From: Petr Vorel <pvorel@suse.cz>
To: ltp@lists.linux.it
Cc: Petr Vorel <pvorel@suse.cz>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
Tushar Sugandhi <tusharsu@linux.microsoft.com>,
linux-integrity@vger.kernel.org
Subject: [PATCH v4 1/3] ima_keys.sh: Check policy only once
Date: Fri, 7 May 2021 21:14:12 +0200 [thread overview]
Message-ID: <20210507191414.14795-2-pvorel@suse.cz> (raw)
In-Reply-To: <20210507191414.14795-1-pvorel@suse.cz>
Not needed to check the same policy twice.
Rename to contain 'require' as we use tst_brk.
Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
new in v4
.../security/integrity/ima/tests/ima_keys.sh | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
index 9951ab999..3476b8007 100755
--- a/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
+++ b/testcases/kernel/security/integrity/ima/tests/ima_keys.sh
@@ -1,7 +1,7 @@
#!/bin/sh
# SPDX-License-Identifier: GPL-2.0-or-later
# Copyright (c) 2020 Microsoft Corporation
-# Copyright (c) 2020 Petr Vorel <pvorel@suse.cz>
+# Copyright (c) 2020-2021 Petr Vorel <pvorel@suse.cz>
# Author: Lachlan Sneff <t-josne@linux.microsoft.com>
#
# Verify that keys are measured correctly based on policy.
@@ -20,6 +20,7 @@ REQUIRED_POLICY="^measure.*$FUNC_KEYCHECK"
setup()
{
require_ima_policy_content "$REQUIRED_POLICY" '-E' > $TST_TMPDIR/policy.txt
+ require_valid_policy_template
}
cleanup()
@@ -27,15 +28,14 @@ cleanup()
tst_is_num $KEYRING_ID && keyctl clear $KEYRING_ID
}
-check_policy_template()
+
+require_valid_policy_template()
{
while read line; do
if echo $line | grep -q 'template=' && ! echo $line | grep -q 'template=ima-buf'; then
- tst_res TCONF "only template=ima-buf can be specified for KEY_CHECK"
- return 1
+ tst_brk TCONF "only template=ima-buf can be specified for KEY_CHECK"
fi
done < $TST_TMPDIR/policy.txt
- return 0
}
check_keys_policy()
@@ -59,8 +59,6 @@ test1()
tst_res TINFO "verify key measurement for keyrings and templates specified in IMA policy"
- check_policy_template || return
-
check_keys_policy "$pattern" > $tmp_file || return
keycheck_lines=$(cat $tmp_file)
keyrings=$(for i in $keycheck_lines; do echo "$i" | grep "keyrings" | \
@@ -115,8 +113,6 @@ test2()
tst_res TINFO "verify measurement of certificate imported into a keyring"
- check_policy_template || return
-
check_keys_policy "$pattern" >/dev/null || return
KEYRING_ID=$(keyctl newring $keyring_name @s) || \
--
2.31.1
next prev parent reply other threads:[~2021-05-07 19:14 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-07 19:14 [PATCH v4 0/3] IMA: Add test for dm-crypt measurement Petr Vorel
2021-05-07 19:14 ` Petr Vorel [this message]
2021-05-10 14:47 ` [PATCH v4 1/3] ima_keys.sh: Check policy only once Lakshmi Ramasubramanian
2021-05-10 17:28 ` Petr Vorel
2021-05-07 19:14 ` [PATCH v4 2/3] IMA: Generalize key measurement tests Petr Vorel
2021-05-07 19:14 ` [PATCH v4 3/3] IMA: Add test for dm-crypt measurement Petr Vorel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210507191414.14795-2-pvorel@suse.cz \
--to=pvorel@suse.cz \
--cc=linux-integrity@vger.kernel.org \
--cc=ltp@lists.linux.it \
--cc=nramas@linux.microsoft.com \
--cc=tusharsu@linux.microsoft.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox