security_DbusOwners: Clarify test intent.
While the test is called "security_DbusOwners", the objective of the
test is to check specifically 'chronos'-owned D-Bus interfaces. Clarify
that in the code.
BUG=chromium:709990
TEST=test_that, test still passes.
Change-Id: I531ccea0a5f34c0d8d644d11216807a62988b0b9
Reviewed-on: https://chromium-review.googlesource.com/481080
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
diff --git a/client/site_tests/security_DbusOwners/security_DbusOwners.py b/client/site_tests/security_DbusOwners/security_DbusOwners.py
index c588867..064653a 100644
--- a/client/site_tests/security_DbusOwners/security_DbusOwners.py
+++ b/client/site_tests/security_DbusOwners/security_DbusOwners.py
@@ -11,6 +11,8 @@
from autotest_lib.client.common_lib import error
class security_DbusOwners(test.test):
+ """Enforces a whitelist of known, allowed Dbus interfaces owned by chronos.
+ """
version = 1
_DBUS_CONFIG_DIR = '/etc/dbus-1/system.d/'
@@ -24,7 +26,7 @@
return baseline_set
- def fetch_owners(self):
+ def fetch_chronos_owned_interfaces(self):
"""
For every DBus interface XML, look for <policy user="chronos"> sections
containing <allow own="InterfaceName">. Return the list of interfaces
@@ -33,7 +35,7 @@
chronos_owned = []
for root, dirs, files in os.walk(self._DBUS_CONFIG_DIR):
for filename in files:
- # Skip cruft like dotfiles
+ # Skip cruft like dotfiles.
if not re.search('^[^.].*\.conf$', filename):
logging.debug('Skipping %s', filename)
continue
@@ -56,9 +58,9 @@
def run_once(self):
"""
Enumerate all the DBus interfaces owned by chronos.
- Fail if it's not included in the expected set.
+ Fail if they're not included in the expected set.
"""
- observed_set = self.fetch_owners()
+ observed_set = self.fetch_chronos_owned_interfaces()
baseline_set = self.load_baseline()
# We log but don't fail if we find missing interfaces.
