hostsidetests/security/src/android/security/cts/PerfEventParanoidTest.java - platform/cts - Git at Google

 /*
  * Copyright (C) 2016 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package android.security.cts;

 import com.android.tradefed.device.ITestDevice;
 import com.android.tradefed.device.DeviceNotAvailableException;
 import com.android.tradefed.testtype.DeviceTestCase;

 public class PerfEventParanoidTest extends DeviceTestCase {

    /**
     * a reference to the device under test.
     */
     private ITestDevice mDevice;

     private static final String PERF_EVENT_PARANOID_PATH = "/proc/sys/kernel/perf_event_paranoid";
     private static final String PERF_EVENT_LSM_SYSPROP = "sys.init.perf_lsm_hooks";

     @Override
     protected void setUp() throws Exception {
         super.setUp();
         mDevice = getDevice();
     }

     public void testPerfEventRestricted() throws DeviceNotAvailableException {
       // Property set to "1" if init detected that the kernel has the perf_event_open SELinux hooks,
       // otherwise left unset.
       long lsmHookPropValue = mDevice.getIntProperty(PERF_EVENT_LSM_SYSPROP, 0);

       String paranoidCmd = "cat " + PERF_EVENT_PARANOID_PATH;
       String paranoidOut = mDevice.executeShellCommand(paranoidCmd);

       if (lsmHookPropValue != 1 && !paranoidOut.equals("3\n")) {
         fail("\nDevice required to have either:\n"
             + " (a) SELinux hooks for the perf_event_open(2) syscall\n"
             + " (b) /proc/sys/kernel/perf_event_paranoid=3\n"
             + "For (a), apply the relevant patch for your kernel located here:\n"
             + "https://android-review.googlesource.com/q/hashtag:perf_event_lsm\n"
             + "For (b), apply the relevant patch for your kernel located here:\n"
             + "https://android-review.googlesource.com/#/q/topic:CONFIG_SECURITY_PERF_EVENTS_RESTRICT\n"
             + "Device values: SELinux=" + lsmHookPropValue + ", paranoid=" + paranoidOut);
       }
     }
 }
	/*
	* Copyright (C) 2016 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package android.security.cts;

	import com.android.tradefed.device.ITestDevice;
	import com.android.tradefed.device.DeviceNotAvailableException;
	import com.android.tradefed.testtype.DeviceTestCase;

	public class PerfEventParanoidTest extends DeviceTestCase {

	/**
	* a reference to the device under test.
	*/
	private ITestDevice mDevice;

	private static final String PERF_EVENT_PARANOID_PATH = "/proc/sys/kernel/perf_event_paranoid";
	private static final String PERF_EVENT_LSM_SYSPROP = "sys.init.perf_lsm_hooks";

	@Override
	protected void setUp() throws Exception {
	super.setUp();
	mDevice = getDevice();
	}

	public void testPerfEventRestricted() throws DeviceNotAvailableException {
	// Property set to "1" if init detected that the kernel has the perf_event_open SELinux hooks,
	// otherwise left unset.
	long lsmHookPropValue = mDevice.getIntProperty(PERF_EVENT_LSM_SYSPROP, 0);

	String paranoidCmd = "cat " + PERF_EVENT_PARANOID_PATH;
	String paranoidOut = mDevice.executeShellCommand(paranoidCmd);

	if (lsmHookPropValue != 1 && !paranoidOut.equals("3\n")) {
	fail("\nDevice required to have either:\n"
	+ " (a) SELinux hooks for the perf_event_open(2) syscall\n"
	+ " (b) /proc/sys/kernel/perf_event_paranoid=3\n"
	+ "For (a), apply the relevant patch for your kernel located here:\n"
	+ "https://android-review.googlesource.com/q/hashtag:perf_event_lsm\n"
	+ "For (b), apply the relevant patch for your kernel located here:\n"
	+ "https://android-review.googlesource.com/#/q/topic:CONFIG_SECURITY_PERF_EVENTS_RESTRICT\n"
	+ "Device values: SELinux=" + lsmHookPropValue + ", paranoid=" + paranoidOut);
	}
	}
	}