diff options
author | Chong Cai <chongc@google.com> | 2021-07-14 17:43:50 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2021-07-14 17:47:02 -0700 |
commit | 5c20fd3bbd30b0a9ecb32995b98cf194dc9600d7 (patch) | |
tree | fe7012a1b6cd31fc7c1b885f27547bc6d1d258db /test/util | |
parent | d02be7858ac5d185751df9a15a27340e349d19e5 (diff) |
Add verity symlink tests
PiperOrigin-RevId: 384823097
Diffstat (limited to 'test/util')
-rw-r--r-- | test/util/verity_util.cc | 13 | ||||
-rw-r--r-- | test/util/verity_util.h | 12 |
2 files changed, 22 insertions, 3 deletions
diff --git a/test/util/verity_util.cc b/test/util/verity_util.cc index f1b4c251b..501d7c2cf 100644 --- a/test/util/verity_util.cc +++ b/test/util/verity_util.cc @@ -55,17 +55,26 @@ PosixError FlipRandomBit(int fd, int size) { } PosixErrorOr<std::string> MountVerity(std::string tmpfs_dir, - std::string filename) { + std::string filename, + std::vector<EnableTarget> targets) { // Mount a verity fs on the existing tmpfs mount. std::string mount_opts = "lower_path=" + tmpfs_dir; ASSIGN_OR_RETURN_ERRNO(TempPath verity_dir, TempPath::CreateDir()); RETURN_ERROR_IF_SYSCALL_FAIL( mount("", verity_dir.path().c_str(), "verity", 0, mount_opts.c_str())); - // Enable both the file and the directory. + // Enable the file, symlink(if provided) and the directory. ASSIGN_OR_RETURN_ERRNO( auto fd, Open(JoinPath(verity_dir.path(), filename), O_RDONLY, 0777)); RETURN_ERROR_IF_SYSCALL_FAIL(ioctl(fd.get(), FS_IOC_ENABLE_VERITY)); + + for (const EnableTarget& target : targets) { + ASSIGN_OR_RETURN_ERRNO( + auto target_fd, + Open(JoinPath(verity_dir.path(), target.path), target.flags, 0777)); + RETURN_ERROR_IF_SYSCALL_FAIL(ioctl(target_fd.get(), FS_IOC_ENABLE_VERITY)); + } + ASSIGN_OR_RETURN_ERRNO(auto dir_fd, Open(verity_dir.path(), O_RDONLY, 0777)); RETURN_ERROR_IF_SYSCALL_FAIL(ioctl(dir_fd.get(), FS_IOC_ENABLE_VERITY)); diff --git a/test/util/verity_util.h b/test/util/verity_util.h index 18743ecd6..44863f322 100644 --- a/test/util/verity_util.h +++ b/test/util/verity_util.h @@ -17,6 +17,8 @@ #include <stdint.h> +#include <vector> + #include "test/util/posix_error.h" namespace gvisor { @@ -44,6 +46,13 @@ struct fsverity_digest { unsigned char digest[]; }; +struct EnableTarget { + std::string path; + int flags; + + EnableTarget(std::string path, int flags) : path(path), flags(flags) {} +}; + constexpr int kMaxDigestSize = 64; constexpr int kDefaultDigestSize = 32; constexpr char kContents[] = "foobarbaz"; @@ -67,7 +76,8 @@ PosixError FlipRandomBit(int fd, int size); // Mount a verity on the tmpfs and enable both the file and the direcotry. Then // mount a new verity with measured root hash. PosixErrorOr<std::string> MountVerity(std::string tmpfs_dir, - std::string filename); + std::string filename, + std::vector<EnableTarget> targets); } // namespace testing } // namespace gvisor |