| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| TIME="SHORT" |
| AUTHOR = "The Chromium OS Authors" |
| DOC = """ |
| Linux provides no way to give a process the CAP_SETUID runtime capability |
| without indescriminately allowing that process to change UID to any user on the |
| system, including the root user. This is an obstacle to sandboxing system |
| services in ChromeOS that spawn programs which setuid() to a different user. |
| To solve this problem, we have added functionality to the ChromiumOS LSM which |
| allows for configuring per-UID policies in ChromeOS that restrict which UIDs |
| can be switched to by processes spawned under the restricted UID. |
| """ |
| NAME = "security_ProcessManagementPolicy" |
| PURPOSE = """ |
| Prevent compromised non-root processes from being able to escalate |
| privileges to root through a simple setuid() call. |
| """ |
| CRITERIA = """ |
| This autotest ensures that restricted users can only setuid() to UIDs approved |
| by the security policy installed on the system. |
| """ |
| ATTRIBUTES = "suite:bvt-perbuild" |
| TEST_CLASS = "security" |
| TEST_CATEGORY = "Functional" |
| TEST_TYPE = "client" |
| JOB_RETRIES = 2 |
| |
| job.run_test("security_ProcessManagementPolicy") |