authfs: Integration test
This test currently only runs on Android, not VM, to verify existing
features. It needs to be moved into the VM when ready.
Bug: 178874539
Test: atest AuthFsHostTest
Change-Id: I7334b6ae0e684c36a9e350fe148c12a382ef076e
diff --git a/authfs/tests/Android.bp b/authfs/tests/Android.bp
new file mode 100644
index 0000000..56e54f2
--- /dev/null
+++ b/authfs/tests/Android.bp
@@ -0,0 +1,11 @@
+java_test_host {
+ name: "AuthFsHostTest",
+ srcs: ["java/**/*.java"],
+ libs: [
+ "tradefed",
+ "compatibility-tradefed",
+ "compatibility-host-util",
+ ],
+ test_suites: ["general-tests"],
+ data: [":authfs_test_files"],
+}
diff --git a/authfs/tests/AndroidTest.xml b/authfs/tests/AndroidTest.xml
new file mode 100644
index 0000000..485e392
--- /dev/null
+++ b/authfs/tests/AndroidTest.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2021 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<configuration description="Config for authfs tests">
+ <!-- Since Android does not support user namespace, we need root to access /dev/fuse and also
+ to set up the mount. -->
+ <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer"/>
+
+ <!-- Basic checks that the device has all the prerequisites. -->
+ <target_preparer class="com.android.tradefed.targetprep.RunCommandTargetPreparer">
+ <option name="throw-if-cmd-fail" value="true" />
+ <!-- Make sure kernel has FUSE enabled. -->
+ <option name="run-command" value="ls /dev/fuse" />
+ <!-- Make sure necessary executables are installed. -->
+ <option name="run-command" value="ls /apex/com.android.virt/bin/fd_server" />
+ <option name="run-command" value="ls /apex/com.android.virt/bin/authfs" />
+ <!-- Prepare test directory. -->
+ <option name="run-command" value="mkdir -p /data/local/tmp/authfs/mnt" />
+ <option name="teardown-command" value="rm -rf /data/local/tmp/authfs" />
+ </target_preparer>
+
+ <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
+ <option name="cleanup" value="true" />
+ <option name="abort-on-push-failure" value="true" />
+ <option name="push-file" key="cert.der" value="/data/local/tmp/authfs/cert.der" />
+ <option name="push-file" key="input.4m" value="/data/local/tmp/authfs/input.4m" />
+ <option name="push-file" key="input.4k1" value="/data/local/tmp/authfs/input.4k1" />
+ <option name="push-file" key="input.4k" value="/data/local/tmp/authfs/input.4k" />
+ <option name="push-file" key="input.4m.fsv_sig"
+ value="/data/local/tmp/authfs/input.4m.fsv_sig" />
+ <option name="push-file" key="input.4k1.fsv_sig"
+ value="/data/local/tmp/authfs/input.4k1.fsv_sig" />
+ <option name="push-file" key="input.4k.fsv_sig"
+ value="/data/local/tmp/authfs/input.4k.fsv_sig" />
+ <option name="push-file" key="input.4m.merkle_dump"
+ value="/data/local/tmp/authfs/input.4m.merkle_dump" />
+ <option name="push-file" key="input.4m.merkle_dump.bad"
+ value="/data/local/tmp/authfs/input.4m.merkle_dump.bad" />
+ <option name="push-file" key="input.4k1.merkle_dump"
+ value="/data/local/tmp/authfs/input.4k1.merkle_dump" />
+ <option name="push-file" key="input.4k.merkle_dump"
+ value="/data/local/tmp/authfs/input.4k.merkle_dump" />
+ </target_preparer>
+
+ <test class="com.android.compatibility.common.tradefed.testtype.JarHostTest" >
+ <option name="jar" value="AuthFsHostTest.jar" />
+ </test>
+</configuration>
diff --git a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
new file mode 100644
index 0000000..3837dd3
--- /dev/null
+++ b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
@@ -0,0 +1,294 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.virt.fs;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertTrue;
+
+import android.platform.test.annotations.RootPermissionTest;
+
+import com.android.tradefed.device.DeviceNotAvailableException;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.log.LogUtil.CLog;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import com.android.tradefed.testtype.junit4.BaseHostJUnit4Test;
+import com.android.tradefed.util.CommandResult;
+import com.android.tradefed.util.CommandStatus;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+
+@RootPermissionTest
+@RunWith(DeviceJUnit4ClassRunner.class)
+public final class AuthFsHostTest extends BaseHostJUnit4Test {
+
+ /** Test directory where data are located */
+ private static final String TEST_DIR = "/data/local/tmp/authfs";
+
+ /** Mount point of authfs during the test */
+ private static final String MOUNT_DIR = "/data/local/tmp/authfs/mnt";
+
+ private static final String FD_SERVER_BIN = "/apex/com.android.virt/bin/fd_server";
+ private static final String AUTHFS_BIN = "/apex/com.android.virt/bin/authfs";
+
+ /** Plenty of time for authfs to get ready */
+ private static final int TIME_BUDGET_AUTHFS_SETUP = 1500; // ms
+
+ private ITestDevice mDevice;
+ private ExecutorService mThreadPool;
+
+ @Before
+ public void setUp() {
+ mDevice = getDevice();
+ mThreadPool = Executors.newCachedThreadPool();
+ }
+
+ @After
+ public void tearDown() throws DeviceNotAvailableException {
+ mDevice.executeShellV2Command("killall authfs fd_server");
+ mDevice.executeShellV2Command("umount " + MOUNT_DIR);
+ mDevice.executeShellV2Command("rm -f " + TEST_DIR);
+ }
+
+ @Test
+ public void testReadWithFsverityVerification_LocalFile()
+ throws DeviceNotAvailableException, InterruptedException {
+ // Setup
+ runAuthFsInBackground(
+ "--local-ro-file-unverified 3:input.4m"
+ + " --local-ro-file 4:input.4m:input.4m.merkle_dump:input.4m.fsv_sig:cert.der"
+ + " --local-ro-file 5:input.4k1:input.4k1.merkle_dump:input.4k1.fsv_sig:cert.der"
+ + " --local-ro-file 6:input.4k:input.4k.merkle_dump:input.4k.fsv_sig:cert.der"
+ );
+ Thread.sleep(TIME_BUDGET_AUTHFS_SETUP);
+
+ // Action
+ String actualHashUnverified4m = computeFileHashInGuest(MOUNT_DIR + "/3");
+ String actualHash4m = computeFileHashInGuest(MOUNT_DIR + "/4");
+ String actualHash4k1 = computeFileHashInGuest(MOUNT_DIR + "/5");
+ String actualHash4k = computeFileHashInGuest(MOUNT_DIR + "/6");
+
+ // Verify
+ String expectedHash4m = computeFileHash(TEST_DIR + "/input.4m");
+ String expectedHash4k1 = computeFileHash(TEST_DIR + "/input.4k1");
+ String expectedHash4k = computeFileHash(TEST_DIR + "/input.4k");
+
+ assertEquals("Inconsistent hash from /authfs/3: ", expectedHash4m, actualHashUnverified4m);
+ assertEquals("Inconsistent hash from /authfs/4: ", expectedHash4m, actualHash4m);
+ assertEquals("Inconsistent hash from /authfs/5: ", expectedHash4k1, actualHash4k1);
+ assertEquals("Inconsistent hash from /authfs/6: ", expectedHash4k, actualHash4k);
+ }
+
+ @Test
+ public void testReadWithFsverityVerification_RemoteFile()
+ throws DeviceNotAvailableException, InterruptedException {
+ // Setup
+ runFdServerInBackground(
+ "3<input.4m 4<input.4m.merkle_dump 5<input.4m.fsv_sig 6<input.4m",
+ "--ro-fds 3:4:5 --ro-fds 6"
+ );
+ runAuthFsInBackground(
+ "--remote-ro-file-unverified 10:6:4194304 --remote-ro-file 11:3:4194304:cert.der"
+ );
+ Thread.sleep(TIME_BUDGET_AUTHFS_SETUP);
+
+ // Action
+ String actualHashUnverified4m = computeFileHashInGuest(MOUNT_DIR + "/10");
+ String actualHash4m = computeFileHashInGuest(MOUNT_DIR + "/11");
+
+ // Verify
+ String expectedHash4m = computeFileHash(TEST_DIR + "/input.4m");
+
+ assertEquals("Inconsistent hash from /authfs/10: ", expectedHash4m, actualHashUnverified4m);
+ assertEquals("Inconsistent hash from /authfs/11: ", expectedHash4m, actualHash4m);
+ }
+
+ // Separate the test from the above simply because exec in shell does not allow open too many
+ // files.
+ @Test
+ public void testReadWithFsverityVerification_RemoteSmallerFile()
+ throws DeviceNotAvailableException, InterruptedException {
+ // Setup
+ runFdServerInBackground(
+ "3<input.4k 4<input.4k.merkle_dump 5<input.4k.fsv_sig"
+ + " 6<input.4k1 7<input.4k1.merkle_dump 8<input.4k1.fsv_sig",
+ "--ro-fds 3:4:5 --ro-fds 6:7:8"
+ );
+ runAuthFsInBackground(
+ "--remote-ro-file 10:3:4096:cert.der --remote-ro-file 11:6:4097:cert.der"
+ );
+ Thread.sleep(TIME_BUDGET_AUTHFS_SETUP);
+
+ // Action
+ String actualHash4k = computeFileHashInGuest(MOUNT_DIR + "/10");
+ String actualHash4k1 = computeFileHashInGuest(MOUNT_DIR + "/11");
+
+ // Verify
+ String expectedHash4k = computeFileHash(TEST_DIR + "/input.4k");
+ String expectedHash4k1 = computeFileHash(TEST_DIR + "/input.4k1");
+
+ assertEquals("Inconsistent hash from /authfs/10: ", expectedHash4k, actualHash4k);
+ assertEquals("Inconsistent hash from /authfs/11: ", expectedHash4k1, actualHash4k1);
+ }
+
+ @Test
+ public void testReadWithFsverityVerification_TamperedMerkleTree()
+ throws DeviceNotAvailableException, InterruptedException {
+ // Setup
+ runFdServerInBackground(
+ "3<input.4m 4<input.4m.merkle_dump.bad 5<input.4m.fsv_sig",
+ "--ro-fds 3:4:5"
+ );
+ runAuthFsInBackground("--remote-ro-file 10:3:4096:cert.der");
+ Thread.sleep(TIME_BUDGET_AUTHFS_SETUP);
+
+ // Verify
+ assertFalse(copyFileInGuest(MOUNT_DIR + "/10", "/dev/null"));
+ }
+
+ @Test
+ public void testWriteThroughCorrectly()
+ throws DeviceNotAvailableException, InterruptedException {
+ // Setup
+ runFdServerInBackground("3<>output", "--rw-fds 3");
+ runAuthFsInBackground("--remote-new-rw-file 20:3");
+ Thread.sleep(TIME_BUDGET_AUTHFS_SETUP);
+
+ // Action
+ String srcPath = "/system/bin/linker";
+ String destPath = MOUNT_DIR + "/20";
+ String backendPath = TEST_DIR + "/output";
+ assertTrue(copyFileInGuest(srcPath, destPath));
+
+ // Verify
+ String expectedHash = computeFileHashInGuest(srcPath);
+ String actualHash = computeFileHash(backendPath);
+ assertEquals("Inconsistent file hash on the backend storage", expectedHash, actualHash);
+
+ String actualHashFromAuthFs = computeFileHashInGuest(destPath);
+ assertEquals("Inconsistent file hash when reads from authfs", expectedHash,
+ actualHashFromAuthFs);
+ }
+
+ @Test
+ public void testWriteFailedIfDetectsTampering()
+ throws DeviceNotAvailableException, InterruptedException {
+ // Setup
+ runFdServerInBackground("3<>/output", "--rw-fds 3");
+ runAuthFsInBackground("--remote-new-rw-file 20:3");
+ Thread.sleep(TIME_BUDGET_AUTHFS_SETUP);
+
+ String srcPath = "/system/bin/linker";
+ String destPath = MOUNT_DIR + "/20";
+ String backendPath = TEST_DIR + "/output";
+ assertTrue(copyFileInGuest(srcPath, destPath));
+
+ // Action
+ // Tampering with the first 2 4K block of the backing file.
+ expectRemoteCommandToSucceed("dd if=/dev/zero of=" + backendPath + " bs=1 count=8192");
+
+ // Verify
+ // Write to a block partially requires a read back to calculate the new hash. It should fail
+ // when the content is inconsistent to the known hash. Use direct I/O to avoid simply
+ // writing to the filesystem cache.
+ expectRemoteCommandToFail("dd if=/dev/zero of=" + destPath + " bs=1 count=1024 direct");
+
+ // A full 4K write does not require to read back, so write can succeed even if the backing
+ // block has already been tampered.
+ expectRemoteCommandToSucceed(
+ "dd if=/dev/zero of=" + destPath + " bs=1 count=4096 skip=4096");
+
+ // Otherwise, a partial write with correct backing file should still succeed.
+ expectRemoteCommandToSucceed(
+ "dd if=/dev/zero of=" + destPath + " bs=1 count=1024 skip=8192");
+ }
+
+ // TODO(b/178874539): This does not really run in the guest VM. Send the shell command to the
+ // guest VM when authfs works across VM boundary.
+ private String computeFileHashInGuest(String path) throws DeviceNotAvailableException {
+ return computeFileHash(path);
+ }
+
+ private boolean copyFileInGuest(String src, String dest) throws DeviceNotAvailableException {
+ // TODO(b/182576497): cp returns error because close(2) returns ENOSYS in the current authfs
+ // implementation. We should probably fix that since programs can expect close(2) return 0.
+ String cmd = "cat " + src + " > " + dest;
+ CommandResult result = mDevice.executeShellV2Command(cmd);
+ return result.getStatus() == CommandStatus.SUCCESS;
+ }
+
+ private String computeFileHash(String path) throws DeviceNotAvailableException {
+ String result = expectRemoteCommandToSucceed("sha256sum " + path);
+ String[] tokens = result.split("\\s");
+ if (tokens.length > 0) {
+ return tokens[0];
+ } else {
+ CLog.e("Unrecognized output by sha256sum: " + result);
+ return "";
+ }
+ }
+
+ private void runAuthFsInBackground(String flags) throws DeviceNotAvailableException {
+ String cmd = "cd " + TEST_DIR + " && " + AUTHFS_BIN + " " + MOUNT_DIR + " " + flags;
+
+ mThreadPool.submit(() -> {
+ try {
+ CLog.i("Starting authfs");
+ expectRemoteCommandToSucceed(cmd);
+ } catch (DeviceNotAvailableException e) {
+ CLog.e("Error running authfs", e);
+ throw new RuntimeException(e);
+ }
+ });
+ }
+
+ private void runFdServerInBackground(String execParamsForOpeningFds, String flags)
+ throws DeviceNotAvailableException {
+ String cmd = "cd " + TEST_DIR + " && exec " + execParamsForOpeningFds + " " + FD_SERVER_BIN
+ + " " + flags;
+ mThreadPool.submit(() -> {
+ try {
+ CLog.i("Starting fd_server");
+ expectRemoteCommandToSucceed(cmd);
+ } catch (DeviceNotAvailableException e) {
+ CLog.e("Error running fd_server", e);
+ throw new RuntimeException(e);
+ }
+ });
+ }
+
+ private String expectRemoteCommandToSucceed(String cmd) throws DeviceNotAvailableException {
+ CommandResult result = mDevice.executeShellV2Command(cmd);
+ assertEquals("`" + cmd + "` failed: " + result.getStderr(), CommandStatus.SUCCESS,
+ result.getStatus());
+ CLog.d("Stdout: " + result.getStdout());
+ return result.getStdout().trim();
+ }
+
+ private void expectRemoteCommandToFail(String cmd) throws DeviceNotAvailableException {
+ CommandResult result = mDevice.executeShellV2Command(cmd);
+ assertNotEquals("Unexpected success from `" + cmd + "`: " + result.getStdout(),
+ result.getStatus(), CommandStatus.SUCCESS);
+ }
+}