Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / f429ea40a02c8403c42d154b2e17ddc3986e0bf0^! / .
commitf429ea40a02c8403c42d154b2e17ddc3986e0bf0[log] [tgz]
authorNikita Ioffe <ioffe@google.com>Thu Mar 02 13:59:15 2023 +0000
committerNikita Ioffe <ioffe@google.com>Thu Mar 02 13:59:15 2023 +0000
tree0674e8c303f7e511e62c1c18541976f51d1ce551
parente3641bd3edb7fe30ac6e4a3b9e75858a27fa1b4d [diff]
Add test to assert that encrypted storage is mounted with NO_EXEC

Bug: 265261525
Test: MicrodroidTestApp
Change-Id: I81c8a4bc71061f5ec8d0984b759cf24256b2e737

diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index f84be8b..6e4694c 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java

@@ -1899,6 +1899,7 @@
     private static final int MS_NOEXEC = 8;
 
     @Test
+    @CddTest(requirements = {"9.17/C-1-5"})
     public void dataIsMountedWithNoExec() throws Exception {
         assumeSupportedDevice();
 
@@ -1923,6 +1924,33 @@
                 .isEqualTo(MS_NOEXEC);
     }
 
+    @Test
+    @CddTest(requirements = {"9.17/C-1-5"})
+    public void encryptedStoreIsMountedWithNoExec() throws Exception {
+        assumeSupportedDevice();
+
+        VirtualMachineConfig vmConfig =
+                newVmConfigBuilder()
+                        .setPayloadBinaryName("MicrodroidTestNativeLib.so")
+                        .setDebugLevel(DEBUG_LEVEL_FULL)
+                        .setEncryptedStorageBytes(4_000_000)
+                        .build();
+        VirtualMachine vm = forceCreateNewVirtualMachine("test_vm_encstore_no_exec", vmConfig);
+
+        TestResults testResults =
+                runVmTestService(
+                        TAG,
+                        vm,
+                        (ts, tr) -> {
+                            tr.mMountFlags = ts.getMountFlags("/mnt/encryptedstore");
+                        });
+
+        assertThat(testResults.mException).isNull();
+        assertWithMessage("/mnt/encryptedstore should be mounted with MS_NOEXEC")
+                .that(testResults.mMountFlags & MS_NOEXEC)
+                .isEqualTo(MS_NOEXEC);
+    }
+
     private static class VmShareServiceConnection implements ServiceConnection {
 
         private final CountDownLatch mLatch = new CountDownLatch(1);