| # Copyright (c) 2017 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import logging |
| import os |
| import time |
| |
| from autotest_lib.client.bin import test |
| from autotest_lib.client.common_lib import error |
| from autotest_lib.client.common_lib.cros import chrome |
| from autotest_lib.client.cros import cryptohome |
| |
| |
| class login_CryptohomeDataLeak(test.test): |
| """Verify decrypted user data is cleared after end of session. |
| """ |
| version = 1 |
| |
| _CHAPS_LOCK_DIR = '/run/lock/power_override' |
| _CHAPS_LOCK_PREFIX = 'chapsd_token_init_slot_' |
| _CHAPS_INIT_TIMEOUT = 30 |
| |
| def run_once(self): |
| """Entry point of test""" |
| username = '' |
| test_file = '' |
| |
| with chrome.Chrome() as cr: |
| username = cr.username |
| if not cryptohome.is_permanent_vault_mounted(username): |
| raise error.TestError('Expected to find a mounted vault.') |
| |
| test_file = '/home/.shadow/%s/mount/hello' \ |
| % cryptohome.get_user_hash(username) |
| |
| logging.info("Test file: %s", test_file) |
| open(test_file, 'w').close() |
| |
| # Check until chaps lock file disappear. |
| for _ in xrange(self._CHAPS_INIT_TIMEOUT): |
| time.sleep(1) |
| has_lock = False |
| for lock in os.listdir(self._CHAPS_LOCK_DIR): |
| if lock.startswith(self._CHAPS_LOCK_PREFIX): |
| has_lock = True |
| break |
| if not has_lock: |
| break |
| else: |
| raise error.TestError( |
| 'Expected chaps finished all load events.') |
| |
| if cryptohome.is_vault_mounted(user=username, allow_fail=True): |
| raise error.TestError('Expected to not find a mounted vault.') |
| |
| # At this point, the session is not active and the file name is expected |
| # to be encrypted again. |
| |
| if os.path.isfile(test_file): |
| raise error.TestFail('File still visible after end of session.') |
| |
| cryptohome.remove_vault(username) |