| # Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| TIME="SHORT" |
| AUTHOR = "The Chromium OS Authors" |
| DOC = """ |
| Enforces a whitelist of known, allowed processes with open network listens |
| """ |
| NAME = "security_NetworkListeners_P.bvt-arc" |
| PURPOSE = "To maintain a minimal set of network-facing attack surface" |
| CRITERIA = """ |
| Fail if the list of processes listening on the network doesn't match the |
| baseline |
| """ |
| # Ordinarily, a test shouldn't be in both bvt-inline and bvt-arc since |
| # that will make it run twice in release builders. However, the CQ |
| # doesn't run bvt-arc on all board families, and not all Android PFQ |
| # builders run bvt-inline. We need this test in both of those contexts. |
| # |
| # We could solve this by running bvt-arc on all ARC families in the CQ just |
| # for the sake of this one test, but that seems harder to explain. The |
| # cost of running twice in release builders is low enough, so that's |
| # what we're doing. |
| DEPENDENCIES = "arc" |
| ATTRIBUTES = "suite:bvt-perbuild" |
| TEST_CLASS = "security" |
| TEST_CATEGORY = "Functional" |
| TEST_TYPE = "client" |
| JOB_RETRIES = 2 |
| |
| job.run_test("security_NetworkListeners_P") |