Commit 8a01831b authored by intrigeri's avatar intrigeri
Browse files

Merge remote-tracking branch 'origin/test/10340-disable-all-networking' into testing

Fix-committed: #10340
parents 45de9cf1 18f4d65f
......@@ -84,3 +84,11 @@ Feature: Various checks
Scenario: tails-debugging-info does not leak information
Given I have started Tails from DVD without network and logged in
Then tails-debugging-info is not susceptible to symlink attacks
Scenario: The Tails Greeter "disable all networking" option disables networking within Tails
Given I have started Tails from DVD without network and stopped at Tails Greeter's login screen
And I enable more Tails Greeter options
And I disable all networking in the Tails Greeter
And I log in to a new session
And the Tails desktop is ready
Then no network interfaces are enabled
......@@ -236,3 +236,12 @@ Then /^tails-debugging-info is not susceptible to symlink attacks$/ do
$vm.execute_successfully("echo > #{debug_file}")
end
end
When /^I disable all networking in the Tails Greeter$/ do
begin
@screen.click('TailsGreeterDisableAllNetworking.png')
rescue FindFailed
@screen.type(Sikuli::Key.PAGE_DOWN)
@screen.click('TailsGreeterDisableAllNetworking.png')
end
end
......@@ -468,9 +468,12 @@ Given /^I enter the "([^"]*)" password in the pkexec prompt$/ do |password|
deal_with_polkit_prompt('PolicyKitAuthPrompt.png', password)
end
Given /^process "([^"]+)" is running$/ do |process|
assert($vm.has_process?(process),
"Process '#{process}' is not running")
Given /^process "([^"]+)" is (not )?running$/ do |process, not_running|
if not_running
assert(!$vm.has_process?(process), "Process '#{process}' is running")
else
assert($vm.has_process?(process), "Process '#{process}' is not running")
end
end
Given /^process "([^"]+)" is running within (\d+) seconds$/ do |process, time|
......@@ -487,11 +490,6 @@ Given /^process "([^"]+)" has stopped running after at most (\d+) seconds$/ do |
end
end
Given /^process "([^"]+)" is not running$/ do |process|
assert(!$vm.has_process?(process),
"Process '#{process}' is running")
end
Given /^I kill the process "([^"]+)"$/ do |process|
$vm.execute("killall #{process}")
try_for(10, :msg => "Process '#{process}' could not be killed") {
......
......@@ -35,6 +35,18 @@ def ip6tables_rules(chain, table = "filter")
iptables_rules_parse("ip6tables", chain, table)
end
def ip4tables_packet_counter_sum(filters = {})
pkts = 0
ip4tables_chains do |name, _, rules|
next if filters[:tables] && not(filters[:tables].include?(name))
rules.each do |rule|
next if filters[:uid] && not(rule.elements["conditions/owner/uid-owner[text()=#{filters[:uid]}]"])
pkts += rule.attribute('packet-count').to_s.to_i
end
end
return pkts
end
def try_xml_element_text(element, xpath, default = nil)
node = element.elements[xpath]
(node.nil? or not(node.has_text?)) ? default : node.text
......
......@@ -178,17 +178,8 @@ But /^checking for updates is disabled in the Unsafe Browser's configuration$/ d
end
Then /^the clearnet user has (|not )sent packets out to the Internet$/ do |sent|
pkts = 0
uid = $vm.execute_successfully("id -u clearnet").stdout.chomp.to_i
ip4tables_chains do |name, _, rules|
next unless name == "OUTPUT"
rules.each do |rule|
if rule.elements["conditions/owner/uid-owner[text()=#{uid}]"]
pkts += rule.attribute('packet-count').to_s.to_i
end
end
end
pkts = ip4tables_packet_counter_sum(:tables => ['OUTPUT'], :uid => uid)
case sent
when ''
assert(pkts > 0, "Packets have not gone out to the internet.")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment