1# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5TIME="SHORT" 6AUTHOR = "The Chromium OS Authors" 7DOC = """ 8Locating important system files outside of the integrity-controlled 9rootfs can undermine the security provided by verified boot. Therefore, 10there should be a whitelisted, limited, reviewed set of locations where 11we symlink from inside the rootfs out to the stateful partition. This 12test enforces that. 13""" 14NAME = "security_RootfsStatefulSymlinks" 15PURPOSE = "To avoid circumventions of verified boot by careless symlinks." 16CRITERIA = """ 17The test succeeds if all links pointing into "bad destinations" are 18accounted for by the whitelist ('baseline'). 19""" 20ATTRIBUTES = "suite:bvt-inline, suite:smoke" 21SUITE = "bvt-inline, smoke" 22TEST_CLASS = "security" 23TEST_CATEGORY = "Functional" 24TEST_TYPE = "client" 25JOB_RETRIES = 2 26 27job.run_test("security_RootfsStatefulSymlinks") 28