summaryrefslogtreecommitdiffhomepage
path: root/test/util
diff options
context:
space:
mode:
authorChong Cai <chongc@google.com>2021-07-14 17:43:50 -0700
committergVisor bot <gvisor-bot@google.com>2021-07-14 17:47:02 -0700
commit5c20fd3bbd30b0a9ecb32995b98cf194dc9600d7 (patch)
treefe7012a1b6cd31fc7c1b885f27547bc6d1d258db /test/util
parentd02be7858ac5d185751df9a15a27340e349d19e5 (diff)
Add verity symlink tests
PiperOrigin-RevId: 384823097
Diffstat (limited to 'test/util')
-rw-r--r--test/util/verity_util.cc13
-rw-r--r--test/util/verity_util.h12
2 files changed, 22 insertions, 3 deletions
diff --git a/test/util/verity_util.cc b/test/util/verity_util.cc
index f1b4c251b..501d7c2cf 100644
--- a/test/util/verity_util.cc
+++ b/test/util/verity_util.cc
@@ -55,17 +55,26 @@ PosixError FlipRandomBit(int fd, int size) {
}
PosixErrorOr<std::string> MountVerity(std::string tmpfs_dir,
- std::string filename) {
+ std::string filename,
+ std::vector<EnableTarget> targets) {
// Mount a verity fs on the existing tmpfs mount.
std::string mount_opts = "lower_path=" + tmpfs_dir;
ASSIGN_OR_RETURN_ERRNO(TempPath verity_dir, TempPath::CreateDir());
RETURN_ERROR_IF_SYSCALL_FAIL(
mount("", verity_dir.path().c_str(), "verity", 0, mount_opts.c_str()));
- // Enable both the file and the directory.
+ // Enable the file, symlink(if provided) and the directory.
ASSIGN_OR_RETURN_ERRNO(
auto fd, Open(JoinPath(verity_dir.path(), filename), O_RDONLY, 0777));
RETURN_ERROR_IF_SYSCALL_FAIL(ioctl(fd.get(), FS_IOC_ENABLE_VERITY));
+
+ for (const EnableTarget& target : targets) {
+ ASSIGN_OR_RETURN_ERRNO(
+ auto target_fd,
+ Open(JoinPath(verity_dir.path(), target.path), target.flags, 0777));
+ RETURN_ERROR_IF_SYSCALL_FAIL(ioctl(target_fd.get(), FS_IOC_ENABLE_VERITY));
+ }
+
ASSIGN_OR_RETURN_ERRNO(auto dir_fd, Open(verity_dir.path(), O_RDONLY, 0777));
RETURN_ERROR_IF_SYSCALL_FAIL(ioctl(dir_fd.get(), FS_IOC_ENABLE_VERITY));
diff --git a/test/util/verity_util.h b/test/util/verity_util.h
index 18743ecd6..44863f322 100644
--- a/test/util/verity_util.h
+++ b/test/util/verity_util.h
@@ -17,6 +17,8 @@
#include <stdint.h>
+#include <vector>
+
#include "test/util/posix_error.h"
namespace gvisor {
@@ -44,6 +46,13 @@ struct fsverity_digest {
unsigned char digest[];
};
+struct EnableTarget {
+ std::string path;
+ int flags;
+
+ EnableTarget(std::string path, int flags) : path(path), flags(flags) {}
+};
+
constexpr int kMaxDigestSize = 64;
constexpr int kDefaultDigestSize = 32;
constexpr char kContents[] = "foobarbaz";
@@ -67,7 +76,8 @@ PosixError FlipRandomBit(int fd, int size);
// Mount a verity on the tmpfs and enable both the file and the direcotry. Then
// mount a new verity with measured root hash.
PosixErrorOr<std::string> MountVerity(std::string tmpfs_dir,
- std::string filename);
+ std::string filename,
+ std::vector<EnableTarget> targets);
} // namespace testing
} // namespace gvisor