• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/sh
2# SPDX-License-Identifier: GPL-2.0-or-later
3# Copyright (c) 2009 IBM Corporation
4# Copyright (c) 2018-2020 Petr Vorel <pvorel@suse.cz>
5# Author: Mimi Zohar <zohar@linux.ibm.com>
6#
7# Test replacing the default integrity measurement policy.
8
9TST_SETUP="setup"
10TST_CNT=2
11
12. ima_setup.sh
13
14setup()
15{
16	require_policy_writable
17
18	VALID_POLICY="$TST_DATAROOT/measure.policy"
19	[ -f $VALID_POLICY ] || tst_brk TCONF "missing $VALID_POLICY"
20
21	INVALID_POLICY="$TST_DATAROOT/measure.policy-invalid"
22	[ -f $INVALID_POLICY ] || tst_brk TCONF "missing $INVALID_POLICY"
23}
24
25load_policy()
26{
27	local ret
28
29	exec 2>/dev/null 4>$IMA_POLICY
30	[ $? -eq 0 ] || exit 1
31
32	cat $1 >&4 2> /dev/null
33	ret=$?
34	exec 4>&-
35
36	[ $ret -eq 0 ] && \
37		tst_res TINFO "IMA policy updated, please reboot after testing to restore settings"
38
39	return $ret
40}
41
42test1()
43{
44	tst_res TINFO "verify that invalid policy isn't loaded"
45
46	local p1
47
48	require_policy_writable
49	load_policy $INVALID_POLICY & p1=$!
50	wait "$p1"
51	if [ $? -ne 0 ]; then
52		tst_res TPASS "didn't load invalid policy"
53	else
54		tst_res TFAIL "loaded invalid policy"
55	fi
56}
57
58test2()
59{
60	tst_res TINFO "verify that policy file is not opened concurrently and able to loaded multiple times"
61
62	local p1 p2 rc1 rc2
63
64	require_policy_writable
65	load_policy $VALID_POLICY & p1=$!
66	load_policy $VALID_POLICY & p2=$!
67	wait "$p1"; rc1=$?
68	wait "$p2"; rc2=$?
69	if [ $rc1 -eq 0 ] && [ $rc2 -eq 0 ]; then
70		tst_res TFAIL "policy opened concurrently"
71	elif [ $rc1 -eq 0 ] || [ $rc2 -eq 0 ]; then
72		tst_res TPASS "policy was loaded just by one process and able to loaded multiple times"
73	else
74		tst_res TFAIL "problem loading or extending policy (may require policy to be signed)"
75	fi
76}
77
78tst_run
79