Add test for tampering with the signature
Bug: 223181370
Test: atest CompOsDenialHostTest#denyDueToSignatureMismatch
Test: see "Signature verification failed" in log
Change-Id: I50dab9f725dd190944e9bc390175a7733b8758b2
diff --git a/test/odsign/test-src/com/android/tests/odsign/CompOsDenialHostTest.java b/test/odsign/test-src/com/android/tests/odsign/CompOsDenialHostTest.java
index 4d66d34..1dca339 100644
--- a/test/odsign/test-src/com/android/tests/odsign/CompOsDenialHostTest.java
+++ b/test/odsign/test-src/com/android/tests/odsign/CompOsDenialHostTest.java
@@ -16,9 +16,9 @@
package com.android.tests.odsign;
-import static com.google.common.truth.Truth.assertThat;
+import static com.android.tests.odsign.CompOsTestUtils.PENDING_ARTIFACTS_DIR;
-import static org.junit.Assume.assumeTrue;
+import static com.google.common.truth.Truth.assertThat;
import com.android.tradefed.device.DeviceNotAvailableException;
import com.android.tradefed.device.ITestDevice;
@@ -63,7 +63,7 @@
testInfo.properties().put(TIMESTAMP_COMPOS_COMPILED_KEY,
String.valueOf(testUtils.getCurrentTimeMs()));
testUtils.assertCommandSucceeds(
- "mv " + CompOsTestUtils.PENDING_ARTIFACTS_DIR + " " + PENDING_ARTIFACTS_BACKUP_DIR);
+ "mv " + PENDING_ARTIFACTS_DIR + " " + PENDING_ARTIFACTS_BACKUP_DIR);
}
@AfterClassWithInfo
@@ -71,8 +71,7 @@
OdsignTestUtils testUtils = new OdsignTestUtils(testInfo);
// Remove all test states.
- testInfo.getDevice().executeShellV2Command("rm -rf " +
- CompOsTestUtils.PENDING_ARTIFACTS_DIR);
+ testInfo.getDevice().executeShellV2Command("rm -rf " + PENDING_ARTIFACTS_DIR);
testInfo.getDevice().executeShellV2Command("rm -rf " + PENDING_ARTIFACTS_BACKUP_DIR);
testUtils.removeCompilationLogToAvoidBackoff();
testUtils.uninstallTestApex();
@@ -89,9 +88,9 @@
mFirstArch = mTestUtils.assertCommandSucceeds("getprop ro.bionic.arch");
// Restore the pending artifacts for each test to mess up with.
- mTestUtils.assertCommandSucceeds("rm -rf " + CompOsTestUtils.PENDING_ARTIFACTS_DIR);
+ mTestUtils.assertCommandSucceeds("rm -rf " + PENDING_ARTIFACTS_DIR);
mTestUtils.assertCommandSucceeds("cp -rp " + PENDING_ARTIFACTS_BACKUP_DIR + " " +
- CompOsTestUtils.PENDING_ARTIFACTS_DIR);
+ PENDING_ARTIFACTS_DIR);
}
@Test
@@ -101,7 +100,7 @@
assertThat(paths.length).isGreaterThan(1);
String odex1 = paths[0];
String odex2 = paths[1];
- String temp = CompOsTestUtils.PENDING_ARTIFACTS_DIR + "/temp";
+ String temp = PENDING_ARTIFACTS_DIR + "/temp";
mTestUtils.assertCommandSucceeds(
"mv " + odex1 + " " + temp + " && " +
"mv " + odex2 + " " + odex1 + " && " +
@@ -124,6 +123,22 @@
expectNoCurrentFilesFromCompOs();
}
+ @Test
+ public void denyDueToSignatureMismatch() throws Exception {
+ // Attack emulation: tamper with the compos.info file or its signature (which could allow
+ // a modified artifact to be accepted).
+
+ // The signature file will always be 64 bytes, just overwrite with randomness.
+ // (Which has ~ 1 in 2^250 chance of being a valid signature at all.)
+ mTestUtils.assertCommandSucceeds("dd if=/dev/urandom"
+ + " of=" + PENDING_ARTIFACTS_DIR + "/compos.info.signature"
+ + " ibs=64 count=1");
+
+ // Expect the pending artifacts to be denied by odsign during the reboot.
+ mTestUtils.reboot();
+ expectNoCurrentFilesFromCompOs();
+ }
+
private void expectNoCurrentFilesFromCompOs() throws DeviceNotAvailableException {
// None of the files should have a timestamp earlier than the first reboot.
long timestamp = Long.parseLong(getTestInformation().properties().get(
@@ -134,11 +149,11 @@
assertThat(numFiles).isEqualTo(0);
// odsign should have deleted the pending directory.
- assertThat(getDevice().isDirectory(CompOsTestUtils.PENDING_ARTIFACTS_DIR)).isFalse();
+ assertThat(getDevice().isDirectory(PENDING_ARTIFACTS_DIR)).isFalse();
}
private String[] getAllPendingOdexPaths() throws DeviceNotAvailableException {
- String dir = CompOsTestUtils.PENDING_ARTIFACTS_DIR + "/" + mFirstArch;
+ String dir = PENDING_ARTIFACTS_DIR + "/" + mFirstArch;
return Stream.of(getDevice().getChildren(dir))
.filter(name -> name.endsWith(".odex"))
.map(name -> dir + "/" + name)