1#!/bin/sh
2
3################################################################################
4##                                                                            ##
5## Copyright (C) 2009 IBM Corporation                                         ##
6##                                                                            ##
7## This program is free software;  you can redistribute it and#or modify      ##
8## it under the terms of the GNU General Public License as published by       ##
9## the Free Software Foundation; either version 2 of the License, or          ##
10## (at your option) any later version.                                        ##
11##                                                                            ##
12## This program is distributed in the hope that it will be useful, but        ##
13## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
14## or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License   ##
15## for more details.                                                          ##
16##                                                                            ##
17## You should have received a copy of the GNU General Public License          ##
18## along with this program;  if not, write to the Free Software Foundation,   ##
19## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA           ##
20##                                                                            ##
21################################################################################
22#
23# File :        ima_measurements.sh
24#
25# Description:  This file verifies measurements are added to the measurement
26# 		list based on policy.
27#
28# Author:       Mimi Zohar, zohar@ibm.vnet.ibm.com
29################################################################################
30export TST_TOTAL=3
31export TCID="ima_measurements"
32
33init()
34{
35	tst_check_cmds sha1sum
36
37	# verify using default policy
38	if [ ! -f "$IMA_DIR/policy" ]; then
39		tst_resm TINFO "not using default policy"
40	fi
41}
42
43# Function:     test01
44# Description   - Verify reading a file causes a new measurement to
45#		  be added to the IMA measurement list.
46test01()
47{
48	# Create file test.txt
49	cat > test.txt <<-EOF
50	$(date) - this is a test file
51	EOF
52	if [ $? -ne 0 ]; then
53		tst_brkm TBROK "Unable to create test file"
54	fi
55
56	# Calculating the sha1sum of test.txt should add
57	# the measurement to the measurement list.
58	# (Assumes SHA1 IMA measurements.)
59	hash=$(sha1sum "test.txt" | sed 's/  -//')
60
61	# Check if the file is measured
62	# (i.e. contained in the ascii measurement list.)
63	cat /sys/kernel/security/ima/ascii_runtime_measurements > measurements
64	sleep 1
65	$(grep $hash measurements > /dev/null)
66	if [ $? -ne 0 ]; then
67		tst_resm TFAIL "TPM ascii measurement list does not contain sha1sum"
68	else
69		tst_resm TPASS "TPM ascii measurement list contains sha1sum"
70	fi
71}
72
73# Function:     test02
74# Description	- Verify modifying, then reading, a file causes a new
75# 		  measurement to be added to the IMA measurement list.
76test02()
77{
78	# Modify test.txt
79	echo $(date) - file modified >> test.txt
80
81	# Calculating the sha1sum of test.txt should add
82	# the new measurement to the measurement list
83	hash=$(sha1sum test.txt | sed 's/  -//')
84
85	# Check if the new measurement exists
86	cat /sys/kernel/security/ima/ascii_runtime_measurements > measurements
87	$(grep $hash measurements > /dev/null)
88
89	if [ $? -ne 0 ]; then
90		tst_resm TFAIL "Modified file not measured"
91		tst_resm TINFO "iversion not supported; or not mounted with iversion"
92	else
93		tst_resm TPASS "Modified file measured"
94	fi
95}
96
97# Function:     test03
98# Description 	- Verify files are measured based on policy
99#		(Default policy does not measure user files.)
100test03()
101{
102	# create file user-test.txt
103	mkdir -m 0700 user
104	chown nobody.nobody user
105	cd user
106	hash=0
107
108	# As user nobody, create and cat the new file
109	# (The LTP tests assumes existence of 'nobody'.)
110	sudo -n -u nobody sh -c "echo $(date) - create test.txt > ./test.txt;
111				 cat ./test.txt > /dev/null"
112
113	# Calculating the hash will add the measurement to the measurement
114	# list, so only calc the hash value after getting the measurement
115	# list.
116	cat /sys/kernel/security/ima/ascii_runtime_measurements > measurements
117	hash=$(sha1sum test.txt | sed 's/  -//')
118	cd - >/dev/null
119
120	# Check if the file is measured
121	grep $hash measurements > /dev/null
122	if [ $? -ne 0 ]; then
123		tst_resm TPASS "user file test.txt not measured"
124	else
125		tst_resm TFAIL "user file test.txt measured"
126	fi
127}
128
129. ima_setup.sh
130
131setup
132TST_CLEANUP=cleanup
133
134init
135test01
136test02
137test03
138
139tst_exit
140