1#!/bin/sh 2# Copyright (c) 2009 IBM Corporation 3# Copyright (c) 2018 Petr Vorel <pvorel@suse.cz> 4# 5# This program is free software; you can redistribute it and/or 6# modify it under the terms of the GNU General Public License as 7# published by the Free Software Foundation; either version 2 of 8# the License, or (at your option) any later version. 9# 10# This program is distributed in the hope that it would be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this program. If not, see <http://www.gnu.org/licenses/>. 17# 18# Author: Mimi Zohar, zohar@ibm.vnet.ibm.com 19 20TST_TESTFUNC="test" 21TST_SETUP_CALLER="$TST_SETUP" 22TST_SETUP="ima_setup" 23TST_CLEANUP="ima_cleanup" 24TST_NEEDS_TMPDIR=1 25TST_NEEDS_ROOT=1 26 27. tst_test.sh 28 29SYSFS="/sys" 30UMOUNT= 31FS_TYPE="ext3" 32 33mount_helper() 34{ 35 local type="$1" 36 local default_dir="$2" 37 local dir 38 39 dir="$(grep ^$type /proc/mounts | cut -d ' ' -f2 | head -1)" 40 [ -n "$dir" ] && { echo "$dir"; return; } 41 42 if ! mkdir -p $default_dir; then 43 tst_brk TBROK "failed to create $default_dir" 44 fi 45 if ! mount -t $type $type $default_dir; then 46 tst_brk TBROK "failed to mount $type" 47 fi 48 UMOUNT="$default_dir $UMOUNT" 49 echo $default_dir 50} 51 52mount_loop_device() 53{ 54 local ret 55 56 tst_test_cmds mkfs.$FS_TYPE 57 tst_mkfs $FS_TYPE $TST_DEVICE 58 ROD_SILENT mkdir -p mntpoint 59 mount ${TST_DEVICE} mntpoint 60 ret=$? 61 if [ $ret -ne 0 ]; then 62 tst_brk TBROK "failed to mount device (mount exit = $ret)" 63 fi 64 cd mntpoint 65} 66 67print_ima_config() 68{ 69 local config="/boot/config-$(uname -r)" 70 local i 71 72 tst_res TINFO "/proc/cmdline: $(cat /proc/cmdline)" 73 74 if [ -r "$config" ]; then 75 tst_res TINFO "IMA kernel config:" 76 for i in $(grep ^CONFIG_IMA $config); do 77 tst_res TINFO "$i" 78 done 79 fi 80} 81 82ima_setup() 83{ 84 SECURITYFS="$(mount_helper securityfs $SYSFS/kernel/security)" 85 86 IMA_DIR="$SECURITYFS/ima" 87 [ -d "$IMA_DIR" ] || tst_brk TCONF "IMA not enabled in kernel" 88 ASCII_MEASUREMENTS="$IMA_DIR/ascii_runtime_measurements" 89 BINARY_MEASUREMENTS="$IMA_DIR/binary_runtime_measurements" 90 91 print_ima_config 92 93 if [ "$TST_NEEDS_DEVICE" = 1 ]; then 94 tst_res TINFO "\$TMPDIR is on tmpfs => run on loop device" 95 mount_loop_device 96 fi 97 98 [ -n "$TST_SETUP_CALLER" ] && $TST_SETUP_CALLER 99} 100 101ima_cleanup() 102{ 103 local dir 104 for dir in $UMOUNT; do 105 umount $dir 106 done 107 108 if [ "$TST_NEEDS_DEVICE" = 1 ]; then 109 cd $TST_TMPDIR 110 tst_umount $TST_DEVICE 111 fi 112} 113 114# loop device is needed to use only for tmpfs 115TMPDIR="${TMPDIR:-/tmp}" 116if [ "$(df -T $TMPDIR | tail -1 | awk '{print $2}')" != "tmpfs" -a -n "$TST_NEEDS_DEVICE" ]; then 117 unset TST_NEEDS_DEVICE 118fi 119