commit 05b40c6587bce5064890183b4fdf6ca9797abe91
author Alan Stokes <alanstokes@google.com> Tue May 24 07:42:24 2022 +0000
committer Alan Stokes <alanstokes@google.com> Tue May 24 14:41:36 2022 +0000
tree 5968fb7e9c5a3d35205b5db232dfca670d906181
parent 00e20053fe87c9fb7e3227f1cdfdddc604c5a747

Revert^2 "Verify that the VM-generated BCC is valid"

Reverts commit 00e20053fe87c9fb7e3227f1cdfdddc604c5a747

This is relanding the original commit f822d7492b0ecc0dd62cfe4dba5fc7123e57de57 unchanged.

Bug: 233338216
Test: croot system/security/diced; atest -p
Change-Id: I7b53b0a82590f8f9eddb44fa8ac1ca20116f99a4

compos/tests/Android.bp

diff --git a/compos/tests/Android.bp b/compos/tests/Android.bp
index c178ddd..b77a7e4 100644
--- a/compos/tests/Android.bp
+++ b/compos/tests/Android.bp
@@ -10,6 +10,7 @@
         "compatibility-tradefed",
         "compatibility-host-util",
     ],
+    data_native_bins: ["bcc_validator"],
     static_libs: [
         "VirtualizationTestHelper",
     ],

compos/tests/java/android/compos/test/ComposTestCase.java

diff --git a/compos/tests/java/android/compos/test/ComposTestCase.java b/compos/tests/java/android/compos/test/ComposTestCase.java
index eec9e39..51f0a1f 100644
--- a/compos/tests/java/android/compos/test/ComposTestCase.java
+++ b/compos/tests/java/android/compos/test/ComposTestCase.java
@@ -16,17 +16,24 @@
 
 package android.compos.test;
 
+import static android.virt.test.CommandResultSubject.assertThat;
+import static android.virt.test.CommandResultSubject.command_results;
+
 import static com.android.tradefed.testtype.DeviceJUnit4ClassRunner.TestLogData;
 
 import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.Truth.assertWithMessage;
 
 import android.platform.test.annotations.RootPermissionTest;
 import android.virt.test.CommandRunner;
 import android.virt.test.VirtualizationTestCaseBase;
 
 import com.android.tradefed.log.LogUtil.CLog;
+import com.android.tradefed.result.FileInputStreamSource;
+import com.android.tradefed.result.LogDataType;
 import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
 import com.android.tradefed.util.CommandResult;
+import com.android.tradefed.util.RunUtil;
 
 import org.junit.After;
 import org.junit.Before;
@@ -35,6 +42,8 @@
 import org.junit.rules.TestName;
 import org.junit.runner.RunWith;
 
+import java.io.File;
+
 @RootPermissionTest
 @RunWith(DeviceJUnit4ClassRunner.class)
 public final class ComposTestCase extends VirtualizationTestCaseBase {
@@ -127,7 +136,7 @@
             long start = System.currentTimeMillis();
             CommandResult result = runOdrefresh(android, "--force-compile");
             long elapsed = System.currentTimeMillis() - start;
-            assertThat(result.getExitCode()).isEqualTo(COMPILATION_SUCCESS);
+            assertThat(result).exitCode().isEqualTo(COMPILATION_SUCCESS);
             CLog.i("Local compilation took " + elapsed + "ms");
         }
 
@@ -137,12 +146,7 @@
 
         // --check may delete the output.
         CommandResult result = runOdrefresh(android, "--check");
-        assertThat(result.getExitCode()).isEqualTo(OKAY);
-
-        // Make sure we generate a fresh instance.
-        android.tryRun("rm", "-rf", COMPOS_TEST_ROOT);
-        // TODO: remove once composd starts to clean up the directory.
-        android.tryRun("rm", "-rf", ODREFRESH_OUTPUT_DIR);
+        assertThat(result).exitCode().isEqualTo(OKAY);
 
         // Expect the compilation in Compilation OS to finish successfully.
         {
@@ -151,11 +155,14 @@
                     android.runForResultWithTimeout(
                             ODREFRESH_TIMEOUT_MS, COMPOSD_CMD_BIN, "test-compile");
             long elapsed = System.currentTimeMillis() - start;
-            assertThat(result.getExitCode()).isEqualTo(0);
+            assertThat(result).exitCode().isEqualTo(0);
             CLog.i("Comp OS compilation took " + elapsed + "ms");
         }
         killVmAndReconnectAdb();
 
+        // Expect the BCC extracted from the BCC to be well-formed.
+        assertVmBccIsValid();
+
         // Save the actual checksum for the output directory.
         String actualChecksumSnapshot = checksumDirectoryContentPartial(android,
                 ODREFRESH_OUTPUT_DIR);
@@ -171,6 +178,24 @@
         android.run(COMPOS_VERIFY_BIN + " --debug --instance test");
     }
 
+    private void assertVmBccIsValid() throws Exception {
+        File bcc_file = getDevice().pullFile(COMPOS_APEXDATA_DIR + "/test/bcc");
+        assertThat(bcc_file).isNotNull();
+
+        // Add the BCC to test artifacts, in case it is ill-formed or otherwise interesting.
+        mTestLogs.addTestLog(bcc_file.getPath(), LogDataType.UNKNOWN,
+                new FileInputStreamSource(bcc_file));
+
+        // Find the validator binary - note that it's specified as a dependency in our Android.bp.
+        File validator = getTestInformation().getDependencyFile("bcc_validator", /*targetFirst=*/
+                false);
+
+        CommandResult result = new RunUtil().runTimedCmd(10000,
+                validator.getAbsolutePath(), "verify-chain", bcc_file.getAbsolutePath());
+        assertWithMessage("bcc_validator failed").about(command_results())
+                .that(result).isSuccess();
+    }
+
     private CommandResult runOdrefresh(CommandRunner android, String command) throws Exception {
         return android.runForResultWithTimeout(
                 ODREFRESH_TIMEOUT_MS,