Merge "Add test that makes fd_server use of fs-verity ioctl"
diff --git a/authfs/tests/Android.bp b/authfs/tests/Android.bp
index 72685ad..b662bee 100644
--- a/authfs/tests/Android.bp
+++ b/authfs/tests/Android.bp
@@ -14,11 +14,14 @@
"MicrodroidHostTestHelper",
],
test_suites: ["general-tests"],
- //TODO(b/235263148) use data_device_bins_64
- data_device_bins_first: ["open_then_run"],
+ data_device_bins_first: [
+ "open_then_run",
+ "fsverity",
+ ],
per_testcase_directory: true,
data: [
":authfs_test_files",
+ ":CtsApkVerityTestPrebuiltFiles",
":MicrodroidTestApp",
],
}
diff --git a/authfs/tests/AndroidTest.xml b/authfs/tests/AndroidTest.xml
index cc358f2..2ccc45f 100644
--- a/authfs/tests/AndroidTest.xml
+++ b/authfs/tests/AndroidTest.xml
@@ -34,6 +34,7 @@
<!-- Test executable -->
<option name="push-file" key="open_then_run" value="/data/local/tmp/open_then_run" />
+ <option name="push-file" key="fsverity" value="/data/local/tmp/fsverity" />
<!-- Test data files -->
<option name="push-file" key="cert.der" value="/data/local/tmp/authfs/cert.der" />
@@ -48,6 +49,19 @@
value="/data/local/tmp/authfs/input.4k.fsv_meta" />
<option name="push-file" key="input.4m.fsv_meta.bad_merkle"
value="/data/local/tmp/authfs/input.4m.fsv_meta.bad_merkle" />
+
+ <!-- Just pick a file with signature that can be trused on the device. -->
+ <option name="push-file" key="CtsApkVerityTestAppPrebuilt.apk"
+ value="/data/local/tmp/authfs/input.apk" />
+ <option name="push-file" key="CtsApkVerityTestAppPrebuilt.apk.fsv_sig"
+ value="/data/local/tmp/authfs/input.apk.fsv_sig" />
+ </target_preparer>
+
+ <target_preparer class="com.android.tradefed.targetprep.RunCommandTargetPreparer">
+ <option name="throw-if-cmd-fail" value="true" />
+ <!-- Now that the files are pushed to the device, enable fs-verity for the targeting file.
+ It works because the signature is trusted on all CTS compatible devices. -->
+ <option name="run-command" value="cd /data/local/tmp/authfs; ../fsverity enable input.apk --signature=input.apk.fsv_sig" />
</target_preparer>
<test class="com.android.compatibility.common.tradefed.testtype.JarHostTest" >
diff --git a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
index 0ade0ba..46b9e77 100644
--- a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
+++ b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
@@ -80,6 +80,9 @@
/** Path to open_then_run on Android */
private static final String OPEN_THEN_RUN_BIN = "/data/local/tmp/open_then_run";
+ /** Path to fsverity on Android */
+ private static final String FSVERITY_BIN = "/data/local/tmp/fsverity";
+
/** Mount point of authfs on Microdroid during the test */
private static final String MOUNT_DIR = "/data/local/tmp";
@@ -252,6 +255,23 @@
}
@Test
+ public void testReadWithFsverityVerification_FdServerUsesRealFsverityData() throws Exception {
+ // Setup (fs-verity is enabled for input.apk in AndroidTest.xml)
+ runFdServerOnAndroid("--open-ro 3:input.apk", "--ro-fds 3");
+ String expectedDigest = sAndroid.run(
+ FSVERITY_BIN + " digest --compact " + TEST_DIR + "/input.apk");
+ runAuthFsOnMicrodroid(
+ "--remote-ro-file 3:sha256-" + expectedDigest + " --cid " + VMADDR_CID_HOST);
+
+ // Action
+ String actualHash = computeFileHash(sMicrodroid, MOUNT_DIR + "/3");
+
+ // Verify
+ String expectedHash = computeFileHash(sAndroid, TEST_DIR + "/input.apk");
+ assertEquals("Inconsistent hash from /authfs/3: ", expectedHash, actualHash);
+ }
+
+ @Test
public void testWriteThroughCorrectly() throws Exception {
// Setup
runFdServerOnAndroid("--open-rw 3:" + TEST_OUTPUT_DIR + "/out.file", "--rw-fds 3");