e82b9fb584
There are two categories of tests:
1. Package installation with .fsv_sig
* .apk, .dm, including the split ones should all or none be installed
with their corresponding .fsv_sig files
2. End-to-end fs-verity test of on-access verification
* When fs-verity is enabled to a file, if the on-disk content is
changed, the read should fail.
See class comment in ApkVerityTest.java for the test details.
Brief directory layout overview:
* src/
- Actual test
* ApkVerityTestApp/
- Dummy app for testing, including a split
* testdata/
- Some artifacts, signing key and fs-verity signatures
* block_device_writer/
- Helper binary for write a file directly on disk
Test: atest
Bug: 112039386
Change-Id: I3b8229037db682f36fda9d5cafd14caf6b39501d
78 lines
2.1 KiB
Plaintext
78 lines
2.1 KiB
Plaintext
// Copyright (C) 2019 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
filegroup {
|
|
name: "ApkVerityTestKeyPem",
|
|
srcs: ["ApkVerityTestKey.pem"],
|
|
}
|
|
|
|
filegroup {
|
|
name: "ApkVerityTestCertPem",
|
|
srcs: ["ApkVerityTestCert.pem"],
|
|
}
|
|
|
|
filegroup {
|
|
name: "ApkVerityTestCertDer",
|
|
srcs: ["ApkVerityTestCert.der"],
|
|
}
|
|
|
|
filegroup {
|
|
name: "ApkVerityTestAppDm",
|
|
srcs: ["ApkVerityTestApp.dm"],
|
|
}
|
|
|
|
filegroup {
|
|
name: "ApkVerityTestAppSplitDm",
|
|
srcs: ["ApkVerityTestAppSplit.dm"],
|
|
}
|
|
|
|
genrule_defaults {
|
|
name: "apk_verity_sig_gen_default",
|
|
tools: ["fsverity"],
|
|
tool_files: [":ApkVerityTestKeyPem", ":ApkVerityTestCertPem"],
|
|
cmd: "$(location fsverity) sign $(in) $(out) " +
|
|
"--key=$(location :ApkVerityTestKeyPem) " +
|
|
"--cert=$(location :ApkVerityTestCertPem) " +
|
|
"> /dev/null",
|
|
}
|
|
|
|
genrule {
|
|
name: "ApkVerityTestAppFsvSig",
|
|
defaults: ["apk_verity_sig_gen_default"],
|
|
srcs: [":ApkVerityTestApp"],
|
|
out: ["ApkVerityTestApp.apk.fsv_sig"],
|
|
}
|
|
|
|
genrule {
|
|
name: "ApkVerityTestAppDmFsvSig",
|
|
defaults: ["apk_verity_sig_gen_default"],
|
|
srcs: [":ApkVerityTestAppDm"],
|
|
out: ["ApkVerityTestApp.dm.fsv_sig"],
|
|
}
|
|
|
|
genrule {
|
|
name: "ApkVerityTestAppSplitFsvSig",
|
|
defaults: ["apk_verity_sig_gen_default"],
|
|
srcs: [":ApkVerityTestAppSplit"],
|
|
out: ["ApkVerityTestAppSplit.apk.fsv_sig"],
|
|
}
|
|
|
|
genrule {
|
|
name: "ApkVerityTestAppSplitDmFsvSig",
|
|
defaults: ["apk_verity_sig_gen_default"],
|
|
srcs: [":ApkVerityTestAppSplitDm"],
|
|
out: ["ApkVerityTestAppSplit.dm.fsv_sig"],
|
|
}
|
|
|