security_ProfilePermissions.py revision 16634c8a6f794824688592a12b0b986bf49e96db 
1# Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import logging
6import os
7import pwd
8import stat
9
10from autotest_lib.client.bin import utils
11from autotest_lib.client.common_lib import error
12from autotest_lib.client.cros import constants, cros_ui_test, cryptohome, login
13
14
15class security_ProfilePermissions(cros_ui_test.UITest):
16    version = 2
17    _HOMEDIR_MODE = 0710
18
19    def check_owner_mode(self, path, expected_owner, expected_mode):
20        """
21        Checks if the file/directory at 'path' is owned by 'expected_owner'
22        with permissions matching 'expected_mode'.
23        Returns True if they match, else False.
24        Logs any mismatches to logging.error.
25        """
26        s = os.stat(path)
27        actual_owner = pwd.getpwuid(s.st_uid).pw_name
28        actual_mode = stat.S_IMODE(s.st_mode)
29        if (expected_owner != actual_owner or
30            expected_mode != actual_mode):
31            logging.error("%s - Expected %s:%s, saw %s:%s" %
32                          (path, expected_owner, oct(expected_mode),
33                           actual_owner, oct(actual_mode)))
34            return False
35        else:
36            return True
37
38
39    def run_once(self):
40        """Check permissions within cryptohome for anything too permissive."""
41        passes = []
42        login.wait_for_initial_chrome_window()
43
44        homepath = "/home/chronos"
45        passes.append(self.check_owner_mode(homepath, "chronos", 0755))
46
47        user_mountpt = constants.CRYPTOHOME_MOUNT_PT
48        # TODO(jimhebert) homedir mode check excluded from BWSI right now.
49        # Once crosbug.com/16425 is fixed, remove the is_mounted() check.
50        if cryptohome.is_mounted():
51            passes.append(self.check_owner_mode(user_mountpt, "chronos",
52                                                self._HOMEDIR_MODE))
53
54        # TODO(benchan): Refactor the following code to use some helper
55        # functions instead of find commands.
56
57        # An array of shell commands, each representing a test that
58        # passes if it emits no output. The first test is the main one.
59        # In general, writable by anyone else is bad, as is owned by
60        # anyone else. Any exceptions to that are pruned out of the
61        # first test and checked individually by subsequent tests.
62        cmds = [
63            ('find -L "%s" -path "%s" -o '
64             # Avoid false-positives on SingletonLock, SingletonCookie, etc.
65             ' \\( -name "Singleton*" -a -type l \\) -o '
66             ' -path "%s/Downloads" -prune -o '
67             ' -path "%s/flimflam" -prune -o '
68             ' -path "%s/.tpm" -prune -o '
69             ' \\( -perm /022 -o \\! -user chronos \\) -ls') %
70            (homepath, homepath, user_mountpt, user_mountpt, user_mountpt),
71            # /home/chronos/user and /home/chronos/user/Downloads are owned by
72            # the chronos-access group and with a group execute permission.
73            'find -L "%s" -maxdepth 0 \\( \\! -perm 710 '
74            '-o \\! -user chronos -o \\! -group chronos-access \\) -ls' %
75            user_mountpt,
76            'find -L "%s/Downloads" -maxdepth 0 \\( \\! -perm 710 '
77            '-o \\! -user chronos -o \\! -group chronos-access \\) -ls' %
78            user_mountpt,
79            'find -L "%s/flimflam" \\( -perm /077 -o \\! -user root \\) -ls' %
80            user_mountpt,
81            # TODO(jimhebert) Uncomment after crosbug.com/16425 is fixed.
82            #('find -L "%s/.tpm" \\( -perm /007 -o \\! -user chronos '
83            # ' -o \\! -group pkcs11 \\) -ls') % user_mountpt,
84        ]
85
86        for cmd in cmds:
87            cmd_output = utils.system_output(cmd, ignore_status=True)
88            if cmd_output:
89                passes.append(False)
90                logging.error(cmd_output)
91
92        # This next section only applies if we have a real vault mounted
93        # (ie, not a BWSI tmpfs).
94        if cryptohome.is_mounted():
95            # Also check the permissions of the underlying vault and
96            # supporting directory structure.
97            vaultpath = cryptohome.current_mounted_vault()
98
99            passes.append(self.check_owner_mode(vaultpath, "root", 0700))
100            passes.append(self.check_owner_mode(vaultpath + "/../master.0",
101                                                "root", 0600))
102            passes.append(self.check_owner_mode(vaultpath + "/../",
103                                                "root", 0700))
104            passes.append(self.check_owner_mode(vaultpath + "/../../",
105                                                "root", 0700))
106
107        if False in passes:
108            raise error.TestFail('Bad permissions found on cryptohome files')
109