Merge "Add proto3 support for care_map"

    component/verifier_test.cpp

LOCAL_SHARED_LIBRARIES := \

    libhidlbase

    libhidlbase \

    libprotobuf-cpp-lite

tune2fs_static_libraries := \

    libext2_com_err \

 * limitations under the License.

 */

#include <update_verifier/update_verifier.h>

#include <string>

#include <unordered_map>

#include <vector>

#include <android-base/file.h>

#include <android-base/properties.h>

#include <android-base/strings.h>

#include <android-base/test_utils.h>

#include <google/protobuf/repeated_field.h>

#include <gtest/gtest.h>

#include <update_verifier/update_verifier.h>

#include "care_map.pb.h"

class UpdateVerifierTest : public ::testing::Test {

 protected:

    verity_supported = android::base::EqualsIgnoreCase(verity_mode, "enforcing");

  }

  // Returns a serialized string of the proto3 message according to the given partition info.

  std::string ConstructProto(

      std::vector<std::unordered_map<std::string, std::string>>& partitions) {

    UpdateVerifier::CareMap result;

    for (const auto& partition : partitions) {

      UpdateVerifier::CareMap::PartitionInfo info;

      if (partition.find("name") != partition.end()) {

        info.set_name(partition.at("name"));

      }

      if (partition.find("ranges") != partition.end()) {

        info.set_ranges(partition.at("ranges"));

      }

      if (partition.find("fingerprint") != partition.end()) {

        info.set_fingerprint(partition.at("fingerprint"));

      }

      *result.add_partitions() = info;

    }

    return result.SerializeAsString();

  }

  bool verity_supported;

  TemporaryFile care_map_file;

};

TEST_F(UpdateVerifierTest, verify_image_no_care_map) {

    return;

  }

  TemporaryFile temp_file;

  std::string content = "system\n2,0,1";

  ASSERT_TRUE(android::base::WriteStringToFile(content, temp_file.path));

  ASSERT_TRUE(verify_image(temp_file.path));

  ASSERT_TRUE(android::base::WriteStringToFile(content, care_map_file.path));

  ASSERT_TRUE(verify_image(care_map_file.path));

  // Leading and trailing newlines should be accepted.

  ASSERT_TRUE(android::base::WriteStringToFile("\n" + content + "\n\n", temp_file.path));

  ASSERT_TRUE(verify_image(temp_file.path));

  ASSERT_TRUE(android::base::WriteStringToFile("\n" + content + "\n\n", care_map_file.path));

  ASSERT_TRUE(verify_image(care_map_file.path));

}

TEST_F(UpdateVerifierTest, verify_image_empty_care_map) {

  ASSERT_FALSE(verify_image(care_map_file.path));

}

TEST_F(UpdateVerifierTest, verify_image_wrong_lines) {

  // The care map file can have only 2 / 4 / 6 lines.

  TemporaryFile temp_file;

  ASSERT_FALSE(verify_image(temp_file.path));

  ASSERT_TRUE(android::base::WriteStringToFile("line1", temp_file.path));

  ASSERT_FALSE(verify_image(temp_file.path));

  ASSERT_TRUE(android::base::WriteStringToFile("line1", care_map_file.path));

  ASSERT_FALSE(verify_image(care_map_file.path));

  ASSERT_TRUE(android::base::WriteStringToFile("line1\nline2\nline3", temp_file.path));

  ASSERT_FALSE(verify_image(temp_file.path));

  ASSERT_TRUE(android::base::WriteStringToFile("line1\nline2\nline3", care_map_file.path));

  ASSERT_FALSE(verify_image(care_map_file.path));

}

TEST_F(UpdateVerifierTest, verify_image_malformed_care_map) {

    return;

  }

  TemporaryFile temp_file;

  std::string content = "system\n2,1,0";

  ASSERT_TRUE(android::base::WriteStringToFile(content, temp_file.path));

  ASSERT_FALSE(verify_image(temp_file.path));

  ASSERT_TRUE(android::base::WriteStringToFile(content, care_map_file.path));

  ASSERT_FALSE(verify_image(care_map_file.path));

}

TEST_F(UpdateVerifierTest, verify_image_legacy_care_map) {

    return;

  }

  TemporaryFile temp_file;

  std::string content = "/dev/block/bootdevice/by-name/system\n2,1,0";

  ASSERT_TRUE(android::base::WriteStringToFile(content, temp_file.path));

  ASSERT_TRUE(verify_image(temp_file.path));

  ASSERT_TRUE(android::base::WriteStringToFile(content, care_map_file.path));

  ASSERT_TRUE(verify_image(care_map_file.path));

}

TEST_F(UpdateVerifierTest, verify_image_protobuf_care_map_smoke) {

  // This test relies on dm-verity support.

  if (!verity_supported) {

    GTEST_LOG_(INFO) << "Test skipped on devices without dm-verity support.";

    return;

  }

  std::vector<std::unordered_map<std::string, std::string>> partitions = {

    { { "name", "system" }, { "ranges", "2,0,1" } },

  };

  std::string proto = ConstructProto(partitions);

  ASSERT_TRUE(android::base::WriteStringToFile(proto, care_map_file.path));

  ASSERT_TRUE(verify_image(care_map_file.path));

}

TEST_F(UpdateVerifierTest, verify_image_protobuf_care_map_missing_name) {

  // This test relies on dm-verity support.

  if (!verity_supported) {

    GTEST_LOG_(INFO) << "Test skipped on devices without dm-verity support.";

    return;

  }

  std::vector<std::unordered_map<std::string, std::string>> partitions = {

    { { "ranges", "2,0,1" } },

  };

  std::string proto = ConstructProto(partitions);

  ASSERT_TRUE(android::base::WriteStringToFile(proto, care_map_file.path));

  ASSERT_FALSE(verify_image(care_map_file.path));

}

TEST_F(UpdateVerifierTest, verify_image_protobuf_care_map_bad_ranges) {

  // This test relies on dm-verity support.

  if (!verity_supported) {

    GTEST_LOG_(INFO) << "Test skipped on devices without dm-verity support.";

    return;

  }

  std::vector<std::unordered_map<std::string, std::string>> partitions = {

    { { "name", "system" }, { "ranges", "3,0,1" } },

  };

  std::string proto = ConstructProto(partitions);

  ASSERT_TRUE(android::base::WriteStringToFile(proto, care_map_file.path));

  ASSERT_FALSE(verify_image(care_map_file.path));

}

    ],

    srcs: [

        "care_map.proto",

        "update_verifier.cpp",

    ],

        "libbase",

        "libcutils",

    ],

    proto: {

        type: "lite",

        export_proto_headers: true,

    }

}

cc_binary {

        "libhardware",

        "libhidlbase",

        "liblog",

        "libprotobuf-cpp-lite",

        "libutils",

    ],

/*

 * Copyright (C) 2018 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

syntax = "proto3";

package UpdateVerifier;

option optimize_for = LITE_RUNTIME;

message CareMap {

  message PartitionInfo {

    string name = 1;

    string ranges = 2;

    string id = 3;

    string fingerprint = 4;

  }

  repeated PartitionInfo partitions = 1;

}

int update_verifier(int argc, char** argv);

// Exposed for testing purpose.

// Returns true to indicate a passing verification (or the error should be ignored); Otherwise

// returns false on fatal errors, where we should reject the current boot and trigger a fallback.

// This function tries to process the care_map.txt as protobuf message; and falls back to use the

// plain text format if the parse failed.

//

// Note that update_verifier should be backward compatible to not reject care_map.txt from old

// releases, which could otherwise fail to boot into the new release. For example, we've changed

// the care_map format between N and O. An O update_verifier would fail to work with N care_map.txt.

// This could be a result of sideloading an O OTA while the device having a pending N update.

bool verify_image(const std::string& care_map_name);