Add relro/stack_canary tests.

Change-Id: Ifa639baca65e04d58f23ca231f8bfcd6adfd98b8

diff --git a/packaging/security-config.spec b/packaging/security-config.spec
index 0f3d3bbcc2c845b33aa47e92783b25f4b3254282..5706b8bcc383a7d25055c9e5b06f0d31f6c30f3d 100755 (executable)
--- a/packaging/security-config.spec
+++ b/packaging/security-config.spec
@@ -118,6 +118,7 @@ rm /opt/share/security-config/test/new_service_test/*
 %attr(755,root,root) /opt/share/security-config/test/path_check_test/*
 %attr(755,root,root) /opt/share/security-config/test/smack_basic_test/*
 %attr(755,root,root) /opt/share/security-config/test/security_mount_option_test/*
+%attr(755,root,root) /opt/share/security-config/test/relro_stack_canary_test/*
 %attr(755,root,root) /usr/share/upgrade/scripts/201.security_upgrade.sh
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/90_user-content-permissions.post
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/91_user-dbspace-permissions.post

diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index ee2123fad8dd7629454bea0dc75c5572358f99b3..3f434a7babf743b01e348edfed8160b688c9ffb2 100755 (executable)
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -15,3 +15,4 @@ ADD_SUBDIRECTORY(root_test)
 ADD_SUBDIRECTORY(security_mount_option_test)
 ADD_SUBDIRECTORY(smack_basic_test)
 ADD_SUBDIRECTORY(new_service_test)
+ADD_SUBDIRECTORY(relro_stack_canary_test)

diff --git a/test/relro_stack_canary_test/CMakeLists.txt b/test/relro_stack_canary_test/CMakeLists.txt
new file mode 100755 (executable)
index 0000000..a9a3380
--- /dev/null
+++ b/test/relro_stack_canary_test/CMakeLists.txt
@@ -0,0 +1,9 @@
+CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
+
+FILE(GLOB RELRO_STACK_CANARY_SCRIPT *.sh)
+INSTALL(FILES
+          ${RELRO_STACK_CANARY_SCRIPT}
+          DESTINATION
+          /opt/share/security-config/test/relro_stack_canary_test
+)
+

diff --git a/test/relro_stack_canary_test/relro_stack_canary_test.sh b/test/relro_stack_canary_test/relro_stack_canary_test.sh
new file mode 100644 (file)
index 0000000..5bebe77
--- /dev/null
+++ b/test/relro_stack_canary_test/relro_stack_canary_test.sh
@@ -0,0 +1,83 @@
+#!/bin/sh
+
+PATH=/bin:/usr/bin:/sbin:/usr/sbin
+utl_path="/opt/share/security-config/test/utils"
+relro_result_file="/opt/share/security-config/result/new_service.result"
+stack_canary_result_file="/opt/share/security-config/result/new_service.result"
+relro_log_file="/opt/share/security-config/log/relro.log"
+stack_canary_log_file="/opt/share/security-config/log/stack_canary.log"
+tmp_file="/opt/share/security-config/log/tmp_file"
+
+# Clean log files
+if [ -e "$relro_log_file" ]
+then
+       rm $relro_log_file
+fi
+
+if [ -e "$stack_canary_log_file" ]
+then
+       rm $stack_canary_log_file
+fi
+
+# Rename file util
+file_cmd=`find $utl_path -name file.*`
+if [ "$file_cmd" != "" ]; then
+       /bin/mv $file_cmd $utl_path/file
+fi
+
+# Rename readelf util
+readelf_cmd=`find $utl_path -name readelf.*`
+if [ "$readelf_cmd" != "" ]; then
+       /bin/mv $readelf_cmd $utl_path/readelf
+fi
+
+# Filter ELF executables and pass those to readelf
+/usr/bin/find /usr /etc /opt -type f -executable 2>/dev/null | xargs $utl_path/readelf -ls 2>&1 | grep -e "GNU_RELRO" -e "__stack_chk_fail" -e "File:" -e "Error:" > $tmp_file
+echo "File: Dummy" >> $tmp_file
+
+last_file_path=""
+relro_check=true
+stack_canary_check=true
+while read line
+do
+       if [[ "$line" == *"File:"* ]] # If it is file...
+       then
+               if [ $relro_check = false ] # check relro was OK in the previous file
+               then
+                       echo $last_file_path >> $relro_log_file
+               fi
+               if [ $stack_canary_check = false ]  # check stack canary was OK in the previous file
+               then
+                       echo $last_file_path >> $stack_canary_log_file
+               fi
+               last_file_path=$line
+               relro_check=false
+               stack_canary_check=false
+       elif [[ "$line" == *"GNU_RELRO"* ]] # If it is relro...
+       then
+               relro_check=true
+       elif [[ "$line" == *"__stack_chk_fail"* ]] # If it is stack_canary...
+       then
+               stack_canary_check=true
+       elif [[ "$line" == *"Error"* ]]
+       then
+               relro_check=true
+               stack_canary_check=true
+       fi
+done < $tmp_file
+
+rm $tmp_file
+
+if [ ! -e $relro_log_file ]
+then
+       echo "YES" > $relro_result_file
+else
+       echo "NO" > $relro_result_file
+fi
+
+if [ ! -e $stack_canary_log_file ]
+then
+       echo "YES" > $stack_canary_result_file
+else
+       echo "NO" > $stack_canary_result_file
+fi

diff --git a/test/utils/aarch64/readelf.aarch64 b/test/utils/aarch64/readelf.aarch64
new file mode 100755 (executable)
index 0000000..637c848
Binary files /dev/null and b/test/utils/aarch64/readelf.aarch64 differ

diff --git a/test/utils/arm/readelf.arm b/test/utils/arm/readelf.arm
new file mode 100755 (executable)
index 0000000..a8d73e2
Binary files /dev/null and b/test/utils/arm/readelf.arm differ

diff --git a/test/utils/i386/readelf.i386 b/test/utils/i386/readelf.i386
new file mode 100755 (executable)
index 0000000..b746070
Binary files /dev/null and b/test/utils/i386/readelf.i386 differ

diff --git a/test/utils/x86_64/readelf.x86_64 b/test/utils/x86_64/readelf.x86_64
new file mode 100755 (executable)
index 0000000..18ec5b8
Binary files /dev/null and b/test/utils/x86_64/readelf.x86_64 differ