Added support for TOMOYO Linux Mandatory Access Control (#589)

* Added binary for TOMOYO Linux

* Added support for TOMOYO Linux Mandatory Access Control

include/binaries

@@ -225,6 +225,7 @@
                             syslog-ng)              SYSLOGNGBINARY="${BINARY}";        SYSLOGNGVERSION=$(${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'); LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
                             systemctl)              SYSTEMCTLBINARY="${BINARY}";       LogText "  Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
                             timedatectl)            TIMEDATECTL="${BINARY}";           LogText "  Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
+                            tomoyo-init)            TOMOYOINITBINARY=${BINARY};        LogText "  Found known binary: tomoyo-init (tomoyo component) - ${BINARY}" ;;
                             tr)                     TRBINARY="${BINARY}";              LogText "  Found known binary: tr (text transformation) - ${BINARY}" ;;
                             tripwire)               TRIPWIREBINARY="${BINARY}";        LogText "  Found known binary: tripwire (file integrity) - ${BINARY}" ;;
                             tune2fs)                TUNE2FSBINARY="${BINARY}";         LogText "  Found known binary: tune2fs (file system tool) - ${BINARY}" ;;

include/tests_mac_frameworks

@@ -22,6 +22,7 @@
     MAC_FRAMEWORK_ACTIVE=0              # Default no MAC framework active
     RBAC_FRAMEWORK_ACTIVE=0             # Default no RBAC framework active
     SELINUXFOUND=0
+    TOMOYOFOUND=0
 
     InsertSection "Security frameworks"
 #
@@ -189,6 +190,46 @@
     fi
 #
 #################################################################################
+#
+    # Test        : CUST-0001
+    # Description : Check if TOMOYO Linux is installed
+    Register --test-no CUST-0001 --weight L --network NO --category security --description "Check TOMOYO Linux presence"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        LogText "Test: checking if we have tomoyo-init binary"
+        if [ -z "${TOMOYOINITBINARY}" ]; then
+            TOMOYOFOUND=0
+            LogText "Result: tomoyo-init binary not found"
+            Display --indent 2 --text "- Checking presence TOMOYO Linux" --result "${STATUS_NOT_FOUND}" --color WHITE
+        else
+            TOMOYOFOUND=1
+            LogText "Result: tomoyo-init binary found"
+            Display --indent 2 --text "- Checking presence TOMOYO Linux" --result "${STATUS_FOUND}" --color GREEN
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : CUST-0002
+    # Description : Check TOMOYO Linux status
+    if [ ${TOMOYOFOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no CUST-0002 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check TOMOYO Linux status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FILE="/sys/kernel/security/tomoyo/stat"
+        if [ -f ${FILE} ]; then
+            MAC_FRAMEWORK_ACTIVE=1
+            LogText "Result: TOMOYO Linux is enabled"
+            Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_ENABLED}" --color GREEN
+            Report "tomoyo_enabled=1"
+            AddHP 3 3
+        else
+            LogText "Result: TOMOYO Linux is disabled"
+            Display --indent 4 --text "- Checking TOMOYO Linux status" --result "${STATUS_DISABLED}" --color YELLOW
+            Report "tomoyo_enabled=0"
+            AddHP 0 3
+        fi
+    fi
+#
+#################################################################################
 #
     # Test        : MACF-6290
     # Description : Check if at least one MAC framework is implemented