1#!/bin/sh 2# SPDX-License-Identifier: GPL-2.0-or-later 3# Copyright (c) 2009 IBM Corporation 4# Copyright (c) 2018-2020 Petr Vorel <[email protected]> 5# Author: Mimi Zohar <[email protected]> 6# 7# Test replacing the default integrity measurement policy. 8 9TST_SETUP="setup" 10TST_CNT=2 11 12setup() 13{ 14 require_policy_writable 15 16 VALID_POLICY="$TST_DATAROOT/measure.policy" 17 [ -f $VALID_POLICY ] || tst_brk TCONF "missing $VALID_POLICY" 18 19 INVALID_POLICY="$TST_DATAROOT/measure.policy-invalid" 20 [ -f $INVALID_POLICY ] || tst_brk TCONF "missing $INVALID_POLICY" 21} 22 23load_policy() 24{ 25 local ret 26 27 exec 2>/dev/null 4>$IMA_POLICY 28 [ $? -eq 0 ] || exit 1 29 30 cat $1 >&4 2> /dev/null 31 ret=$? 32 exec 4>&- 33 34 [ $ret -eq 0 ] && \ 35 tst_res TINFO "IMA policy updated, please reboot after testing to restore settings" 36 37 return $ret 38} 39 40test1() 41{ 42 tst_res TINFO "verify that invalid policy isn't loaded" 43 44 local p1 45 46 require_policy_writable 47 load_policy $INVALID_POLICY & p1=$! 48 wait "$p1" 49 if [ $? -ne 0 ]; then 50 tst_res TPASS "didn't load invalid policy" 51 else 52 tst_res TFAIL "loaded invalid policy" 53 fi 54} 55 56test2() 57{ 58 tst_res TINFO "verify that policy file is not opened concurrently and able to loaded multiple times" 59 60 local p1 p2 rc1 rc2 61 62 require_policy_writable 63 load_policy $VALID_POLICY & p1=$! 64 load_policy $VALID_POLICY & p2=$! 65 wait "$p1"; rc1=$? 66 wait "$p2"; rc2=$? 67 if [ $rc1 -eq 0 ] && [ $rc2 -eq 0 ]; then 68 tst_res TFAIL "policy opened concurrently" 69 elif [ $rc1 -eq 0 ] || [ $rc2 -eq 0 ]; then 70 tst_res TPASS "policy was loaded just by one process and able to loaded multiple times" 71 else 72 tst_res TFAIL "problem loading or extending policy (may require policy to be signed)" 73 fi 74} 75 76. ima_setup.sh 77tst_run 78