Signed-off-by: Petr Vorel <pvorel@xxxxxxx> --- New in v5. .../security/integrity/ima/tests/ima_setup.sh | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh index 975ce9cbb..c46f273ab 100644 --- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh +++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh @@ -54,6 +54,45 @@ compute_digest() return 1 } +check_policy_readable() +{ + if [ -f $IMA_POLICY ]; then + tst_res TINFO "missing $IMA_POLICY (reboot or CONFIG_IMA_WRITE_POLICY=y required)" + return 1 + fi + cat $IMA_POLICY > /dev/null 2>/dev/null +} + +require_policy_readable() +{ + if [ -f $IMA_POLICY ]; then + tst_brk TCONF "missing $IMA_POLICY (reboot or CONFIG_IMA_WRITE_POLICY=y required)" + fi + if ! check_policy_readable; then + tst_brk TCONF "cannot read IMA policy (CONFIG_IMA_READ_POLICY=y required)" + fi +} + +check_ima_policy_content() +{ + local pattern="$1" + local grep_params="${2--q}" + + check_policy_readable || return 1 + grep $grep_params "$pattern" $IMA_POLICY +} + +require_ima_policy_content() +{ + local pattern="$1" + local grep_params="${2--q}" + + require_policy_readable + if ! grep $grep_params "$pattern" $IMA_POLICY; then + tst_brk TCONF "IMA policy does not specify '$pattern'" + fi +} + require_ima_policy_cmdline() { local policy="$1" -- 2.27.0