| Tao Bao | ba55770 | 2018-03-10 20:41:16 -0800 | [diff] [blame^] | 1 | # |
| 2 | # Copyright (C) 2018 The Android Open Source Project |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | # you may not use this file except in compliance with the License. |
| 6 | # You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | # See the License for the specific language governing permissions and |
| 14 | # limitations under the License. |
| 15 | # |
| 16 | |
| 17 | """Unittests for validate_target_files.py. |
| 18 | |
| 19 | Note: This file calls functions in build_image.py that hard-code the path in |
| 20 | relative to ANDROID_BUILD_TOP (e.g. |
| 21 | system/extras/verity/build_verity_metadata.py). So the test needs to be |
| 22 | triggered under ANDROID_BUILD_TOP or the top-level OTA tools directory (i.e. |
| 23 | the one after unzipping otatools.zip). |
| 24 | |
| 25 | (from ANDROID_BUILD_TOP) |
| 26 | $ PYTHONPATH=build/make/tools/releasetools python -m unittest \\ |
| 27 | test_validate_target_files |
| 28 | |
| 29 | (from OTA tools directory) |
| 30 | $ PYTHONPATH=releasetools python -m unittest test_validate_target_files |
| 31 | """ |
| 32 | |
| 33 | from __future__ import print_function |
| 34 | |
| 35 | import os |
| 36 | import os.path |
| 37 | import shutil |
| 38 | import subprocess |
| 39 | import unittest |
| 40 | |
| 41 | import build_image |
| 42 | import common |
| 43 | import test_utils |
| 44 | from validate_target_files import ValidateVerifiedBootImages |
| 45 | |
| 46 | |
| 47 | class ValidateTargetFilesTest(unittest.TestCase): |
| 48 | |
| 49 | def setUp(self): |
| 50 | self.testdata_dir = test_utils.get_testdata_dir() |
| 51 | |
| 52 | def tearDown(self): |
| 53 | common.Cleanup() |
| 54 | |
| 55 | def _generate_boot_image(self, output_file): |
| 56 | kernel = common.MakeTempFile(prefix='kernel-') |
| 57 | with open(kernel, 'wb') as kernel_fp: |
| 58 | kernel_fp.write(os.urandom(10)) |
| 59 | |
| 60 | cmd = ['mkbootimg', '--kernel', kernel, '-o', output_file] |
| 61 | proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) |
| 62 | stdoutdata, _ = proc.communicate() |
| 63 | self.assertEqual( |
| 64 | 0, proc.returncode, |
| 65 | "Failed to run mkbootimg: {}".format(stdoutdata)) |
| 66 | |
| 67 | cmd = ['boot_signer', '/boot', output_file, |
| 68 | os.path.join(self.testdata_dir, 'testkey.pk8'), |
| 69 | os.path.join(self.testdata_dir, 'testkey.x509.pem'), output_file] |
| 70 | proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) |
| 71 | stdoutdata, _ = proc.communicate() |
| 72 | self.assertEqual( |
| 73 | 0, proc.returncode, |
| 74 | "Failed to sign boot image with boot_signer: {}".format(stdoutdata)) |
| 75 | |
| 76 | def test_ValidateVerifiedBootImages_bootImage(self): |
| 77 | input_tmp = common.MakeTempDir() |
| 78 | os.mkdir(os.path.join(input_tmp, 'IMAGES')) |
| 79 | boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img') |
| 80 | self._generate_boot_image(boot_image) |
| 81 | |
| 82 | info_dict = { |
| 83 | 'boot_signer' : 'true', |
| 84 | } |
| 85 | options = { |
| 86 | 'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'), |
| 87 | } |
| 88 | ValidateVerifiedBootImages(input_tmp, info_dict, options) |
| 89 | |
| 90 | def test_ValidateVerifiedBootImages_bootImage_wrongKey(self): |
| 91 | input_tmp = common.MakeTempDir() |
| 92 | os.mkdir(os.path.join(input_tmp, 'IMAGES')) |
| 93 | boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img') |
| 94 | self._generate_boot_image(boot_image) |
| 95 | |
| 96 | info_dict = { |
| 97 | 'boot_signer' : 'true', |
| 98 | } |
| 99 | options = { |
| 100 | 'verity_key' : os.path.join(self.testdata_dir, 'verity.x509.pem'), |
| 101 | } |
| 102 | self.assertRaises( |
| 103 | AssertionError, ValidateVerifiedBootImages, input_tmp, info_dict, |
| 104 | options) |
| 105 | |
| 106 | def test_ValidateVerifiedBootImages_bootImage_corrupted(self): |
| 107 | input_tmp = common.MakeTempDir() |
| 108 | os.mkdir(os.path.join(input_tmp, 'IMAGES')) |
| 109 | boot_image = os.path.join(input_tmp, 'IMAGES', 'boot.img') |
| 110 | self._generate_boot_image(boot_image) |
| 111 | |
| 112 | # Corrupt the late byte of the image. |
| 113 | with open(boot_image, 'r+b') as boot_fp: |
| 114 | boot_fp.seek(-1, os.SEEK_END) |
| 115 | last_byte = boot_fp.read(1) |
| 116 | last_byte = chr(255 - ord(last_byte)) |
| 117 | boot_fp.seek(-1, os.SEEK_END) |
| 118 | boot_fp.write(last_byte) |
| 119 | |
| 120 | info_dict = { |
| 121 | 'boot_signer' : 'true', |
| 122 | } |
| 123 | options = { |
| 124 | 'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'), |
| 125 | } |
| 126 | self.assertRaises( |
| 127 | AssertionError, ValidateVerifiedBootImages, input_tmp, info_dict, |
| 128 | options) |
| 129 | |
| 130 | def _generate_system_image(self, output_file): |
| 131 | verity_fec = True |
| 132 | partition_size = 1024 * 1024 |
| 133 | adjusted_size, verity_size = build_image.AdjustPartitionSizeForVerity( |
| 134 | partition_size, verity_fec) |
| 135 | |
| 136 | # Use an empty root directory. |
| 137 | system_root = common.MakeTempDir() |
| 138 | cmd = ['mkuserimg_mke2fs.sh', '-s', system_root, output_file, 'ext4', |
| 139 | '/system', str(adjusted_size), '-j', '0'] |
| 140 | proc = common.Run(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) |
| 141 | stdoutdata, _ = proc.communicate() |
| 142 | self.assertEqual( |
| 143 | 0, proc.returncode, |
| 144 | "Failed to create system image with mkuserimg_mke2fs.sh: {}".format( |
| 145 | stdoutdata)) |
| 146 | |
| 147 | # Append the verity metadata. |
| 148 | prop_dict = { |
| 149 | 'original_partition_size' : str(partition_size), |
| 150 | 'partition_size' : str(adjusted_size), |
| 151 | 'verity_block_device' : '/dev/block/system', |
| 152 | 'verity_key' : os.path.join(self.testdata_dir, 'testkey'), |
| 153 | 'verity_signer_cmd' : 'verity_signer', |
| 154 | 'verity_size' : str(verity_size), |
| 155 | } |
| 156 | self.assertTrue( |
| 157 | build_image.MakeVerityEnabledImage(output_file, verity_fec, prop_dict)) |
| 158 | |
| 159 | def test_ValidateVerifiedBootImages_systemImage(self): |
| 160 | input_tmp = common.MakeTempDir() |
| 161 | os.mkdir(os.path.join(input_tmp, 'IMAGES')) |
| 162 | system_image = os.path.join(input_tmp, 'IMAGES', 'system.img') |
| 163 | self._generate_system_image(system_image) |
| 164 | |
| 165 | # Pack the verity key. |
| 166 | verity_key_mincrypt = os.path.join( |
| 167 | input_tmp, 'BOOT', 'RAMDISK', 'verity_key') |
| 168 | os.makedirs(os.path.dirname(verity_key_mincrypt)) |
| 169 | shutil.copyfile( |
| 170 | os.path.join(self.testdata_dir, 'testkey_mincrypt'), |
| 171 | verity_key_mincrypt) |
| 172 | |
| 173 | info_dict = { |
| 174 | 'verity' : 'true', |
| 175 | } |
| 176 | options = { |
| 177 | 'verity_key' : os.path.join(self.testdata_dir, 'testkey.x509.pem'), |
| 178 | 'verity_key_mincrypt' : verity_key_mincrypt, |
| 179 | } |
| 180 | ValidateVerifiedBootImages(input_tmp, info_dict, options) |