blob: 6350a00be0f64479cebeb1a0227b11233f2061a8 [file] [log] [blame]
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
TIME="SHORT"
AUTHOR = "The Chromium OS Authors"
DOC = """
Enforces a whitelist of known, allowed processes with open network listens
"""
NAME = "security_NetworkListeners_P.bvt-arc"
PURPOSE = "To maintain a minimal set of network-facing attack surface"
CRITERIA = """
Fail if the list of processes listening on the network doesn't match the
baseline
"""
# Ordinarily, a test shouldn't be in both bvt-inline and bvt-arc since
# that will make it run twice in release builders. However, the CQ
# doesn't run bvt-arc on all board families, and not all Android PFQ
# builders run bvt-inline. We need this test in both of those contexts.
#
# We could solve this by running bvt-arc on all ARC families in the CQ just
# for the sake of this one test, but that seems harder to explain. The
# cost of running twice in release builders is low enough, so that's
# what we're doing.
DEPENDENCIES = "arc"
ATTRIBUTES = "suite:bvt-perbuild"
TEST_CLASS = "security"
TEST_CATEGORY = "Functional"
TEST_TYPE = "client"
JOB_RETRIES = 2
job.run_test("security_NetworkListeners_P")