- This script will be used at the time of image build.
Change-Id: I94c67b397450ede4913360afed0851c88678e087
%attr(755,root,root) /usr/share/security-config/set_capability
%attr(755,root,root) /usr/share/security-config/mdm_blacklist
%attr(644,root,root) /usr/lib/tmpfiles.d/security-config.conf
-#%attr(755,root,root) /usr/share/security-config/test/aslr_test/*
+%attr(755,root,root) /opt/share/security-config/test/*
+%attr(755,root,root) /opt/share/security-config/test/aslr_test/*
%attr(755,root,root) /opt/share/security-config/test/utils/*
-#%attr(755,root,root) /usr/share/security-config/test/dep_test/*
+%attr(755,root,root) /opt/share/security-config/test/dep_test/*
%attr(755,root,root) /opt/share/security-config/test/setuid_test/*
%attr(755,root,root) /opt/share/security-config/test/smack_rule_test/*
%attr(755,root,root) /opt/share/security-config/test/root_test/*
+INSTALL(FILES
+ image_test.sh
+ DESTINATION
+ /opt/share/security-config/test/
+)
+
ADD_SUBDIRECTORY(utils)
-#ADD_SUBDIRECTORY(aslr_test) #This test is not included in image.
-#ADD_SUBDIRECTORY(dep_test) #This test is not included in image.
+ADD_SUBDIRECTORY(aslr_test)
+ADD_SUBDIRECTORY(dep_test)
ADD_SUBDIRECTORY(setuid_test)
ADD_SUBDIRECTORY(path_check_test)
ADD_SUBDIRECTORY(capability_test)
CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
-FILE(GLOB SHELL_SCRIPT *.sh)
-INSTALL(FILES
- ${SHELL_SCRIPT}
- README
- DESTINATION
- /opt/share/security-config/test/aslr_test
-)
-
INSTALL(DIRECTORY
${CMAKE_SOURCE_DIR}/test/aslr_test/scripts
DESTINATION
+++ /dev/null
-#!/bin/bash
-
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-#========================================================
-# [Cmd]
-#========================================================
-BIN="/usr/bin"
-GREP="${BIN}/grep"
-CAT="${BIN}/cat"
-FIND="${BIN}/find"
-XARGS="${BIN}/xargs"
-TOUCH="${BIN}/touch"
-RM="${BIN}/rm"
-SED="${BIN}/sed"
-WHOAMI="${BIN}/whoami"
-CUT="${BIN}/cut"
-SORT="${BIN}/sort"
-EXPR="${BIN}/expr"
-MKDIR="${BIN}/mkdir"
-MV="${BIN}/mv"
-UNIQ="${BIN}/uniq"
-CP="${BIN}/cp"
-LN="${BIN}/ln"
-LS="${BIN}/ls"
-#========================================================
-# [Directory and file]
-#========================================================
-base_dir="/opt/share/security-config"
-utils_dir="$base_dir/test/utils"
-aslr_script_dir="$base_dir/test/aslr_test"
-dep_script_dir="$base_dir/test/dep_test"
-suid_script_dir="$base_dir/test/setuid_test"
-log_dir="$base_dir/log"
-result_dir="$base_dir/result"
-
-#========================================================
-# [Functions]
-#========================================================
-#========================================================
-# [fn] Change console color
-#========================================================
-RESET=0;BRIGHT=1;DIM=2;ITALIC=3;UNDERLINE=4
-BLINK_SLOW=5;BLINK_RAPID=6;REVERSE=7;HIDDEN=8
-
-BLACK=0;RED=1;GREEN=2;YELLOW=3
-BLUE=4;MAGENTA=5;CYAN=6;WHITE=7
-
-FONT_OFFSET=30
-BACK_OFFSET=40
-
-# Ignore Background now
-function fnChangeConsoleColor {
-
- argc=$#
- if [ $argc -eq 3 ]; then
- FontColor=`expr $2 + $FONT_OFFSET`
- cmd="\e[$1;$FontColor""m"
- echo -e $cmd
- else
- echo "[Usage] ChangeConsoleColor Brightness FontColor BackColor"
- fi
-
-}
-
-function fnRestoreOriginalColor {
-
- echo -e "\e[m";
-
-}
-
-#=========================================================
-# [fn] Modified echo
-#=========================================================
-#echo Info
-function echoI {
-
- fnChangeConsoleColor $BRIGHT $BLUE $BLACK
- echo "========================================================="
- echo $@
- echo "========================================================="
- fnRestoreOriginalColor
-
-}
-
-# echo Success
-function echoS {
-
- fnChangeConsoleColor $BRIGHT $GREEN $BLACK
- echo $@
- fnRestoreOriginalColor
-
-}
-
-# echo Error
-function echoE {
-
- fnChangeConsoleColor $BRIGHT $RED $BLACK
- echo $@
- fnRestoreOriginalColor
-
-}
-
-#=========================================================
-# [fn] Print done
-#=========================================================
-function fnPrintSDone {
-
- echoS "Successfully Done!"
-
-}
-
-#=========================================================
-# [fn] Finish the script
-#=========================================================
-function fnFinishThisScript {
-
- ret_val=$1
-
- if [ $ret_val -eq 0 ]
- then
- echoS "This script has completed successfully."
- else
- echoE "An error has occurred in this script."
- fi
-
- exit $ret_val
-
-}
CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
-FILE(GLOB SHELL_SCRIPT *.sh)
-INSTALL(FILES
- ${SHELL_SCRIPT}
- README
- DESTINATION
- /opt/share/security-config/test/dep_test
-)
-
INSTALL(DIRECTORY
${CMAKE_SOURCE_DIR}/test/dep_test/scripts
DESTINATION
+++ /dev/null
-#!/bin/bash
-
-PATH=/bin:/usr/bin:/sbin:/usr/sbin
-
-#========================================================
-# [Cmd]
-#========================================================
-BIN="/usr/bin"
-GREP="${BIN}/grep"
-CAT="${BIN}/cat"
-FIND="${BIN}/find"
-XARGS="${BIN}/xargs"
-TOUCH="${BIN}/touch"
-RM="${BIN}/rm"
-SED="${BIN}/sed"
-WHOAMI="${BIN}/whoami"
-CUT="${BIN}/cut"
-SORT="${BIN}/sort"
-EXPR="${BIN}/expr"
-MKDIR="${BIN}/mkdir"
-MV="${BIN}/mv"
-UNIQ="${BIN}/uniq"
-CP="${BIN}/cp"
-LN="${BIN}/ln"
-LS="${BIN}/ls"
-#========================================================
-# [Directory and file]
-#========================================================
-base_dir="/opt/share/security-config"
-utils_dir="$base_dir/test/utils"
-aslr_script_dir="$base_dir/test/aslr_test"
-dep_script_dir="$base_dir/test/dep_test"
-suid_script_dir="$base_dir/test/setuid_test"
-log_dir="$base_dir/log"
-result_dir="$base_dir/result"
-
-#========================================================
-# [Functions]
-#========================================================
-#========================================================
-# [fn] Change console color
-#========================================================
-RESET=0;BRIGHT=1;DIM=2;ITALIC=3;UNDERLINE=4
-BLINK_SLOW=5;BLINK_RAPID=6;REVERSE=7;HIDDEN=8
-
-BLACK=0;RED=1;GREEN=2;YELLOW=3
-BLUE=4;MAGENTA=5;CYAN=6;WHITE=7
-
-FONT_OFFSET=30
-BACK_OFFSET=40
-
-# Ignore Background now
-function fnChangeConsoleColor {
-
- argc=$#
- if [ $argc -eq 3 ]; then
- FontColor=`expr $2 + $FONT_OFFSET`
- cmd="\e[$1;$FontColor""m"
- echo -e $cmd
- else
- echo "[Usage] ChangeConsoleColor Brightness FontColor BackColor"
- fi
-
-}
-
-function fnRestoreOriginalColor {
-
- echo -e "\e[m";
-
-}
-
-#=========================================================
-# [fn] Modified echo
-#=========================================================
-#echo Info
-function echoI {
-
- fnChangeConsoleColor $BRIGHT $BLUE $BLACK
- echo "========================================================="
- echo $@
- echo "========================================================="
- fnRestoreOriginalColor
-
-}
-
-# echo Success
-function echoS {
-
- fnChangeConsoleColor $BRIGHT $GREEN $BLACK
- echo $@
- fnRestoreOriginalColor
-
-}
-
-# echo Error
-function echoE {
-
- fnChangeConsoleColor $BRIGHT $RED $BLACK
- echo $@
- fnRestoreOriginalColor
-
-}
-
-#=========================================================
-# [fn] Print done
-#=========================================================
-function fnPrintSDone {
-
- echoS "Successfully Done!"
-
-}
-
-#=========================================================
-# [fn] Finish the script
-#=========================================================
-function fnFinishThisScript {
-
- ret_val=$1
-
- if [ $ret_val -eq 0 ]
- then
- echoS "This script has completed successfully."
- else
- echoE "An error has occurred in this script."
- fi
-
- exit $ret_val
-
-}
$RM $result_file
$TOUCH $result_file
-LIBDW="libdw-0.153.so"
-lib_dir=
# Rename utils
file_cmd=`$FIND $utils_dir -name file.*`
readelf_cmd=`$FIND $utils_dir -name readelf.*`
$MV $readelf_cmd $utils_dir/readelf
fi
-# Set lib_dir
-if [ -d "/usr/lib64" ]; then
- lib_dir="/usr/lib64"
-elif [ -d "/usr/lib" ]; then
- lib_dir="/usr/lib"
-else
- echo "No proper lib dir"
- exit 1
-fi
-echo "lib_dir = $lib_dir"
-
-arch_info=`$utils_dir/file $utils_dir/file`
-if [[ $arch_info == *"aarch64"* ]]
-then
- echo "aarch64!!"
- arch="aarch64"
-elif [[ $arch_info == *"ARM"* ]]
-then
- echo "arm!!"
- arch="arm"
-elif [[ $arch_info == *"x86-64"* ]]
-then
- echo "x86_64!!"
- arch="x86_64"
-elif [[ $arch_info == *"Intel"* ]]
-then
- echo "i386!!"
- arch="i386"
-fi
-
-# Set required utils
-libdw_lib=`$FIND $dep_script_dir -name utillib.$arch`
-if [ "$libdw_lib" != "" ]; then
- $MV $libdw_lib $dep_script_dir/"$LIBDW"
- $CP $dep_script_dir/$LIBDW $lib_dir
- $LN $lib_dir/$LIBDW $lib_dir/libdw.so.1
-fi
-
#=========================================================
# [02] Make List
#=========================================================
$MV $dep_script_dir/log.csv $log_dir/dep_test.log
fi
$MV $dep_script_dir/result $result_dir/dep_test.result
-
-if [ "$libdw_lib" != "" ]; then
- rm $lib_dir/libdw*
-fi
fnPrintSDone
--- /dev/null
+#!/bin/bash
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+security_test_path="/opt/share/security-config/test"
+log_path="/opt/share/security-config/log"
+log_file="$log_path/image_test_log"
+
+# This script is running automatically at the time of image build.
+
+# Init log
+if [ -e "$log_file" ]
+then
+ rm $log_file
+fi
+
+# ASLR test
+aslr_test="$security_test_path/aslr_test/scripts/run_aslr_test.sh"
+aslr_log="$log_path/aslr_test.log"
+if [ -e $aslr_test ]
+then
+ $aslr_test 1>/dev/null 2>/dev/null
+ if [ -e "$aslr_log" ]
+ then
+ echo "###### ASLR not applied list ######" >> $log_file
+ cat $aslr_log >> $log_file
+ fi
+fi
+
+# DEP test
+dep_test="$security_test_path/dep_test/scripts/run_dep_test.sh"
+dep_log="$log_path/dep_test.log"
+if [ -e $dep_test ]
+then
+ $dep_test 1>/dev/null 2>/dev/null
+ if [ -e "$dep_log" ]
+ then
+ echo "###### DEP not applied list ######" >> $log_file
+ cat $dep_log >> $log_file
+ fi
+fi
+
+# SERVICE test
+service_test="$security_test_path/root_test/root_minimization.sh"
+failed_service_log="$log_path/root_test_failed_list.log"
+new_service_log="$log_path/root_test_new_root.log"
+if [ -e $service_test ]
+then
+ $service_test 1>/dev/null 2>/dev/null
+ if [ -e "$failed_service_log" ]
+ then
+ echo "###### failed service list ######" >> $log_file
+ cat $failed_service_log >> $log_file
+ fi
+ if [ -e "$new_service_log" ]
+ then
+ echo "###### new service list ######" >> $log_file
+ cat $new_service_log >> $log_file
+ fi
+fi
+
+# PATH test
+path_check_test="$security_test_path/path_check_test/path_check.sh"
+path_log="$log_path/path_check.log"
+if [ -e $path_check_test ]
+then
+ $path_check_test 1>/dev/null 2>/dev/null
+ if [ -e "$path_log" ]
+ then
+ echo "###### path check error list ######" >> $log_file
+ cat $path_log >> $log_file
+ fi
+fi
+
+# Print the failed lists in build log
+if [ -e "$log_file" ]
+then
+ cat $log_file
+fi
+
#========================================================
base_dir="/opt/share/security-config"
utils_dir="$base_dir/test/utils"
-aslr_script_dir="$base_dir/test/aslr_test"
-dep_script_dir="$base_dir/test/dep_test"
+aslr_script_dir="$base_dir/test/aslr_test/scripts"
+dep_script_dir="$base_dir/test/dep_test/scripts"
suid_script_dir="$base_dir/test/setuid_test"
log_dir="$base_dir/log"
result_dir="$base_dir/result"
projects / platform / core / security / security-config.git / commitdiff