Hi Tushar,
...
> +++ b/testcases/kernel/security/integrity/ima/tests/ima_dm_crypt.sh
> @@ -0,0 +1,60 @@
> +#!/bin/sh
> +# SPDX-License-Identifier: GPL-2.0-or-later
> +# Copyright (c) 2020 Microsoft Corporation
> +# Author: Tushar Sugandhi <tusharsu@xxxxxxxxxxxxxxxxxxx>
> +#
> +# Verify that DM target dm-crypt are measured correctly based on policy.
> +
> +TST_NEEDS_CMDS="dmsetup"
> +TST_CNT=1
> +TST_NEEDS_DEVICE=1
> +TST_SETUP=setup
> +TST_CLEANUP=cleanup
> +
> +. ima_setup.sh
> +
> +FUNC_CRIT_DATA='func=CRITICAL_DATA'
> +TEMPLATE_BUF='template=ima-buf'
> +REQUIRED_POLICY="^measure.*($FUNC_CRIT_DATA.*$TEMPLATE_BUF|$TEMPLATE_BUF.*$FUNC_CRIT_DATA)"
> +
> +setup()
> +{
> + require_ima_policy_content "$REQUIRED_POLICY" '-E' > $TST_TMPDIR/policy.txt
> +}
> +
> +cleanup()
> +{
> + ROD "dmsetup remove test-crypt"
FYI: there should be check that dmsetup create was run.
https://github.com/linux-test-project/ltp/wiki/Test-Writing-Guidelines#a-word-about-the-cleanup-callback
i.e. here:
[ "$dmsetup_run" ] || return
ROD "dmsetup remove test-crypt"
+ see below.
> +}
> +
> +test1()
> +{
> + local input_digest="039d8ff71918608d585adca3e5aab2e3f41f84d6"
> + local pattern='data_sources=[^[:space:]]+'
> + local tmp_file="$TST_TMPDIR/dm_crypt_tmp.txt"
> + local policy="data_sources"
> + local arg key res
> +
> + tst_res TINFO "verifying dm target - dmcrypt gets measured correctly"
> +
> + check_policy_pattern "$pattern" $FUNC_CRIT_DATA $TEMPLATE_BUF > $tmp_file || return
> +
> + tgt="crypt"
> + key="faf453b4ee938cff2f0d2c869a0b743f59125c0a37f5bcd8f1dbbd911a78abaa"
> +
> + arg="'0 1953125 crypt aes-xts-plain64 "
> + arg="$arg $key 0 "
> + arg="$arg /dev/loop0 0 1 allow_discards'"
> +
> + ROD "dmsetup create test-crypt --table $arg"
adding
dmsetup_run=1
Kind regards,
Petr
