Google Git
Sign in
fuchsia / fuchsia / main / . / src / security / lib / scrutiny / tests / structured_config
tree: 4ecef0ddbe990b9b013f6898c7d50887072a70f5 [path history] [tgz]
  1. BUILD.gn
  2. check_extracted_structured_config.py
  3. check_failed_verifier_policy.py
  4. component_tree_config.json5
  5. failing_policy.json5
  6. passing_policy.json5
  7. README.md
src/security/lib/scrutiny/tests/structured_config/README.md

structured_config

This test has several main components:

  1. a Fuchsia package, core realm shard, and a system assembly that add a component with known configuration values to the component topology
  2. a host test which parses the audit report written by scrutiny and asserts that the known component's configuration was visible
  3. a policy file which enforces that scrutiny found the expected value and tests the policy checking mechanism
  4. a policy file which requests a different value than packaged, tested using a script that asserts the policy verifier failed

The core shard is necessary for scrutiny to pull our test component into its model of the component topology.

In order to avoid polluting the core product definition we build our own assembled_system() based off of the same inputs as the one in //build/images/fuchsia.