security

package
v0.0.0-...-9474aff Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 28, 2022 License: BSD-3-Clause Imports: 64 Imported by: 0

Documentation

Overview

Package security contains local Tast tests that exercise core security-related features.

Some of these tests could arguably live elsewhere (e.g. the kernel or platform packages), but we group them here based on their relevance to security.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ASLR 

func ASLR(ctx context.Context, s *testing.State)

func AltSyscall 

func AltSyscall(ctx context.Context, s *testing.State)

func CPUVulnerabilities 

func CPUVulnerabilities(ctx context.Context, s *testing.State)

func CPUVulnerabilitiesCrostini 

func CPUVulnerabilitiesCrostini(ctx context.Context, s *testing.State)

func ChromeSandboxed 

func ChromeSandboxed(ctx context.Context, s *testing.State)

func ExecStack 

func ExecStack(ctx context.Context, s *testing.State)

func Firewall 

func Firewall(ctx context.Context, s *testing.State)

func GPUSandboxed 

func GPUSandboxed(ctx context.Context, s *testing.State)

func HardLinkRestrictions 

func HardLinkRestrictions(ctx context.Context, s *testing.State)

func LogPerms 

func LogPerms(ctx context.Context, s *testing.State)

func Manatee 

func Manatee(ctx context.Context, s *testing.State)

Manatee implements the security.Manatee test.

func Microcode 

func Microcode(ctx context.Context, s *testing.State)

func Minijail 

func Minijail(ctx context.Context, s *testing.State)

func MinijailSeccomp 

func MinijailSeccomp(ctx context.Context, s *testing.State)

func ModuleLocking 

func ModuleLocking(ctx context.Context, s *testing.State)
func MountSymlink(ctx context.Context, s *testing.State)

func Mprotect 

func Mprotect(ctx context.Context, s *testing.State)

func Mtab 

func Mtab(ctx context.Context, s *testing.State)

func NetworkListenersARC 

func NetworkListenersARC(ctx context.Context, s *testing.State)

func NetworkListenersNonARC 

func NetworkListenersNonARC(ctx context.Context, s *testing.State)

func OpenSSLBlocklist 

func OpenSSLBlocklist(ctx context.Context, s *testing.State)

func PrivilegedFiles 

func PrivilegedFiles(ctx context.Context, s *testing.State)

func ProtocolFamilies 

func ProtocolFamilies(ctx context.Context, s *testing.State)

func PtraceProcess 

func PtraceProcess(ctx context.Context, s *testing.State)

func PtraceThread 

func PtraceThread(ctx context.Context, s *testing.State)

func RootCA 

func RootCA(ctx context.Context, s *testing.State)

func RunFiles 

func RunFiles(ctx context.Context, s *testing.State)

func RunOCI 

func RunOCI(ctx context.Context, s *testing.State)

func SELinuxAuditBasic 

func SELinuxAuditBasic(ctx context.Context, s *testing.State)

func SELinuxFilesARC 

func SELinuxFilesARC(ctx context.Context, s *testing.State)

func SELinuxFilesDataDir 

func SELinuxFilesDataDir(ctx context.Context, s *testing.State)

func SELinuxFilesNonARC 

func SELinuxFilesNonARC(ctx context.Context, s *testing.State)

func SELinuxFilesSystem 

func SELinuxFilesSystem(ctx context.Context, s *testing.State)

func SELinuxFilesSystemInformational 

func SELinuxFilesSystemInformational(ctx context.Context, s *testing.State)

func SELinuxProcesses 

func SELinuxProcesses(ctx context.Context, s *testing.State)

func SELinuxProcessesARC 

func SELinuxProcessesARC(ctx context.Context, s *testing.State)

func SELinuxProcessesARCInformational 

func SELinuxProcessesARCInformational(ctx context.Context, s *testing.State)

func SELinuxProcessesExperimental 

func SELinuxProcessesExperimental(ctx context.Context, s *testing.State)

func SELinuxProcessesInformational 

func SELinuxProcessesInformational(ctx context.Context, s *testing.State)

func SELinuxValidity 

func SELinuxValidity(ctx context.Context, s *testing.State)

func SafesetidEnsurePolicy 

func SafesetidEnsurePolicy(ctx context.Context, s *testing.State)

SafesetidEnsurePolicy forks processes as non-root users and ensures the processes can change UID to a user that is explicitly allowed in the system-wide allowlist, but no other user.

func SandboxLinuxUnittests 

func SandboxLinuxUnittests(ctx context.Context, s *testing.State)

func SandboxedServices 

func SandboxedServices(ctx context.Context, s *testing.State)

func SharedFilesystemState 

func SharedFilesystemState(ctx context.Context, s *testing.State)

SharedFilesystemState test will fail if you are adding a new shared mount to the init mount namespace. If this is the case, follow these steps:

  1. Confirm that it is necessary and prepare reasoning for why this mount must be shared and in the init mount namespace.
  2. Add the mount to the appropriate list below (based on whether it exists in ARCVM/ARC++ and whether it exists when the user is logged in or not).
  3. Add short reasoning as a comment above the mount, then add a more detailed explanation in https://chrome-internal.googlesource.com/chromeos/docs/+/HEAD/security/shared_filesystem_state.md
  4. Add nvaa@ or another chromeos-security@ engineer as a reviewer on the CL.

func StatefulFiles 

func StatefulFiles(ctx context.Context, s *testing.State)

func StatefulPartitionHardening 

func StatefulPartitionHardening(ctx context.Context, s *testing.State)

func SymlinkRestrictions 

func SymlinkRestrictions(ctx context.Context, s *testing.State)

func SystemDirs 

func SystemDirs(ctx context.Context, s *testing.State)

func ToolchainOptions 

func ToolchainOptions(ctx context.Context, s *testing.State)

func USBBouncer 

func USBBouncer(ctx context.Context, s *testing.State)

func USBGuard 

func USBGuard(ctx context.Context, s *testing.State)

func UserFilesGuest 

func UserFilesGuest(ctx context.Context, s *testing.State)

func UserFilesLoggedIn 

func UserFilesLoggedIn(ctx context.Context, s *testing.State)

Types

type BootLockboxService 

type BootLockboxService struct {
	// contains filtered or unexported fields
}

BootLockboxService implements tast.cros.security.BootLockboxService.

func (*BootLockboxService) CloseChrome 

func (c *BootLockboxService) CloseChrome(ctx context.Context, req *empty.Empty) (*empty.Empty, error)

func (*BootLockboxService) NewChromeLogin 

func (c *BootLockboxService) NewChromeLogin(ctx context.Context, req *empty.Empty) (*empty.Empty, error)

func (*BootLockboxService) Read 

func (*BootLockboxService) Read(ctx context.Context, request *security.ReadBootLockboxRequest) (*security.ReadBootLockboxResponse, error)

func (*BootLockboxService) Store 

func (*BootLockboxService) Store(ctx context.Context, request *security.StoreBootLockboxRequest) (*empty.Empty, error)

Source Files

View all Source files

Directories

Path Synopsis
Package filecheck helps tests check permissions and ownership of on-disk files.
 Package filecheck helps tests check permissions and ownership of on-disk files.
Package filesetup provides file-related utility functions for security tests.
 Package filesetup provides file-related utility functions for security tests.
Package fscaps reads Linux file capabilities.
 Package fscaps reads Linux file capabilities.
Package netlisten compares code shared by security.NetworkListeners tests.
 Package netlisten compares code shared by security.NetworkListeners tests.
Package openfds contains support code for the security.OpenFDs test.
 Package openfds contains support code for the security.OpenFDs test.
Package sandboxing provides functions for obtaining sandboxing-related information about running processes.
 Package sandboxing provides functions for obtaining sandboxing-related information about running processes.
Package seccomp leverages integration tests for generating Minijail seccomp policies.
 Package seccomp leverages integration tests for generating Minijail seccomp policies.
Package selinux contains shared logic for security tests that verify SELinux configuration.
 Package selinux contains shared logic for security tests that verify SELinux configuration.
Package toolchain contains support code for the security.ToolchainOptions test.
 Package toolchain contains support code for the security.ToolchainOptions test.
Package userfiles contains shared logic for security.UserFiles* tests.
 Package userfiles contains shared logic for security.UserFiles* tests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.