1#!/bin/sh
2################################################################################
3##                                                                            ##
4## Copyright (C) 2009 IBM Corporation                                         ##
5##                                                                            ##
6## This program is free software;  you can redistribute it and#or modify      ##
7## it under the terms of the GNU General Public License as published by       ##
8## the Free Software Foundation; either version 2 of the License, or          ##
9## (at your option) any later version.                                        ##
10##                                                                            ##
11## This program is distributed in the hope that it will be useful, but        ##
12## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
13## or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License   ##
14## for more details.                                                          ##
15##                                                                            ##
16## You should have received a copy of the GNU General Public License          ##
17## along with this program;  if not, write to the Free Software               ##
18## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA    ##
19##                                                                            ##
20################################################################################
21#
22# File :        ima_policy.sh
23#
24# Description:  This file tests replacing the default integrity measurement
25#		policy.
26#
27# Author:       Mimi Zohar, zohar@ibm.vnet.ibm.com
28################################################################################
29export TST_TOTAL=3
30export TCID="ima_policy"
31
32init()
33{
34	# verify using default policy
35	IMA_POLICY=$IMA_DIR/policy
36	if [ ! -f $IMA_POLICY ]; then
37		tst_resm TINFO "default policy already replaced"
38	fi
39
40	VALID_POLICY=$LTPROOT/testcases/data/ima_policy/measure.policy
41	if [ ! -f $VALID_POLICY ]; then
42		tst_resm TINFO "missing $VALID_POLICY"
43	fi
44
45	INVALID_POLICY=$LTPROOT/testcases/data/ima_policy/measure.policy-invalid
46	if [ ! -f $INVALID_POLICY ]; then
47		tst_resm TINFO "missing $INVALID_POLICY"
48	fi
49}
50
51load_policy()
52{
53	exec 2>/dev/null 4>$IMA_POLICY
54	if [ $? -ne 0 ]; then
55		exit 1
56	fi
57
58	cat $1 |
59	while read line ; do
60	{
61		if [ "${line#\#}" = "${line}" ] ; then
62			echo $line >&4 2> /dev/null
63			if [ $? -ne 0 ]; then
64				exec 4>&-
65				return 1
66			fi
67		fi
68	}
69	done
70}
71
72
73# Function:     test01
74# Description   - Verify invalid policy doesn't replace default policy.
75test01()
76{
77	load_policy $INVALID_POLICY & p1=$!
78	wait "$p1"
79	if [ $? -ne 0 ]; then
80		tst_resm TPASS "didn't load invalid policy"
81	else
82		tst_resm TFAIL "loaded invalid policy"
83	fi
84}
85
86# Function:     test02
87# Description	- Verify policy file is opened sequentially, not concurrently
88#		  and install new policy
89test02()
90{
91	load_policy $VALID_POLICY & p1=$!  # forked process 1
92	load_policy $VALID_POLICY & p2=$!  # forked process 2
93	wait "$p1"; RC1=$?
94	wait "$p2"; RC2=$?
95	if [ $RC1 -eq 0 ] && [ $RC2 -eq 0 ]; then
96		tst_resm TFAIL "measurement policy opened concurrently"
97	elif [ $RC1 -eq 0 ] || [ $RC2 -eq 0 ]; then
98		tst_resm TPASS "replaced default measurement policy"
99	else
100		tst_resm TFAIL "problems opening measurement policy"
101	fi
102}
103
104# Function:     test03
105# Description 	- Verify can't load another measurement policy.
106test03()
107{
108	load_policy $INVALID_POLICY & p1=$!
109	wait "$p1"
110	if [ $? -ne 0 ]; then
111		tst_resm TPASS "didn't replace valid policy"
112	else
113		tst_resm TFAIL "replaced valid policy"
114	fi
115}
116
117. ima_setup.sh
118
119setup
120TST_CLEANUP=cleanup
121
122init
123test01
124test02
125test03
126
127tst_exit
128