Add verity_mmap tests

PiperOrigin-RevId: 373854462

1 files changed, 1 insertions, 102 deletions

diff --git a/test/syscalls/linux/verity_ioctl.cc b/test/syscalls/linux/verity_ioctl.cc
index 822e16f3c..be91b23d0 100644
--- a/test/syscalls/linux/verity_ioctl.cc
+++ b/test/syscalls/linux/verity_ioctl.cc
@@ -28,40 +28,13 @@
 #include "test/util/mount_util.h"
 #include "test/util/temp_path.h"
 #include "test/util/test_util.h"
+#include "test/util/verity_util.h"
 
 namespace gvisor {
 namespace testing {
 
 namespace {
 
-#ifndef FS_IOC_ENABLE_VERITY
-#define FS_IOC_ENABLE_VERITY 1082156677
-#endif
-
-#ifndef FS_IOC_MEASURE_VERITY
-#define FS_IOC_MEASURE_VERITY 3221513862
-#endif
-
-#ifndef FS_VERITY_FL
-#define FS_VERITY_FL 1048576
-#endif
-
-#ifndef FS_IOC_GETFLAGS
-#define FS_IOC_GETFLAGS 2148034049
-#endif
-
-struct fsverity_digest {
-  __u16 digest_algorithm;
-  __u16 digest_size; /* input/output */
-  __u8 digest[];
-};
-
-constexpr int kMaxDigestSize = 64;
-constexpr int kDefaultDigestSize = 32;
-constexpr char kContents[] = "foobarbaz";
-constexpr char kMerklePrefix[] = ".merkle.verity.";
-constexpr char kMerkleRootPrefix[] = ".merkleroot.verity.";
-
 class IoctlTest : public ::testing::Test {
  protected:
   void SetUp() override {
@@ -85,80 +58,6 @@ class IoctlTest : public ::testing::Test {
   std::string filename_;
 };
 
-// Provide a function to convert bytes to hex string, since
-// absl::BytesToHexString does not seem to be compatible with golang
-// hex.DecodeString used in verity due to zero-padding.
-std::string BytesToHexString(uint8_t bytes[], int size) {
-  std::stringstream ss;
-  ss << std::hex;
-  for (int i = 0; i < size; ++i) {
-    ss << std::setw(2) << std::setfill('0') << static_cast<int>(bytes[i]);
-  }
-  return ss.str();
-}
-
-std::string MerklePath(absl::string_view path) {
-  return JoinPath(Dirname(path),
-                  std::string(kMerklePrefix) + std::string(Basename(path)));
-}
-
-std::string MerkleRootPath(absl::string_view path) {
-  return JoinPath(Dirname(path),
-                  std::string(kMerkleRootPrefix) + std::string(Basename(path)));
-}
-
-// Flip a random bit in the file represented by fd.
-PosixError FlipRandomBit(int fd, int size) {
-  // Generate a random offset in the file.
-  srand(time(nullptr));
-  unsigned int seed = 0;
-  int random_offset = rand_r(&seed) % size;
-
-  // Read a random byte and flip a bit in it.
-  char buf[1];
-  RETURN_ERROR_IF_SYSCALL_FAIL(PreadFd(fd, buf, 1, random_offset));
-  buf[0] ^= 1;
-  RETURN_ERROR_IF_SYSCALL_FAIL(PwriteFd(fd, buf, 1, random_offset));
-  return NoError();
-}
-
-// Mount a verity on the tmpfs and enable both the file and the direcotry. Then
-// mount a new verity with measured root hash.
-PosixErrorOr<std::string> MountVerity(std::string tmpfs_dir,
-                                      std::string filename) {
-  // Mount a verity fs on the existing tmpfs mount.
-  std::string mount_opts = "lower_path=" + tmpfs_dir;
-  ASSIGN_OR_RETURN_ERRNO(TempPath verity_dir, TempPath::CreateDir());
-  RETURN_ERROR_IF_SYSCALL_FAIL(
-      mount("", verity_dir.path().c_str(), "verity", 0, mount_opts.c_str()));
-
-  // Enable both the file and the directory.
-  ASSIGN_OR_RETURN_ERRNO(
-      auto fd, Open(JoinPath(verity_dir.path(), filename), O_RDONLY, 0777));
-  RETURN_ERROR_IF_SYSCALL_FAIL(ioctl(fd.get(), FS_IOC_ENABLE_VERITY));
-  ASSIGN_OR_RETURN_ERRNO(auto dir_fd, Open(verity_dir.path(), O_RDONLY, 0777));
-  RETURN_ERROR_IF_SYSCALL_FAIL(ioctl(dir_fd.get(), FS_IOC_ENABLE_VERITY));
-
-  // Measure the root hash.
-  uint8_t digest_array[sizeof(struct fsverity_digest) + kMaxDigestSize] = {0};
-  struct fsverity_digest* digest =
-      reinterpret_cast<struct fsverity_digest*>(digest_array);
-  digest->digest_size = kMaxDigestSize;
-  RETURN_ERROR_IF_SYSCALL_FAIL(
-      ioctl(dir_fd.get(), FS_IOC_MEASURE_VERITY, digest));
-
-  // Mount a verity fs with specified root hash.
-  mount_opts +=
-      ",root_hash=" + BytesToHexString(digest->digest, digest->digest_size);
-  ASSIGN_OR_RETURN_ERRNO(TempPath verity_with_hash_dir, TempPath::CreateDir());
-  RETURN_ERROR_IF_SYSCALL_FAIL(mount("", verity_with_hash_dir.path().c_str(),
-                                     "verity", 0, mount_opts.c_str()));
-  // Verity directories should not be deleted. Release the TempPath objects to
-  // prevent those directories from being deleted by the destructor.
-  verity_dir.release();
-  return verity_with_hash_dir.release();
-}
-
 TEST_F(IoctlTest, Enable) {
   // Mount a verity fs on the existing tmpfs mount.
   std::string mount_opts = "lower_path=" + tmpfs_dir_.path();