mirror of
https://github.com/google/santa.git
synced 2026-01-13 16:28:01 -05:00
28dd6cbaed
* e2e for macos 14 * no shutdown * gh path * dismiss santa popup after bad binary * sleep for ui * re-enable start vm * re-enable poweroff * tabs * ratchet checkout actions in e2e
53 lines
1.3 KiB
Bash
Executable File
53 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
set -x
|
|
|
|
bazel run //Testing/integration:install_profile -- Testing/integration/configs/default.mobileconfig
|
|
|
|
# Reset moroz to default config
|
|
killall moroz
|
|
/tmp/moroz -configs="$GITHUB_WORKSPACE/Testing/integration/configs/moroz_default/global.toml" -use-tls=false &
|
|
|
|
sudo santactl sync --debug
|
|
|
|
# Ensure baseline binary blocking
|
|
set +e
|
|
./Source/santad/testdata/binaryrules/badbinary
|
|
blocked=$?
|
|
set -e
|
|
|
|
if [[ $blocked == 0 ]]; then
|
|
echo "Blocklisted binary allowed to run" >&2
|
|
exit 1
|
|
fi
|
|
|
|
if [[ "$(sudo santactl status --json | jq .daemon.block_usb)" != "false" ]]; then
|
|
echo "USB blocking enabled with minimal config" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Wait for the UI to have come up
|
|
sleep 5
|
|
|
|
bazel run //Testing/integration:dismiss_santa_popup
|
|
|
|
# Now change moroz to use the changed config, enabling USB blocking and removing the badbinary block rule
|
|
killall moroz
|
|
/tmp/moroz -configs="$GITHUB_WORKSPACE/Testing/integration/configs/moroz_changed/global.toml" -use-tls=false &
|
|
|
|
sudo santactl sync --debug
|
|
|
|
set +e
|
|
./Source/santad/testdata/binaryrules/badbinary
|
|
blocked=$?
|
|
set -e
|
|
|
|
if [[ $blocked != 0 ]]; then
|
|
echo "Removal from blocklist failed" >&2
|
|
exit 1
|
|
fi
|
|
|
|
if [[ "$(sudo santactl status --json | jq .daemon.block_usb)" != "true" ]]; then
|
|
echo "USB blocking config change didnt take effect" >&2
|
|
exit 1
|
|
fi
|