#!/bin/sh ################################################################################ ## ## ## Copyright (C) 2009 IBM Corporation ## ## ## ## This program is free software; you can redistribute it and#or modify ## ## it under the terms of the GNU General Public License as published by ## ## the Free Software Foundation; either version 2 of the License, or ## ## (at your option) any later version. ## ## ## ## This program is distributed in the hope that it will be useful, but ## ## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ## ## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ## ## for more details. ## ## ## ## You should have received a copy of the GNU General Public License ## ## along with this program; if not, write to the Free Software ## ## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ## ## ## ################################################################################ # # File : ima_policy.sh # # Description: This file tests replacing the default integrity measurement # policy. # # Author: Mimi Zohar, zohar@ibm.vnet.ibm.com ################################################################################ export TST_TOTAL=3 export TCID="ima_policy" init() { # verify using default policy IMA_POLICY=$IMA_DIR/policy if [ ! -f $IMA_POLICY ]; then tst_resm TINFO "default policy already replaced" fi VALID_POLICY=$LTPROOT/testcases/data/ima_policy/measure.policy if [ ! -f $VALID_POLICY ]; then tst_resm TINFO "missing $VALID_POLICY" fi INVALID_POLICY=$LTPROOT/testcases/data/ima_policy/measure.policy-invalid if [ ! -f $INVALID_POLICY ]; then tst_resm TINFO "missing $INVALID_POLICY" fi } load_policy() { exec 2>/dev/null 4>$IMA_POLICY if [ $? -ne 0 ]; then exit 1 fi cat $1 | while read line ; do { if [ "${line#\#}" = "${line}" ] ; then echo $line >&4 2> /dev/null if [ $? -ne 0 ]; then exec 4>&- return 1 fi fi } done } # Function: test01 # Description - Verify invalid policy doesn't replace default policy. test01() { load_policy $INVALID_POLICY & p1=$! wait "$p1" if [ $? -ne 0 ]; then tst_resm TPASS "didn't load invalid policy" else tst_resm TFAIL "loaded invalid policy" fi } # Function: test02 # Description - Verify policy file is opened sequentially, not concurrently # and install new policy test02() { load_policy $VALID_POLICY & p1=$! # forked process 1 load_policy $VALID_POLICY & p2=$! # forked process 2 wait "$p1"; RC1=$? wait "$p2"; RC2=$? if [ $RC1 -eq 0 ] && [ $RC2 -eq 0 ]; then tst_resm TFAIL "measurement policy opened concurrently" elif [ $RC1 -eq 0 ] || [ $RC2 -eq 0 ]; then tst_resm TPASS "replaced default measurement policy" else tst_resm TFAIL "problems opening measurement policy" fi } # Function: test03 # Description - Verify can't load another measurement policy. test03() { load_policy $INVALID_POLICY & p1=$! wait "$p1" if [ $? -ne 0 ]; then tst_resm TPASS "didn't replace valid policy" else tst_resm TFAIL "replaced valid policy" fi } . ima_setup.sh setup TST_CLEANUP=cleanup init test01 test02 test03 tst_exit