1# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5__author__ = 'ups@chromium.org (Stephan Uphoff)'
6
7import logging
8import os
9import utils
10
11from autotest_lib.client.bin import utils, test
12from autotest_lib.client.common_lib import error
13
14
15class security_ChromiumOSLSM(test.test):
16    """
17    Verify Chromium OS Security Module behaves as expected.
18    """
19    version = 1
20
21    def _mount(self, target):
22        cmd = "mount -c -n -t tmpfs -o nodev,noexec,nosuid test %s" % (target)
23        return utils.system(cmd, ignore_status=True)
24
25    def _umount(self, target):
26        utils.system('umount -n %s' % (target))
27
28    def _check_mount(self, target, expected, msg):
29        succeeded = (self._mount(target) == 0)
30        if succeeded:
31            self._umount(target)
32        if succeeded != expected:
33            logging.error(msg)
34            return 1
35        return 0
36
37    def run_once(self):
38        errors = 0
39        test_dir = '/tmp/chromium_lsm_test_dir'
40        os.mkdir(test_dir, 0700)
41
42        mnt_target = '%s/mount_point' % (test_dir)
43        os.mkdir(mnt_target, 0700)
44
45        sym_target = '%s/symlink' % (test_dir)
46        os.symlink('mount_point', sym_target)
47
48        # Mounting should succeed (no symbolic link in mount path).
49        errors += self._check_mount(mnt_target, True,
50                                    'Unable to mount on a directory')
51
52        # Mounting should fail as we used a mount path with a symbolic link.
53        errors += self._check_mount(sym_target, False,
54                                    'Unexpectedly mounted on a symlink')
55
56        utils.system('rm -rf ' + test_dir)
57        # If self.error is not zero, there were errors.
58        if errors > 0:
59            raise error.TestFail('Failed %d tests' % errors)
60