testcases/kernel/security/integrity/ima/tests/ima_measurements.sh - platform/external/ltp - Git at Google

 #!/bin/sh

 ################################################################################
 ##                                                                            ##
 ## Copyright (C) 2009 IBM Corporation                                         ##
 ##                                                                            ##
 ## This program is free software;  you can redistribute it and#or modify      ##
 ## it under the terms of the GNU General Public License as published by       ##
 ## the Free Software Foundation; either version 2 of the License, or          ##
 ## (at your option) any later version.                                        ##
 ##                                                                            ##
 ## This program is distributed in the hope that it will be useful, but        ##
 ## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
 ## or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License   ##
 ## for more details.                                                          ##
 ##                                                                            ##
 ## You should have received a copy of the GNU General Public License          ##
 ## along with this program;  if not, write to the Free Software Foundation,   ##
 ## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA           ##
 ##                                                                            ##
 ################################################################################
 #
 # File :        ima_measurements.sh
 #
 # Description:  This file verifies measurements are added to the measurement
 # 		list based on policy.
 #
 # Author:       Mimi Zohar, zohar@ibm.vnet.ibm.com
 ################################################################################
 export TST_TOTAL=3
 export TCID="ima_measurements"

 init()
 {
 	tst_check_cmds sha1sum

 	# verify using default policy
 	if [ ! -f "$IMA_DIR/policy" ]; then
 		tst_resm TINFO "not using default policy"
 	fi
 }

 # Function:     test01
 # Description   - Verify reading a file causes a new measurement to
 #		  be added to the IMA measurement list.
 test01()
 {
 	# Create file test.txt
 	cat > test.txt <<-EOF
 	$(date) - this is a test file
 	EOF
 	if [ $? -ne 0 ]; then
 		tst_brkm TBROK "Unable to create test file"
 	fi

 	# Calculating the sha1sum of test.txt should add
 	# the measurement to the measurement list.
 	# (Assumes SHA1 IMA measurements.)
 	hash=$(sha1sum "test.txt" | sed 's/  -//')

 	# Check if the file is measured
 	# (i.e. contained in the ascii measurement list.)
 	cat /sys/kernel/security/ima/ascii_runtime_measurements > measurements
 	sleep 1
 	$(grep $hash measurements > /dev/null)
 	if [ $? -ne 0 ]; then
 		tst_resm TFAIL "TPM ascii measurement list does not contain sha1sum"
 	else
 		tst_resm TPASS "TPM ascii measurement list contains sha1sum"
 	fi
 }

 # Function:     test02
 # Description	- Verify modifying, then reading, a file causes a new
 # 		  measurement to be added to the IMA measurement list.
 test02()
 {
 	# Modify test.txt
 	echo $(date) - file modified >> test.txt

 	# Calculating the sha1sum of test.txt should add
 	# the new measurement to the measurement list
 	hash=$(sha1sum test.txt | sed 's/  -//')

 	# Check if the new measurement exists
 	cat /sys/kernel/security/ima/ascii_runtime_measurements > measurements
 	$(grep $hash measurements > /dev/null)

 	if [ $? -ne 0 ]; then
 		tst_resm TFAIL "Modified file not measured"
 		tst_resm TINFO "iversion not supported; or not mounted with iversion"
 	else
 		tst_resm TPASS "Modified file measured"
 	fi
 }

 # Function:     test03
 # Description 	- Verify files are measured based on policy
 #		(Default policy does not measure user files.)
 test03()
 {
 	# create file user-test.txt
 	mkdir -m 0700 user
 	chown nobody.nobody user
 	cd user
 	hash=0

 	# As user nobody, create and cat the new file
 	# (The LTP tests assumes existence of 'nobody'.)
 	sudo -n -u nobody sh -c "echo $(date) - create test.txt > ./test.txt;
 				 cat ./test.txt > /dev/null"

 	# Calculating the hash will add the measurement to the measurement
 	# list, so only calc the hash value after getting the measurement
 	# list.
 	cat /sys/kernel/security/ima/ascii_runtime_measurements > measurements
 	hash=$(sha1sum test.txt | sed 's/  -//')
 	cd - >/dev/null

 	# Check if the file is measured
 	grep $hash measurements > /dev/null
 	if [ $? -ne 0 ]; then
 		tst_resm TPASS "user file test.txt not measured"
 	else
 		tst_resm TFAIL "user file test.txt measured"
 	fi
 }

 . ima_setup.sh

 setup
 TST_CLEANUP=cleanup

 init
 test01
 test02
 test03

 tst_exit
	#!/bin/sh

	################################################################################
	## ##
	## Copyright (C) 2009 IBM Corporation ##
	## ##
	## This program is free software; you can redistribute it and#or modify ##
	## it under the terms of the GNU General Public License as published by ##
	## the Free Software Foundation; either version 2 of the License, or ##
	## (at your option) any later version. ##
	## ##
	## This program is distributed in the hope that it will be useful, but ##
	## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ##
	## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ##
	## for more details. ##
	## ##
	## You should have received a copy of the GNU General Public License ##
	## along with this program; if not, write to the Free Software Foundation, ##
	## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ##
	## ##
	################################################################################
	#
	# File : ima_measurements.sh
	#
	# Description: This file verifies measurements are added to the measurement
	# list based on policy.
	#
	# Author: Mimi Zohar, zohar@ibm.vnet.ibm.com
	################################################################################
	export TST_TOTAL=3
	export TCID="ima_measurements"

	init()
	{
	tst_check_cmds sha1sum

	# verify using default policy
	if [ ! -f "$IMA_DIR/policy" ]; then
	tst_resm TINFO "not using default policy"
	fi
	}

	# Function: test01
	# Description - Verify reading a file causes a new measurement to
	# be added to the IMA measurement list.
	test01()
	{
	# Create file test.txt
	cat > test.txt <<-EOF
	$(date) - this is a test file
	EOF
	if [ $? -ne 0 ]; then
	tst_brkm TBROK "Unable to create test file"
	fi

	# Calculating the sha1sum of test.txt should add
	# the measurement to the measurement list.
	# (Assumes SHA1 IMA measurements.)
	hash=$(sha1sum "test.txt" \| sed 's/ -//')

	# Check if the file is measured
	# (i.e. contained in the ascii measurement list.)
	cat /sys/kernel/security/ima/ascii_runtime_measurements > measurements
	sleep 1
	$(grep $hash measurements > /dev/null)
	if [ $? -ne 0 ]; then
	tst_resm TFAIL "TPM ascii measurement list does not contain sha1sum"
	else
	tst_resm TPASS "TPM ascii measurement list contains sha1sum"
	fi
	}

	# Function: test02
	# Description - Verify modifying, then reading, a file causes a new
	# measurement to be added to the IMA measurement list.
	test02()
	{
	# Modify test.txt
	echo $(date) - file modified >> test.txt

	# Calculating the sha1sum of test.txt should add
	# the new measurement to the measurement list
	hash=$(sha1sum test.txt \| sed 's/ -//')

	# Check if the new measurement exists
	cat /sys/kernel/security/ima/ascii_runtime_measurements > measurements
	$(grep $hash measurements > /dev/null)

	if [ $? -ne 0 ]; then
	tst_resm TFAIL "Modified file not measured"
	tst_resm TINFO "iversion not supported; or not mounted with iversion"
	else
	tst_resm TPASS "Modified file measured"
	fi
	}

	# Function: test03
	# Description - Verify files are measured based on policy
	# (Default policy does not measure user files.)
	test03()
	{
	# create file user-test.txt
	mkdir -m 0700 user
	chown nobody.nobody user
	cd user
	hash=0

	# As user nobody, create and cat the new file
	# (The LTP tests assumes existence of 'nobody'.)
	sudo -n -u nobody sh -c "echo $(date) - create test.txt > ./test.txt;
	cat ./test.txt > /dev/null"

	# Calculating the hash will add the measurement to the measurement
	# list, so only calc the hash value after getting the measurement
	# list.
	cat /sys/kernel/security/ima/ascii_runtime_measurements > measurements
	hash=$(sha1sum test.txt \| sed 's/ -//')
	cd - >/dev/null

	# Check if the file is measured
	grep $hash measurements > /dev/null
	if [ $? -ne 0 ]; then
	tst_resm TPASS "user file test.txt not measured"
	else
	tst_resm TFAIL "user file test.txt measured"
	fi
	}

	. ima_setup.sh

	setup
	TST_CLEANUP=cleanup

	init
	test01
	test02
	test03

	tst_exit