Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 00737b39 authored by Aaron Wisner's avatar Aaron Wisner
Browse files

Create fuzzy-fastboot pen tester

Test: Run on Sailfish, Walleye, and other devices
Bug: http://b/111126621
Change-Id: I309af79411d0a16d11874a048ce0db024770d7b2
parent 9812b58f
Loading
Loading
Loading
Loading
+2 −0
Original line number Original line Diff line number Diff line
@@ -56,6 +56,8 @@ enum RetCode : int {
};
};


class FastBootDriver {
class FastBootDriver {
    friend class FastBootTest;

  public:
  public:
    static constexpr int RESP_TIMEOUT = 30;  // 30 seconds
    static constexpr int RESP_TIMEOUT = 30;  // 30 seconds
    static constexpr uint32_t MAX_DOWNLOAD_SIZE = std::numeric_limits<uint32_t>::max();
    static constexpr uint32_t MAX_DOWNLOAD_SIZE = std::numeric_limits<uint32_t>::max();
+31 −0
Original line number Original line Diff line number Diff line
cc_test_host {
  name: "fuzzy_fastboot",
  compile_multilib: "first",

  srcs: [
    "main.cpp",
    "extensions.cpp",
    "usb_transport_sniffer.cpp",
    "fixtures.cpp",
    "test_utils.cpp",
  ],

  static_libs: [
    "libfastboot2",
    "libziparchive",
    "libsparse",
    "libutils",
    "liblog",
    "libz",
    "libdiagnose_usb",
    "libbase",
    "libcutils",
    "libgtest",
    "libgtest_main",
    "libbase",
    "libadb_host",
    "libtinyxml2",
    "libsparse",
  ],

}
+394 −0

File added.

Preview size limit exceeded, changes collapsed.

+37 −0
Original line number Original line Diff line number Diff line
'''
Some bootloader's support hashing partitions. This is a great feature for testing
correctness. However, the format for the way the hash is returned depends on the
implementation. The hash could be send through an INFO response, or be as part
of the OKAY response itself. This script is called with the first argument
as the string mesage from the okay response. The second argument is each
info response joined by newlines into one argument.
'''

import sys


def main():
  '''
  Data is sent back to the parent fuzzy_fastboot process through the stderr pipe.
  There are two interpretations of this data by FF.

  0 return code:
    Anything written to STDERR will be interpreted as part of the hash.

  non-zero return code:
    Anything written to STDERR is part of the error message that will logged by FF
    to explain why hash extraction failed.

  Feel free to print to to STDOUT with print() as usual to print info to console
  '''
  script, response, info = sys.argv
  # the info responses are concated by newlines
  infos = [s.strip() for s in info.splitlines()]
  sys.stderr.write(infos[-1])
  print("Extracted checksum: '%s'" % infos[-1])
  # non-zero return code signals error
  return 0


if __name__ == "__main__":
  sys.exit(main())
+62 −0
Original line number Original line Diff line number Diff line
<?xml version="1.0"?>
<config>
<!-- All the device getvar variables should be listed here -->
<getvar>
	<var key="product" assert="superphone2000"/>
	<var key="secure" assert="no|yes"/>
</getvar>

<!-- All the device partitions should be listed here -->
<partitions>
	<part value="boot" slots="yes" test="yes" hashable="yes" parsed="yes"/>
	<part value="modem" slots="yes" test="yes" hashable="yes"/>
	<part value="userdata" slots="no" test="yes" hashable="no"/>

	<!-- Bootloader partitions -->
	<part value="foo1" slots="yes" test="no" hashable="yes"/>
	<part value="foo2" slots="yes" test="no" hashable="yes"/>
	<part value="bar3" slots="yes" test="no" hashable="yes"/>
</partitions>

<!-- All the device packed partitions should be listed here -->
<packed>
	<part value="bootloader" slots="yes">
		<!-- We list the real partitions it is composed of -->
		<child>foo1</child>
		<child>foo2</child>
		<child>bar3</child>
		<!-- We list tests, expect defaults to 'okay' -->
		<test packed="bootloader.img" unpacked="unpacked"/>
		<test packed="bootloader_garbage.img" expect="fail"/>
	</part>
</packed>

<!-- All the oem commands should be listed here -->
<oem>
	<!-- The 'oem self_destruct' command requires an unlocked bootloader -->
	<command value="self_destruct" permissions="unlocked">
		<!-- This will test that "oem self_destruct now" returns 'okay' -->
		<test value="now" expect="okay"/>
		<test value="yesterday" expect="fail" />
	</command>

	<!-- Test a fictional 'oem get' command -->
	<command value="get" permissions="none">
		<test value="batch_id" expect="okay" assert="[[:digit:]]+"/>
		<test value="device_color" expect="okay" assert="green|blue"/>
		<test value="build_num" expect="okay" assert="[\w\-.]+"/>
		<test value="garbage" expect="fail" assert="Invalid var '[\w ]+'"/>
	</command>

	<!-- Some oem commands might require staging or downloading data, or both -->
	<command value="foobar" permissions="unlocked">
		<!-- FF will first stage test_image.img before running 'oem foobar use_staged' -->
		<test value="use_staged" expect="okay" input="test_image.img" />
		<!-- FF will run 'oem foobar send_response', upload data from device, then run the validator script -->
		<test value="send_response" expect="fail" validate="python validator.py"/>
	</command>
</oem>

<!-- If there is a custom oem checksum command to hash partitions, add it here -->
<checksum value="oem sha1sum"/>
</config>
Loading