From db3197023672587969f0ee1fb02cd1b9d032b5cd Mon Sep 17 00:00:00 2001
From: Inseob Kim <inseob@google.com>
Date: Thu, 20 Jan 2022 13:12:43 +0900
Subject: [PATCH] Add extra apk mount test

system/etc/fsverity/security/BuildManifest.apk contains a protobuf file
as an asset. This test tries to parse the protobuf file, thus verifying
the extra APK mount.

Bug: 203483081
Test: atest MicrodroidTests
Change-Id: I2ca0bf337fcee0c2df3c32d43685c4cdadcbac91
---
 tests/testapk/Android.bp                      |  5 ++++
 .../microdroid/test/MicrodroidTests.java      |  8 +++++--
 tests/testapk/src/native/testbinary.cpp       | 24 +++++++++++++++++--
 3 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/tests/testapk/Android.bp b/tests/testapk/Android.bp
index 541e93f4..6cd16c23 100644
--- a/tests/testapk/Android.bp
+++ b/tests/testapk/Android.bp
@@ -30,6 +30,11 @@ cc_library_shared {
         "libbinder_rpc_unstable",
         "MicrodroidTestNativeLibSub",
     ],
+    static_libs: [
+        "libfsverity_digests_proto_cc",
+        "liblog",
+        "libprotobuf-cpp-lite-ndk",
+    ],
 }
 
 cc_library_shared {
diff --git a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
index 4736f19a..032ecfda 100644
--- a/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
+++ b/tests/testapk/src/java/com/android/microdroid/test/MicrodroidTests.java
@@ -140,7 +140,8 @@ public class MicrodroidTests {
     @Test
     public void connectToVmService() throws VirtualMachineException, InterruptedException {
         VirtualMachineConfig.Builder builder =
-                new VirtualMachineConfig.Builder(mInner.mContext, "assets/vm_config.json");
+                new VirtualMachineConfig.Builder(mInner.mContext,
+                        "assets/vm_config_extra_apk.json");
         if (Build.SUPPORTED_ABIS.length > 0) {
             String primaryAbi = Build.SUPPORTED_ABIS[0];
             switch(primaryAbi) {
@@ -154,7 +155,7 @@ public class MicrodroidTests {
         }
         VirtualMachineConfig config = builder.build();
 
-        mInner.mVm = mInner.mVmm.getOrCreate("test_vm", config);
+        mInner.mVm = mInner.mVmm.getOrCreate("test_vm_extra_apk", config);
         VmEventListener listener =
                 new VmEventListener() {
                     private boolean mPayloadReadyCalled = false;
@@ -177,6 +178,9 @@ public class MicrodroidTests {
                             assertEquals(
                                     testService.readProperty("debug.microdroid.test.keystore"),
                                     "PASS");
+                            assertEquals(
+                                    testService.readProperty("debug.microdroid.test.extra_apk"),
+                                    "PASS");
                         } catch (Exception e) {
                             fail("Exception while testing service: " + e.toString());
                         }
diff --git a/tests/testapk/src/native/testbinary.cpp b/tests/testapk/src/native/testbinary.cpp
index 54355476..c748b2a7 100644
--- a/tests/testapk/src/native/testbinary.cpp
+++ b/tests/testapk/src/native/testbinary.cpp
@@ -16,12 +16,14 @@
 #include <aidl/android/system/keystore2/IKeystoreService.h>
 #include <aidl/android/system/virtualmachineservice/IVirtualMachineService.h>
 #include <aidl/com/android/microdroid/testservice/BnTestService.h>
+#include <android-base/file.h>
 #include <android-base/properties.h>
 #include <android-base/result.h>
 #include <android-base/unique_fd.h>
 #include <android/binder_auto_utils.h>
 #include <android/binder_manager.h>
 #include <fcntl.h>
+#include <fsverity_digests.pb.h>
 #include <linux/vm_sockets.h>
 #include <stdint.h>
 #include <stdio.h>
@@ -193,8 +195,8 @@ Result<T> report_test(std::string name, Result<T> result) {
         outcome << "PASS";
     } else {
         outcome << "FAIL: " << result.error();
-        // Pollute stdout with the error in case the property is truncated.
-        std::cout << "[" << name << "] test failed: " << result.error() << "\n";
+        // Pollute stderr with the error in case the property is truncated.
+        std::cerr << "[" << name << "] test failed: " << result.error() << "\n";
     }
     __system_property_set(property.c_str(), outcome.str().c_str());
     return result;
@@ -243,6 +245,21 @@ Result<void> start_test_service() {
     return {};
 }
 
+Result<void> verify_apk() {
+    const char* path = "/mnt/extra-apk/0/assets/build_manifest.pb";
+
+    std::string str;
+    if (!android::base::ReadFileToString(path, &str)) {
+        return ErrnoError() << "failed to read build_manifest.pb";
+    }
+
+    if (!android::security::fsverity::FSVerityDigests().ParseFromString(str)) {
+        return Error() << "invalid build_manifest.pb";
+    }
+
+    return {};
+}
+
 } // Anonymous namespace
 
 extern "C" int android_native_main(int argc, char* argv[]) {
@@ -262,6 +279,9 @@ extern "C" int android_native_main(int argc, char* argv[]) {
     testlib_sub();
     printf("\n");
 
+    // Extra apks may be missing; this is not a fatal error
+    report_test("extra_apk", verify_apk());
+
     __system_property_set("debug.microdroid.app.run", "true");
     if (!report_test("keystore", test_keystore()).ok()) return 1;