From 91eb2c0a257d4c5462d695723499a1358804e976 Mon Sep 17 00:00:00 2001 From: Mark Salyzyn Date: Tue, 16 Jul 2019 07:25:05 -0700 Subject: [PATCH 1/3] adb-remount-test add --no-wait-screen option If the device screen drivers or frameworks are compromised, permit remount testing without waiting for full boot complete to occur with the --no-wait-screen option. In the same vein to support development, add --wait-adb and --wait-fastboot options to adjust the timeout. For TreeHugger testing where other (previous) tests demonstrate framework or screen regressions, it _may_ be advised to switch to the --no-wait-screen option so that we do not register a false signal. It should be noted that some of the past issues with overlayfs and adb remount could introduce boot up, framework or screen regressions, so it is advised to not use the option if that interlocking logic can not be set up. Test: adb-remount-test.sh Bug: 138649540 Change-Id: Idf8f4a0eb6d7c9139bd4f2c600d14a70dc71902f --- fs_mgr/tests/adb-remount-test.sh | 33 ++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/fs_mgr/tests/adb-remount-test.sh b/fs_mgr/tests/adb-remount-test.sh index c2a0f33a1..dbcb4299c 100755 --- a/fs_mgr/tests/adb-remount-test.sh +++ b/fs_mgr/tests/adb-remount-test.sh @@ -15,10 +15,13 @@ USAGE="USAGE: `basename ${0}` [--help] [--serial ] [options] adb remount tests ---help This help ---serial Specify device (must if multiple are present) ---color Dress output with highlighting colors ---print-time Report the test duration +--color Dress output with highlighting colors +--help This help +--no-wait-screen Do not wait for display screen to settle +--print-time Report the test duration +--serial Specify device (must if multiple are present) +--wait-adb adb wait timeout +--wait-fastboot fastboot wait timeout Conditions: - Must be a userdebug build. @@ -53,6 +56,7 @@ ACTIVE_SLOT= ADB_WAIT=4m FASTBOOT_WAIT=2m +screen_wait=true ## ## Helper Functions @@ -436,6 +440,10 @@ wait_for_screen_timeout=900 -n - echo newline at exit TIMEOUT - default `format_duration ${wait_for_screen_timeout}`" ] wait_for_screen() { + if ! ${screen_wait}; then + adb_wait + return + fi exit_function=true if [ X"-n" = X"${1}" ]; then exit_function=echo @@ -743,6 +751,9 @@ skip_unrelated_mounts() { OPTIONS=`getopt --alternative --unquoted \ --longoptions help,serial:,colour,color,no-colour,no-color \ + --longoptions wait-adb:,wait-fastboot: \ + --longoptions wait-screen,wait-display \ + --longoptions no-wait-screen,no-wait-display \ --longoptions gtest_print_time,print-time \ -- "?hs:" ${*}` || ( echo "${USAGE}" >&2 ; false ) || @@ -766,9 +777,23 @@ while [ ${#} -gt 0 ]; do --no-color | --no-colour) color=false ;; + --no-wait-display | --no-wait-screen) + screen_wait=false + ;; + --wait-display | --wait-screen) + screen_wait=true + ;; --print-time | --gtest_print_time) print_time=true ;; + --wait-adb) + ADB_WAIT=${2} + shift + ;; + --wait-fastboot) + FASTBOOT_WAIT=${2} + shift + ;; --) shift break From f6d8a631fa2e26802e4c88bf0d35480548dcf324 Mon Sep 17 00:00:00 2001 From: Mark Salyzyn Date: Wed, 24 Jul 2019 15:24:28 -0700 Subject: [PATCH 2/3] adb-remount-test: support devices that do not have verity This allows the test to run to completion on cuttlefish Test: adb-remount-test.sh Bug: 138649540 Change-Id: Ief00af72af94bf14c1d69499b12ece8cfce2f552 --- fs_mgr/tests/adb-remount-test.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/fs_mgr/tests/adb-remount-test.sh b/fs_mgr/tests/adb-remount-test.sh index dbcb4299c..7f84bb8a8 100755 --- a/fs_mgr/tests/adb-remount-test.sh +++ b/fs_mgr/tests/adb-remount-test.sh @@ -1425,7 +1425,7 @@ check_eq "cat: /system/hello: No such file or directory" "${B}" after rm B="`adb_cat /vendor/hello`" check_eq "cat: /vendor/hello: No such file or directory" "${B}" after rm -if [ -n "${scratch_partition}" ]; then +if ${is_bootloader_fastboot} && [ -n "${scratch_partition}" ]; then echo "${GREEN}[ RUN ]${NORMAL} test fastboot flash to ${scratch_partition} recovery" >&2 @@ -1567,7 +1567,9 @@ if ${overlayfs_supported}; then adb_wait ${ADB_WAIT} || die "adb remount -R" if [ "orange" != "`get_property ro.boot.verifiedbootstate`" -o \ - "2" = "`get_property partition.system.verified`" ]; then + "2" = "`get_property partition.system.verified`" ] && + [ -n "`get_property ro.boot.verifiedbootstate`" -o \ + -n "`get_property partition.system.verified`" ]; then die "remount -R command failed to disable verity" fi From 9daf79f43fc1c68fba1e6e7d90345161ee249a64 Mon Sep 17 00:00:00 2001 From: Mark Salyzyn Date: Wed, 24 Jul 2019 15:01:07 -0700 Subject: [PATCH 3/3] adb-remount-test: add /system/priv-app In 4.19+ kernels not yet patched, /system/priv-app/ can cause EPERM on fstat of the directory, resulting in failure to access content. Test: adb-remount-test.sh Bug: 138649540 Change-Id: I96d1acb3cdb80824c9d2ebce415ea6e1253f9c5b --- fs_mgr/tests/adb-remount-test.sh | 36 +++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/fs_mgr/tests/adb-remount-test.sh b/fs_mgr/tests/adb-remount-test.sh index 7f84bb8a8..642f2c1e6 100755 --- a/fs_mgr/tests/adb-remount-test.sh +++ b/fs_mgr/tests/adb-remount-test.sh @@ -189,7 +189,7 @@ adb_su() { [ "USAGE: adb_cat >stdout Returns: content of file to stdout with carriage returns skipped, - true of the file exists" ] + true if the file exists" ] adb_cat() { local OUTPUT="`adb_sh cat ${1} &1`" local ret=${?} @@ -197,6 +197,17 @@ adb_cat() { return ${ret} } +[ "USAGE: adb_ls >stdout + +Returns: filename or directoru content to stdout with carriage returns skipped, + true if the ls had no errors" ] +adb_ls() { + local OUTPUT="`adb_sh ls ${1} /dev/null`" + local ret=${?} + echo "${OUTPUT}" | tr -d '\r' + return ${ret} +} + [ "USAGE: adb_reboot Returns: true if the reboot command succeeded" ] @@ -1170,10 +1181,14 @@ echo "${GREEN}[ RUN ]${NORMAL} push content to /system and /vendor" >&2 A="Hello World! $(date)" echo "${A}" | adb_sh cat - ">/system/hello" +echo "${A}" | adb_sh cat - ">/system/priv-app/hello" echo "${A}" | adb_sh cat - ">/vendor/hello" B="`adb_cat /system/hello`" || - die "sytem hello" + die "system hello" check_eq "${A}" "${B}" /system before reboot +B="`adb_cat /system/priv-app/hello`" || + die "system priv-app hello" +check_eq "${A}" "${B}" /system/priv-app before reboot B="`adb_cat /vendor/hello`" || die "vendor hello" check_eq "${A}" "${B}" /vendor before reboot @@ -1255,6 +1270,13 @@ if ${enforcing}; then fi B="`adb_cat /system/hello`" check_eq "${A}" "${B}" /system after reboot +# If overlayfs has a nested security problem, this will fail. +B="`adb_ls /system/`" || + dir "adb ls /system" +[ X"${B}" != X"${B#*priv-app}" ] || + dir "adb ls /system/priv-app" +B="`adb_cat /system/priv-app/hello`" +check_eq "${A}" "${B}" /system/priv-app after reboot echo "${GREEN}[ OK ]${NORMAL} /system content remains after reboot" >&2 # Only root can read vendor if sepolicy permissions are as expected. adb_root || @@ -1376,6 +1398,12 @@ else fi B="`adb_cat /system/hello`" check_eq "${A}" "${B}" system after flash vendor + B="`adb_ls /system/`" || + dir "adb ls /system" + [ X"${B}" != X"${B#*priv-app}" ] || + dir "adb ls /system/priv-app" + B="`adb_cat /system/priv-app/hello`" + check_eq "${A}" "${B}" system/priv-app after flash vendor adb_root || die "adb root" B="`adb_cat /vendor/hello`" @@ -1417,11 +1445,13 @@ fi echo "${H}" [ ${err} = 0 ] && ( adb_sh rm /vendor/hello /dev/null || true ) && - adb_sh rm /system/hello