authfs: support remote output directory
This change contains 3 major groups:
- authfs/{aidl, fd_server}: new AIDL API and the service implementation
- authfs/src: implement FUSE APIs for creating directory and file, by
interact with the new service API as a client
- authfs/tests, tests/: test coverage
A few notable changes that might help reviewing:
- Now that both AuthFs and FdService struct is no longer immutable (in
order to allow writable directory), their BTreeMap are now guarded by
Arc<Mutex<_>>.
* AuthFs::insert_new_inode and FdService::insert_new_fd are designed
specifically to allow querying then mutating the map, which isn't
trivial.
- File and directory modes from the user program / VFS are currently
ignored (just not to grow the change size).
- Some shuffling of test paths to make it easy to clean up in tearDown.
Bug: 203251769
Test: AuthFsHostTest
Change-Id: I50f3f1ba8a3ebd969cf0f25a8feab2ec8cb1a2dc
diff --git a/authfs/tests/AndroidTest.xml b/authfs/tests/AndroidTest.xml
index 9deab5b..643e2b4 100644
--- a/authfs/tests/AndroidTest.xml
+++ b/authfs/tests/AndroidTest.xml
@@ -23,7 +23,7 @@
<target_preparer class="com.android.tradefed.targetprep.RunCommandTargetPreparer">
<option name="throw-if-cmd-fail" value="true" />
- <!-- Prepare test directory. -->
+ <!-- Prepare test directories. -->
<option name="run-command" value="mkdir -p /data/local/tmp/authfs/mnt" />
<option name="teardown-command" value="rm -rf /data/local/tmp/authfs" />
</target_preparer>
@@ -33,7 +33,7 @@
<option name="abort-on-push-failure" value="true" />
<!-- Test executable -->
- <option name="push-file" key="open_then_run" value="/data/local/tmp/authfs/open_then_run" />
+ <option name="push-file" key="open_then_run" value="/data/local/tmp/open_then_run" />
<!-- Test data files -->
<option name="push-file" key="cert.der" value="/data/local/tmp/authfs/cert.der" />
diff --git a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
index 3ed8748..6e67014 100644
--- a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
+++ b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
@@ -34,8 +34,8 @@
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
import com.android.tradefed.testtype.junit4.AfterClassWithInfo;
import com.android.tradefed.testtype.junit4.BeforeClassWithInfo;
-import com.android.tradefed.util.AbiUtils;
import com.android.tradefed.util.CommandResult;
+import com.android.tradefed.util.CommandStatus;
import org.junit.After;
import org.junit.AssumptionViolatedException;
@@ -54,11 +54,14 @@
/** Test directory on Android where data are located */
private static final String TEST_DIR = "/data/local/tmp/authfs";
- /** Mount point of authfs on Microdroid during the test */
- private static final String MOUNT_DIR = "/data/local/tmp";
+ /** Output directory where the test can generate output on Android */
+ private static final String TEST_OUTPUT_DIR = "/data/local/tmp/authfs/output_dir";
/** Path to open_then_run on Android */
- private static final String OPEN_THEN_RUN_BIN = TEST_DIR + "/open_then_run";
+ private static final String OPEN_THEN_RUN_BIN = "/data/local/tmp/open_then_run";
+
+ /** Mount point of authfs on Microdroid during the test */
+ private static final String MOUNT_DIR = "/data/local/tmp";
/** Path to fd_server on Android */
private static final String FD_SERVER_BIN = "/apex/com.android.virt/bin/fd_server";
@@ -79,7 +82,6 @@
private static boolean sAssumptionFailed;
private ExecutorService mThreadPool = Executors.newCachedThreadPool();
- private String mArch;
@BeforeClassWithInfo
public static void beforeClassWithDevice(TestInformation testInfo)
@@ -141,23 +143,22 @@
}
@Before
- public void setUp() {
+ public void setUp() throws Exception {
assumeFalse(sAssumptionFailed);
- mArch = AbiUtils.getArchForAbi(getAbi().getName());
+ sAndroid.run("mkdir " + TEST_OUTPUT_DIR);
}
@After
- public void tearDown() throws DeviceNotAvailableException {
+ public void tearDown() throws Exception {
sAndroid.tryRun("killall fd_server");
- sAndroid.tryRun("rm -f " + TEST_DIR + "/output");
+ sAndroid.run("rm -rf " + TEST_OUTPUT_DIR);
tryRunOnMicrodroid("killall authfs");
tryRunOnMicrodroid("umount " + MOUNT_DIR);
}
@Test
- public void testReadWithFsverityVerification_RemoteFile()
- throws DeviceNotAvailableException, InterruptedException {
+ public void testReadWithFsverityVerification_RemoteFile() throws Exception {
// Setup
runFdServerOnAndroid(
"--open-ro 3:input.4m --open-ro 4:input.4m.merkle_dump --open-ro 5:input.4m.fsv_sig"
@@ -182,8 +183,7 @@
// Separate the test from the above simply because exec in shell does not allow open too many
// files.
@Test
- public void testReadWithFsverityVerification_RemoteSmallerFile()
- throws DeviceNotAvailableException, InterruptedException {
+ public void testReadWithFsverityVerification_RemoteSmallerFile() throws Exception {
// Setup
runFdServerOnAndroid(
"--open-ro 3:input.4k --open-ro 4:input.4k.merkle_dump --open-ro"
@@ -207,8 +207,7 @@
}
@Test
- public void testReadWithFsverityVerification_TamperedMerkleTree()
- throws DeviceNotAvailableException, InterruptedException {
+ public void testReadWithFsverityVerification_TamperedMerkleTree() throws Exception {
// Setup
runFdServerOnAndroid(
"--open-ro 3:input.4m --open-ro 4:input.4m.merkle_dump.bad "
@@ -221,16 +220,15 @@
}
@Test
- public void testWriteThroughCorrectly()
- throws DeviceNotAvailableException, InterruptedException {
+ public void testWriteThroughCorrectly() throws Exception {
// Setup
- runFdServerOnAndroid("--open-rw 3:output", "--rw-fds 3");
+ runFdServerOnAndroid("--open-rw 3:" + TEST_OUTPUT_DIR + "/out.file", "--rw-fds 3");
runAuthFsOnMicrodroid("--remote-new-rw-file 20:3 --cid " + VMADDR_CID_HOST);
// Action
String srcPath = "/system/bin/linker64";
String destPath = MOUNT_DIR + "/20";
- String backendPath = TEST_DIR + "/output";
+ String backendPath = TEST_OUTPUT_DIR + "/out.file";
assertTrue(copyFileOnMicrodroid(srcPath, destPath));
// Verify
@@ -239,15 +237,14 @@
}
@Test
- public void testWriteFailedIfDetectsTampering()
- throws DeviceNotAvailableException, InterruptedException {
+ public void testWriteFailedIfDetectsTampering() throws Exception {
// Setup
- runFdServerOnAndroid("--open-rw 3:output", "--rw-fds 3");
+ runFdServerOnAndroid("--open-rw 3:" + TEST_OUTPUT_DIR + "/out.file", "--rw-fds 3");
runAuthFsOnMicrodroid("--remote-new-rw-file 20:3 --cid " + VMADDR_CID_HOST);
String srcPath = "/system/bin/linker64";
String destPath = MOUNT_DIR + "/20";
- String backendPath = TEST_DIR + "/output";
+ String backendPath = TEST_OUTPUT_DIR + "/out.file";
assertTrue(copyFileOnMicrodroid(srcPath, destPath));
// Action
@@ -258,28 +255,32 @@
// Write to a block partially requires a read back to calculate the new hash. It should fail
// when the content is inconsistent to the known hash. Use direct I/O to avoid simply
// writing to the filesystem cache.
- assertEquals(
- tryRunOnMicrodroid("dd if=/dev/zero of=" + destPath + " bs=1 count=1024 direct"),
- null);
+ assertFalse(
+ writeZerosAtFileOffsetOnMicrodroid(
+ destPath, /* offset */ 0, /* number */ 1024, /* writeThrough */ true));
// A full 4K write does not require to read back, so write can succeed even if the backing
// block has already been tampered.
- runOnMicrodroid("dd if=/dev/zero of=" + destPath + " bs=1 count=4096 skip=4096");
+ assertTrue(
+ writeZerosAtFileOffsetOnMicrodroid(
+ destPath, /* offset */ 4096, /* number */ 4096, /* writeThrough */ false));
// Otherwise, a partial write with correct backing file should still succeed.
- runOnMicrodroid("dd if=/dev/zero of=" + destPath + " bs=1 count=1024 skip=8192");
+ assertTrue(
+ writeZerosAtFileOffsetOnMicrodroid(
+ destPath, /* offset */ 8192, /* number */ 1024, /* writeThrough */ false));
}
@Test
- public void testFileResize() throws DeviceNotAvailableException, InterruptedException {
+ public void testFileResize() throws Exception {
// Setup
- runFdServerOnAndroid("--open-rw 3:output", "--rw-fds 3");
+ runFdServerOnAndroid("--open-rw 3:" + TEST_OUTPUT_DIR + "/out.file", "--rw-fds 3");
runAuthFsOnMicrodroid("--remote-new-rw-file 20:3 --cid " + VMADDR_CID_HOST);
String outputPath = MOUNT_DIR + "/20";
- String backendPath = TEST_DIR + "/output";
+ String backendPath = TEST_OUTPUT_DIR + "/out.file";
// Action & Verify
- runOnMicrodroid("yes $'\\x01' | tr -d '\\n' | dd bs=1 count=10000 of=" + outputPath);
+ createFileWithOnesOnMicrodroid(outputPath, 10000);
assertEquals(getFileSizeInBytesOnMicrodroid(outputPath), 10000);
expectBackingFileConsistency(
outputPath,
@@ -301,6 +302,112 @@
"e53130831c13dabff71d5d1797e3aaa467b4b7d32b3b8782c4ff03d76976f2aa");
}
+ @Test
+ public void testOutputDirectory_WriteNewFiles() throws Exception {
+ // Setup
+ String androidOutputDir = TEST_OUTPUT_DIR + "/dir";
+ String authfsOutputDir = MOUNT_DIR + "/20";
+ sAndroid.run("mkdir " + androidOutputDir);
+ runFdServerOnAndroid("--open-dir 3:" + androidOutputDir, "--rw-dirs 3");
+ runAuthFsOnMicrodroid("--remote-new-rw-dir 20:3 --cid " + VMADDR_CID_HOST);
+
+ // Action & Verify
+ // Can create a new file to write.
+ String expectedAndroidPath = androidOutputDir + "/file";
+ String authfsPath = authfsOutputDir + "/file";
+ createFileWithOnesOnMicrodroid(authfsPath, 10000);
+ assertEquals(getFileSizeInBytesOnMicrodroid(authfsPath), 10000);
+ expectBackingFileConsistency(
+ authfsPath,
+ expectedAndroidPath,
+ "684ad25fdc2bbb80cbc910dd1bde6d5499ccf860ca6ee44704b77ec445271353");
+
+ // Regular file operations work, e.g. resize.
+ resizeFileOnMicrodroid(authfsPath, 15000);
+ assertEquals(getFileSizeInBytesOnMicrodroid(authfsPath), 15000);
+ expectBackingFileConsistency(
+ authfsPath,
+ expectedAndroidPath,
+ "567c89f62586e0d33369157afdfe99a2fa36cdffb01e91dcdc0b7355262d610d");
+ }
+
+ @Test
+ public void testOutputDirectory_MkdirAndWriteFile() throws Exception {
+ // Setup
+ String androidOutputDir = TEST_OUTPUT_DIR + "/dir";
+ String authfsOutputDir = MOUNT_DIR + "/20";
+ sAndroid.run("mkdir " + androidOutputDir);
+ runFdServerOnAndroid("--open-dir 3:" + androidOutputDir, "--rw-dirs 3");
+ runAuthFsOnMicrodroid("--remote-new-rw-dir 20:3 --cid " + VMADDR_CID_HOST);
+
+ // Action
+ // Can create nested directories and can create a file in one.
+ runOnMicrodroid("mkdir " + authfsOutputDir + "/new_dir");
+ runOnMicrodroid("mkdir -p " + authfsOutputDir + "/we/need/to/go/deeper");
+ createFileWithOnesOnMicrodroid(authfsOutputDir + "/new_dir/file1", 10000);
+ createFileWithOnesOnMicrodroid(authfsOutputDir + "/we/need/file2", 10000);
+
+ // Verify
+ // Directories show up in Android.
+ sAndroid.run("test -d " + androidOutputDir + "/new_dir");
+ sAndroid.run("test -d " + androidOutputDir + "/we/need/to/go/deeper");
+ // Files exist in Android. Hashes on Microdroid and Android are consistent.
+ assertEquals(getFileSizeInBytesOnMicrodroid(authfsOutputDir + "/new_dir/file1"), 10000);
+ expectBackingFileConsistency(
+ authfsOutputDir + "/new_dir/file1",
+ androidOutputDir + "/new_dir/file1",
+ "684ad25fdc2bbb80cbc910dd1bde6d5499ccf860ca6ee44704b77ec445271353");
+ // Same to file in a nested directory.
+ assertEquals(getFileSizeInBytesOnMicrodroid(authfsOutputDir + "/we/need/file2"), 10000);
+ expectBackingFileConsistency(
+ authfsOutputDir + "/we/need/file2",
+ androidOutputDir + "/we/need/file2",
+ "684ad25fdc2bbb80cbc910dd1bde6d5499ccf860ca6ee44704b77ec445271353");
+ }
+
+ @Test
+ public void testOutputDirectory_CreateAndTruncateExistingFile() throws Exception {
+ // Setup
+ String androidOutputDir = TEST_OUTPUT_DIR + "/dir";
+ String authfsOutputDir = MOUNT_DIR + "/20";
+ sAndroid.run("mkdir " + androidOutputDir);
+ runFdServerOnAndroid("--open-dir 3:" + androidOutputDir, "--rw-dirs 3");
+ runAuthFsOnMicrodroid("--remote-new-rw-dir 20:3 --cid " + VMADDR_CID_HOST);
+
+ // Action & Verify
+ runOnMicrodroid("echo -n foo > " + authfsOutputDir + "/file");
+ assertEquals(getFileSizeInBytesOnMicrodroid(authfsOutputDir + "/file"), 3);
+ // Can override a file and write normally.
+ createFileWithOnesOnMicrodroid(authfsOutputDir + "/file", 10000);
+ assertEquals(getFileSizeInBytesOnMicrodroid(authfsOutputDir + "/file"), 10000);
+ expectBackingFileConsistency(
+ authfsOutputDir + "/file",
+ androidOutputDir + "/file",
+ "684ad25fdc2bbb80cbc910dd1bde6d5499ccf860ca6ee44704b77ec445271353");
+ }
+
+ @Test
+ public void testOutputDirectory_CannotRecreateDirectoryIfNameExists() throws Exception {
+ // Setup
+ String androidOutputDir = TEST_OUTPUT_DIR + "/dir";
+ String authfsOutputDir = MOUNT_DIR + "/20";
+ sAndroid.run("mkdir " + androidOutputDir);
+ runFdServerOnAndroid("--open-dir 3:" + androidOutputDir, "--rw-dirs 3");
+ runAuthFsOnMicrodroid("--remote-new-rw-dir 20:3 --cid " + VMADDR_CID_HOST);
+
+ runOnMicrodroid("touch " + authfsOutputDir + "/some_file");
+ runOnMicrodroid("mkdir " + authfsOutputDir + "/some_dir");
+ runOnMicrodroid("touch " + authfsOutputDir + "/some_dir/file");
+ runOnMicrodroid("mkdir " + authfsOutputDir + "/some_dir/dir");
+
+ // Action & Verify
+ // Cannot create directory if an entry with the same name already exists.
+ assertFailedOnMicrodroid("mkdir " + authfsOutputDir + "/some_file");
+ assertFailedOnMicrodroid("mkdir " + authfsOutputDir + "/some_dir");
+ assertFailedOnMicrodroid("mkdir " + authfsOutputDir + "/some_dir/file");
+ assertFailedOnMicrodroid("mkdir " + authfsOutputDir + "/some_dir/dir");
+ }
+
private void expectBackingFileConsistency(
String authFsPath, String backendPath, String expectedHash)
throws DeviceNotAvailableException {
@@ -350,6 +457,24 @@
return Long.parseLong(runOnMicrodroid("stat -c '%s' " + path));
}
+ private void createFileWithOnesOnMicrodroid(String filePath, long numberOfOnes) {
+ runOnMicrodroid(
+ "yes $'\\x01' | tr -d '\\n' | dd bs=1 count=" + numberOfOnes + " of=" + filePath);
+ }
+
+ private boolean writeZerosAtFileOffsetOnMicrodroid(
+ String filePath, long offset, long numberOfZeros, boolean writeThrough) {
+ String cmd = "dd if=/dev/zero of=" + filePath + " bs=1 count=" + numberOfZeros;
+ if (offset > 0) {
+ cmd += " skip=" + offset;
+ }
+ if (writeThrough) {
+ cmd += " direct";
+ }
+ CommandResult result = runOnMicrodroidForResult(cmd);
+ return result.getStatus() == CommandStatus.SUCCESS;
+ }
+
private void runAuthFsOnMicrodroid(String flags) {
String cmd = AUTHFS_BIN + " " + MOUNT_DIR + " " + flags;