代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/dim 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 25fde75cbadc10af97e6684a52e72d516b974de5 Mon Sep 17 00:00:00 2001
From: jinlun <jinlun@huawei.com>
Date: Mon, 6 Nov 2023 20:29:16 +0800
Subject: [PATCH 04/26] dim: add test code
---
test/README.md | 23 ++
test/common.sh | 390 ++++++++++++++++++
test/dim_test_demo.c | 12 +
test/dim_test_demo_tamper.c | 13 +
test/test_dim_core.sh | 145 +++++++
test/test_dim_monitor.sh | 32 ++
test/test_module/Makefile | 16 +
test/test_module/dim_test_module_demo.c | 20 +
.../test_module/dim_test_module_demo_tamper.c | 23 ++
9 files changed, 674 insertions(+)
create mode 100644 test/README.md
create mode 100644 test/common.sh
create mode 100644 test/dim_test_demo.c
create mode 100644 test/dim_test_demo_tamper.c
create mode 100644 test/test_dim_core.sh
create mode 100644 test/test_dim_monitor.sh
create mode 100644 test/test_module/Makefile
create mode 100644 test/test_module/dim_test_module_demo.c
create mode 100644 test/test_module/dim_test_module_demo_tamper.c
diff --git a/test/README.md b/test/README.md
new file mode 100644
index 0000000..b75f3e6
--- /dev/null
+++ b/test/README.md
@@ -0,0 +1,23 @@
+# DIM 测试文档
+
+## 1 前置条件
+
+**OS版本支持**:openEuler 23.09以上版本;
+
+**内核版本支持**:当前支持openEuler kernel 5.10/6.4版本;
+
+**注意**:DIM包含内核组件,相关步骤需要以管理员(root)权限运行。
+
+## 2 使用openEuler源进行安装
+```
+yum install dim dim_tools make gcc
+```
+
+## 3 执行测试用例
+```
+cd dim/test/
+sh test/test_dim_core.sh
+sh test/test_monitor_core.sh
+```
+
+**注意**:全量度量功能默认关闭,如有需要,请将用例添加到对应的case_list中
\ No newline at end of file
diff --git a/test/common.sh b/test/common.sh
new file mode 100644
index 0000000..3bd8ced
--- /dev/null
+++ b/test/common.sh
@@ -0,0 +1,390 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+#!/bin/bash
+
+TEST_ROOT=/opt/dim
+TEST_DEMO_DIR=/opt/dim/demo
+TEST_DEMO_BPRM=$TEST_DEMO_DIR/dim_test_demo
+
+TEST_LOG=log
+DIM_CORE_PATH=/root/dim/dim_core.ko
+DIM_MONITOR_PATH=/root/dim/dim_monitor.ko
+
+DIM_BASELINE_DIR_PATH=/etc/dim/digest_list
+DIM_POLICY_PATH=/etc/dim/policy
+
+DIM_KERNEL_NAME="/boot/vmlinuz-*.$(arch)"
+
+TEST_MODULE_DIR=test_module
+DIM_MOD_NAME=dim_test_module_demo
+DIM_TEST_MOD_DEMO=$TEST_MODULE_DIR/dim_test_module_demo.ko
+
+DIM_TEST_MOD_DEMO_C=$TEST_MODULE_DIR/dim_test_module_demo.c
+DIM_TEST_MOD_DEMO_TAMPER_C=$TEST_MODULE_DIR/dim_test_module_demo_tamper.c
+
+TEST_RESULT=0
+
+dim_core_status() {
+ cat /sys/kernel/security/dim/runtime_status
+}
+
+dim_core_baseline() {
+ echo 1 > /sys/kernel/security/dim/baseline_init
+}
+
+dim_core_measure() {
+ echo 1 > /sys/kernel/security/dim/measure
+}
+
+dim_core_measure_log() {
+ cat /sys/kernel/security/dim/ascii_runtime_measurements
+}
+
+dim_monitor_baseline() {
+ echo 1 > /sys/kernel/security/dim/monitor_baseline
+}
+
+dim_monitor_measure() {
+ echo 1 > /sys/kernel/security/dim/monitor_run
+}
+
+dim_monitor_measure_log() {
+ cat /sys/kernel/security/dim/monitor_ascii_runtime_measurements
+}
+
+remove_dim_modules() {
+ # clean loaded modules
+ rmmod -f dim_monitor &> /dev/null
+ rmmod -f dim_core &> /dev/null
+ lsmod | grep -E 'dim_core|dim_monitor' &> /dev/null
+ if [ $? -eq 0 ]; then
+ echo "fail to remove dim modules!" >> $TEST_LOG
+ exit 1
+ fi
+}
+
+load_dim_modules () {
+ remove_dim_modules
+ load_dim_core_modules $1
+ load_dim_monitor_modules $2
+}
+
+load_dim_core_modules () {
+ # load dim_core module
+ if [ ! $DIM_CORE_PATH ]; then
+ modprobe dim_core $1
+ else
+ insmod $DIM_CORE_PATH $1
+ fi
+
+ if [ $? -ne 0 ]; then
+ echo "fail to load dim_core!"
+ exit 1
+ fi
+}
+
+load_dim_monitor_modules () {
+ # load dim_monitor module
+ if [ ! $DIM_MONITOR_PATH ]; then
+ modprobe dim_monitor $1
+ else
+ insmod $DIM_MONITOR_PATH $1
+ fi
+
+ if [ $? -ne 0 ]; then
+ echo "fail to load dim_monitor!"
+ exit 1
+ fi
+}
+
+dim_backup_baseline_and_policy() {
+ if [ -d $DIM_BASELINE_DIR_PATH ]; then
+ mv $DIM_BASELINE_DIR_PATH $DIM_BASELINE_DIR_PATH.bak
+ fi
+
+ if [ -f $DIM_POLICY_PATH ]; then
+ mv $DIM_POLICY_PATH $DIM_POLICY_PATH.bak
+ fi
+}
+
+dim_restore_baseline_and_policy() {
+ if [ -d $DIM_BASELINE_DIR_PATH.bak ]; then
+ rm -rf $DIM_BASELINE_DIR_PATH
+ mv $DIM_BASELINE_DIR_PATH.bak $DIM_BASELINE_DIR_PATH
+ fi
+
+ if [ -f $DIM_POLICY_PATH.bak ]; then
+ mv -f $DIM_POLICY_PATH.bak $DIM_POLICY_PATH
+ fi
+}
+
+dim_gen_baseline_file() {
+ mkdir -p $DIM_BASELINE_DIR_PATH
+ if [ -z $2 ]; then
+ dim_gen_baseline $1
+ else
+ dim_gen_baseline $1 -o "$DIM_BASELINE_DIR_PATH/$2"
+ fi
+}
+
+dim_gen_baseline_dir() {
+ mkdir -p $DIM_BASELINE_DIR_PATH
+ dim_gen_baseline -r $1 -o $DIM_BASELINE_DIR_PATH/$2
+}
+
+dim_gen_baseline_kerenl() {
+ mkdir -p $DIM_BASELINE_DIR_PATH
+ if [ -z $1 ]; then
+ dim_gen_baseline -k "$(uname -r)" $DIM_KERNEL_NAME
+ else
+ dim_gen_baseline -k "$(uname -r)" -o $DIM_BASELINE_DIR_PATH/$1 $DIM_KERNEL_NAME
+ fi
+}
+
+DIM_BASELINE_DIR_ALL=("/usr/bin" "/usr/sbin" "/usr/lib64" "/usr/libexec" "/usr/lib")
+
+dim_gen_baseline_all() {
+ if [ $1 ]; then
+ digest_algorithm="-a sm3"
+ else
+ digest_algorithm=""
+ fi
+
+ mkdir -p /etc/dim/digest_list
+ for baseline_file in "${DIM_BASELINE_DIR_ALL[@]}"; do
+ dim_gen_baseline $digest_algorithm -r $baseline_file -o "$DIM_BASELINE_DIR_PATH/${baseline_file##*/}.hash"
+ done
+ dim_gen_baseline $digest_algorithm -k "$(uname -r)" -o $DIM_BASELINE_DIR_PATH/kernel.hash $DIM_KERNEL_NAME
+}
+
+
+dim_gen_policy_bprm_path() {
+ echo "measure obj=BPRM_TEXT path=$1" >> $DIM_POLICY_PATH
+}
+
+dim_gen_policy_module_name() {
+ echo "measure obj=MODULE_TEXT name=$1" >> $DIM_POLICY_PATH
+}
+
+dim_gen_policy_kernel() {
+ echo "measure obj=KERNEL_TEXT" >> $DIM_POLICY_PATH
+}
+
+dim_gen_policy_all() {
+ rm -f $DIM_POLICY_PATH
+ cat $DIM_BASELINE_DIR_PATH/* | awk '{print $4}' | while read line; do
+ if [[ "$line" == /* ]]; then
+ echo "measure obj=BPRM_TEXT path=$line" >> $DIM_POLICY_PATH
+ continue
+ fi
+ if [ "$line" == "$(uname -r)" ]; then
+ echo "measure obj=KERNEL_TEXT" >> $DIM_POLICY_PATH
+ continue
+ fi
+ if [ "$line" != "$(uname -r)" ]; then
+ echo "measure obj=MODULE_TEXT name=$(basename $line)" >> $DIM_POLICY_PATH
+ fi
+ done
+ sed -i '/dim_core/d' $DIM_POLICY_PATH
+ sed -i '/dim_monitor/d' $DIM_POLICY_PATH
+}
+
+dim_gen_cert() {
+ mkdir -p $TEST_ROOT/cert/
+ openssl genrsa -out $TEST_ROOT/cert/dim.key 4096 &>> $TEST_LOG
+ openssl req -new -sha256 -key $TEST_ROOT/cert/dim.key -out $TEST_ROOT/cert/dim.csr -subj "/C=AA/ST=BB/O=CC/OU=DD/CN=DIM" &>> $TEST_LOG
+ openssl x509 -req -days 3650 -signkey $TEST_ROOT/cert/dim.key -in $TEST_ROOT/cert/dim.csr -out $TEST_ROOT/cert/dim.crt &>> $TEST_LOG
+ openssl x509 -in $TEST_ROOT/cert/dim.crt -out $TEST_ROOT/cert/dim.der -outform DER &>> $TEST_LOG
+ mkdir -p /etc/keys
+ cp $TEST_ROOT/cert/dim.der /etc/keys/x509_dim.der
+}
+
+dim_gen_signature() {
+ openssl dgst -sha256 -out $DIM_POLICY_PATH.sig -sign $TEST_ROOT/cert/dim.key $DIM_POLICY_PATH
+ for file in $(ls $DIM_BASELINE_DIR_PATH | grep .hash); do
+ openssl dgst -sha256 -out $DIM_BASELINE_DIR_PATH/$file.sig -sign $TEST_ROOT/cert/dim.key $DIM_BASELINE_DIR_PATH/$file
+ done
+}
+
+dim_baseline_to_measure_log() {
+ name="$(echo "$1" | awk '{print $4}')"
+ if [[ $name == $(uname -r)/* ]]; then
+ name="$(basename $name)"
+ fi
+
+ echo "$(echo "$1" | awk '{print $3}') $name"
+}
+
+tamper_dim_test_demo() {
+ gcc dim_test_demo_tamper.c -o $TEST_DEMO_DIR/dim_test_demo
+}
+
+tamper_dim_test_mod_demo() {
+ rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
+ mv $DIM_TEST_MOD_DEMO_C $DIM_TEST_MOD_DEMO_C.bak
+ mv $DIM_TEST_MOD_DEMO_TAMPER_C $DIM_TEST_MOD_DEMO_C
+ cd $TEST_MODULE_DIR
+ make > /dev/null
+ cd ..
+}
+
+tamper_dim_test_mod_demo_end() {
+ rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
+ mv $DIM_TEST_MOD_DEMO_C $DIM_TEST_MOD_DEMO_TAMPER_C
+ mv $DIM_TEST_MOD_DEMO_C.bak $DIM_TEST_MOD_DEMO_C
+}
+
+gen_dim_test_demo() {
+ gcc dim_test_demo.c -o $TEST_DEMO_BPRM
+ dim_gen_baseline_file $TEST_DEMO_BPRM test.hash
+ dim_gen_policy_bprm_path $TEST_DEMO_BPRM
+}
+
+gen_dim_test_mod_demo() {
+ rm -f $TEST_MODULE_DIR/$DIM_MOD_NAME.o
+ cd $TEST_MODULE_DIR
+ make > /dev/null
+ cd ..
+ dim_gen_baseline_file $DIM_TEST_MOD_DEMO test.hash
+ dim_gen_policy_module_name $DIM_MOD_NAME
+}
+
+measure_log_tampered() {
+ if [ $2 ]; then
+ echo "$1 \[tampered\]"
+ else
+ baseline="$(dim_gen_baseline_file $1)"
+ echo "$(dim_baseline_to_measure_log "$baseline") \[tampered\]"
+ fi
+}
+
+measure_log_static() {
+ if [ $2 ]; then
+ baseline="$(dim_gen_baseline_kerenl)"
+ echo "$(dim_baseline_to_measure_log "$baseline") \[static baseline\]"
+ else
+ baseline="$(dim_gen_baseline_file $1)"
+ echo "$(dim_baseline_to_measure_log "$baseline") \[static baseline\]"
+ fi
+}
+
+measure_log_no_static() {
+ if [ $2 ]; then
+ echo "$1 \[no static baseline\]"
+ else
+ baseline="$(dim_gen_baseline_file $1)"
+ echo "$(dim_baseline_to_measure_log "$baseline") \[no static baseline\]"
+ fi
+}
+
+check_dim_measure_log_match() {
+ if [ "$2" == "dim_monitor_measure_log" ]; then
+ dim_monitor_measure_log | grep "$1" &> /dev/null
+ else
+ dim_core_measure_log | grep "$1" &> /dev/null
+ fi
+
+ if [ $? -ne 0 ]; then
+ echo "check fail:" >> $TEST_LOG
+ echo " get measure log: $($2)" >> $TEST_LOG
+ echo " want measure log: $1" >> $TEST_LOG
+ TEST_RESULT=1
+ return 1
+ fi
+
+ echo "check ok: measure log has $1" >> $TEST_LOG
+}
+
+check_dim_measure_log_length() {
+ if [ $($2 | wc -l) -ne $1 ]; then
+ echo "check fail: measure log length is not $1" >> $TEST_LOG
+ TEST_RESULT=1
+ return 1
+ fi
+
+ echo "check ok: measure log length is $1" >> $TEST_LOG
+}
+
+check_dim_measure_log_not_contain() {
+ if [ "$2" == "dim_monitor_measure_log" ]; then
+ dim_monitor_measure_log | grep "$1" &> /dev/null
+ else
+ dim_core_measure_log | grep "$1" &> /dev/null
+ fi
+ if [ $? -eq 0 ]; then
+ echo "check fail"
+ TEST_RESULT=1
+ return 1
+ fi
+
+ echo "check ok: measure log hasn't $1" >> $TEST_LOG
+}
+
+check_dim_core_log_normal() {
+ dim_core_baseline
+ check_dim_measure_log_not_contain "\[no static baseline\]" "dim_core_measure_log"
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_core_measure_log"
+ dim_core_measure
+ check_dim_measure_log_not_contain "\[no static baseline\]" "dim_core_measure_log"
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_core_measure_log"
+}
+
+check_dim_monitor_log_normal() {
+ dim_monitor_baseline
+ check_dim_measure_log_length 2 "dim_monitor_measure_log"
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_monitor_measure_log"
+ dim_monitor_measure
+ check_dim_measure_log_length 2 "dim_monitor_measure_log"
+ check_dim_measure_log_not_contain "\[tampered\]" "dim_monitor_measure_log"
+}
+
+check_dim_monitor_log_tampered() {
+ dim_core_baseline
+ dim_monitor_measure
+ check_dim_measure_log_length 3 "dim_monitor_measure_log"
+ check_dim_measure_log_match "dim_core.data \[tampered\]" "dim_monitor_measure_log"
+}
+
+run_dim_core_baseline_and_check_log() {
+ dim_core_baseline
+ check_dim_measure_log_length "$2" "dim_core_measure_log"
+ check_dim_measure_log_match "$1" "dim_core_measure_log"
+}
+
+run_dim_core_measure_and_check_log() {
+ dim_core_measure
+ check_dim_measure_log_length "$2" "dim_core_measure_log"
+ check_dim_measure_log_match "$1" "dim_core_measure_log"
+}
+
+run_dim_core_and_check_log() {
+ if [ "$1" = "baseline" ]; then
+ run_dim_core_baseline_and_check_log "$2" "$3"
+ if [ $4 ]; then
+ kill $4
+ fi
+ elif [ "$1" = "measure" ]; then
+ run_dim_core_measure_and_check_log "$2" "$3"
+ if [ $4 ]; then
+ kill $4
+ fi
+ else
+ run_dim_core_baseline_and_check_log "$1" "$2"
+ run_dim_core_measure_and_check_log "$3" "$4"
+ if [ $5 ]; then
+ kill $5
+ fi
+ fi
+}
+
+test_pre() {
+ mkdir -p $TEST_DEMO_DIR
+ gcc dim_test_demo.c -o $TEST_DEMO_DIR/dim_test_demo
+ dim_backup_baseline_and_policy
+ load_dim_modules
+}
+
+test_post() {
+ remove_dim_modules
+ dim_restore_baseline_and_policy
+}
+
diff --git a/test/dim_test_demo.c b/test/dim_test_demo.c
new file mode 100644
index 0000000..113fc3d
--- /dev/null
+++ b/test/dim_test_demo.c
@@ -0,0 +1,12 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+ */
+
+#include <stdio.h>
+
+int main()
+{
+ printf("dim_test_demo\n");
+ while (1);
+ return 0;
+}
diff --git a/test/dim_test_demo_tamper.c b/test/dim_test_demo_tamper.c
new file mode 100644
index 0000000..7f95775
--- /dev/null
+++ b/test/dim_test_demo_tamper.c
@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+ */
+
+#include <stdio.h>
+
+int main()
+{
+ printf("dim_test_demo");
+ printf("_tamper\n");
+ while (1);
+ return 0;
+}
diff --git a/test/test_dim_core.sh b/test/test_dim_core.sh
new file mode 100644
index 0000000..01fa2b9
--- /dev/null
+++ b/test/test_dim_core.sh
@@ -0,0 +1,145 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+#!/bin/bash
+
+. ./common.sh
+
+test_measure_bprm_text_normal() {
+ gen_dim_test_demo
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
+ # test
+ run_dim_core_and_check_log "$(measure_log_static $TEST_DEMO_BPRM)" 1 "$(measure_log_static $TEST_DEMO_BPRM)" 1 $pid
+}
+
+test_measure_bprm_text_no_baseline() {
+ gen_dim_test_demo
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
+ # remove baseline
+ rm -f $DIM_BASELINE_DIR_PATH/test.hash
+ # test
+ run_dim_core_and_check_log "$(measure_log_no_static $TEST_DEMO_BPRM)" 1 "$(measure_log_no_static $TEST_DEMO_BPRM)" 1 $pid
+}
+
+test_measure_bprm_text_tamper_1() {
+ # prepare
+ gen_dim_test_demo
+ tamper_dim_test_demo
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
+ # test
+ run_dim_core_and_check_log "$(measure_log_tampered $TEST_DEMO_BPRM)" 1 "$(measure_log_tampered $TEST_DEMO_BPRM)" 1 $pid
+}
+
+test_measure_bprm_text_tamper_2() {
+ # prepare
+ gen_dim_test_demo
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
+ # test baseline
+ run_dim_core_and_check_log baseline "$(measure_log_static $TEST_DEMO_BPRM)" 1 $pid
+ # tamper dim_test_demo
+ tamper_dim_test_demo
+ $TEST_DEMO_DIR/dim_test_demo > /dev/null & pid=$!
+ # test measure
+ run_dim_core_and_check_log measure "$(measure_log_tampered $TEST_DEMO_BPRM)" 2 $pid
+
+ kill $pid
+}
+
+test_measure_kernel_normal() {
+ dim_gen_policy_kernel
+ dim_gen_baseline_kerenl test.hash
+
+ run_dim_core_and_check_log "$(measure_log_static $DIM_KERNEL_NAME "kernel")" 1 "$(measure_log_static $DIM_KERNEL_NAME "kernel")" 1
+}
+
+test_measure_module_text_normal() {
+ gen_dim_test_mod_demo
+ insmod $DIM_TEST_MOD_DEMO
+ run_dim_core_and_check_log "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1 "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1
+ rmmod $DIM_TEST_MOD_DEMO
+}
+
+test_measure_module_text_no_baseline() {
+ gen_dim_test_mod_demo
+ insmod $DIM_TEST_MOD_DEMO
+
+ # remove baseline
+ rm -f $DIM_BASELINE_DIR_PATH/test.hash
+
+ run_dim_core_and_check_log "$(measure_log_no_static $DIM_MOD_NAME "mod_no_static")" 1 "$(measure_log_no_static $DIM_MOD_NAME "mod_no_static")" 1
+ rmmod $DIM_TEST_MOD_DEMO
+}
+
+test_measure_module_text_tamper() {
+ gen_dim_test_mod_demo
+ insmod $DIM_TEST_MOD_DEMO
+
+ run_dim_core_and_check_log baseline "$(measure_log_static $DIM_TEST_MOD_DEMO)" 1
+ rmmod $DIM_TEST_MOD_DEMO
+ tamper_dim_test_mod_demo
+ insmod $DIM_TEST_MOD_DEMO
+ run_dim_core_and_check_log measure "$(measure_log_tampered $DIM_MOD_NAME "module_tampered")" 2
+ rmmod $DIM_TEST_MOD_DEMO
+ tamper_dim_test_mod_demo_end
+}
+
+test_measure_all_text_normal() {
+ dim_gen_baseline_all
+ dim_gen_policy_all
+ check_dim_core_log_normal
+}
+
+test_measure_all_text_normal_sm3() {
+ dim_gen_baseline_all 1
+ dim_gen_policy_all
+ load_dim_modules "measure_hash=sm3"
+ check_dim_core_log_normal
+}
+
+test_measure_all_text_normal_sign() {
+ dim_gen_baseline_all
+ dim_gen_policy_all
+ dim_gen_cert
+ dim_gen_signature
+ load_dim_modules "signature=on"
+ check_dim_core_log_normal
+}
+
+POLICY_INVALID="measure1 obj=BPRM_TEXT path=/opt/dim/demo/dim_test_demo\n\
+measure obj1=BPRM_TEXT path=/opt/dim/demo/dim_test_demo\n\
+measure obj=BPRM_TEXT1 path=/opt/dim/demo/dim_test_demo\n\
+measure obj=BPRM_TEXT name=/opt/dim/demo/dim_test_demo\n\
+measure obj=MODULE_TEXT path=$(head -c 4096 < /dev/zero | tr '\0' '\141')\n"
+
+test_invalid_policy() {
+ IFS=$'\n'
+ for policy in $(echo -e $POLICY_INVALID); do
+ echo "$policy" > $DIM_POLICY_PATH
+ dim_core_baseline
+ dim_core_status
+ done &>> $TEST_LOG
+}
+
+# Full measurement. The test is disabled by default.
+# test_measure_all_text_normal \
+# test_measure_all_text_normal_sm3 \
+# test_measure_all_text_normal_sign \
+case_list="test_measure_bprm_text_normal \
+ test_measure_bprm_text_no_baseline \
+ test_measure_bprm_text_tamper_1 \
+ test_measure_bprm_text_tamper_2 \
+ test_measure_module_text_normal \
+ test_measure_module_text_no_baseline \
+ test_measure_module_text_tamper \
+ test_measure_kernel_normal \
+ test_invalid_policy"
+
+for case in $case_list; do
+ test_pre
+ $case
+ if [ $TEST_RESULT -eq 0 ]; then
+ echo "$case PASS"
+ else
+ echo "$case FAIL"
+ fi
+ test_post
+done
+
diff --git a/test/test_dim_monitor.sh b/test/test_dim_monitor.sh
new file mode 100644
index 0000000..b4a1ea8
--- /dev/null
+++ b/test/test_dim_monitor.sh
@@ -0,0 +1,32 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+#!/bin/bash
+
+. ./common.sh
+
+test_measure_monitor_normal() {
+ dim_gen_baseline_all
+ dim_gen_policy_all
+ check_dim_core_log_normal
+ check_dim_monitor_log_normal
+}
+
+test_measure_monitor_tamper() {
+ test_measure_monitor_normal
+ check_dim_monitor_log_tampered
+}
+
+# Full measurement. The test is disabled by default.
+# case_list="test_measure_monitor_normal \
+# test_measure_monitor_tamper"
+case_list=""
+
+for case in $case_list; do
+ test_pre
+ $case
+ if [ $TEST_RESULT -eq 0 ]; then
+ echo "$case PASS"
+ else
+ echo "$case FAIL"
+ fi
+ test_post
+done
diff --git a/test/test_module/Makefile b/test/test_module/Makefile
new file mode 100644
index 0000000..4255525
--- /dev/null
+++ b/test/test_module/Makefile
@@ -0,0 +1,16 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+
+obj-m := dim_test_module_demo.o
+
+KERNEL := $(DESTDIR)/lib/modules/$(shell uname -r)/build
+CONFIG_MODULE_SIG=n
+
+PWD := $(shell pwd)
+
+modules :
+ $(MAKE) -C $(KERNEL) M=$(PWD) modules
+
+.PHONEY:clean
+
+clean :
+ $(MAKE) -C $(KERNEL) SUBDIRS=$(PWD) clean
diff --git a/test/test_module/dim_test_module_demo.c b/test/test_module/dim_test_module_demo.c
new file mode 100644
index 0000000..3303365
--- /dev/null
+++ b/test/test_module/dim_test_module_demo.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+ */
+
+#include <linux/module.h>
+
+static int test_mod_init(void)
+{
+ pr_info("init!\n");
+ return 0;
+}
+
+static void test_mod_exit(void)
+{
+ pr_info("exit!\n");
+}
+
+module_init(test_mod_init);
+module_exit(test_mod_exit);
+MODULE_LICENSE("");
diff --git a/test/test_module/dim_test_module_demo_tamper.c b/test/test_module/dim_test_module_demo_tamper.c
new file mode 100644
index 0000000..c443d7b
--- /dev/null
+++ b/test/test_module/dim_test_module_demo_tamper.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2023-2023. All rights reserved.
+ */
+
+#include <linux/module.h>
+
+static int test_mod_init(void)
+{
+ int i = 0;
+ i += 1;
+ pr_info("%d\n", i);
+ pr_info("init!\n");
+ return 0;
+}
+
+static void test_mod_exit(void)
+{
+ pr_info("exit!\n");
+}
+
+module_init(test_mod_init);
+module_exit(test_mod_exit);
+MODULE_LICENSE("");
--
2.33.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手