[PATCH 2/2] fixup! test: py: add basic security policy test
Ahmad Fatoum
a.fatoum at pengutronix.de
Tue Sep 30 02:35:28 PDT 2025
test: py: policies: rework for latest changes
Compared to the RFC, tamper now prohibits the console, so the test will
timeout. Work around this by issuing multiple commands in succession.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
test/py/test_policies.py | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/test/py/test_policies.py b/test/py/test_policies.py
index b4ece29c9597..7b6d72b4438f 100644
--- a/test/py/test_policies.py
+++ b/test/py/test_policies.py
@@ -29,15 +29,15 @@ def test_security_policies(barebox, env):
assert 'go: Operation not permitted' not in stdout
assert rc == 1
- stdout = barebox.run_check('sconfig -v -s tamper')
+ stdout = barebox.run_check("""
+ sconfig -v -s tamper; echo "POLICY=${security.policy}";
+ sconfig +SCONFIG_CONSOLE_INPUT +SCONFIG_SHELL
+ """)
assert set(['-SCONFIG_BOOT_UNSIGNED_IMAGES',
'-SCONFIG_RATP',
- '-SCONFIG_CMD_GO']) <= set(stdout)
- assert 'Active Policy: tamper' in barebox.run_check('sconfig')
-
- _, _, rc = barebox.run('sconfig -s devel')
- assert rc != 0
- assert 'Active Policy: tamper' in barebox.run_check('sconfig')
+ '-SCONFIG_CMD_GO',
+ 'POLICY=tamper']) <= set(stdout)
+ assert 'Active Policy: debug0' in barebox.run_check('sconfig')
stdout, _, rc = barebox.run('go')
assert 'go - start application at address or file' not in stdout
--
2.47.3
More information about the barebox
mailing list