[LTP] [PATCH ltp v7 2/3] IMA: Move ima_check to ima_setup.sh
Alex Henrie
alexh@vpitech.com
Wed Sep 22 20:52:31 CEST 2021
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Alex Henrie <alexh@vpitech.com>
[ pvorel: add test_file parameter to ima_check(), keep $TEST_FILE in
ima_measurements.sh ]
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
.../integrity/ima/tests/ima_measurements.sh | 31 ++-----------------
.../security/integrity/ima/tests/ima_setup.sh | 28 +++++++++++++++++
2 files changed, 30 insertions(+), 29 deletions(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
index ef8577d30..a83c416de 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_measurements.sh
@@ -21,33 +21,6 @@ setup()
[ -f "$IMA_POLICY" ] || tst_res TINFO "not using default policy"
}
-ima_check()
-{
- local algorithm digest expected_digest line tmp
-
- # need to read file to get updated $ASCII_MEASUREMENTS
- cat $TEST_FILE > /dev/null
-
- line="$(grep $TEST_FILE $ASCII_MEASUREMENTS | tail -1)"
-
- if tmp=$(get_algorithm_digest "$line"); then
- algorithm=$(echo "$tmp" | cut -d'|' -f1)
- digest=$(echo "$tmp" | cut -d'|' -f2)
- else
- tst_res TBROK "failed to get algorithm/digest for '$TEST_FILE': $tmp"
- fi
-
- tst_res TINFO "computing digest for $algorithm algorithm"
- expected_digest="$(compute_digest $algorithm $TEST_FILE)" || \
- tst_brk TCONF "cannot compute digest for $algorithm algorithm"
-
- if [ "$digest" = "$expected_digest" ]; then
- tst_res TPASS "correct digest found"
- else
- tst_res TFAIL "digest not found"
- fi
-}
-
check_iversion_support()
{
local device mount fs
@@ -83,7 +56,7 @@ test1()
{
tst_res TINFO "verify adding record to the IMA measurement list"
ROD echo "$(date) this is a test file" \> $TEST_FILE
- ima_check
+ ima_check $TEST_FILE
}
test2()
@@ -92,7 +65,7 @@ test2()
tst_res TINFO "verify updating record in the IMA measurement list"
check_iversion_support || return
ROD echo "$(date) modified file" \> $TEST_FILE
- ima_check
+ ima_check $TEST_FILE
}
test3()
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
index 9c25d634d..af7f3a5f5 100644
--- a/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_setup.sh
@@ -279,6 +279,34 @@ get_algorithm_digest()
echo "$algorithm|$digest"
}
+ima_check()
+{
+ local test_file="$1"
+ local algorithm digest expected_digest line tmp
+
+ # need to read file to get updated $ASCII_MEASUREMENTS
+ cat $test_file > /dev/null
+
+ line="$(grep $test_file $ASCII_MEASUREMENTS | tail -1)"
+
+ if tmp=$(get_algorithm_digest "$line"); then
+ algorithm=$(echo "$tmp" | cut -d'|' -f1)
+ digest=$(echo "$tmp" | cut -d'|' -f2)
+ else
+ tst_res TBROK "failed to get algorithm/digest for '$test_file': $tmp"
+ fi
+
+ tst_res TINFO "computing digest for $algorithm algorithm"
+ expected_digest="$(compute_digest $algorithm $test_file)" || \
+ tst_brk TCONF "cannot compute digest for $algorithm algorithm"
+
+ if [ "$digest" = "$expected_digest" ]; then
+ tst_res TPASS "correct digest found"
+ else
+ tst_res TFAIL "digest not found"
+ fi
+}
+
# check_evmctl REQUIRED_TPM_VERSION
# return: 0: evmctl is new enough, 1: version older than required (or version < v0.9)
check_evmctl()
--
2.33.0
More information about the ltp
mailing list