1# Copyright 2017 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5from autotest_lib.client.bin import test, utils 6from autotest_lib.client.common_lib import error 7from autotest_lib.client.cros import device_jail_test_base 8from autotest_lib.client.cros import device_jail_utils 9 10 11class security_DeviceJail_AllowDeny(device_jail_test_base.DeviceJailTestBase): 12 """ 13 Ensures that if device jail is present, it is functioning properly 14 in that it allows access if and only if instructed (generally 15 by permission_broker) and correctly locks down devices or detaches 16 kernel drivers as instructed. 17 """ 18 version = 1 19 20 def run_once(self): 21 usb_devices = device_jail_utils.get_usb_devices() 22 if not usb_devices: 23 error.TestNAError('No USB devices found') 24 25 dev_path = usb_devices[0].device_node 26 with device_jail_utils.JailDevice(dev_path) as jail: 27 # This should succeed and return a file. 28 f = jail.expect_open(device_jail_utils.REQUEST_ALLOW) 29 if not f: 30 raise error.TestError('Failed to open allowed jail') 31 else: 32 f.close() 33 34 # This should not return a file. 35 f = jail.expect_open(device_jail_utils.REQUEST_DENY) 36 if f: 37 raise error.TestError('Successfully opened denied jail') 38