toolchain

package

v0.0.0-...-683b059 Latest Latest Go to latest Published: Apr 23, 2022 License: BSD-3-Clause Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

chromium.googlesource.com/chromiumos/platform/tast-tests

Documentation ¶

Overview ¶

Package toolchain contains support code for the security.ToolchainOptions test.

Index ¶

func CreateNotLinkedVerify(pattern string) func(ef *elf.File) error
func LoadwxVerify(ef *elf.File) error
func NowVerify(ef *elf.File) error
func PieVerify(ef *elf.File) error
func RelroVerify(ef *elf.File) error
func StackVerify(ef *elf.File) error
func TextrelVerify(ef *elf.File) error
type CheckMode
type ELFCondition
- func NewELFCondition(verify func(ef *elf.File) error, w []string) *ELFCondition
- func (ec *ELFCondition) CheckAndFilter(path string, ef *elf.File, mode CheckMode) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateNotLinkedVerify ¶

func CreateNotLinkedVerify(pattern string) func(ef *elf.File) error

CreateNotLinkedVerify Condition: Verify all binaries are not linked with |pattern|.

func LoadwxVerify ¶

func LoadwxVerify(ef *elf.File) error

LoadwxVerify Condition: Verify no binaries have W+X LOAD program headers.

func NowVerify ¶

func NowVerify(ef *elf.File) error

NowVerify Condition: Verify non-static binaries have BIND_NOW in dynamic section.

func PieVerify ¶

func PieVerify(ef *elf.File) error

PieVerify Condition: Verify non-static binaries are dynamic (built PIE).

func RelroVerify ¶

func RelroVerify(ef *elf.File) error

RelroVerify Condition: Verify non-static binaries have RELRO program header.

func StackVerify ¶

func StackVerify(ef *elf.File) error

StackVerify Condition: Verify all binaries have non-exec STACK program header.

func TextrelVerify ¶

func TextrelVerify(ef *elf.File) error

TextrelVerify Condition: Verify dynamic ELFs don't include TEXTRELs.

Types ¶

type CheckMode ¶

type CheckMode int

CheckMode specifies what to check for security.ToolchainOptions.

const (
	// CheckNormal tests that files not in allowlists pass checks.
	CheckNormal CheckMode = iota
	// CheckAllowlist tests that files in allowlists fail checks.
	CheckAllowlist
	// CheckNormalWithDLCs tests with critical DLCs installed.
	CheckNormalWithDLCs
)

type ELFCondition ¶

type ELFCondition struct {
	// contains filtered or unexported fields
}

ELFCondition is a specific condition which is verified against all not-skipped ELF files.

func NewELFCondition ¶

func NewELFCondition(verify func(ef *elf.File) error, w []string) *ELFCondition

NewELFCondition takes a verification function and a list of literal paths to allowlist for that condition and returns a new ELFCondition.

func (*ELFCondition) CheckAndFilter ¶

func (ec *ELFCondition) CheckAndFilter(path string, ef *elf.File, mode CheckMode) error

CheckAndFilter takes in a file and checks it against an ELFCondition, returning an error if the file is not allowed.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL