am e858cc6c: am 9deaad2f: Verify dmesg_restrict is set.
* commit 'e858cc6cd27aa5477df8f55be819cff8d088b3e3':
Verify dmesg_restrict is set.
diff --git a/tests/tests/security/src/android/security/cts/KernelSettingsTest.java b/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
index 1e6d384..cc4b6a6 100644
--- a/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
+++ b/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
@@ -59,6 +59,23 @@
}
/**
+ * dmesg shows the contents of the kernel log buffer. This log buffer
+ * stores sensitive information, such as kernel addresses, which
+ * could be used to perform attacks against the kernel. In addition,
+ * inappropriate data, such as keystrokes and touch events,
+ * are occasionally logged to dmesg. This setting prevents user
+ * space programs from accessing the kernel settings buffer,
+ * and should not be changed.
+ */
+ public void testDmesgRestrict() throws IOException {
+ try {
+ assertEquals("1", getFile("/proc/sys/kernel/dmesg_restrict"));
+ } catch (FileNotFoundException e) {
+ // Odd. The file doesn't exist... Assume we're ok.
+ }
+ }
+
+ /**
* setuid programs should not be dumpable.
*/
public void testSetuidDumpable() throws IOException {