1*33f37583SAndroid Build Coastguard Worker /*
2*33f37583SAndroid Build Coastguard Worker * Copyright (C) 2019 The Android Open Source Project
3*33f37583SAndroid Build Coastguard Worker *
4*33f37583SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*33f37583SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*33f37583SAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*33f37583SAndroid Build Coastguard Worker *
8*33f37583SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*33f37583SAndroid Build Coastguard Worker *
10*33f37583SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*33f37583SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*33f37583SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*33f37583SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*33f37583SAndroid Build Coastguard Worker * limitations under the License.
15*33f37583SAndroid Build Coastguard Worker */
16*33f37583SAndroid Build Coastguard Worker
17*33f37583SAndroid Build Coastguard Worker #include <filesystem>
18*33f37583SAndroid Build Coastguard Worker #include <fstream>
19*33f37583SAndroid Build Coastguard Worker
20*33f37583SAndroid Build Coastguard Worker #include <gmock/gmock.h>
21*33f37583SAndroid Build Coastguard Worker #include <gtest/gtest.h>
22*33f37583SAndroid Build Coastguard Worker #include <linux/loop.h>
23*33f37583SAndroid Build Coastguard Worker #include <sched.h>
24*33f37583SAndroid Build Coastguard Worker #include <sys/mount.h>
25*33f37583SAndroid Build Coastguard Worker
26*33f37583SAndroid Build Coastguard Worker #include <android-base/errors.h>
27*33f37583SAndroid Build Coastguard Worker #include <android-base/logging.h>
28*33f37583SAndroid Build Coastguard Worker #include <android-base/macros.h>
29*33f37583SAndroid Build Coastguard Worker #include <android-base/result.h>
30*33f37583SAndroid Build Coastguard Worker #include <android-base/stringprintf.h>
31*33f37583SAndroid Build Coastguard Worker #include <android-base/strings.h>
32*33f37583SAndroid Build Coastguard Worker #include <android-base/unique_fd.h>
33*33f37583SAndroid Build Coastguard Worker #include <android/apex/ApexInfo.h>
34*33f37583SAndroid Build Coastguard Worker #include <android/apex/ApexSessionInfo.h>
35*33f37583SAndroid Build Coastguard Worker #include <binder/IServiceManager.h>
36*33f37583SAndroid Build Coastguard Worker #include <fstab/fstab.h>
37*33f37583SAndroid Build Coastguard Worker #include <libdm/dm.h>
38*33f37583SAndroid Build Coastguard Worker #include <selinux/android.h>
39*33f37583SAndroid Build Coastguard Worker
40*33f37583SAndroid Build Coastguard Worker #include "apex_file.h"
41*33f37583SAndroid Build Coastguard Worker #include "apexd_loop.h"
42*33f37583SAndroid Build Coastguard Worker #include "apexd_utils.h"
43*33f37583SAndroid Build Coastguard Worker #include "session_state.pb.h"
44*33f37583SAndroid Build Coastguard Worker
45*33f37583SAndroid Build Coastguard Worker #include "com_android_apex.h"
46*33f37583SAndroid Build Coastguard Worker
47*33f37583SAndroid Build Coastguard Worker namespace android {
48*33f37583SAndroid Build Coastguard Worker namespace apex {
49*33f37583SAndroid Build Coastguard Worker namespace testing {
50*33f37583SAndroid Build Coastguard Worker
IsOk(const android::binder::Status & status)51*33f37583SAndroid Build Coastguard Worker inline ::testing::AssertionResult IsOk(const android::binder::Status& status) {
52*33f37583SAndroid Build Coastguard Worker if (status.isOk()) {
53*33f37583SAndroid Build Coastguard Worker return ::testing::AssertionSuccess() << " is Ok";
54*33f37583SAndroid Build Coastguard Worker } else {
55*33f37583SAndroid Build Coastguard Worker return ::testing::AssertionFailure()
56*33f37583SAndroid Build Coastguard Worker << " failed with " << status.exceptionMessage().c_str();
57*33f37583SAndroid Build Coastguard Worker }
58*33f37583SAndroid Build Coastguard Worker }
59*33f37583SAndroid Build Coastguard Worker
60*33f37583SAndroid Build Coastguard Worker MATCHER_P(SessionInfoEq, other, "") {
61*33f37583SAndroid Build Coastguard Worker using ::testing::AllOf;
62*33f37583SAndroid Build Coastguard Worker using ::testing::Eq;
63*33f37583SAndroid Build Coastguard Worker using ::testing::Field;
64*33f37583SAndroid Build Coastguard Worker
65*33f37583SAndroid Build Coastguard Worker return ExplainMatchResult(
66*33f37583SAndroid Build Coastguard Worker AllOf(
67*33f37583SAndroid Build Coastguard Worker Field("sessionId", &ApexSessionInfo::sessionId, Eq(other.sessionId)),
68*33f37583SAndroid Build Coastguard Worker Field("isUnknown", &ApexSessionInfo::isUnknown, Eq(other.isUnknown)),
69*33f37583SAndroid Build Coastguard Worker Field("isVerified", &ApexSessionInfo::isVerified,
70*33f37583SAndroid Build Coastguard Worker Eq(other.isVerified)),
71*33f37583SAndroid Build Coastguard Worker Field("isStaged", &ApexSessionInfo::isStaged, Eq(other.isStaged)),
72*33f37583SAndroid Build Coastguard Worker Field("isActivated", &ApexSessionInfo::isActivated,
73*33f37583SAndroid Build Coastguard Worker Eq(other.isActivated)),
74*33f37583SAndroid Build Coastguard Worker Field("isRevertInProgress", &ApexSessionInfo::isRevertInProgress,
75*33f37583SAndroid Build Coastguard Worker Eq(other.isRevertInProgress)),
76*33f37583SAndroid Build Coastguard Worker Field("isActivationFailed", &ApexSessionInfo::isActivationFailed,
77*33f37583SAndroid Build Coastguard Worker Eq(other.isActivationFailed)),
78*33f37583SAndroid Build Coastguard Worker Field("isSuccess", &ApexSessionInfo::isSuccess, Eq(other.isSuccess)),
79*33f37583SAndroid Build Coastguard Worker Field("isReverted", &ApexSessionInfo::isReverted,
80*33f37583SAndroid Build Coastguard Worker Eq(other.isReverted)),
81*33f37583SAndroid Build Coastguard Worker Field("isRevertFailed", &ApexSessionInfo::isRevertFailed,
82*33f37583SAndroid Build Coastguard Worker Eq(other.isRevertFailed))),
83*33f37583SAndroid Build Coastguard Worker arg, result_listener);
84*33f37583SAndroid Build Coastguard Worker }
85*33f37583SAndroid Build Coastguard Worker
86*33f37583SAndroid Build Coastguard Worker MATCHER_P(ApexInfoEq, other, "") {
87*33f37583SAndroid Build Coastguard Worker using ::testing::AllOf;
88*33f37583SAndroid Build Coastguard Worker using ::testing::Eq;
89*33f37583SAndroid Build Coastguard Worker using ::testing::Field;
90*33f37583SAndroid Build Coastguard Worker
91*33f37583SAndroid Build Coastguard Worker return ExplainMatchResult(
92*33f37583SAndroid Build Coastguard Worker AllOf(Field("moduleName", &ApexInfo::moduleName, Eq(other.moduleName)),
93*33f37583SAndroid Build Coastguard Worker Field("modulePath", &ApexInfo::modulePath, Eq(other.modulePath)),
94*33f37583SAndroid Build Coastguard Worker Field("preinstalledModulePath", &ApexInfo::preinstalledModulePath,
95*33f37583SAndroid Build Coastguard Worker Eq(other.preinstalledModulePath)),
96*33f37583SAndroid Build Coastguard Worker Field("versionCode", &ApexInfo::versionCode, Eq(other.versionCode)),
97*33f37583SAndroid Build Coastguard Worker Field("isFactory", &ApexInfo::isFactory, Eq(other.isFactory)),
98*33f37583SAndroid Build Coastguard Worker Field("isActive", &ApexInfo::isActive, Eq(other.isActive)),
99*33f37583SAndroid Build Coastguard Worker Field("partition", &ApexInfo::partition, Eq(other.partition))),
100*33f37583SAndroid Build Coastguard Worker arg, result_listener);
101*33f37583SAndroid Build Coastguard Worker }
102*33f37583SAndroid Build Coastguard Worker
103*33f37583SAndroid Build Coastguard Worker MATCHER_P(ApexFileEq, other, "") {
104*33f37583SAndroid Build Coastguard Worker using ::testing::AllOf;
105*33f37583SAndroid Build Coastguard Worker using ::testing::Eq;
106*33f37583SAndroid Build Coastguard Worker using ::testing::Property;
107*33f37583SAndroid Build Coastguard Worker
108*33f37583SAndroid Build Coastguard Worker return ExplainMatchResult(
109*33f37583SAndroid Build Coastguard Worker AllOf(Property("path", &ApexFile::GetPath, Eq(other.get().GetPath())),
110*33f37583SAndroid Build Coastguard Worker Property("image_offset", &ApexFile::GetImageOffset,
111*33f37583SAndroid Build Coastguard Worker Eq(other.get().GetImageOffset())),
112*33f37583SAndroid Build Coastguard Worker Property("image_size", &ApexFile::GetImageSize,
113*33f37583SAndroid Build Coastguard Worker Eq(other.get().GetImageSize())),
114*33f37583SAndroid Build Coastguard Worker Property("fs_type", &ApexFile::GetFsType,
115*33f37583SAndroid Build Coastguard Worker Eq(other.get().GetFsType())),
116*33f37583SAndroid Build Coastguard Worker Property("public_key", &ApexFile::GetBundledPublicKey,
117*33f37583SAndroid Build Coastguard Worker Eq(other.get().GetBundledPublicKey())),
118*33f37583SAndroid Build Coastguard Worker Property("is_compressed", &ApexFile::IsCompressed,
119*33f37583SAndroid Build Coastguard Worker Eq(other.get().IsCompressed()))),
120*33f37583SAndroid Build Coastguard Worker arg, result_listener);
121*33f37583SAndroid Build Coastguard Worker }
122*33f37583SAndroid Build Coastguard Worker
CreateSessionInfo(int session_id)123*33f37583SAndroid Build Coastguard Worker inline ApexSessionInfo CreateSessionInfo(int session_id) {
124*33f37583SAndroid Build Coastguard Worker ApexSessionInfo info;
125*33f37583SAndroid Build Coastguard Worker info.sessionId = session_id;
126*33f37583SAndroid Build Coastguard Worker info.isUnknown = false;
127*33f37583SAndroid Build Coastguard Worker info.isVerified = false;
128*33f37583SAndroid Build Coastguard Worker info.isStaged = false;
129*33f37583SAndroid Build Coastguard Worker info.isActivated = false;
130*33f37583SAndroid Build Coastguard Worker info.isRevertInProgress = false;
131*33f37583SAndroid Build Coastguard Worker info.isActivationFailed = false;
132*33f37583SAndroid Build Coastguard Worker info.isSuccess = false;
133*33f37583SAndroid Build Coastguard Worker info.isReverted = false;
134*33f37583SAndroid Build Coastguard Worker info.isRevertFailed = false;
135*33f37583SAndroid Build Coastguard Worker return info;
136*33f37583SAndroid Build Coastguard Worker }
137*33f37583SAndroid Build Coastguard Worker
138*33f37583SAndroid Build Coastguard Worker } // namespace testing
139*33f37583SAndroid Build Coastguard Worker
140*33f37583SAndroid Build Coastguard Worker // Must be in apex::android namespace, otherwise gtest won't be able to find it.
PrintTo(const ApexSessionInfo & session,std::ostream * os)141*33f37583SAndroid Build Coastguard Worker inline void PrintTo(const ApexSessionInfo& session, std::ostream* os) {
142*33f37583SAndroid Build Coastguard Worker *os << "apex_session: {\n";
143*33f37583SAndroid Build Coastguard Worker *os << " sessionId : " << session.sessionId << "\n";
144*33f37583SAndroid Build Coastguard Worker *os << " isUnknown : " << session.isUnknown << "\n";
145*33f37583SAndroid Build Coastguard Worker *os << " isVerified : " << session.isVerified << "\n";
146*33f37583SAndroid Build Coastguard Worker *os << " isStaged : " << session.isStaged << "\n";
147*33f37583SAndroid Build Coastguard Worker *os << " isActivated : " << session.isActivated << "\n";
148*33f37583SAndroid Build Coastguard Worker *os << " isActivationFailed : " << session.isActivationFailed << "\n";
149*33f37583SAndroid Build Coastguard Worker *os << " isSuccess : " << session.isSuccess << "\n";
150*33f37583SAndroid Build Coastguard Worker *os << " isReverted : " << session.isReverted << "\n";
151*33f37583SAndroid Build Coastguard Worker *os << " isRevertFailed : " << session.isRevertFailed << "\n";
152*33f37583SAndroid Build Coastguard Worker *os << "}";
153*33f37583SAndroid Build Coastguard Worker }
154*33f37583SAndroid Build Coastguard Worker
PrintTo(const ApexInfo & apex,std::ostream * os)155*33f37583SAndroid Build Coastguard Worker inline void PrintTo(const ApexInfo& apex, std::ostream* os) {
156*33f37583SAndroid Build Coastguard Worker *os << "apex_info: {\n";
157*33f37583SAndroid Build Coastguard Worker *os << " moduleName : " << apex.moduleName << "\n";
158*33f37583SAndroid Build Coastguard Worker *os << " modulePath : " << apex.modulePath << "\n";
159*33f37583SAndroid Build Coastguard Worker *os << " preinstalledModulePath : " << apex.preinstalledModulePath << "\n";
160*33f37583SAndroid Build Coastguard Worker *os << " versionCode : " << apex.versionCode << "\n";
161*33f37583SAndroid Build Coastguard Worker *os << " isFactory : " << apex.isFactory << "\n";
162*33f37583SAndroid Build Coastguard Worker *os << " isActive : " << apex.isActive << "\n";
163*33f37583SAndroid Build Coastguard Worker *os << " partition : " << toString(apex.partition) << "\n";
164*33f37583SAndroid Build Coastguard Worker *os << "}";
165*33f37583SAndroid Build Coastguard Worker }
166*33f37583SAndroid Build Coastguard Worker
CompareFiles(const std::string & filename1,const std::string & filename2)167*33f37583SAndroid Build Coastguard Worker inline android::base::Result<bool> CompareFiles(const std::string& filename1,
168*33f37583SAndroid Build Coastguard Worker const std::string& filename2) {
169*33f37583SAndroid Build Coastguard Worker std::ifstream file1(filename1, std::ios::binary);
170*33f37583SAndroid Build Coastguard Worker std::ifstream file2(filename2, std::ios::binary);
171*33f37583SAndroid Build Coastguard Worker
172*33f37583SAndroid Build Coastguard Worker if (file1.bad() || file2.bad()) {
173*33f37583SAndroid Build Coastguard Worker return android::base::Error() << "Could not open one of the file";
174*33f37583SAndroid Build Coastguard Worker }
175*33f37583SAndroid Build Coastguard Worker
176*33f37583SAndroid Build Coastguard Worker std::istreambuf_iterator<char> begin1(file1);
177*33f37583SAndroid Build Coastguard Worker std::istreambuf_iterator<char> begin2(file2);
178*33f37583SAndroid Build Coastguard Worker
179*33f37583SAndroid Build Coastguard Worker return std::equal(begin1, std::istreambuf_iterator<char>(), begin2);
180*33f37583SAndroid Build Coastguard Worker }
181*33f37583SAndroid Build Coastguard Worker
GetCurrentMountNamespace()182*33f37583SAndroid Build Coastguard Worker inline android::base::Result<std::string> GetCurrentMountNamespace() {
183*33f37583SAndroid Build Coastguard Worker std::string result;
184*33f37583SAndroid Build Coastguard Worker if (!android::base::Readlink("/proc/self/ns/mnt", &result)) {
185*33f37583SAndroid Build Coastguard Worker return android::base::ErrnoError() << "Failed to read /proc/self/ns/mnt";
186*33f37583SAndroid Build Coastguard Worker }
187*33f37583SAndroid Build Coastguard Worker return result;
188*33f37583SAndroid Build Coastguard Worker }
189*33f37583SAndroid Build Coastguard Worker
190*33f37583SAndroid Build Coastguard Worker // A helper class to switch back to the original mount namespace of a process
191*33f37583SAndroid Build Coastguard Worker // upon exiting current scope.
192*33f37583SAndroid Build Coastguard Worker class MountNamespaceRestorer final {
193*33f37583SAndroid Build Coastguard Worker public:
MountNamespaceRestorer()194*33f37583SAndroid Build Coastguard Worker explicit MountNamespaceRestorer() {
195*33f37583SAndroid Build Coastguard Worker original_namespace_.reset(open("/proc/self/ns/mnt", O_RDONLY | O_CLOEXEC));
196*33f37583SAndroid Build Coastguard Worker if (original_namespace_.get() < 0) {
197*33f37583SAndroid Build Coastguard Worker PLOG(ERROR) << "Failed to open /proc/self/ns/mnt";
198*33f37583SAndroid Build Coastguard Worker }
199*33f37583SAndroid Build Coastguard Worker }
200*33f37583SAndroid Build Coastguard Worker
~MountNamespaceRestorer()201*33f37583SAndroid Build Coastguard Worker ~MountNamespaceRestorer() {
202*33f37583SAndroid Build Coastguard Worker if (original_namespace_.get() != -1) {
203*33f37583SAndroid Build Coastguard Worker // Since apexd is a multithread process. setns(fd, CLONE_NEWNS) may not
204*33f37583SAndroid Build Coastguard Worker // work (fail with EINVAL). Retrying until success fixes it. This is
205*33f37583SAndroid Build Coastguard Worker // acceptable since this class is for only tests. In the worst case tests
206*33f37583SAndroid Build Coastguard Worker // will hang with bunch of logs.
207*33f37583SAndroid Build Coastguard Worker while (setns(original_namespace_.get(), CLONE_NEWNS) == -1) {
208*33f37583SAndroid Build Coastguard Worker PLOG(ERROR) << "Failed to switch back to " << original_namespace_.get();
209*33f37583SAndroid Build Coastguard Worker }
210*33f37583SAndroid Build Coastguard Worker }
211*33f37583SAndroid Build Coastguard Worker }
212*33f37583SAndroid Build Coastguard Worker
213*33f37583SAndroid Build Coastguard Worker private:
214*33f37583SAndroid Build Coastguard Worker android::base::unique_fd original_namespace_;
215*33f37583SAndroid Build Coastguard Worker DISALLOW_COPY_AND_ASSIGN(MountNamespaceRestorer);
216*33f37583SAndroid Build Coastguard Worker };
217*33f37583SAndroid Build Coastguard Worker
GetApexMounts()218*33f37583SAndroid Build Coastguard Worker inline std::vector<std::string> GetApexMounts() {
219*33f37583SAndroid Build Coastguard Worker std::vector<std::string> apex_mounts;
220*33f37583SAndroid Build Coastguard Worker std::string mount_info;
221*33f37583SAndroid Build Coastguard Worker if (!android::base::ReadFileToString("/proc/self/mountinfo", &mount_info)) {
222*33f37583SAndroid Build Coastguard Worker return apex_mounts;
223*33f37583SAndroid Build Coastguard Worker }
224*33f37583SAndroid Build Coastguard Worker for (const auto& line : android::base::Split(mount_info, "\n")) {
225*33f37583SAndroid Build Coastguard Worker std::vector<std::string> tokens = android::base::Split(line, " ");
226*33f37583SAndroid Build Coastguard Worker // line format:
227*33f37583SAndroid Build Coastguard Worker // mnt_id parent_mnt_id major:minor source target option propagation_type
228*33f37583SAndroid Build Coastguard Worker // ex) 33 260:19 / /apex rw,nosuid,nodev -
229*33f37583SAndroid Build Coastguard Worker if (tokens.size() >= 7 && android::base::StartsWith(tokens[4], "/apex/")) {
230*33f37583SAndroid Build Coastguard Worker apex_mounts.push_back(tokens[4]);
231*33f37583SAndroid Build Coastguard Worker }
232*33f37583SAndroid Build Coastguard Worker }
233*33f37583SAndroid Build Coastguard Worker return apex_mounts;
234*33f37583SAndroid Build Coastguard Worker }
235*33f37583SAndroid Build Coastguard Worker
236*33f37583SAndroid Build Coastguard Worker // Sets up a test environment for unit testing logic around mounting/unmounting
237*33f37583SAndroid Build Coastguard Worker // apexes. For examples of usage see apexd_test.cpp
SetUpApexTestEnvironment()238*33f37583SAndroid Build Coastguard Worker inline android::base::Result<void> SetUpApexTestEnvironment() {
239*33f37583SAndroid Build Coastguard Worker using android::base::ErrnoError;
240*33f37583SAndroid Build Coastguard Worker
241*33f37583SAndroid Build Coastguard Worker // 1. Switch to new mount namespace.
242*33f37583SAndroid Build Coastguard Worker if (unshare(CLONE_NEWNS) != 0) {
243*33f37583SAndroid Build Coastguard Worker return ErrnoError() << "Failed to unshare";
244*33f37583SAndroid Build Coastguard Worker }
245*33f37583SAndroid Build Coastguard Worker
246*33f37583SAndroid Build Coastguard Worker // 2. Make everything private, so that changes don't propagate.
247*33f37583SAndroid Build Coastguard Worker if (mount(nullptr, "/", nullptr, MS_PRIVATE | MS_REC, nullptr) == -1) {
248*33f37583SAndroid Build Coastguard Worker return ErrnoError() << "Failed to mount / as private";
249*33f37583SAndroid Build Coastguard Worker }
250*33f37583SAndroid Build Coastguard Worker
251*33f37583SAndroid Build Coastguard Worker // 3. Unmount all apexes. This needs to happen in two phases:
252*33f37583SAndroid Build Coastguard Worker // Note: unlike regular unmount flow in apexd, we don't destroy dm and loop
253*33f37583SAndroid Build Coastguard Worker // devices, since that would've propagated outside of the test environment.
254*33f37583SAndroid Build Coastguard Worker std::vector<std::string> apex_mounts = GetApexMounts();
255*33f37583SAndroid Build Coastguard Worker
256*33f37583SAndroid Build Coastguard Worker // 3a. First unmount all bind mounds (without @version_code).
257*33f37583SAndroid Build Coastguard Worker for (const auto& mount : apex_mounts) {
258*33f37583SAndroid Build Coastguard Worker if (mount.find('@') == std::string::npos) {
259*33f37583SAndroid Build Coastguard Worker if (umount2(mount.c_str(), 0) != 0) {
260*33f37583SAndroid Build Coastguard Worker return ErrnoError() << "Failed to unmount " << mount;
261*33f37583SAndroid Build Coastguard Worker }
262*33f37583SAndroid Build Coastguard Worker }
263*33f37583SAndroid Build Coastguard Worker }
264*33f37583SAndroid Build Coastguard Worker
265*33f37583SAndroid Build Coastguard Worker // 3.b Now unmount versioned mounts.
266*33f37583SAndroid Build Coastguard Worker for (const auto& mount : apex_mounts) {
267*33f37583SAndroid Build Coastguard Worker if (mount.find('@') != std::string::npos) {
268*33f37583SAndroid Build Coastguard Worker if (umount2(mount.c_str(), 0) != 0) {
269*33f37583SAndroid Build Coastguard Worker return ErrnoError() << "Failed to unmount " << mount;
270*33f37583SAndroid Build Coastguard Worker }
271*33f37583SAndroid Build Coastguard Worker }
272*33f37583SAndroid Build Coastguard Worker }
273*33f37583SAndroid Build Coastguard Worker
274*33f37583SAndroid Build Coastguard Worker static constexpr const char* kApexMountForTest = "/mnt/scratch-apex";
275*33f37583SAndroid Build Coastguard Worker
276*33f37583SAndroid Build Coastguard Worker // Clean up in case previous test left directory behind.
277*33f37583SAndroid Build Coastguard Worker if (access(kApexMountForTest, F_OK) == 0) {
278*33f37583SAndroid Build Coastguard Worker if (umount2(kApexMountForTest, MNT_FORCE | UMOUNT_NOFOLLOW) != 0) {
279*33f37583SAndroid Build Coastguard Worker PLOG(WARNING) << "Failed to unmount " << kApexMountForTest;
280*33f37583SAndroid Build Coastguard Worker }
281*33f37583SAndroid Build Coastguard Worker if (rmdir(kApexMountForTest) != 0) {
282*33f37583SAndroid Build Coastguard Worker return ErrnoError() << "Failed to rmdir " << kApexMountForTest;
283*33f37583SAndroid Build Coastguard Worker }
284*33f37583SAndroid Build Coastguard Worker }
285*33f37583SAndroid Build Coastguard Worker
286*33f37583SAndroid Build Coastguard Worker // 4. Create an empty tmpfs that will substitute /apex in tests.
287*33f37583SAndroid Build Coastguard Worker if (mkdir(kApexMountForTest, 0755) != 0) {
288*33f37583SAndroid Build Coastguard Worker return ErrnoError() << "Failed to mkdir " << kApexMountForTest;
289*33f37583SAndroid Build Coastguard Worker }
290*33f37583SAndroid Build Coastguard Worker
291*33f37583SAndroid Build Coastguard Worker if (mount("tmpfs", kApexMountForTest, "tmpfs", 0, nullptr) == -1) {
292*33f37583SAndroid Build Coastguard Worker return ErrnoError() << "Failed to mount " << kApexMountForTest;
293*33f37583SAndroid Build Coastguard Worker }
294*33f37583SAndroid Build Coastguard Worker
295*33f37583SAndroid Build Coastguard Worker // 5. Overlay it over /apex via bind mount.
296*33f37583SAndroid Build Coastguard Worker if (mount(kApexMountForTest, "/apex", nullptr, MS_BIND, nullptr) == -1) {
297*33f37583SAndroid Build Coastguard Worker return ErrnoError() << "Failed to bind mount " << kApexMountForTest
298*33f37583SAndroid Build Coastguard Worker << " over /apex";
299*33f37583SAndroid Build Coastguard Worker }
300*33f37583SAndroid Build Coastguard Worker
301*33f37583SAndroid Build Coastguard Worker // Just in case, run restorecon -R on /apex.
302*33f37583SAndroid Build Coastguard Worker if (selinux_android_restorecon("/apex", SELINUX_ANDROID_RESTORECON_RECURSE) <
303*33f37583SAndroid Build Coastguard Worker 0) {
304*33f37583SAndroid Build Coastguard Worker return ErrnoError() << "Failed to restorecon /apex";
305*33f37583SAndroid Build Coastguard Worker }
306*33f37583SAndroid Build Coastguard Worker
307*33f37583SAndroid Build Coastguard Worker return {};
308*33f37583SAndroid Build Coastguard Worker }
309*33f37583SAndroid Build Coastguard Worker
MountViaLoopDevice(const std::string & filepath,const std::string & mount_point)310*33f37583SAndroid Build Coastguard Worker inline base::Result<loop::LoopbackDeviceUniqueFd> MountViaLoopDevice(
311*33f37583SAndroid Build Coastguard Worker const std::string& filepath, const std::string& mount_point) {
312*33f37583SAndroid Build Coastguard Worker auto loop_device = loop::CreateAndConfigureLoopDevice(filepath, 0, 0);
313*33f37583SAndroid Build Coastguard Worker if (loop_device.ok()) {
314*33f37583SAndroid Build Coastguard Worker close(open(mount_point.c_str(), O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC,
315*33f37583SAndroid Build Coastguard Worker 0644));
316*33f37583SAndroid Build Coastguard Worker if (0 != mount(loop_device->name.c_str(), mount_point.c_str(), nullptr,
317*33f37583SAndroid Build Coastguard Worker MS_BIND, nullptr)) {
318*33f37583SAndroid Build Coastguard Worker return base::ErrnoError() << "can't mount.";
319*33f37583SAndroid Build Coastguard Worker }
320*33f37583SAndroid Build Coastguard Worker }
321*33f37583SAndroid Build Coastguard Worker return loop_device;
322*33f37583SAndroid Build Coastguard Worker }
323*33f37583SAndroid Build Coastguard Worker
324*33f37583SAndroid Build Coastguard Worker // Represents a Block APEX in tests, which is represented as a loop-mounted
325*33f37583SAndroid Build Coastguard Worker // file. Created with WriteBlockApex() below. On exit, it umounts the mountpoint
326*33f37583SAndroid Build Coastguard Worker // first, and then frees the loop-device.
327*33f37583SAndroid Build Coastguard Worker struct BlockApex {
328*33f37583SAndroid Build Coastguard Worker loop::LoopbackDeviceUniqueFd loop_device;
329*33f37583SAndroid Build Coastguard Worker std::string mount_point;
BlockApexBlockApex330*33f37583SAndroid Build Coastguard Worker BlockApex(loop::LoopbackDeviceUniqueFd&& loop_device,
331*33f37583SAndroid Build Coastguard Worker const std::string& mount_point)
332*33f37583SAndroid Build Coastguard Worker : loop_device(std::move(loop_device)), mount_point(mount_point) {}
BlockApexBlockApex333*33f37583SAndroid Build Coastguard Worker BlockApex(BlockApex&& other) noexcept {
334*33f37583SAndroid Build Coastguard Worker loop_device = std::move(other.loop_device);
335*33f37583SAndroid Build Coastguard Worker mount_point = std::move(other.mount_point);
336*33f37583SAndroid Build Coastguard Worker }
337*33f37583SAndroid Build Coastguard Worker BlockApex& operator=(BlockApex&& other) noexcept {
338*33f37583SAndroid Build Coastguard Worker loop_device = std::move(other.loop_device);
339*33f37583SAndroid Build Coastguard Worker mount_point = std::move(other.mount_point);
340*33f37583SAndroid Build Coastguard Worker return *this;
341*33f37583SAndroid Build Coastguard Worker }
~BlockApexBlockApex342*33f37583SAndroid Build Coastguard Worker ~BlockApex() {
343*33f37583SAndroid Build Coastguard Worker if (loop_device.Get() != -1) {
344*33f37583SAndroid Build Coastguard Worker if (umount2(mount_point.c_str(), UMOUNT_NOFOLLOW) != 0) {
345*33f37583SAndroid Build Coastguard Worker PLOG(ERROR) << "can't umount.";
346*33f37583SAndroid Build Coastguard Worker }
347*33f37583SAndroid Build Coastguard Worker loop_device.CloseGood();
348*33f37583SAndroid Build Coastguard Worker }
349*33f37583SAndroid Build Coastguard Worker }
350*33f37583SAndroid Build Coastguard Worker };
351*33f37583SAndroid Build Coastguard Worker
WriteBlockApex(const std::string & apex_file,const std::string & apex_path)352*33f37583SAndroid Build Coastguard Worker inline base::Result<BlockApex> WriteBlockApex(const std::string& apex_file,
353*33f37583SAndroid Build Coastguard Worker const std::string& apex_path) {
354*33f37583SAndroid Build Coastguard Worker std::string intermediate_path = apex_path + ".intermediate";
355*33f37583SAndroid Build Coastguard Worker std::filesystem::copy(apex_file, intermediate_path);
356*33f37583SAndroid Build Coastguard Worker auto result = MountViaLoopDevice(intermediate_path, apex_path);
357*33f37583SAndroid Build Coastguard Worker if (!result.ok()) {
358*33f37583SAndroid Build Coastguard Worker return result.error();
359*33f37583SAndroid Build Coastguard Worker }
360*33f37583SAndroid Build Coastguard Worker return BlockApex(std::move(*result), apex_path);
361*33f37583SAndroid Build Coastguard Worker }
362*33f37583SAndroid Build Coastguard Worker
GetBlockDeviceForApex(const std::string & package_id)363*33f37583SAndroid Build Coastguard Worker inline android::base::Result<std::string> GetBlockDeviceForApex(
364*33f37583SAndroid Build Coastguard Worker const std::string& package_id) {
365*33f37583SAndroid Build Coastguard Worker using android::fs_mgr::Fstab;
366*33f37583SAndroid Build Coastguard Worker using android::fs_mgr::GetEntryForMountPoint;
367*33f37583SAndroid Build Coastguard Worker using android::fs_mgr::ReadFstabFromFile;
368*33f37583SAndroid Build Coastguard Worker
369*33f37583SAndroid Build Coastguard Worker std::string mount_point = std::string(kApexRoot) + "/" + package_id;
370*33f37583SAndroid Build Coastguard Worker Fstab fstab;
371*33f37583SAndroid Build Coastguard Worker if (!ReadFstabFromFile("/proc/mounts", &fstab)) {
372*33f37583SAndroid Build Coastguard Worker return android::base::Error() << "Failed to read /proc/mounts";
373*33f37583SAndroid Build Coastguard Worker }
374*33f37583SAndroid Build Coastguard Worker auto entry = GetEntryForMountPoint(&fstab, mount_point);
375*33f37583SAndroid Build Coastguard Worker if (entry == nullptr) {
376*33f37583SAndroid Build Coastguard Worker return android::base::Error()
377*33f37583SAndroid Build Coastguard Worker << "Can't find " << mount_point << " in /proc/mounts";
378*33f37583SAndroid Build Coastguard Worker }
379*33f37583SAndroid Build Coastguard Worker return entry->blk_device;
380*33f37583SAndroid Build Coastguard Worker }
381*33f37583SAndroid Build Coastguard Worker
ReadDevice(const std::string & block_device)382*33f37583SAndroid Build Coastguard Worker inline android::base::Result<void> ReadDevice(const std::string& block_device) {
383*33f37583SAndroid Build Coastguard Worker static constexpr int kBlockSize = 4096;
384*33f37583SAndroid Build Coastguard Worker static constexpr size_t kBufSize = 1024 * kBlockSize;
385*33f37583SAndroid Build Coastguard Worker std::vector<uint8_t> buffer(kBufSize);
386*33f37583SAndroid Build Coastguard Worker
387*33f37583SAndroid Build Coastguard Worker android::base::unique_fd fd(
388*33f37583SAndroid Build Coastguard Worker TEMP_FAILURE_RETRY(open(block_device.c_str(), O_RDONLY | O_CLOEXEC)));
389*33f37583SAndroid Build Coastguard Worker if (fd.get() == -1) {
390*33f37583SAndroid Build Coastguard Worker return android::base::ErrnoError() << "Can't open " << block_device;
391*33f37583SAndroid Build Coastguard Worker }
392*33f37583SAndroid Build Coastguard Worker
393*33f37583SAndroid Build Coastguard Worker while (true) {
394*33f37583SAndroid Build Coastguard Worker int n = read(fd.get(), buffer.data(), kBufSize);
395*33f37583SAndroid Build Coastguard Worker if (n < 0) {
396*33f37583SAndroid Build Coastguard Worker return android::base::ErrnoError() << "Failed to read " << block_device;
397*33f37583SAndroid Build Coastguard Worker }
398*33f37583SAndroid Build Coastguard Worker if (n == 0) {
399*33f37583SAndroid Build Coastguard Worker break;
400*33f37583SAndroid Build Coastguard Worker }
401*33f37583SAndroid Build Coastguard Worker }
402*33f37583SAndroid Build Coastguard Worker return {};
403*33f37583SAndroid Build Coastguard Worker }
404*33f37583SAndroid Build Coastguard Worker
ListChildLoopDevices(const std::string & name)405*33f37583SAndroid Build Coastguard Worker inline android::base::Result<std::vector<std::string>> ListChildLoopDevices(
406*33f37583SAndroid Build Coastguard Worker const std::string& name) {
407*33f37583SAndroid Build Coastguard Worker using android::base::Error;
408*33f37583SAndroid Build Coastguard Worker using android::dm::DeviceMapper;
409*33f37583SAndroid Build Coastguard Worker
410*33f37583SAndroid Build Coastguard Worker DeviceMapper& dm = DeviceMapper::Instance();
411*33f37583SAndroid Build Coastguard Worker std::string dm_path;
412*33f37583SAndroid Build Coastguard Worker if (!dm.GetDmDevicePathByName(name, &dm_path)) {
413*33f37583SAndroid Build Coastguard Worker return Error() << "Failed to get path of dm device " << name;
414*33f37583SAndroid Build Coastguard Worker }
415*33f37583SAndroid Build Coastguard Worker // It's a little bit sad we can't use ConsumePrefix here :(
416*33f37583SAndroid Build Coastguard Worker constexpr std::string_view kDevPrefix = "/dev/";
417*33f37583SAndroid Build Coastguard Worker if (!android::base::StartsWith(dm_path, kDevPrefix)) {
418*33f37583SAndroid Build Coastguard Worker return Error() << "Illegal path " << dm_path;
419*33f37583SAndroid Build Coastguard Worker }
420*33f37583SAndroid Build Coastguard Worker dm_path = dm_path.substr(kDevPrefix.length());
421*33f37583SAndroid Build Coastguard Worker std::vector<std::string> children;
422*33f37583SAndroid Build Coastguard Worker std::string dir = "/sys/" + dm_path + "/slaves";
423*33f37583SAndroid Build Coastguard Worker auto status = WalkDir(dir, [&](const auto& entry) {
424*33f37583SAndroid Build Coastguard Worker std::error_code ec;
425*33f37583SAndroid Build Coastguard Worker if (entry.is_symlink(ec)) {
426*33f37583SAndroid Build Coastguard Worker children.push_back("/dev/block/" + entry.path().filename().string());
427*33f37583SAndroid Build Coastguard Worker }
428*33f37583SAndroid Build Coastguard Worker });
429*33f37583SAndroid Build Coastguard Worker if (!status.ok()) {
430*33f37583SAndroid Build Coastguard Worker return status.error();
431*33f37583SAndroid Build Coastguard Worker }
432*33f37583SAndroid Build Coastguard Worker return children;
433*33f37583SAndroid Build Coastguard Worker }
434*33f37583SAndroid Build Coastguard Worker
GetLoopDeviceStatus(const std::string & loop_device)435*33f37583SAndroid Build Coastguard Worker inline android::base::Result<struct loop_info64> GetLoopDeviceStatus(
436*33f37583SAndroid Build Coastguard Worker const std::string& loop_device) {
437*33f37583SAndroid Build Coastguard Worker android::base::unique_fd loop_fd(
438*33f37583SAndroid Build Coastguard Worker open(loop_device.c_str(), O_RDONLY | O_CLOEXEC));
439*33f37583SAndroid Build Coastguard Worker if (loop_fd < 0) {
440*33f37583SAndroid Build Coastguard Worker return ErrnoErrorf("Failed to open loop device '{}'", loop_device);
441*33f37583SAndroid Build Coastguard Worker }
442*33f37583SAndroid Build Coastguard Worker struct loop_info64 loop_info;
443*33f37583SAndroid Build Coastguard Worker if (ioctl(loop_fd, LOOP_GET_STATUS64, &loop_info) != 0) {
444*33f37583SAndroid Build Coastguard Worker return ErrnoErrorf("Failed to get loop device status '{}'", loop_device);
445*33f37583SAndroid Build Coastguard Worker }
446*33f37583SAndroid Build Coastguard Worker return loop_info;
447*33f37583SAndroid Build Coastguard Worker }
448*33f37583SAndroid Build Coastguard Worker
449*33f37583SAndroid Build Coastguard Worker } // namespace apex
450*33f37583SAndroid Build Coastguard Worker } // namespace android
451*33f37583SAndroid Build Coastguard Worker
452*33f37583SAndroid Build Coastguard Worker namespace com {
453*33f37583SAndroid Build Coastguard Worker namespace android {
454*33f37583SAndroid Build Coastguard Worker namespace apex {
455*33f37583SAndroid Build Coastguard Worker
456*33f37583SAndroid Build Coastguard Worker namespace testing {
457*33f37583SAndroid Build Coastguard Worker
458*33f37583SAndroid Build Coastguard Worker // "preinstalledModulePath" is an optional in ApexInfoList.xsd.
459*33f37583SAndroid Build Coastguard Worker // getPreinstalledModulePath() should be called when hasPreinstalledModulePath()
460*33f37583SAndroid Build Coastguard Worker // returns true. Introducing a simple wrapper which returns optional<string>.
getPreinstalledModulePath(const ApexInfo & obj)461*33f37583SAndroid Build Coastguard Worker inline std::optional<std::string> getPreinstalledModulePath(
462*33f37583SAndroid Build Coastguard Worker const ApexInfo& obj) {
463*33f37583SAndroid Build Coastguard Worker if (obj.hasPreinstalledModulePath()) {
464*33f37583SAndroid Build Coastguard Worker return obj.getPreinstalledModulePath();
465*33f37583SAndroid Build Coastguard Worker }
466*33f37583SAndroid Build Coastguard Worker return std::nullopt;
467*33f37583SAndroid Build Coastguard Worker }
468*33f37583SAndroid Build Coastguard Worker
469*33f37583SAndroid Build Coastguard Worker MATCHER_P(ApexInfoXmlEq, other, "") {
470*33f37583SAndroid Build Coastguard Worker using ::testing::AllOf;
471*33f37583SAndroid Build Coastguard Worker using ::testing::Eq;
472*33f37583SAndroid Build Coastguard Worker using ::testing::ExplainMatchResult;
473*33f37583SAndroid Build Coastguard Worker using ::testing::Field;
474*33f37583SAndroid Build Coastguard Worker using ::testing::Property;
475*33f37583SAndroid Build Coastguard Worker using ::testing::ResultOf;
476*33f37583SAndroid Build Coastguard Worker
477*33f37583SAndroid Build Coastguard Worker return ExplainMatchResult(
478*33f37583SAndroid Build Coastguard Worker AllOf(
479*33f37583SAndroid Build Coastguard Worker Property("moduleName", &ApexInfo::getModuleName,
480*33f37583SAndroid Build Coastguard Worker Eq(other.getModuleName())),
481*33f37583SAndroid Build Coastguard Worker Property("modulePath", &ApexInfo::getModulePath,
482*33f37583SAndroid Build Coastguard Worker Eq(other.getModulePath())),
483*33f37583SAndroid Build Coastguard Worker ResultOf(&getPreinstalledModulePath,
484*33f37583SAndroid Build Coastguard Worker Eq(getPreinstalledModulePath(other))),
485*33f37583SAndroid Build Coastguard Worker Property("versionCode", &ApexInfo::getVersionCode,
486*33f37583SAndroid Build Coastguard Worker Eq(other.getVersionCode())),
487*33f37583SAndroid Build Coastguard Worker Property("isFactory", &ApexInfo::getIsFactory,
488*33f37583SAndroid Build Coastguard Worker Eq(other.getIsFactory())),
489*33f37583SAndroid Build Coastguard Worker Property("isActive", &ApexInfo::getIsActive, Eq(other.getIsActive())),
490*33f37583SAndroid Build Coastguard Worker Property("lastUpdateMillis", &ApexInfo::getLastUpdateMillis,
491*33f37583SAndroid Build Coastguard Worker Eq(other.getLastUpdateMillis())),
492*33f37583SAndroid Build Coastguard Worker Property("partition", &ApexInfo::getPartition,
493*33f37583SAndroid Build Coastguard Worker Eq(other.getPartition()))),
494*33f37583SAndroid Build Coastguard Worker arg, result_listener);
495*33f37583SAndroid Build Coastguard Worker }
496*33f37583SAndroid Build Coastguard Worker
497*33f37583SAndroid Build Coastguard Worker } // namespace testing
498*33f37583SAndroid Build Coastguard Worker
499*33f37583SAndroid Build Coastguard Worker // Must be in com::android::apex namespace for gtest to pick it up.
PrintTo(const ApexInfo & apex,std::ostream * os)500*33f37583SAndroid Build Coastguard Worker inline void PrintTo(const ApexInfo& apex, std::ostream* os) {
501*33f37583SAndroid Build Coastguard Worker *os << "apex_info: {\n";
502*33f37583SAndroid Build Coastguard Worker *os << " moduleName : " << apex.getModuleName() << "\n";
503*33f37583SAndroid Build Coastguard Worker *os << " modulePath : " << apex.getModulePath() << "\n";
504*33f37583SAndroid Build Coastguard Worker if (apex.hasPreinstalledModulePath()) {
505*33f37583SAndroid Build Coastguard Worker *os << " preinstalledModulePath : " << apex.getPreinstalledModulePath()
506*33f37583SAndroid Build Coastguard Worker << "\n";
507*33f37583SAndroid Build Coastguard Worker }
508*33f37583SAndroid Build Coastguard Worker *os << " versionCode : " << apex.getVersionCode() << "\n";
509*33f37583SAndroid Build Coastguard Worker *os << " isFactory : " << apex.getIsFactory() << "\n";
510*33f37583SAndroid Build Coastguard Worker *os << " isActive : " << apex.getIsActive() << "\n";
511*33f37583SAndroid Build Coastguard Worker *os << " partition : " << apex.getPartition() << "\n";
512*33f37583SAndroid Build Coastguard Worker *os << "}";
513*33f37583SAndroid Build Coastguard Worker }
514*33f37583SAndroid Build Coastguard Worker
515*33f37583SAndroid Build Coastguard Worker } // namespace apex
516*33f37583SAndroid Build Coastguard Worker } // namespace android
517*33f37583SAndroid Build Coastguard Worker } // namespace com
518