as published by ##
## the Free Software Foundation; either version 2 of the License, or ##
## (at your option) any later version. ##
## ##
## This program is distributed in the hope that it will be useful, but ##
## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ##
## for more details. ##
## ##
## You should have received a copy of the GNU General Public License ##
## along with this program; if not, write to the Free Software ##
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ##
## ##
################################################################################
#
# File : ima_tpm.sh
#
# Description: This file verifies the boot and PCR aggregates
#
# Author: Mimi Zohar, zohar@ibm.vnet.ibm.com
#
# Return - zero on success
# - non zero on failure. return value from commands ($RC)
################################################################################
init()
{
export TST_TOTAL=3
export TCID="init"
export TST_COUNT=0
RC=0
# verify ima_boot_aggregate is available
which ima_boot_aggregate &> /dev/null || RC=$?
if [ $RC -ne 0 ]; then
tst_res TINFO $LTPTMP/imalog.$$\
"$TCID: ima_tpm.sh test requires openssl-devel, skipping"
return $RC
fi
# verify ima_measure is available
which ima_measure &> /dev/null || RC=$?
if [ $RC -ne 0 ]; then
tst_res TINFO $LTPTMP/imalog.$$\
"$TCID: ima_tpm.sh test requires openssl-devel, skipping"
fi
return $RC
}
# Function: test01
# Description - Verify boot aggregate value is correct
test01()
{
TCID="test01"
TST_COUNT=1
RC=0
# IMA boot aggregate
ima_measurements=$SECURITYFS/ima/ascii_runtime_measurements
read line < $ima_measurements
# verify TPM is available and enabled.
tpm_bios=$SECURITYFS/tpm0/binary_bios_measurements
if [ ! -f $tpm_bios ]; then
tst_res TINFO $LTPTMP/imalog.$$\
"$TCID: no TPM, TPM not builtin kernel, or TPM not enabled"
[ "${line:49:40}" -eq 0 ] || RC=$?
if [ $RC -eq 0 ]; then
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: bios boot aggregate is 0."
else
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: bios boot aggregate is not 0."
fi
else
boot_aggregate=`ima_boot_aggregate $tpm_bios`
[ "${line:48:40}" == "${boot_aggregate:15:40}" ] || RC=$?
if [ $RC -eq 0 ]; then
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: bios aggregate matches IMA boot aggregate."
else
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: bios aggregate does not match IMA boot " \
"aggregate."
fi
fi
return $RC
}
# Probably cleaner to programmatically read the PCR values directly
# from the TPM, but that would require a TPM library. For now, use
# the PCR values from /sys/devices.
validate_pcr()
{
ima_measurements=$SECURITYFS/ima/binary_runtime_measurements
aggregate_pcr=`ima_measure $ima_measurements --validate`
dev_pcrs=$1
while read line ; do
if [ "${line:0:6}" == "PCR-10" ]; then
[ "${line:8:59}" == "${aggregate_pcr:25:59}" ]
RC=$?
fi
done < $dev_pcrs
return $RC
}
# Function: test02
# Description - Verify ima calculated aggregate PCR values matches
# actual PCR value.
test02()
{
TCID="test02"
TST_COUNT=2
RC=0
# Would be nice to know where the PCRs are located. Is this safe?
PCRS_PATH=`find /$SYSFS/devices/ | grep pcrs` || RC=$?
if [ $RC -eq 0 ]; then
validate_pcr $PCRS_PATH || RC=$?
if [ $RC -eq 0 ]; then
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: aggregate PCR value matches real PCR value."
else
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: aggregate PCR value does not match" \
" real PCR value."
fi
else
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: TPM not enabled, no PCR value to validate"
fi
return $RC
}
# Function: test03
# Description - Verify template hash value for IMA entry is correct.
test03()
{
TCID="test03"
TST_COUNT=3
RC=0
ima_measurements=$SECURITYFS/ima/binary_runtime_measurements
aggregate_pcr=`ima_measure $ima_measurements --verify --validate` > /dev/null
RC=$?
if [ $RC -eq 0 ]; then
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: verified IMA template hash values."
else
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: error verifing IMA template hash values."
fi
return $RC
}
# Function: main
#
# Description: - Execute all tests, exit with test status.
#
# Exit: - zero on success
# - non-zero on failure.
#
RC=0 # Return value from setup, and test functions.
EXIT_VAL=0
# set the testcases/bin directory
source `dirname $0`\/ima_setup.sh
setup || exit $RC
init || exit $RC
test01 || EXIT_VAL=$RC
test02 || EXIT_VAL=$RC
test03 || EXIT_VAL=$RC
exit $EXIT_VAL
--- NEW FILE: ima_policy.sh ---
#!/bin/sh
################################################################################
## ##
## Copyright (C) 2009 IBM Corporation ##
## ##
## This program is free software; you can redistribute it and#or modify ##
## it under the terms of the GNU General Public License as published by ##
## the Free Software Foundation; either version 2 of the License, or ##
## (at your option) any later version. ##
## ##
## This program is distributed in the hope that it will be useful, but ##
## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ##
## for more details. ##
## ##
## You should have received a copy of the GNU General Public License ##
## along with this program; if not, write to the Free Software ##
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ##
## ##
################################################################################
#
# File : ima_policy.sh
#
# Description: This file tests replacing the default integrity measurement
# policy.
#
# Author: Mimi Zohar, zohar@ibm.vnet.ibm.com
#
# Return - zero on success
# - non zero on failure. return value from commands ($RC)
################################################################################
init()
{
export TST_TOTAL=3
export TCID="init"
export TST_COUNT=0
RC=0
# verify using default policy
IMA_POLICY=$IMA_DIR/policy
if [ ! -f $IMA_POLICY ]; then
tst_res TINFO $LTPTMP/imalog.$$\
"$TCID: default policy already replaced"
RC=1
fi
VALID_POLICY=`dirname $0`\/..\/policy/measure.policy
if [ ! -f $VALID_POLICY ]; then
tst_res TINFO $LTPTMP/imalog.$$\
"$TCID: missing $VALID_POLICY"
RC=1
fi
INVALID_POLICY=`dirname $0`\/..\/policy/measure.policy-invalid
if [ ! -f $INVALID_POLICY ]; then
tst_res TINFO $LTPTMP/imalog.$$\
"$TCID: missing $INVALID_POLICY"
RC=1
fi
return $RC
}
load_policy()
{
exec 2>/dev/null 4>$IMA_POLICY
if [ $? -ne 0 ]; then
exit 1
fi
cat $1 |
while read line ; do
{
if [ "${line:0:1}" != "#" ] ; then
echo $line >&4 2> /dev/null
if [ $? -ne 0 ]; then
exec 4>&-
RC=1
return $RC
fi
fi
}
done
}
# Function: test01
# Description - Verify invalid policy doesn't replace default policy.
test01()
{
TCID="test01"
TST_COUNT=1
RC=0
load_policy $INVALID_POLICY & p1=$!
wait "$p1"; RC=$?
if [ $RC -ne 0 ]; then
RC=0
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: didn't load invalid policy"
else
RC=1
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: loaded invalid policy"
fi
return $RC
}
# Function: test02
# Description - Verify policy file is opened sequentially, not concurrently
# and install new policy
test02()
{
TCID="test02"
TST_COUNT=2
RC=0
load_policy $VALID_POLICY & p1=$! # forked process 1
load_policy $VALID_POLICY & p2=$! # forked process 2
wait "$p1"; RC1=$?
wait "$p2"; RC2=$?
RC=$((`expr $RC1 + $RC2`))
if [ $RC -eq 1 ]; then
RC=0
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: replaced default measurement policy"
elif [ $RC -eq 0 ]; then
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: measurement policy opened concurrently"
else
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: problems opening measurement policy"
fi
return 0
}
# Function: test03
# Description - Verify can't load another measurement policy.
test03()
{
TCID="test03"
TST_COUNT=3
RC=0
load_policy $INVALID_POLICY & p1=$!
wait "$p1"; RC=$?
if [ $RC -ne 0 ]; then
RC=0
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: didn't replace valid policy"
else
RC=1
tst_res TFAIL $LTPTMP/imalog.$$ "$TCID: replaced valid policy"
fi
return $RC
}
# Function: main
#
# Description: - Execute all tests, exit with test status.
#
# Exit: - zero on success
# - non-zero on failure.
#
RC=0 # Return value from setup, init, and test functions.
EXIT_VAL=0
source `dirname $0`\/ima_setup.sh
setup || exit $RC
init || exit $RC
test01 || EXIT_VAL=$RC
test02 || EXIT_VAL=$RC
test03 || EXIT_VAL=$RC
exit $EXIT_VAL
--- NEW FILE: ima_measurements.sh ---
#!/bin/sh
################################################################################
## ##
## Copyright (C) 2009 IBM Corporation ##
## ##
## This program is free software; you can redistribute it and#or modify ##
## it under the terms of the GNU General Public License as published by ##
## the Free Software Foundation; either version 2 of the License, or ##
## (at your option) any later version. ##
## ##
## This program is distributed in the hope that it will be useful, but ##
## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ##
## for more details. ##
## ##
## You should have received a copy of the GNU General Public License ##
## along with this program; if not, write to the Free Software ##
## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ##
## ##
################################################################################
#
# File : ima_measurements.sh
#
# Description: This file verifies measurements are added to the measurement
# list based on policy.
#
# Author: Mimi Zohar, zohar@ibm.vnet.ibm.com
#
# Return - zero on success
# - non zero on failure. return value from commands ($RC)
################################################################################
init()
{
export TST_TOTAL=3
export TCID="init"
export TST_COUNT=0
# check that sha1sum is installed
which sha1sum &> /dev/null || RC=$?
if [ $RC -ne 0 ]; then
tst_brkm TBROK NULL "$TCID: sha1sum not found"
return $RC
fi
# verify using default policy
if [ ! -f $IMA_DIR/policy ]; then
tst_res TINFO $LTPTMP/imalog.$$\
"$TCID: not using default policy"
fi
return $RC
}
# Function: test01
# Description - Verify reading a file causes a new measurement to
# be added to the IMA measurement list.
test01()
{
TCID="test01"
TST_COUNT=1
RC=0
# Create file test.txt
cat > $LTPIMA/test.txt <<-EOF || RC=$?
`date` - this is a test file
EOF
if [ $RC -ne 0 ]; then
tst_brkm TBROK $LTPTMP/imalog.$$\
"$TCID: Unable to create test file"
return $RC
fi
# Calculating the sha1sum of $LTPTMP/test.txt should add
# the measurement to the measurement list.
# (Assumes SHA1 IMA measurements.)
hash=`cat $LTPIMA/test.txt | sha1sum | sed 's/ -//'`
# Check if the file is measured
# (i.e. contained in the ascii measurement list.)
cat /sys/kernel/security/ima/ascii_runtime_measurements > \
$LTPIMA/measurements
sleep 1
`grep $hash $LTPIMA/measurements > /dev/null` || RC=$?
if [ $RC -ne 0 ]; then
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: TPM ascii measurement list does not contain sha1sum"
return $RC
else
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: TPM ascii measurement list contains sha1sum"
fi
return $RC
}
# Function: test02
# Description - Verify modifying, then reading, a file causes a new
# measurement to be added to the IMA measurement list.
test02()
{
TCID="test02"
TST_COUNT=2
RC=0
# Modify test.txt
echo `$date` - file modified >> $LTPIMA/test.txt || RC=$?
# Calculating the sha1sum of $LTPTMP/test.txt should add
# the new measurement to the measurement list
hash=`cat $LTPIMA/test.txt | sha1sum | sed 's/ -//'`
# Check if the new measurement exists
cat /sys/kernel/security/ima/ascii_runtime_measurements > \
$LTPIMA/measurements
`grep $hash $LTPIMA/measurements > /dev/null` || RC=$?
if [ $RC -ne 0 ]; then
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: Modified file not measured"
tst_res TINFO $LTPTMP/imalog.$$\
"$TCID: iversion not supported; or not mounted with iversion"
return $RC
else
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: Modified file measured"
fi
return $RC
}
# Function: test03
# Description - Verify files are measured based on policy
# (Default policy does not measure user files.)
test03()
{
TCID="test03"
TST_COUNT=3
RC=0
# create file user-test.txt
mkdir -m 0700 $LTPIMA/user
chown 99.99 $LTPIMA/user
cd $LTPIMA/user
hash=0
# As user 99, create and cat the new file
sudo -u \#99 sh -c "echo `date` - create test.txt > ./test.txt;
cat ./test.txt > /dev/null"
# Calculating the hash will add the measurement to the measurement
# list, so only calc the hash value after getting the measurement
# list.
cat /sys/kernel/security/ima/ascii_runtime_measurements > \
$LTPIMA/measurements
hash=`cat ./test.txt | sha1sum | sed 's/ -//'`
cd - >/dev/null
# Check if the file is measured
grep $hash $LTPIMA/measurements > /dev/null || RC=$?
if [ $RC -ne 0 ]; then
RC=0
tst_res TPASS $LTPTMP/imalog.$$\
"$TCID: user file test.txt not measured"
else
RC=1
tst_res TFAIL $LTPTMP/imalog.$$\
"$TCID: user file test.txt measured"
fi
return $RC
}
# Function: main
#
# Description: - Execute all tests, exit with test status.
#
# Exit: - zero on success
# - non-zero on failure.
#
RC=0
EXIT_VAL=0
source `dirname $0`\/ima_setup.sh
setup || exit $RC
init
test01 || EXIT_VAL=$RC
test02 || EXIT_VAL=$RC
test03 || EXIT_VAL=$RC
exit $EXIT_VAL
------------------------------------------------------------------------------
_______________________________________________
Ltp-cvs mailing list
Ltp-cvs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic