1# Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5TIME="SHORT" 6AUTHOR = "The Chromium OS Authors" 7DOC = """ 8Locating important system files outside of the integrity-controlled 9rootfs can undermine the security provided by verified boot. Therefore, 10there should be a whitelisted, limited, reviewed set of locations where 11we symlink from inside the rootfs out to the stateful partition. This 12test enforces that. 13""" 14NAME = "security_RootfsStatefulSymlinks" 15PURPOSE = "To avoid circumventions of verified boot by careless symlinks." 16CRITERIA = """ 17The test succeeds if all links pointing into "bad destinations" are 18accounted for by the whitelist ('baseline'). 19""" 20ATTRIBUTES = "suite:bvt-inline, suite:smoke" 21TEST_CLASS = "security" 22TEST_CATEGORY = "Functional" 23TEST_TYPE = "client" 24JOB_RETRIES = 2 25 26job.run_test("security_RootfsStatefulSymlinks") 27