(Overall status is at http://sheets/17zKYxMmFVXz93wbhqF-04-dnEKXn1IbyKEVrmXW07yg#gid=1482026749.)

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/7114dd4de34cbf4c1002cf2b02e2974d5e3488c3

commit 7114dd4de34cbf4c1002cf2b02e2974d5e3488c3
Author: Daniel Erat <derat@chromium.org>
Date: Wed Aug 29 18:15:53 2018

tast-tests: Add security.MountSymlink.

Add a new local test that verifies that symlinks can't be
used as mount targets. This is a port of the
security_ChromiumOSLSM Autotest-based test.

BUG=chromium:877733
TEST=passes on caroline

Change-Id: Ica4fbc70bf912b7fc38b5f0148bc64f5d1eee2a9
Reviewed-on: https://chromium-review.googlesource.com/1188991
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[add] https://crrev.com/7114dd4de34cbf4c1002cf2b02e2974d5e3488c3/src/chromiumos/tast/local/bundles/cros/security/mount_symlink.go

I've created a document with some more details at https://docs.google.com/document/d/1kq25b3c7HQIPRM65QQ0Z_FobaLvEvCqAgHgZyVGgFX8/edit.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/80b01b3bba76a30cc12898b51806cf82dbe81c2d

commit 80b01b3bba76a30cc12898b51806cf82dbe81c2d
Author: Daniel Erat <derat@chromium.org>
Date: Wed Nov 07 19:40:55 2018

tast-tests: Add security.SymlinkRestrictions local test.

Port the security_SymlinkRestrictions Autotest test as
security.SymlinkRestrictions.

BUG=chromium:877733
TEST=ran it successfully

Change-Id: Ie7fe139bb46e0639567d29e7351cc88bbf9b6057
Reviewed-on: https://chromium-review.googlesource.com/1318655
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[add] https://crrev.com/80b01b3bba76a30cc12898b51806cf82dbe81c2d/src/chromiumos/tast/local/bundles/cros/security/symlink_restrictions.go
[add] https://crrev.com/80b01b3bba76a30cc12898b51806cf82dbe81c2d/src/chromiumos/tast/local/bundles/cros/security/filesetup/filesetup.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/332d63880ac731a7031baa4bb0c65bdadc6d6354

commit 332d63880ac731a7031baa4bb0c65bdadc6d6354
Author: Daniel Erat <derat@chromium.org>
Date: Thu Nov 08 04:27:18 2018

tast-tests: Add security.HardLinkRestrictions local test.

Port the security_HardlinkRestrictions Autotest test as
security.HardLinkRestrictions.

BUG=chromium:877733
TEST=ran it and security.SymlinkRestrictions successfully

Change-Id: Ibaa0f825701a9c6bb93735f181ec6aaffd8b810a
Reviewed-on: https://chromium-review.googlesource.com/1321897
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[add] https://crrev.com/332d63880ac731a7031baa4bb0c65bdadc6d6354/src/chromiumos/tast/local/bundles/cros/security/hard_link_restrictions.go
[modify] https://crrev.com/332d63880ac731a7031baa4bb0c65bdadc6d6354/src/chromiumos/tast/local/bundles/cros/security/symlink_restrictions.go
[modify] https://crrev.com/332d63880ac731a7031baa4bb0c65bdadc6d6354/src/chromiumos/tast/local/bundles/cros/security/filesetup/filesetup.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/643d83d27e23a537ac348ab85890016b2f5091b6

commit 643d83d27e23a537ac348ab85890016b2f5091b6
Author: Daniel Erat <derat@chromium.org>
Date: Thu Nov 15 05:30:31 2018

tast-tests: Add security.PrivilegedFiles.

Port the existing security_SuidBinaries Autotest test (which
also checks setgid bits and file capabilities) to
security.PrivilegedFiles.

Also add a small fscaps package that makes syscalls to read
file capabilities. The Autotest instead runs the fscaps
program for every file, but doing so makes the test
substantially slower (28s rather than ~500ms), so the added
complexity to avoid that seems worthwhile.

BUG=chromium:877733
TEST=ran it on a few DUTs; also added unit tests

Change-Id: Id826c5493795e7a8cecac7309bc8a9d6a6731dee
Reviewed-on: https://chromium-review.googlesource.com/1325414
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[add] https://crrev.com/643d83d27e23a537ac348ab85890016b2f5091b6/src/chromiumos/tast/local/bundles/cros/security/fscaps/fscaps_test.go
[add] https://crrev.com/643d83d27e23a537ac348ab85890016b2f5091b6/src/chromiumos/tast/local/bundles/cros/security/fscaps/fscaps.go
[add] https://crrev.com/643d83d27e23a537ac348ab85890016b2f5091b6/src/chromiumos/tast/local/bundles/cros/security/privileged_files.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/ec13a6e874fbecbc685120b84cd4478c9214fa95

commit ec13a6e874fbecbc685120b84cd4478c9214fa95
Author: Daniel Erat <derat@chromium.org>
Date: Thu Nov 15 05:30:30 2018

tast-tests: Add security.ProtocolFamilies local test.

Port the security_ProtocolFamilies Autotest test.

BUG=chromium:877733
TEST=ran it

Change-Id: I9ddda16571e035207875641bae74056bf1f19a9e
Reviewed-on: https://chromium-review.googlesource.com/1327061
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>

[add] https://crrev.com/ec13a6e874fbecbc685120b84cd4478c9214fa95/src/chromiumos/tast/local/bundles/cros/security/protocol_families.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/1380e91785d2564b99d91da0f2a25372c463021f

commit 1380e91785d2564b99d91da0f2a25372c463021f
Author: Daniel Erat <derat@chromium.org>
Date: Thu Nov 15 05:30:27 2018

tast-tests: Add security.UserFiles* local tests.

Port the security_ProfilePermissions Autotest test to
security.UserFilesLoggedIn and security.UserFilesGuest.

The old test ran a bunch of 'find' commands to list files
with unexpected ownership or permissions. This change
introduces a new filecheck package.

BUG=chromium:877733
TEST=added unit tests for filecheck package; also ran both
     tests against several DUTs

Change-Id: I668ee696aeb3c4cf4b72e927a8a18ef0deab809c
Reviewed-on: https://chromium-review.googlesource.com/1331147
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[add] https://crrev.com/1380e91785d2564b99d91da0f2a25372c463021f/src/chromiumos/tast/local/bundles/cros/security/user_files_guest.go
[add] https://crrev.com/1380e91785d2564b99d91da0f2a25372c463021f/src/chromiumos/tast/local/bundles/cros/security/user_files_logged_in.go
[add] https://crrev.com/1380e91785d2564b99d91da0f2a25372c463021f/src/chromiumos/tast/local/bundles/cros/security/filecheck/filecheck_test.go
[add] https://crrev.com/1380e91785d2564b99d91da0f2a25372c463021f/src/chromiumos/tast/local/bundles/cros/security/filecheck/filecheck.go
[modify] https://crrev.com/1380e91785d2564b99d91da0f2a25372c463021f/src/chromiumos/tast/local/bundles/cros/security/filesetup/filesetup.go
[add] https://crrev.com/1380e91785d2564b99d91da0f2a25372c463021f/src/chromiumos/tast/local/bundles/cros/security/userfiles/userfiles.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/644d07bc0b129374efbfe6160c102140374cb64f

commit 644d07bc0b129374efbfe6160c102140374cb64f
Author: Daniel Erat <derat@chromium.org>
Date: Fri Nov 16 13:02:05 2018

tast-tests: Add security.StatefulFiles local test.

Port the security_StatefulPermissions Autotest test to
security.StatefulFiles. This test checks ownership and
permissions of files in /mnt/stateful_partition.

The old test takes the approach of using su to run many long
"find ... -writable" commands as different users. Files that
are expected to be writable are excluded using -prune, and
the remaining files are reported as errors. This typically
takes 45-60 seconds.

The new test instead does a single pass over the directory.
Patterns are supplied to explicitly match paths and check
their ownership and permissions, and fallbacks are used to
check that unmatched files are only writable as root. This
takes 1-2 seconds.

The old test appeared to list some outdated paths, which
I've removed. I've also noticed differences across the
various lab DUTs that I've run this on, which I've tried to
permit. Nevertheless, I suspect that there will be many
errors that I'll need to address in a followup change.

BUG=chromium:877733
TEST=updated unit tests and ran new test against DUTs

Change-Id: I3ca14c13cb4dfc20703be230ef0afc8431ee8130
Reviewed-on: https://chromium-review.googlesource.com/1335167
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[add] https://crrev.com/644d07bc0b129374efbfe6160c102140374cb64f/src/chromiumos/tast/local/bundles/cros/security/stateful_files.go
[modify] https://crrev.com/644d07bc0b129374efbfe6160c102140374cb64f/src/chromiumos/tast/local/bundles/cros/security/filecheck/filecheck_test.go
[modify] https://crrev.com/644d07bc0b129374efbfe6160c102140374cb64f/src/chromiumos/tast/local/bundles/cros/security/filecheck/filecheck.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/61b261c60b9e49eec993e31a60954cf1f2b08555

commit 61b261c60b9e49eec993e31a60954cf1f2b08555
Author: Daniel Erat <derat@chromium.org>
Date: Fri Nov 16 23:10:49 2018

tast-tests: Add security.Firewall local test.

Port the security_Firewall Autotest test to
security.Firewall. The new test doesn't log unexpected rules
since nobody looks at logs unless there's a failure, but the
observed rules are saved to iptables.txt and ip6tables.txt.

BUG=chromium:877733
TEST=ran it

Change-Id: Ie071bfc493d5051643d18b1f697707dfb829c6ea
Reviewed-on: https://chromium-review.googlesource.com/1337440
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[add] https://crrev.com/61b261c60b9e49eec993e31a60954cf1f2b08555/src/chromiumos/tast/local/bundles/cros/security/firewall.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/a130d616d732adbc8e6f5cb14e98ab6aae30465f

commit a130d616d732adbc8e6f5cb14e98ab6aae30465f
Author: Daniel Erat <derat@chromium.org>
Date: Sat Nov 17 03:50:44 2018

tast-tests: Add security.ModuleLocking local test.

Port the security_ModuleLocking Autotest test to
security.ModuleLocking. The old test also unsets
/proc/sys/kernel/chromiumos/module_locking and checks that
unsafe loading is then permitted, but I didn't bother
porting this because I'm worried about leaving DUTs in a bad
state and because module_locking doesn't even exist on the
lab DUTs that I've checked.

BUG=chromium:877733
TEST=ran against several DUTs

Change-Id: Ia6ce6fa5f486589a3a5813c4a8a72e0c24f71642
Reviewed-on: https://chromium-review.googlesource.com/1339259
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[add] https://crrev.com/a130d616d732adbc8e6f5cb14e98ab6aae30465f/src/chromiumos/tast/local/bundles/cros/security/module_locking.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/633ee552a5ffbea71e1240a824049e679f404ef3

commit 633ee552a5ffbea71e1240a824049e679f404ef3
Author: Daniel Erat <derat@chromium.org>
Date: Mon Nov 19 15:09:18 2018

tast-tests: Update security.StatefulFiles for ML and CUPS.

Add rules to the security.StatefulFiles test to handle
encrypted/var/cache/cups, encrypted/var/spool/cups, and
encrypted/var/lib/ml_service, which can be created after
other tests run.

BUG=chromium:877733
TEST=test passes after running platform.MLServiceBootstrap
     and various printer.* tests

Change-Id: Ib8f6a1dba3e5b1aa12902a6f6484f8a208243473
Reviewed-on: https://chromium-review.googlesource.com/1341449
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>

[modify] https://crrev.com/633ee552a5ffbea71e1240a824049e679f404ef3/src/chromiumos/tast/local/bundles/cros/security/stateful_files.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast/+/63de30d345b8e4bce52fd99e9f94ab72691c925d

commit 63de30d345b8e4bce52fd99e9f94ab72691c925d
Author: Daniel Erat <derat@chromium.org>
Date: Tue Nov 20 13:52:41 2018

tast: Add "no_android" software feature.

Add a new "no_android" software feature that's the opposite
of the existing "android" feature. This allows us to have
two versions of a test, one that runs on Android-supporting
devices and one that runs on devices that don't support
Android.

BUG=chromium:877733
TEST=none

Change-Id: I5f15b434ff85906e15b4b4f463c98da385778c86
Reviewed-on: https://chromium-review.googlesource.com/1342947
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>

[modify] https://crrev.com/63de30d345b8e4bce52fd99e9f94ab72691c925d/src/chromiumos/cmd/local_test_runner/main.go
[modify] https://crrev.com/63de30d345b8e4bce52fd99e9f94ab72691c925d/docs/test_dependencies.md

I see flakiness of security_ProtocolFamilies on eve-tot-chrome-pfq-informational. Can it in any way related to this port?

Error: Unexpected protocol families available: PF_VSOCK 

 https://crbug.com/907243 

No, I don't think so. I just added a new security.ProtocolFamilies Tast test. The Autotest test (i.e. with the underscore) is unchanged. I'll comment on the other bug.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/171537b04ffe9b18863045aaac936969c5117ed3

commit 171537b04ffe9b18863045aaac936969c5117ed3
Author: Daniel Erat <derat@chromium.org>
Date: Wed Nov 21 02:27:13 2018

tast-tests: Move chrometest package to chrome/bintest.

Move the chrometest package that's used by video tests to
execute Chrome test binaries to tast/local/chrome/bintest so
it can be shared with security tests.

Also replace its CreateWritableTempDir function with a
CreateTempDataDir function in a new binsetup package, and
remove CreateWritableTempFile since it's no longer
necessary.

BUG=chromium:889496,chromium:877733
TEST=video.DecodeAccelJPEG and Video.EncodeAccel* still pass
CQ-DEPEND=I02f69b1365d05a63934f4c38e26ec9089a86f3ae

Change-Id: I59dc67a4e1b21d6fb656700d76102ce35cf7b0f6
Reviewed-on: https://chromium-review.googlesource.com/1341451
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: David Staessens <dstaessens@chromium.org>

[modify] https://crrev.com/171537b04ffe9b18863045aaac936969c5117ed3/src/chromiumos/tast/local/bundles/cros/video/decode_accel_jpeg.go
[modify] https://crrev.com/171537b04ffe9b18863045aaac936969c5117ed3/src/chromiumos/tast/local/bundles/cros/video/encode/accel_video.go
[add] https://crrev.com/171537b04ffe9b18863045aaac936969c5117ed3/src/chromiumos/tast/local/bundles/cros/video/lib/binsetup/binsetup.go
[delete] https://crrev.com/1522c91b2bd926f8cd4fc80282b3b69d3ff6b123/src/chromiumos/tast/local/bundles/cros/video/lib/chrometest/chrometest.go
[add] https://crrev.com/171537b04ffe9b18863045aaac936969c5117ed3/src/chromiumos/tast/local/chrome/bintest/bintest.go
[modify] https://crrev.com/171537b04ffe9b18863045aaac936969c5117ed3/src/chromiumos/tast/local/bundles/cros/video/encode_accel_jpeg.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/ba2efe5d4bd4229f51a9000732b24b0f450c5c0f

commit ba2efe5d4bd4229f51a9000732b24b0f450c5c0f
Author: Daniel Erat <derat@chromium.org>
Date: Wed Nov 21 02:27:15 2018

tast-tests: Add security.SandboxLinuxUnittests local test.

Port the security_SandboxLinuxUnittests Autotest test to
security.SandboxLinuxUnittests. This test runs the
sandbox_linux_unittests Chrome test binary.

BUG=chromium:877733
TEST=ran it on a DUT with a test image

Change-Id: I1631e1524c743d6ad679ea465379f022e177039a
Reviewed-on: https://chromium-review.googlesource.com/1341452
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>

[add] https://crrev.com/ba2efe5d4bd4229f51a9000732b24b0f450c5c0f/src/chromiumos/tast/local/bundles/cros/security/sandbox_linux_unittests.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/2a562575b1860022df08acd5304498f4f1af68e3

commit 2a562575b1860022df08acd5304498f4f1af68e3
Author: Daniel Erat <derat@chromium.org>
Date: Wed Nov 21 09:25:27 2018

tast-tests: Add security.NetworkListeners* local tests.

Port the security_NetworkListener Autotest test to
security.NetworkListenersARC and
security.NetworkListenersNonARC. These tests compare
processes listening for TCP connections against a baseline
while logged into Chrome on systems that do and do not
support ARC.

BUG=chromium:877733
TEST=ran both tests
CQ-DEPEND=I5f15b434ff85906e15b4b4f463c98da385778c86

Change-Id: I98e01f842c3d9aa335effcd61a0186e6c270e6b2
Reviewed-on: https://chromium-review.googlesource.com/1337435
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/2a562575b1860022df08acd5304498f4f1af68e3/src/chromiumos/tast/local/upstart/upstart.go
[modify] https://crrev.com/2a562575b1860022df08acd5304498f4f1af68e3/src/chromiumos/tast/local/chrome/chrome.go
[add] https://crrev.com/2a562575b1860022df08acd5304498f4f1af68e3/src/chromiumos/tast/local/bundles/cros/security/network_listeners_arc.go
[modify] https://crrev.com/2a562575b1860022df08acd5304498f4f1af68e3/src/chromiumos/tast/local/chrome/proc.go
[add] https://crrev.com/2a562575b1860022df08acd5304498f4f1af68e3/src/chromiumos/tast/local/bundles/cros/security/netlisten/netlisten.go
[add] https://crrev.com/2a562575b1860022df08acd5304498f4f1af68e3/src/chromiumos/tast/local/bundles/cros/security/network_listeners_non_arc.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/6f0c116a8c448bb5cfe3c5bc2903fbd7ff871d77

commit 6f0c116a8c448bb5cfe3c5bc2903fbd7ff871d77
Author: Daniel Erat <derat@chromium.org>
Date: Wed Nov 21 09:25:20 2018

tast-tests: Add security.Mprotect local test.

Port the security_mprotect Autotest test to
security.Mprotect. The old test compiled a small C program
to actually perform testing; the new one just makes the mmap
calls itself.

BUG=chromium:877733
TEST=ran it

Change-Id: Iabe5ed94379eaa59c6b859903c0a0d2fdfea445c
Reviewed-on: https://chromium-review.googlesource.com/1341460
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>

[add] https://crrev.com/6f0c116a8c448bb5cfe3c5bc2903fbd7ff871d77/src/chromiumos/tast/local/bundles/cros/security/mprotect.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/0d795413536779c9c5ba23ac0d7adf4071df5b65

commit 0d795413536779c9c5ba23ac0d7adf4071df5b65
Author: Daniel Erat <derat@chromium.org>
Date: Wed Nov 21 13:53:06 2018

tast-tests: Fix syslog, cups in security.StatefulFiles.

Update security.StatefulFiles to permit the contents of
/mnt/stateful_partition/encrypted/var/log to be owned by the
syslog group. This group appears to be used for atrus.log
and hammerd.log, and it seems safe to permit (we already
permit logs to be owned by the syslog user, and we make sure
they aren't group-writable).

Also check that the cups user exists before adding a rule
for /mnt/stateful_partition/encrypted/var/spool/cups. This
user apparently doesn't exist on veyron_rialto (even though
it's a member of the lp group there).

Finally, skip
/mnt/stateful_partition/unencrypted/preserve/cros-update.
This directory looks like it's cros_update.py script, so I
think that it's testing-specific, and we already skip other
files in .../preserve/log.

BUG=chromium:877733
TEST=ran security.StatefulFiles successfully on soraka and
     veyron_rialto

Change-Id: If9c9c09d9e9b88c57d415c21f260511d74e3c821
Reviewed-on: https://chromium-review.googlesource.com/1343304
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[modify] https://crrev.com/0d795413536779c9c5ba23ac0d7adf4071df5b65/src/chromiumos/tast/local/bundles/cros/security/stateful_files.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/2d7ae82319660234b638bc464a15c54144398d41

commit 2d7ae82319660234b638bc464a15c54144398d41
Author: Daniel Erat <derat@chromium.org>
Date: Tue Nov 27 08:34:12 2018

tast-tests: Make security.Firewall run on CQ.

Remove the "informational" attribute to make this test run
on the Chrome OS Commit Queue.

BUG=chromium:877733
TEST=test passes consistently on release builders

Change-Id: Ibecf7d275816f7c35a684c64539aae7b8ea878e6
Reviewed-on: https://chromium-review.googlesource.com/1348609
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/2d7ae82319660234b638bc464a15c54144398d41/src/chromiumos/tast/local/bundles/cros/security/firewall.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/de710f6f70bd150492e0b9cc64ea89c4a16582c2

commit de710f6f70bd150492e0b9cc64ea89c4a16582c2
Author: Daniel Erat <derat@chromium.org>
Date: Tue Nov 27 08:34:06 2018

tast-tests: Make security.ProtocolFamilies run on CQ.

Remove the "informational" attribute to make this test run
on the Chrome OS Commit Queue.

BUG=chromium:877733
TEST=test passes consistently on release builders

Change-Id: Ia8fb20edb22ef5b9c8ee9f0531ec33fcbb7d211c
Reviewed-on: https://chromium-review.googlesource.com/1348610
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/de710f6f70bd150492e0b9cc64ea89c4a16582c2/src/chromiumos/tast/local/bundles/cros/security/protocol_families.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/b10cf2bfdd39fa38d6fa5b3909cabd23cb70e412

commit b10cf2bfdd39fa38d6fa5b3909cabd23cb70e412
Author: Daniel Erat <derat@chromium.org>
Date: Tue Nov 27 08:34:02 2018

tast-tests: Make security.Mprotect run on CQ.

Remove the "informational" attribute to make this test run
on the Chrome OS Commit Queue.

BUG=chromium:877733
TEST=test passes consistently on release builders

Change-Id: Ie6ab6328a2bbabdc09d158efe9960c262cfc1fda
Reviewed-on: https://chromium-review.googlesource.com/1348613
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/b10cf2bfdd39fa38d6fa5b3909cabd23cb70e412/src/chromiumos/tast/local/bundles/cros/security/mprotect.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/147f905d01cc7897dd0146ec5982fbd57632ae18

commit 147f905d01cc7897dd0146ec5982fbd57632ae18
Author: Daniel Erat <derat@chromium.org>
Date: Tue Nov 27 08:34:03 2018

tast-tests: Make security.NetworkListeners* run on CQ.

Remove the "informational" attribute to make security.NetworkListenersARC and
security.NetworkListenersNonARC run on the Chrome OS Commit Queue.

BUG=chromium:877733
TEST=tests pass consistently on release builders

Change-Id: I5ee2a90a086bd0dd8ada008c14b370fa13ee491b
Reviewed-on: https://chromium-review.googlesource.com/1348615
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/147f905d01cc7897dd0146ec5982fbd57632ae18/src/chromiumos/tast/local/bundles/cros/security/network_listeners_arc.go
[modify] https://crrev.com/147f905d01cc7897dd0146ec5982fbd57632ae18/src/chromiumos/tast/local/bundles/cros/security/network_listeners_non_arc.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/1ce26ca7f508347f9a6da55f916570d099225782

commit 1ce26ca7f508347f9a6da55f916570d099225782
Author: Daniel Erat <derat@chromium.org>
Date: Tue Nov 27 08:34:09 2018

tast-tests: Update filecheck.Check to ignore deleted files.

Make the filecheck package (used by security.UserFiles* and
security.StatefulFiles) ignore os.ErrNotExist errors. It
looks like security.UserFilesLoggedIn encounters these
sometimes for /home/user/<hash>/key.pub files, which appear
to be temporarily created by session_manager during key
generation.

BUG=chromium:877733
TEST=ran security.UserFiles*

Change-Id: Ie6d38d611b96f10e1ab672f1440b9105528c32c1
Reviewed-on: https://chromium-review.googlesource.com/1349630
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/1ce26ca7f508347f9a6da55f916570d099225782/src/chromiumos/tast/local/bundles/cros/security/filecheck/filecheck.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/17f50b220b8a63fb042732e2cba883cf75a86a76

commit 17f50b220b8a63fb042732e2cba883cf75a86a76
Author: Dan Erat <derat@chromium.org>
Date: Wed Nov 28 02:52:57 2018

Revert "tast-tests: Make security.NetworkListeners* run on CQ."

This reverts commit 147f905d01cc7897dd0146ec5982fbd57632ae18.

Reason for revert: Probably need to exclude Autotest Python processes.
See e.g. http://stainless/browse/chromeos-autotest-results/261370413-chromeos-test/.

Original change's description:
> tast-tests: Make security.NetworkListeners* run on CQ.
> 
> Remove the "informational" attribute to make security.NetworkListenersARC and
> security.NetworkListenersNonARC run on the Chrome OS Commit Queue.
> 
> BUG=chromium:877733
> TEST=tests pass consistently on release builders
> 
> Change-Id: I5ee2a90a086bd0dd8ada008c14b370fa13ee491b
> Reviewed-on: https://chromium-review.googlesource.com/1348615
> Commit-Ready: Dan Erat <derat@chromium.org>
> Tested-by: Dan Erat <derat@chromium.org>
> Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

Bug: chromium:877733
Change-Id: I9c1c7722271279964023e4a0fe381727cdb9c175
Reviewed-on: https://chromium-review.googlesource.com/c/1352929
Reviewed-by: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>

[modify] https://crrev.com/17f50b220b8a63fb042732e2cba883cf75a86a76/src/chromiumos/tast/local/bundles/cros/security/network_listeners_arc.go
[modify] https://crrev.com/17f50b220b8a63fb042732e2cba883cf75a86a76/src/chromiumos/tast/local/bundles/cros/security/network_listeners_non_arc.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/ce76d8558556a72373969da2a24cd734300ac07c

commit ce76d8558556a72373969da2a24cd734300ac07c
Author: Daniel Erat <derat@chromium.org>
Date: Thu Nov 29 20:11:08 2018

tast-tests: Make security.StatefulFiles handle biod, buffet.

Update the security.StatefulFiles test to expect
/var/log/biod and /var/log/bio_crypto_init to be owned by
the "biod" user and group (or root, since it also seems to
create files in these dirs).

Also handle optionally-present /var/lib/buffet, and handle
/var/cache/camera unconditionally instead of just for ARC
devices (since I just saw it present in an
amd64-generic-paladin build).

BUG=chromium:877733
TEST=manual: ran it on various systems

Change-Id: I91adb51252abff2d734a7b09fb709008e4a48073
Reviewed-on: https://chromium-review.googlesource.com/1352937
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Stephen Barber <smbarber@chromium.org>

[modify] https://crrev.com/ce76d8558556a72373969da2a24cd734300ac07c/src/chromiumos/tast/local/bundles/cros/security/stateful_files.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/9040fcd664266f8736d5973769dc9d618ca4c17e

commit 9040fcd664266f8736d5973769dc9d618ca4c17e
Author: Daniel Erat <derat@chromium.org>
Date: Fri Nov 30 03:31:16 2018

tast-tests: Make security.UserFiles* run on CQ.

Remove the "informational" attribute to make
security.UserFilesGuest and security.UserFilesLoggedIn run
on the Chrome OS Commit Queue.

BUG=chromium:877733
TEST=tests pass consistently on release builders
CQ-DEPEND=Ie6d38d611b96f10e1ab672f1440b9105528c32c1

Change-Id: If95338203ccbf04c457a9aec79967c1acd889aa5
Reviewed-on: https://chromium-review.googlesource.com/1348617
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/9040fcd664266f8736d5973769dc9d618ca4c17e/src/chromiumos/tast/local/bundles/cros/security/user_files_guest.go
[modify] https://crrev.com/9040fcd664266f8736d5973769dc9d618ca4c17e/src/chromiumos/tast/local/bundles/cros/security/user_files_logged_in.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/f6a22add2edcb8510d90d1c78e5ddaad715fa481

commit f6a22add2edcb8510d90d1c78e5ddaad715fa481
Author: Daniel Erat <derat@chromium.org>
Date: Sat Dec 01 09:08:41 2018

tast-tests: Make symlink/hardlink security tests run on CQ.

Remove the "informational" attribute to make security.SymlinkRestrictions and
security.HardLinkRestrictions run on the Chrome OS Commit Queue.

BUG=chromium:877733
TEST=tests pass consistently on release builders

Change-Id: Ib09b19177e2715c5c8deb2f98d3684929a7bfa47
Reviewed-on: https://chromium-review.googlesource.com/1348616
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/f6a22add2edcb8510d90d1c78e5ddaad715fa481/src/chromiumos/tast/local/bundles/cros/security/hard_link_restrictions.go
[modify] https://crrev.com/f6a22add2edcb8510d90d1c78e5ddaad715fa481/src/chromiumos/tast/local/bundles/cros/security/symlink_restrictions.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/0b425bd07cb627124ae3be7ef7ed2a8783edccbb

commit 0b425bd07cb627124ae3be7ef7ed2a8783edccbb
Author: Daniel Erat <derat@chromium.org>
Date: Mon Dec 03 20:43:37 2018

tast-tests: Make security.NetworkListeners* ignore Autotest.

Update the netlisten.CheckPorts function used by
security.NetworkListenersARC and
security.NetworkListenersNonARC to ignore Autotest and
Python processes.

I was hopeful that this wasn't still necessary, but it looks
like it still is, per failures like
http://stainless/browse/chromeos-autotest-results/261370413-chromeos-test/

The approach used here is simpler than the one used by the
security_NetworkListeners Autotest test, as the gopsutil
package doesn't appear to report duplicate connections for
sockets that have been passed to child processes (unlike
lsof).

BUG=chromium:877733
TEST=manual: verified that security.NetworkListenersNonARC
     still passes after using Python to open a socket and
     pass it to a child process:
     > import socket
     > s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     > s.bind(('127.0.0.1', 12345))
     > s.listen(5)
     > import subprocess
     > subprocess.call(['sleep', '60'])

Change-Id: I218f5ad6d2aa718ede92430a498d2568bfa00387
Reviewed-on: https://chromium-review.googlesource.com/1357258
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[modify] https://crrev.com/0b425bd07cb627124ae3be7ef7ed2a8783edccbb/src/chromiumos/tast/local/bundles/cros/security/netlisten/netlisten.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/1e8497fdbffc709533003f0845485ca6e7bc8109

commit 1e8497fdbffc709533003f0845485ca6e7bc8109
Author: Daniel Erat <derat@chromium.org>
Date: Mon Dec 03 20:43:39 2018

tast-tests: Make security.PrivilegedFiles ignore file errors.

Make the security.PrivilegedFiles test ignore errors
reported by filepath.Walk, which typically indicate that
files were deleted. The filecheck.Check function, which is
used by most other security tests that check files, already
contains similar logic.

BUG=chromium:877733
TEST=ran the test

Change-Id: I419340fbcb24e53fbcc7a292c4c063c71b4b0295
Reviewed-on: https://chromium-review.googlesource.com/1357702
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/1e8497fdbffc709533003f0845485ca6e7bc8109/src/chromiumos/tast/local/bundles/cros/security/privileged_files.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/0acae128a8af115d0366c4195838b8e5364eda4f

commit 0acae128a8af115d0366c4195838b8e5364eda4f
Author: Eric Caruso <ejcaruso@chromium.org>
Date: Tue Dec 04 04:32:12 2018

tast-tests: Add security.StatefulPartitionHardening local test

Port the security_StatefulPartitionHardening Autotest as
security.StatefulPartitionHardening.

BUG=chromium:877733
TEST=ran it successfully

Change-Id: I8ae7e07e195e8ed8eaee95799387464fee6fae0c
Reviewed-on: https://chromium-review.googlesource.com/1357679
Commit-Ready: Eric Caruso <ejcaruso@chromium.org>
Tested-by: Eric Caruso <ejcaruso@chromium.org>
Reviewed-by: Eric Caruso <ejcaruso@chromium.org>

[add] https://crrev.com/0acae128a8af115d0366c4195838b8e5364eda4f/src/chromiumos/tast/local/bundles/cros/security/stateful_partition_hardening.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/2f225d87c6ddd019774268cfd2dfbb6fe8e34a48

commit 2f225d87c6ddd019774268cfd2dfbb6fe8e34a48
Author: Eric Caruso <ejcaruso@chromium.org>
Date: Tue Dec 04 22:00:07 2018

tast-use-flags: add asan flag

This can be checked in the upcoming security.ASLR test.

BUG=chromium:877733
TEST=emerge with and without USE flag, check tast_use_flags.txt

Change-Id: I11fa6c3acdff41a1ca8ea289de46618028f8168c
Reviewed-on: https://chromium-review.googlesource.com/1359773
Commit-Ready: Eric Caruso <ejcaruso@chromium.org>
Tested-by: Eric Caruso <ejcaruso@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[modify] https://crrev.com/2f225d87c6ddd019774268cfd2dfbb6fe8e34a48/chromeos-base/tast-use-flags/tast-use-flags-0.0.1.ebuild
[rename] https://crrev.com/2f225d87c6ddd019774268cfd2dfbb6fe8e34a48/chromeos-base/tast-use-flags/tast-use-flags-0.0.1-r16.ebuild

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/c72c9993ec31a17535d5fcec4f2d1b5657e50194

commit c72c9993ec31a17535d5fcec4f2d1b5657e50194
Author: Daniel Erat <derat@chromium.org>
Date: Tue Dec 04 22:17:16 2018

tast-tests: Add dev_image_old to security.StatefulFiles.

I'm not sure what creates it, but per the failure at
http://stainless/browse/chromeos-autotest-results/263445795-chromeos-test/,
it looks like a /mnt/stateful_partition/dev_image_old
directory can be left behind on DUTs. Skip it as is already
done for the dev_image directory.

Also add some more blank lines between groups of patterns to
make the code easier to read.

BUG=chromium:877733
TEST=manual: ran the test

Change-Id: I1eafbee88dce4517ad615d9785f3da0fb5e62045
Reviewed-on: https://chromium-review.googlesource.com/c/1362080
Tested-by: Dan Erat <derat@chromium.org>
Trybot-Ready: Dan Erat <derat@chromium.org>
Reviewed-by: Eric Caruso <ejcaruso@chromium.org>
Commit-Queue: Dan Erat <derat@chromium.org>

[modify] https://crrev.com/c72c9993ec31a17535d5fcec4f2d1b5657e50194/src/chromiumos/tast/local/bundles/cros/security/stateful_files.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast/+/6ca58ce17d39387fa19f1985d42368de3f468f7b

commit 6ca58ce17d39387fa19f1985d42368de3f468f7b
Author: Eric Caruso <ejcaruso@chromium.org>
Date: Wed Dec 05 22:09:26 2018

local_test_runner: plumb ASAN use flag through software deps

This allows tests to run only when ASAN is disabled.

BUG=chromium:877733
TEST=run security.ASLR with checktestdeps and ensure it fails
  if the system has the use flag
CQ-DEPEND=CL:1359773

Change-Id: I4d8f53422c24de6cfdb2608c136cde67b1ccb2f4
Reviewed-on: https://chromium-review.googlesource.com/1359793
Commit-Ready: Eric Caruso <ejcaruso@chromium.org>
Tested-by: Eric Caruso <ejcaruso@chromium.org>
Reviewed-by: Eric Caruso <ejcaruso@chromium.org>

[modify] https://crrev.com/6ca58ce17d39387fa19f1985d42368de3f468f7b/src/chromiumos/cmd/local_test_runner/main.go
[modify] https://crrev.com/6ca58ce17d39387fa19f1985d42368de3f468f7b/docs/test_dependencies.md

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/37ffe2c20f062ca7cbef4b2c8b09236eaa5dea53

commit 37ffe2c20f062ca7cbef4b2c8b09236eaa5dea53
Author: Daniel Erat <derat@chromium.org>
Date: Thu Dec 06 22:35:29 2018

tast-tests: Make security.PrivilegedFiles run on CQ.

Remove the "informational" attribute to make this test run
on the Chrome OS Commit Queue.

BUG=chromium:877733
TEST=test passes consistently on release builders
CQ-DEPEND=I419340fbcb24e53fbcc7a292c4c063c71b4b0295

Change-Id: I7100a2401e9f72093793b0dd1cc052b087eebb94
Reviewed-on: https://chromium-review.googlesource.com/1348611
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/37ffe2c20f062ca7cbef4b2c8b09236eaa5dea53/src/chromiumos/tast/local/bundles/cros/security/privileged_files.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/af949fccc29e8293000a0902688f6e66a78d6d95

commit af949fccc29e8293000a0902688f6e66a78d6d95
Author: Eric Caruso <ejcaruso@chromium.org>
Date: Fri Dec 07 06:06:51 2018

tast-tests: Add security.ASLR local test

This is a port of security_ASLR in autotest. It does not
currently support systemd but we can revisit that if we
need to run this on lakitu builders.

BUG=chromium:877733
TEST=ran successfully on nautilus
CQ-DEPEND=CL:1359793

Change-Id: I80c2af31a13d344894e68c4132c477db057b485d
Reviewed-on: https://chromium-review.googlesource.com/1361996
Commit-Ready: Eric Caruso <ejcaruso@chromium.org>
Tested-by: Eric Caruso <ejcaruso@chromium.org>
Reviewed-by: Eric Caruso <ejcaruso@chromium.org>

[add] https://crrev.com/af949fccc29e8293000a0902688f6e66a78d6d95/src/chromiumos/tast/local/bundles/cros/security/aslr.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/f0246a52381eba780c4a6bc5e48a98072059278d

commit f0246a52381eba780c4a6bc5e48a98072059278d
Author: Daniel Erat <derat@chromium.org>
Date: Sat Dec 08 16:44:06 2018

tast-tests: Make security.StatefulFiles run on CQ.

Remove the "informational" attribute to make this test run
on the Chrome OS Commit Queue.

BUG=chromium:877733
TEST=test passes consistently on release builders
CQ-DEPEND=I7567556871bd57844a6573b0587d3d583cdca539

Change-Id: I5eed6db35ef35a5f3b831b68b38c73361d741b17
Reviewed-on: https://chromium-review.googlesource.com/1348614
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[modify] https://crrev.com/f0246a52381eba780c4a6bc5e48a98072059278d/src/chromiumos/tast/local/bundles/cros/security/stateful_files.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/1bf4e831a2f8906bd8d0014ef79419f4b97a4f14

commit 1bf4e831a2f8906bd8d0014ef79419f4b97a4f14
Author: Dan Erat <derat@chromium.org>
Date: Sat Dec 08 16:44:04 2018

Reland "tast-tests: Make security.NetworkListeners* run on CQ."

This reverts commit 17f50b220b8a63fb042732e2cba883cf75a86a76.

Reason for revert: These tests appear to be non-flaky on
release builders now. The only failures I see in the last
week are unrelated ARC boot failures on eve-arcnext and
login failures on daisy and daisy_skate.

Original change's description:
> Revert "tast-tests: Make security.NetworkListeners* run on CQ."
>
> This reverts commit 147f905d01cc7897dd0146ec5982fbd57632ae18.
>
> Reason for revert: Probably need to exclude Autotest Python processes.
> See e.g. http://stainless/browse/chromeos-autotest-results/261370413-chromeos-test/.
>
> Original change's description:
> > tast-tests: Make security.NetworkListeners* run on CQ.
> >
> > Remove the "informational" attribute to make security.NetworkListenersARC and
> > security.NetworkListenersNonARC run on the Chrome OS Commit Queue.
> >
> > BUG=chromium:877733
> > TEST=tests pass consistently on release builders
> >
> > Change-Id: I5ee2a90a086bd0dd8ada008c14b370fa13ee491b
> > Reviewed-on: https://chromium-review.googlesource.com/1348615
> > Commit-Ready: Dan Erat <derat@chromium.org>
> > Tested-by: Dan Erat <derat@chromium.org>
> > Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>
>
> Bug: chromium:877733
> Change-Id: I9c1c7722271279964023e4a0fe381727cdb9c175
> Reviewed-on: https://chromium-review.googlesource.com/c/1352929
> Reviewed-by: Dan Erat <derat@chromium.org>
> Tested-by: Dan Erat <derat@chromium.org>

Bug: chromium:877733
Change-Id: I8e7724b50c84680d75812e1d81ce1a536bd28ed5
Reviewed-on: https://chromium-review.googlesource.com/1366382
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[modify] https://crrev.com/1bf4e831a2f8906bd8d0014ef79419f4b97a4f14/src/chromiumos/tast/local/bundles/cros/security/network_listeners_arc.go
[modify] https://crrev.com/1bf4e831a2f8906bd8d0014ef79419f4b97a4f14/src/chromiumos/tast/local/bundles/cros/security/network_listeners_non_arc.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/d3aef814243750c60de55924d797168b87feb2d4

commit d3aef814243750c60de55924d797168b87feb2d4
Author: Daniel Erat <derat@chromium.org>
Date: Sat Dec 08 16:44:05 2018

tast-tests: Add security.ModuleLocking to the CQ.

Remove the "informational" attribute from the
security.ModuleLocking test so it will run on the Chrome OS
Commit Queue. This test has been consistently passing on
release builders since https://crrev.com/c/1357681 went in.

BUG=chromium:877733
TEST=none

Change-Id: I908b6951ebece8576b20d19d74fb56f782377449
Reviewed-on: https://chromium-review.googlesource.com/1366384
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>

[modify] https://crrev.com/d3aef814243750c60de55924d797168b87feb2d4/src/chromiumos/tast/local/bundles/cros/security/module_locking.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/43ac12760c7f40771992cad19472473da804d465

commit 43ac12760c7f40771992cad19472473da804d465
Author: Daniel Erat <derat@chromium.org>
Date: Wed Dec 12 21:55:48 2018

tast-tests: Add security.ExecStack test.

Port the security_RuntimeExecStack Autotest test to a new
security.ExecStack Tast test.

BUG=chromium:877733
TEST=ran security.ExecStack on kevin and caroline

Change-Id: I4b51c50f86fbbd14c89b54c24f294a2b57f3e13b
Reviewed-on: https://chromium-review.googlesource.com/1370629
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[add] https://crrev.com/43ac12760c7f40771992cad19472473da804d465/src/chromiumos/tast/local/bundles/cros/security/exec_stack.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/6bdbbcf70ee13d5bcdd9eb3880b87742fbff78ac

commit 6bdbbcf70ee13d5bcdd9eb3880b87742fbff78ac
Author: Daniel Erat <derat@chromium.org>
Date: Thu Dec 13 01:04:57 2018

tast-tests: Add security.RunOCI test.

Port the security_RunOci Autotest test to a new
security.RunOCI Tast test.

The original test stored each test case in a separate JSON
file. To improve maintainability, I'm storing the test cases
within the new test instead.

BUG=chromium:877733
TEST=security.RunOCI passes on caroline and kevin

Change-Id: I1a184d12b98b666f8d6cb0729801615c0f83f84c
Reviewed-on: https://chromium-review.googlesource.com/1370627
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[add] https://crrev.com/6bdbbcf70ee13d5bcdd9eb3880b87742fbff78ac/src/chromiumos/tast/local/bundles/cros/security/run_oci.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/4f959a82747c9cc429dc1d6dc78fd9cf0d1122ff

commit 4f959a82747c9cc429dc1d6dc78fd9cf0d1122ff
Author: Daniel Erat <derat@chromium.org>
Date: Fri Dec 14 03:28:20 2018

tast-tests: Move security.ASLR to Chrome OS Commit Queue.

security.ASLR has been passing consistently on release
builders since it was added, so remove its "informational"
attribute to make it run on the Chrome OS Commit Queue.

BUG=chromium:877733
TEST=checked results in stainless

Change-Id: I9fe73af740a80e90176d092a5a007c0c2d872646
Reviewed-on: https://chromium-review.googlesource.com/1375273
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>

[modify] https://crrev.com/4f959a82747c9cc429dc1d6dc78fd9cf0d1122ff/src/chromiumos/tast/local/bundles/cros/security/aslr.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/c90334abfd86b9db3095a78e0e295c4feeb25490

commit c90334abfd86b9db3095a78e0e295c4feeb25490
Author: Dan Erat <derat@chromium.org>
Date: Mon Dec 17 22:28:40 2018

Revert "tast-tests: Move security.ASLR to Chrome OS Commit Queue."

This reverts commit 4f959a82747c9cc429dc1d6dc78fd9cf0d1122ff.

Reason for revert: Failing sometimes in the CQ with
"Mapping for ... occurred at ... in two maps".

Original change's description:
> tast-tests: Move security.ASLR to Chrome OS Commit Queue.
> 
> security.ASLR has been passing consistently on release
> builders since it was added, so remove its "informational"
> attribute to make it run on the Chrome OS Commit Queue.
> 
> BUG=chromium:877733
> TEST=checked results in stainless
> 
> Change-Id: I9fe73af740a80e90176d092a5a007c0c2d872646
> Reviewed-on: https://chromium-review.googlesource.com/1375273
> Commit-Ready: Dan Erat <derat@chromium.org>
> Tested-by: Dan Erat <derat@chromium.org>
> Reviewed-by: Shuhei Takahashi <nya@chromium.org>

Bug:  chromium:915824 
Change-Id: Ie76bf60498e8ae76f78a9056222df6439c825f5d
Reviewed-on: https://chromium-review.googlesource.com/c/1381060
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

[modify] https://crrev.com/c90334abfd86b9db3095a78e0e295c4feeb25490/src/chromiumos/tast/local/bundles/cros/security/aslr.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/3191604a8d1ba6416a4b53b22d155e0062b32fa6

commit 3191604a8d1ba6416a4b53b22d155e0062b32fa6
Author: Daniel Erat <derat@chromium.org>
Date: Wed Dec 19 09:12:29 2018

tast-use-flags: Add "containers" USE flag to IUSE.

This is needed to add a dependency to the security.RunOCI
test so it will be skipped on DUTs that don't have run_oci
installed.

BUG=chromium:877733
TEST=none

Change-Id: Icb89c58f14ef4e82734faa77381d063ddbd1741b
Reviewed-on: https://chromium-review.googlesource.com/1382877
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>

[rename] https://crrev.com/3191604a8d1ba6416a4b53b22d155e0062b32fa6/chromeos-base/tast-use-flags/tast-use-flags-0.0.1-r17.ebuild
[modify] https://crrev.com/3191604a8d1ba6416a4b53b22d155e0062b32fa6/chromeos-base/tast-use-flags/tast-use-flags-0.0.1.ebuild

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast/+/6ada41dec0170fb52e6b401d65219d0a865fa816

commit 6ada41dec0170fb52e6b401d65219d0a865fa816
Author: Daniel Erat <derat@chromium.org>
Date: Wed Dec 19 09:12:29 2018

tast: Add "containers" dependency.

This is needed to skip the security.RunOCI test on DUTs that
don't have run_oci installed.

BUG=chromium:877733
TEST=none
CQ-DEPEND=Icb89c58f14ef4e82734faa77381d063ddbd1741b

Change-Id: I15dd377241628b51c7a182357bd676b5bbf2ee60
Reviewed-on: https://chromium-review.googlesource.com/1382621
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/6ada41dec0170fb52e6b401d65219d0a865fa816/src/chromiumos/cmd/local_test_runner/main.go
[modify] https://crrev.com/6ada41dec0170fb52e6b401d65219d0a865fa816/docs/test_dependencies.md

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/1feb5b28550cd12f102a3a49358ddf6a40dda67b

commit 1feb5b28550cd12f102a3a49358ddf6a40dda67b
Author: Daniel Erat <derat@chromium.org>
Date: Wed Dec 19 09:12:30 2018

tast-tests: Make security.RunOCI depend on "containers".

Make the security.RunOCI test depend on the "containers"
feature so it will be skipped on DUTs that lack the run_oci
command.

BUG=chromium:877733
TEST=none
CQ-DEPEND=I15dd377241628b51c7a182357bd676b5bbf2ee60

Change-Id: I49a77773f515ba8c07d8d47ae2a758be063d88d9
Reviewed-on: https://chromium-review.googlesource.com/1382878
Commit-Ready: Dan Erat <derat@chromium.org>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/1feb5b28550cd12f102a3a49358ddf6a40dda67b/src/chromiumos/tast/local/bundles/cros/security/run_oci.go

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/tast-tests/+/3a0e3bba6bc75906eb28e91f9d787146d86630cf

commit 3a0e3bba6bc75906eb28e91f9d787146d86630cf
Author: Daniel Erat <derat@chromium.org>
Date: Tue Jan 08 03:40:57 2019

tast-tests: Add security.StatefulPartitionHardening to CQ.

Add the security.StatefulPartitionHardening local test to
the Chrome OS Commit Queue.

BUG=chromium:877733
TEST=no failures over last 14 days on release builders

Change-Id: I621e4874081414ac869407703d3acf3110c437ad
Reviewed-on: https://chromium-review.googlesource.com/1390949
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Tested-by: Dan Erat <derat@chromium.org>
Reviewed-by: Shuhei Takahashi <nya@chromium.org>
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>

[modify] https://crrev.com/3a0e3bba6bc75906eb28e91f9d787146d86630cf/src/chromiumos/tast/local/bundles/cros/security/stateful_partition_hardening.go