• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/sh
2# SPDX-License-Identifier: GPL-2.0-or-later
3# Copyright (c) 2009 IBM Corporation
4# Copyright (c) 2018-2020 Petr Vorel <pvorel@suse.cz>
5# Author: Mimi Zohar <zohar@linux.ibm.com>
6#
7# Test replacing the default integrity measurement policy.
8
9TST_SETUP="setup"
10TST_CNT=2
11
12setup()
13{
14	require_policy_writable
15
16	VALID_POLICY="$TST_DATAROOT/measure.policy"
17	[ -f $VALID_POLICY ] || tst_brk TCONF "missing $VALID_POLICY"
18
19	INVALID_POLICY="$TST_DATAROOT/measure.policy-invalid"
20	[ -f $INVALID_POLICY ] || tst_brk TCONF "missing $INVALID_POLICY"
21}
22
23load_policy()
24{
25	local ret
26
27	exec 2>/dev/null 4>$IMA_POLICY
28	[ $? -eq 0 ] || exit 1
29
30	cat $1 >&4 2> /dev/null
31	ret=$?
32	exec 4>&-
33
34	[ $ret -eq 0 ] && \
35		tst_res TINFO "IMA policy updated, please reboot after testing to restore settings"
36
37	return $ret
38}
39
40test1()
41{
42	tst_res TINFO "verify that invalid policy isn't loaded"
43
44	local p1
45
46	require_policy_writable
47	load_policy $INVALID_POLICY & p1=$!
48	wait "$p1"
49	if [ $? -ne 0 ]; then
50		tst_res TPASS "didn't load invalid policy"
51	else
52		tst_res TFAIL "loaded invalid policy"
53	fi
54}
55
56test2()
57{
58	tst_res TINFO "verify that policy file is not opened concurrently and able to loaded multiple times"
59
60	local p1 p2 rc1 rc2
61
62	require_policy_writable
63	load_policy $VALID_POLICY & p1=$!
64	load_policy $VALID_POLICY & p2=$!
65	wait "$p1"; rc1=$?
66	wait "$p2"; rc2=$?
67	if [ $rc1 -eq 0 ] && [ $rc2 -eq 0 ]; then
68		tst_res TFAIL "policy opened concurrently"
69	elif [ $rc1 -eq 0 ] || [ $rc2 -eq 0 ]; then
70		tst_res TPASS "policy was loaded just by one process and able to loaded multiple times"
71	else
72		tst_res TFAIL "problem loading or extending policy (may require policy to be signed)"
73	fi
74}
75
76. ima_setup.sh
77tst_run
78