1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 2 # Use of this source code is governed by a BSD-style license that can be 3 # found in the LICENSE file. 4 5 __author__ = 'ups (at] chromium.org (Stephan Uphoff)' 6 7 import logging 8 import os 9 import utils 10 11 from autotest_lib.client.bin import utils, test 12 from autotest_lib.client.common_lib import error 13 14 15 class security_ChromiumOSLSM(test.test): 16 """ 17 Verify Chromium OS Security Module behaves as expected. 18 """ 19 version = 1 20 21 def _mount(self, target): 22 cmd = "mount -c -n -t tmpfs -o nodev,noexec,nosuid test %s" % (target) 23 return utils.system(cmd, ignore_status=True) 24 25 def _umount(self, target): 26 utils.system('umount -n %s' % (target)) 27 28 def _check_mount(self, target, expected, msg): 29 succeeded = (self._mount(target) == 0) 30 if succeeded: 31 self._umount(target) 32 if succeeded != expected: 33 logging.error(msg) 34 return 1 35 return 0 36 37 def run_once(self): 38 errors = 0 39 test_dir = '/tmp/chromium_lsm_test_dir' 40 os.mkdir(test_dir, 0700) 41 42 mnt_target = '%s/mount_point' % (test_dir) 43 os.mkdir(mnt_target, 0700) 44 45 sym_target = '%s/symlink' % (test_dir) 46 os.symlink('mount_point', sym_target) 47 48 # Mounting should succeed (no symbolic link in mount path). 49 errors += self._check_mount(mnt_target, True, 50 'Unable to mount on a directory') 51 52 # Mounting should fail as we used a mount path with a symbolic link. 53 errors += self._check_mount(sym_target, False, 54 'Unexpectedly mounted on a symlink') 55 56 utils.system('rm -rf ' + test_dir) 57 # If self.error is not zero, there were errors. 58 if errors > 0: 59 raise error.TestFail('Failed %d tests' % errors) 60