New issue
Advanced search Search tips

Issue 709990 link

Starred by 1 user
Status: Archived
Owner:
jorgelo@chromium.org
Closed: Jun 2017
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Task



Sign in to add a comment

Review Chrome OS security Autotest tests

Project Member Reported by jorgelo@chromium.org, Apr 10 2017 
We haven't taken a look in a while.
Project Member

Comment 1 by bugdroid1@chromium.org, Apr 11 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/76f8d04025bbf7ab01eda26351512c002a63f820

commit 76f8d04025bbf7ab01eda26351512c002a63f820
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Tue Apr 11 23:41:07 2017

Remove code for security_BundledExtensions.

It hasn't been run since late 2015:
https://chromium.git.corp.google.com/chromiumos/third_party/autotest/+/82c8b60519290e1b8d4c9dc28af1eaec75c16b30#

It's also not included in the autotest-test-security ebuild.

BUG= chromium:709990 
TEST=autotest_quickmerge --board=amd64-generic

Change-Id: Ic7fb8646ac15a1b4b0d92414419d3a65acea7152
Reviewed-on: https://chromium-review.googlesource.com/473126
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[delete] https://crrev.com/5629f9c3b79ae7ce6acad6dba10fff7db1600ddf/client/site_tests/security_BundledExtensions/control
[delete] https://crrev.com/5629f9c3b79ae7ce6acad6dba10fff7db1600ddf/client/site_tests/security_BundledExtensions/baseline
[delete] https://crrev.com/5629f9c3b79ae7ce6acad6dba10fff7db1600ddf/client/site_tests/security_BundledExtensions/security_BundledExtensions.py

Comment 2 by jorgelo@chromium.org, Apr 13 2017

Owner: jorgelo@chromium.org
Status: Assigned (was: Available)
Project Member

Comment 3 by bugdroid1@chromium.org, Apr 14 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/0d0a30ba1d78bf8c05e303a4f58052d625b3c88a

commit 0d0a30ba1d78bf8c05e303a4f58052d625b3c88a
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Fri Apr 14 20:49:28 2017

Remove 'security_ReservedPrivileges'.

Hasn't been executed in forever. Control file doesn't list any suites.
Supeseded by security_SandboxedServices.

BUG= chromium:709990 
TEST=autotest_quickmerge --board=kevin
CQ-DEPEND=CL:477330

Change-Id: I2ec772fac33d66ace772f175149691101a1c11e4
Reviewed-on: https://chromium-review.googlesource.com/477350
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[delete] https://crrev.com/ec26691197bd2e44dc719741368e619934bc1c8f/client/site_tests/security_ReservedPrivileges/control
[delete] https://crrev.com/ec26691197bd2e44dc719741368e619934bc1c8f/client/site_tests/security_ReservedPrivileges/baseline.user
[delete] https://crrev.com/ec26691197bd2e44dc719741368e619934bc1c8f/client/site_tests/security_ReservedPrivileges/security_ReservedPrivileges.py
[delete] https://crrev.com/ec26691197bd2e44dc719741368e619934bc1c8f/client/site_tests/security_ReservedPrivileges/baseline.group
Project Member

Comment 4 by bugdroid1@chromium.org, Apr 14 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/01263177c6df9b67a7e68b7958ea66ebc3e6a7bf

commit 01263177c6df9b67a7e68b7958ea66ebc3e6a7bf
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Fri Apr 14 20:49:28 2017

Remove "security_ReservedPrivileges".

Hasn't been executed in forever. Control file doesn't list any suites.
Supeseded by security_SandboxedServices.

BUG= chromium:709990 
TEST=autotest_quickmerge --board=kevin

Change-Id: I392fb2d0357b1772c51cd60e74fb0c68cdd9875b
Reviewed-on: https://chromium-review.googlesource.com/477330
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/01263177c6df9b67a7e68b7958ea66ebc3e6a7bf/chromeos-base/autotest-tests-security/autotest-tests-security-9999.ebuild
Project Member

Comment 5 by bugdroid1@chromium.org, Apr 19 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/b0dea1bebbce21c236ac00bc12d1335158fd001b

commit b0dea1bebbce21c236ac00bc12d1335158fd001b
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Wed Apr 19 13:23:18 2017

Remove security_HtpdateHTTP.

That test doesn't exist anymore. How does this even work?

BUG= chromium:709990 
TEST=autotest_quickmerge

Change-Id: If10dd2accb043a8a171f039fb587954cd7a1c035
Reviewed-on: https://chromium-review.googlesource.com/480600
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/b0dea1bebbce21c236ac00bc12d1335158fd001b/chromeos-base/autotest-tests-security/autotest-tests-security-9999.ebuild
Project Member

Comment 6 by bugdroid1@chromium.org, Apr 21 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/1b5589561ba4ecfa116cd07c16bff1fb538172b8

commit 1b5589561ba4ecfa116cd07c16bff1fb538172b8
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Fri Apr 21 09:34:46 2017

security_DbusOwners: Clarify test intent.

While the test is called "security_DbusOwners", the objective of the
test is to check specifically 'chronos'-owned D-Bus interfaces. Clarify
that in the code.

BUG= chromium:709990 
TEST=test_that, test still passes.

Change-Id: I531ccea0a5f34c0d8d644d11216807a62988b0b9
Reviewed-on: https://chromium-review.googlesource.com/481080
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/1b5589561ba4ecfa116cd07c16bff1fb538172b8/client/site_tests/security_DbusOwners/security_DbusOwners.py
Project Member

Comment 7 by bugdroid1@chromium.org, Apr 21 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/80c53915679bcc295f9c982b11dc991938f7f3f9

commit 80c53915679bcc295f9c982b11dc991938f7f3f9
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Fri Apr 21 22:45:36 2017

Remove security_DbusMap test.

It's only scheduled for manual runs, and we haven't used it in forever.

BUG= chromium:709990 
TEST=autotest_quickmerge

Change-Id: I862c6edc671e459b997ca9e01ed3ef95698b0fde
Reviewed-on: https://chromium-review.googlesource.com/480819
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/80c53915679bcc295f9c982b11dc991938f7f3f9/chromeos-base/autotest-tests-security/autotest-tests-security-9999.ebuild
Project Member

Comment 8 by bugdroid1@chromium.org, Apr 21 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/80c53915679bcc295f9c982b11dc991938f7f3f9

commit 80c53915679bcc295f9c982b11dc991938f7f3f9
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Fri Apr 21 22:45:36 2017

Remove security_DbusMap test.

It's only scheduled for manual runs, and we haven't used it in forever.

BUG= chromium:709990 
TEST=autotest_quickmerge

Change-Id: I862c6edc671e459b997ca9e01ed3ef95698b0fde
Reviewed-on: https://chromium-review.googlesource.com/480819
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/80c53915679bcc295f9c982b11dc991938f7f3f9/chromeos-base/autotest-tests-security/autotest-tests-security-9999.ebuild
Project Member

Comment 9 by bugdroid1@chromium.org, Apr 22 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/b3b7665f3cc6c946a355fa11a3795eeec0fcbfe9

commit b3b7665f3cc6c946a355fa11a3795eeec0fcbfe9
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Sat Apr 22 04:57:39 2017

Remove security_DbusMap test.

It's only scheduled for manual runs, and we haven't used it in forever.
If we ever want the code back, that's what source control is for.

BUG= chromium:709990 
TEST=autotest_quickmerge
CQ-DEPEND=CL:480819

Change-Id: Iaa03fef16dd629250b501d408ed1466e6b2b75f6
Reviewed-on: https://chromium-review.googlesource.com/480859
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

[delete] https://crrev.com/9628dfb5dec67ffc36901052187816472a697fbd/client/site_tests/security_DbusMap/baseline.chronos
[delete] https://crrev.com/9628dfb5dec67ffc36901052187816472a697fbd/client/site_tests/security_DbusMap/security_DbusMap.py
[delete] https://crrev.com/9628dfb5dec67ffc36901052187816472a697fbd/client/site_tests/security_DbusMap/baseline.nobody
[delete] https://crrev.com/9628dfb5dec67ffc36901052187816472a697fbd/client/site_tests/security_DbusMap/baseline
[delete] https://crrev.com/9628dfb5dec67ffc36901052187816472a697fbd/client/site_tests/security_DbusMap/control
Project Member

Comment 10 by bugdroid1@chromium.org, Jun 2 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/425e43db814cb89352f85a3b8b7b0a0c633598ef

commit 425e43db814cb89352f85a3b8b7b0a0c633598ef
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Fri Jun 02 17:39:03 2017

Fix security_DbusOwners.

https://chromium-review.googlesource.com/c/480819 was incorrect, it
removed security_DbusOwners when it was trying to remove
security_DbusMap. We might get rid of DbusOwners soon, but for now
just fix the bug.

BUG= chromium:709990 
TEST=build_packages amd64-generic

Change-Id: Iac1c82c993b112ffb79aaf5f4b8b4ab71b5101fe
Reviewed-on: https://chromium-review.googlesource.com/521963
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/425e43db814cb89352f85a3b8b7b0a0c633598ef/chromeos-base/autotest-tests-security/autotest-tests-security-9999.ebuild
Project Member

Comment 11 by bugdroid1@chromium.org, Jun 2 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/875dca69667ccccadbf6fa7dc4dbb47e7075f984

commit 875dca69667ccccadbf6fa7dc4dbb47e7075f984
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Fri Jun 02 22:11:21 2017

Fix security_RootfsOwners.

The 'find' command:

find / -xdev -user chronos -o -user chronos-access -print

Was incorrect: the -print action needs to be used for every expression:

find / -xdev -user chronos -print -o -user chronos-access -print

We were never printing files found that were owned by chronos.

Also, run in bvt-perbuild.

BUG= chromium:709990 
TEST=chmod a file to be owned by chronos, test would still pass.
TEST=Test fails after this CL, passes when file is removed.

Change-Id: I753903a2f9503a41dc71680284db1f520e3e61a7
Reviewed-on: https://chromium-review.googlesource.com/521930
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/875dca69667ccccadbf6fa7dc4dbb47e7075f984/client/site_tests/security_RootfsOwners/security_RootfsOwners.py
[modify] https://crrev.com/875dca69667ccccadbf6fa7dc4dbb47e7075f984/client/site_tests/security_RootfsOwners/control
Project Member

Comment 12 by bugdroid1@chromium.org, Jun 3 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/7d2d63b99f27fc5d4fafa33131425c8548d7c917

commit 7d2d63b99f27fc5d4fafa33131425c8548d7c917
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Sat Jun 03 00:04:50 2017

Remove security_OpenSSLRegressions.

It's testing for a local patch that no longer exists. After removing from the
ebuild, the code will be deleted.

BUG= chromium:709990 
TEST=test_that suite:bvt-inline does not run the test.

Change-Id: I2e2b097599af1db47a4a0fe3e3f1cfe9b2d07aff
Reviewed-on: https://chromium-review.googlesource.com/522168
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/7d2d63b99f27fc5d4fafa33131425c8548d7c917/client/site_tests/security_OpenSSLRegressions/control
Project Member

Comment 13 by bugdroid1@chromium.org, Jun 5 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/89670f0aaca4cd818ea00302774f3ba7a7f917ae

commit 89670f0aaca4cd818ea00302774f3ba7a7f917ae
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Mon Jun 05 20:01:51 2017

Remove security_OpenSSLRegressions.

This test was testing an old version of OpenSSL, see
https://chromium-review.googlesource.com/522168 for details.

BUG= chromium:709990 
TEST=build_packages amd64-generic
CQ-DEPEND=CL:522168

Change-Id: Icb527463a12122f7bfaf0f29cec2199be9424c20
Reviewed-on: https://chromium-review.googlesource.com/522004
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>

[modify] https://crrev.com/89670f0aaca4cd818ea00302774f3ba7a7f917ae/chromeos-base/autotest-tests-security/autotest-tests-security-9999.ebuild
Project Member

Comment 14 by bugdroid1@chromium.org, Jun 5 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/2ccbafd7bd83539c6bf86f7fb48770d9443f7f73

commit 2ccbafd7bd83539c6bf86f7fb48770d9443f7f73
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Mon Jun 05 20:01:49 2017

Add security_SessionManagerDbusEndpoints test.

This combines security_EnableChromeTesting and security_RestartJob into a
single test covering privileged D-Bus methods for session_manager.

Once this lands and gets added in the ebuild, we can remove
security_{EnableChromeTesting, RestartJob) from the CQ.

BUG= chromium:709990 
TEST=Passes on amd64-generic.

Change-Id: I5bb56eb7cf6491ead60e8d16744527543dc5768b
Reviewed-on: https://chromium-review.googlesource.com/519743
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>

[add] https://crrev.com/2ccbafd7bd83539c6bf86f7fb48770d9443f7f73/client/site_tests/security_SessionManagerDbusEndpoints/security_SessionManagerDbusEndpoints.py
[add] https://crrev.com/2ccbafd7bd83539c6bf86f7fb48770d9443f7f73/client/site_tests/security_SessionManagerDbusEndpoints/control
Project Member

Comment 15 by bugdroid1@chromium.org, Jun 5 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/dfe8e6d2faed140390ef71bc623ce0a0adcdbbc4

commit dfe8e6d2faed140390ef71bc623ce0a0adcdbbc4
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Mon Jun 05 20:01:48 2017

Run platform_EncryptedStateful in bvt-perbuild.

EncryptedStateful is important enough to make sure we test every build.

BUG= chromium:709990 
TEST=test_that suite:bvt-perbuild | grep Stateful

Change-Id: I3d0bacc362c9df95f96caa7684dda4026dc7e7a8
Reviewed-on: https://chromium-review.googlesource.com/521985
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Kees Cook <keescook@chromium.org>

[modify] https://crrev.com/dfe8e6d2faed140390ef71bc623ce0a0adcdbbc4/client/site_tests/platform_EncryptedStateful/control
Project Member

Comment 16 by bugdroid1@chromium.org, Jun 9 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/e8630f7f9790d5908971ab933580a52bf78687ab

commit e8630f7f9790d5908971ab933580a52bf78687ab
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Fri Jun 09 16:16:29 2017

Add security_SessionManagerDbusEndpoints.

Replace security_{EnableChromeTesting, RestartJob} with
security_SessionManagerDbusEndpoints.

BUG= chromium:709990 
TEST=build_packages amd64-generic works, running the new test works.
CQ-DEPEND=CL:519743

Change-Id: I5ffba283281b6920646debe2ab031b301ddac5a6
Reviewed-on: https://chromium-review.googlesource.com/521926
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/e8630f7f9790d5908971ab933580a52bf78687ab/chromeos-base/autotest-tests-security/autotest-tests-security-9999.ebuild

Comment 17 by jorgelo@chromium.org, Jun 9 2017 

This review is mostly done, we still have to remove EnableChromeTesting and RestartJob, and make sure SessionManagerDbusEndpoints is running.
Project Member

Comment 18 by bugdroid1@chromium.org, Jun 13 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/536f23869b1b94e59916e806bcbee15c55a1f190

commit 536f23869b1b94e59916e806bcbee15c55a1f190
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Tue Jun 13 07:19:42 2017

Move session_manager D-Bus tests to bvt-perbuild.

They haven't failed in forever, probably not needed in the CQ.

https://chromium-review.googlesource.com/c/519743/ will combine the
two tests, but for now, let's move them to bvt-perbuild until the
that CL is reviewed.

BUG= chromium:709990 
TEST=test_that suite:bvt-inline doesn't run the tests.
TEST=test_that suite:bvt-perbuild runs the tests.

Change-Id: I9d45ef667060ebb0fd39a6f218cd05966d2c1189
Reviewed-on: https://chromium-review.googlesource.com/524182
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Aviv Keshet <akeshet@chromium.org>

[modify] https://crrev.com/536f23869b1b94e59916e806bcbee15c55a1f190/client/site_tests/security_EnableChromeTesting/control
[modify] https://crrev.com/536f23869b1b94e59916e806bcbee15c55a1f190/client/site_tests/security_RestartJob/control
Project Member

Comment 19 by bugdroid1@chromium.org, Jun 21 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/c442fd03691cfafdab21281f07e7e11dab25f4c5

commit c442fd03691cfafdab21281f07e7e11dab25f4c5
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Wed Jun 21 00:24:20 2017

Update security_AccountsBaseline.

-Freon is now enabled on all boards so remove X11 baselines. Note that
the Freon baseline was already being included unconditionally, so
nothing is using the X11 baselines.

-Don't fail when a new user/group pair is added and the user is not
included in any other group, and the new group does not contain
any existing users. This allows adding users for new daemons without
having to update the test.

BUG= chromium:709990 
TEST=Passes on amd64-generic.
TEST=Add new user belonging to no groups, test passes.
TEST=Add new user to existing group, test fails.
TEST=Add new group with existing user, test fails.

Change-Id: I1f4a67b7ed4c2249d76864981d83e02000f7a78f
Reviewed-on: https://chromium-review.googlesource.com/524143
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>

[delete] https://crrev.com/136240121e239efec5005e1bdc632dde3cf2fd1e/client/site_tests/security_AccountsBaseline/baseline.group.x11
[modify] https://crrev.com/c442fd03691cfafdab21281f07e7e11dab25f4c5/client/site_tests/security_AccountsBaseline/security_AccountsBaseline.py
[delete] https://crrev.com/136240121e239efec5005e1bdc632dde3cf2fd1e/client/site_tests/security_AccountsBaseline/baseline.passwd.x11
Project Member

Comment 20 by bugdroid1@chromium.org, Jun 22 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/b26ec3ca77d5e1c609eae83e9b1d945c08d42d4a

commit b26ec3ca77d5e1c609eae83e9b1d945c08d42d4a
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Thu Jun 22 01:48:08 2017

security_AccountsBaseline: Check new users.

For users not in the baseline, the user ID should match the group ID,
and the user's home directory and shell should be invalid.

BUG= chromium:709990 
TEST=Passes on kevin.
TEST=Add daemon user, test passes.
TEST=Add user with non-matching GID, test fails.
TEST=Add user with valid home dir, test fails.
TEST=Add user with valid shell, test fails.

Change-Id: I43d8c7f5a30cc0da983fef5c2784e4bac7ced5f9
Reviewed-on: https://chromium-review.googlesource.com/543615
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/b26ec3ca77d5e1c609eae83e9b1d945c08d42d4a/client/site_tests/security_AccountsBaseline/security_AccountsBaseline.py
Project Member

Comment 21 by bugdroid1@chromium.org, Jun 30 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/aaa970a84d99bad41a07a153747f014728bf7923

commit aaa970a84d99bad41a07a153747f014728bf7923
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Fri Jun 30 17:28:09 2017

security_SandboxedServices: Update baseline.

-With Mike's latest changes a bunch of services report "caps" as "Yes".

-Add a few "Yes" for NoNewPrivs.

-Remove X from the baseline.

-Add a few new services to the baseline.
*conntrackd
*arc_camera_serv

BUG= chromium:709990 
TEST=Passes on kevin.

Change-Id: Iae25e6d3161a171d4a2a12f80f8974c069e5a35a
Reviewed-on: https://chromium-review.googlesource.com/527502
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[modify] https://crrev.com/aaa970a84d99bad41a07a153747f014728bf7923/client/site_tests/security_SandboxedServices/exclude
[modify] https://crrev.com/aaa970a84d99bad41a07a153747f014728bf7923/client/site_tests/security_SandboxedServices/baseline
Project Member

Comment 23 by bugdroid1@chromium.org, Jul 6 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/third_party/autotest/+/0b06bbc97311436abfa87c4ab454abc25df28026

commit 0b06bbc97311436abfa87c4ab454abc25df28026
Author: Jorge Lucangeli Obes <jorgelo@chromium.org>
Date: Thu Jul 06 04:54:52 2017

Remove session_manager D-Bus tests.

Replaced by security_SessionManagerDbusEndpoints:
https://wmatrix.googleplex.com/unfiltered?hide_missing=True&releases=tot&tests=security_SessionManagerDbusEndpoints

Our Autotest infra has significant per-test overhead so unify the two
session_manager D-Bus tests into one.

BUG= chromium:709990 
TEST=test_that suite:bvt-perbuild | grep Restart and grep Enable

Change-Id: I4c934b2eb5db968b5a3aa41dc7e444a250c2affc
Reviewed-on: https://chromium-review.googlesource.com/556050
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>

[delete] https://crrev.com/68ee1c54e49751ba4d8278586e121ceee97ef134/client/site_tests/security_EnableChromeTesting/control
[delete] https://crrev.com/68ee1c54e49751ba4d8278586e121ceee97ef134/client/site_tests/security_RestartJob/security_RestartJob.py
[delete] https://crrev.com/68ee1c54e49751ba4d8278586e121ceee97ef134/client/site_tests/security_RestartJob/control
[delete] https://crrev.com/68ee1c54e49751ba4d8278586e121ceee97ef134/client/site_tests/security_EnableChromeTesting/security_EnableChromeTesting.py

Comment 24 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Sign in to add a comment