[LTP] [PATCH ltp v3 1/2] IMA: Move check_policy_writable to ima_setup.sh and rename it
Alex Henrie
alexh@vpitech.com
Tue Sep 14 18:15:02 CEST 2021
Signed-off-by: Alex Henrie <alexh@vpitech.com>
---
.../security/integrity/ima/tests/ima_policy.sh | 16 +++-------------
.../security/integrity/ima/tests/ima_setup.sh | 10 ++++++++++
2 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_policy.sh b/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
index 244cf081d..8924549df 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_policy.sh
@@ -11,19 +11,9 @@ TST_CNT=2
. ima_setup.sh
-check_policy_writable()
-{
- local err="IMA policy already loaded and kernel not configured to enable multiple writes to it (need CONFIG_IMA_WRITE_POLICY=y)"
-
- [ -f $IMA_POLICY ] || tst_brk TCONF "$err"
- # CONFIG_IMA_READ_POLICY
- echo "" 2> log > $IMA_POLICY
- grep -q "Device or resource busy" log && tst_brk TCONF "$err"
-}
-
setup()
{
- check_policy_writable
+ require_policy_writable
VALID_POLICY="$TST_DATAROOT/measure.policy"
[ -f $VALID_POLICY ] || tst_brk TCONF "missing $VALID_POLICY"
@@ -55,7 +45,7 @@ test1()
local p1
- check_policy_writable
+ require_policy_writable
load_policy $INVALID_POLICY & p1=$!
wait "$p1"
if [ $? -ne 0 ]; then
@@ -71,7 +61,7 @@ test2()
local p1 p2 rc1 rc2
- check_policy_writable
+ require_policy_writable
load_policy $VALID_POLICY & p1=$!
load_policy $VALID_POLICY & p2=$!
wait "$p1"; rc1=$?
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
index 565f0bc3e..9c25d634d 100644
--- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
@@ -73,6 +73,16 @@ require_policy_readable()
fi
}
+require_policy_writable()
+{
+ local err="IMA policy already loaded and kernel not configured to enable multiple writes to it (need CONFIG_IMA_WRITE_POLICY=y)"
+
+ [ -f $IMA_POLICY ] || tst_brk TCONF "$err"
+ # CONFIG_IMA_READ_POLICY
+ echo "" 2> log > $IMA_POLICY
+ grep -q "Device or resource busy" log && tst_brk TCONF "$err"
+}
+
check_ima_policy_content()
{
local pattern="$1"
--
2.33.0
More information about the ltp
mailing list