Make authfs tests independent of BuildManifest.apk
Inkeeping with the Fourth of July festivities, let's declare the authfs
tests independent of the details of the device build. In particular,
stop depending on BuildManifest.apk for the fsverity manifest file and
instead provide a manifest just for the tests.
The manifest is generated with the help of fsverity_manifest_generator
and covers the input.4k, input.4k1 and input.4m files and is included in
the MicrodroidTestApk assets to make it available to fsverity within
Microdroid.
This will allow us more flexibility to change both the tests and the
device build without one getting in the way of the other.
Bug: 237384936
Test: atest AuthFsHostTest
Change-Id: I75fef499bcfbf0eaa530ecfeb241cacfb3f695f0
diff --git a/authfs/Android.bp b/authfs/Android.bp
index 84eb0f4..40643b8 100644
--- a/authfs/Android.bp
+++ b/authfs/Android.bp
@@ -65,3 +65,32 @@
"testdata/input.4m.fsv_meta.bad_merkle",
],
}
+
+java_genrule {
+ name: "authfs_test_apk_assets",
+ out: ["authfs_test_apk_assets.jar"],
+ tools: [
+ "fsverity_manifest_generator",
+ "fsverity",
+ ],
+ srcs: [
+ "testdata/input.4k",
+ "testdata/input.4k1",
+ "testdata/input.4m",
+ ],
+ /*
+ * Create a JAR file with an assets directory that can merge into the
+ * assets of an APK that depends on it in static_libs. Use this mechanism
+ * to load a generated fsverity manifest for the test input files into the
+ * test VM.
+ */
+ cmd: "out_dir=$$(dirname $(out))" +
+ "&& assets_dir=\"assets\" " +
+ "&& mkdir -p $$out_dir/$$assets_dir" +
+ "&& $(location fsverity_manifest_generator) " +
+ " --fsverity-path $(location fsverity) " +
+ " --base-dir $$(dirname $(in) | head -1) " +
+ " --output $$out_dir/$$assets_dir/input_manifest.pb " +
+ " $(in) " +
+ "&& jar cf $(out) -C $$out_dir $$assets_dir",
+}
diff --git a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
index 749f3c1..f5254bc 100644
--- a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
+++ b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
@@ -76,7 +76,7 @@
private static final String TEST_APK_NAME = "MicrodroidTestApp.apk";
/** VM config entry path in the test APK */
- private static final String VM_CONFIG_PATH_IN_APK = "assets/vm_config_extra_apk.json";
+ private static final String VM_CONFIG_PATH_IN_APK = "assets/vm_config.json";
/** Path to open_then_run on Android */
private static final String OPEN_THEN_RUN_BIN = "/data/local/tmp/open_then_run";
@@ -90,11 +90,8 @@
/** Path to authfs on Microdroid */
private static final String AUTHFS_BIN = "/system/bin/authfs";
- /** Idsig paths to be created for each APK in the "extra_apks" of vm_config_extra_apk.json. */
- private static final String EXTRA_IDSIG_PATH = TEST_DIR + "BuildManifest.apk.idsig";
-
- /** Build manifest path in the VM. 0 is the index of extra_apks in vm_config_extra_apk.json. */
- private static final String BUILD_MANIFEST_PATH = "/mnt/extra-apk/0/assets/build_manifest.pb";
+ /** Input manifest path in the VM. */
+ private static final String INPUT_MANIFEST_PATH = "/mnt/apk/assets/input_manifest.pb";
/** Plenty of time for authfs to get ready */
private static final int AUTHFS_INIT_TIMEOUT_MS = 3000;
@@ -145,7 +142,6 @@
MicrodroidBuilder
.fromFile(findTestApk(testInfo.getBuildInfo()), VM_CONFIG_PATH_IN_APK)
.debugLevel("full")
- .addExtraIdsigPath(EXTRA_IDSIG_PATH)
.build((TestDevice) androidDevice);
// From this point on, we need to tear down the Microdroid instance
@@ -588,16 +584,15 @@
public void testInputDirectory_CanReadFile() throws Exception {
// Setup
String authfsInputDir = MOUNT_DIR + "/3";
- runFdServerOnAndroid("--open-dir 3:/system", "--ro-dirs 3");
- runAuthFsOnMicrodroid("--remote-ro-dir 3:" + BUILD_MANIFEST_PATH + ":system/ --cid "
+ runFdServerOnAndroid("--open-dir 3:" + TEST_DIR, "--ro-dirs 3");
+ runAuthFsOnMicrodroid("--remote-ro-dir 3:" + INPUT_MANIFEST_PATH + ": --cid "
+ VMADDR_CID_HOST);
// Action
- String actualHash =
- computeFileHash(sMicrodroid, authfsInputDir + "/system/framework/framework.jar");
+ String actualHash = computeFileHash(sMicrodroid, authfsInputDir + "/input.4m");
// Verify
- String expectedHash = computeFileHash(sAndroid, "/system/framework/framework.jar");
+ String expectedHash = computeFileHash(sAndroid, TEST_DIR + "/input.4m");
assertEquals("Expect consistent hash through /authfs/3: ", expectedHash, actualHash);
}
@@ -605,13 +600,13 @@
public void testInputDirectory_OnlyAllowlistedFilesExist() throws Exception {
// Setup
String authfsInputDir = MOUNT_DIR + "/3";
- runFdServerOnAndroid("--open-dir 3:/system", "--ro-dirs 3");
- runAuthFsOnMicrodroid("--remote-ro-dir 3:" + BUILD_MANIFEST_PATH + ":system/ --cid "
+ runFdServerOnAndroid("--open-dir 3:" + TEST_DIR, "--ro-dirs 3");
+ runAuthFsOnMicrodroid("--remote-ro-dir 3:" + INPUT_MANIFEST_PATH + ": --cid "
+ VMADDR_CID_HOST);
// Verify
- sMicrodroid.run("test -f " + authfsInputDir + "/system/framework/services.jar");
- assertThat(sMicrodroid.runForResult("test -f " + authfsInputDir + "/system/bin/sh"))
+ sMicrodroid.run("test -f " + authfsInputDir + "/input.4k");
+ assertThat(sMicrodroid.runForResult("test -f " + authfsInputDir + "/input.4k.fsv_meta"))
.isFailed();
}