Home | History | Annotate | Download | only in security_RootfsStatefulSymlinks 
      1 # Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
      2 # Use of this source code is governed by a BSD-style license that can be
      3 # found in the LICENSE file.
      4 
      5 TIME="SHORT"
      6 AUTHOR = "The Chromium OS Authors"
      7 DOC = """
      8 Locating important system files outside of the integrity-controlled
      9 rootfs can undermine the security provided by verified boot. Therefore,
     10 there should be a whitelisted, limited, reviewed set of locations where
     11 we symlink from inside the rootfs out to the stateful partition. This
     12 test enforces that.
     13 """
     14 NAME = "security_RootfsStatefulSymlinks"
     15 PURPOSE = "To avoid circumventions of verified boot by careless symlinks."
     16 CRITERIA = """
     17 The test succeeds if all links pointing into "bad destinations" are
     18 accounted for by the whitelist ('baseline').
     19 """
     20 ATTRIBUTES = "suite:bvt-inline, suite:smoke"
     21 SUITE = "bvt-inline, smoke"
     22 TEST_CLASS = "security"
     23 TEST_CATEGORY = "Functional"
     24 TEST_TYPE = "client"
     25 JOB_RETRIES = 2
     26 
     27 job.run_test("security_RootfsStatefulSymlinks")
     28