From 0ffb178ea81ebcde3990dd8269ccc08ebbc83416 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Thu, 8 Feb 2018 09:57:25 +0100 Subject: meta-security: Remove unused content MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This unused content can be devided in two parts: - setting and feature in bitbake classes - tests None are actually used by AGL. Even if this content can be later included in distribution, I prefer to remove it now. Change-Id: I4e6a8ac6326986a5652a7c47614dcaa3db8cabb6 Signed-off-by: José Bollo --- .../oeqa/runtime/files/smack_test_file_access.sh | 54 ---------------------- 1 file changed, 54 deletions(-) delete mode 100644 meta-security/lib/oeqa/runtime/files/smack_test_file_access.sh (limited to 'meta-security/lib/oeqa/runtime/files/smack_test_file_access.sh') diff --git a/meta-security/lib/oeqa/runtime/files/smack_test_file_access.sh b/meta-security/lib/oeqa/runtime/files/smack_test_file_access.sh deleted file mode 100644 index 5a0ce84f2..000000000 --- a/meta-security/lib/oeqa/runtime/files/smack_test_file_access.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh - -SMACK_PATH=`grep smack /proc/mounts | awk '{print $2}' ` -RC=0 -TMP="/tmp" -test_file=$TMP/smack_test_access_file -CAT=`which cat` -ECHO=`which echo` -uid=1000 -initial_label=`cat /proc/self/attr/current` -python $TMP/notroot.py $uid "TheOther" $ECHO 'TEST' > $test_file -chsmack -a "TheOther" $test_file - -# 12345678901234567890123456789012345678901234567890123456 -delrule="TheOne TheOther -----" -rule_ro="TheOne TheOther r----" - -# Remove pre-existent rules for "TheOne TheOther " -echo -n "$delrule" > $SMACK_PATH/load -python $TMP/notroot.py $uid "TheOne" $CAT $test_file 2>&1 1>/dev/null | grep -q "Permission denied" || RC=$? -if [ $RC -ne 0 ]; then - echo "Process with different label than the test file and no read access on it can read it" - exit $RC -fi - -# adding read access -echo -n "$rule_ro" > $SMACK_PATH/load -python $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$? -if [ $RC -ne 0 ]; then - echo "Process with different label than the test file but with read access on it cannot read it" - exit $RC -fi - -# Remove pre-existent rules for "TheOne TheOther " -echo -n "$delrule" > $SMACK_PATH/load -# changing label of test file to * -# according to SMACK documentation, read access on a * object is always permitted -chsmack -a '*' $test_file -python $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$? -if [ $RC -ne 0 ]; then - echo "Process cannot read file with * label" - exit $RC -fi - -# changing subject label to * -# according to SMACK documentation, every access requested by a star labeled subject is rejected -TOUCH=`which touch` -python $TMP/notroot.py $uid '*' $TOUCH $TMP/test_file_2 -ls -la $TMP/test_file_2 2>&1 | grep -q 'No such file or directory' || RC=$? -if [ $RC -ne 0 ];then - echo "Process with label '*' should not have any access" - exit $RC -fi -exit 0 -- cgit 1.2.3-korg