| #!/bin/bash |
| # |
| # A test suite for recovery's package signature verifier. Run in a |
| # client where you have done envsetup, lunch, etc. |
| # |
| # TODO: find some way to get this run regularly along with the rest of |
| # the tests. |
| |
| EMULATOR_PORT=5580 |
| DATA_DIR=$ANDROID_BUILD_TOP/bootable/recovery/testdata |
| |
| WORK_DIR=/data/local/tmp |
| |
| # set to 0 to use a device instead |
| USE_EMULATOR=0 |
| |
| # ------------------------ |
| |
| if [ "$USE_EMULATOR" == 1 ]; then |
| emulator -wipe-data -noaudio -no-window -port $EMULATOR_PORT & |
| pid_emulator=$! |
| ADB="adb -s emulator-$EMULATOR_PORT " |
| else |
| ADB="adb -d " |
| fi |
| |
| echo "waiting to connect to device" |
| $ADB wait-for-device |
| |
| # run a command on the device; exit with the exit status of the device |
| # command. |
| run_command() { |
| $ADB shell "$@" \; echo \$? | awk '{if (b) {print a}; a=$0; b=1} END {exit a}' |
| } |
| |
| testname() { |
| echo |
| echo "::: testing $1 :::" |
| testname="$1" |
| } |
| |
| fail() { |
| echo |
| echo FAIL: $testname |
| echo |
| [ "$open_pid" == "" ] || kill $open_pid |
| [ "$pid_emulator" == "" ] || kill $pid_emulator |
| exit 1 |
| } |
| |
| |
| cleanup() { |
| # not necessary if we're about to kill the emulator, but nice for |
| # running on real devices or already-running emulators. |
| run_command rm $WORK_DIR/verifier_test |
| run_command rm $WORK_DIR/package.zip |
| |
| [ "$pid_emulator" == "" ] || kill $pid_emulator |
| } |
| |
| $ADB push $ANDROID_PRODUCT_OUT/system/bin/verifier_test \ |
| $WORK_DIR/verifier_test |
| |
| expect_succeed() { |
| testname "$1 (should succeed)" |
| $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip |
| shift |
| run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip || fail |
| } |
| |
| expect_fail() { |
| testname "$1 (should fail)" |
| $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip |
| shift |
| run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip && fail |
| } |
| |
| # not signed at all |
| expect_fail unsigned.zip |
| # signed in the pre-donut way |
| expect_fail jarsigned.zip |
| |
| # success cases |
| expect_succeed otasigned.zip -e3 |
| expect_succeed otasigned_f4.zip -f4 |
| expect_succeed otasigned_sha256.zip -e3 -sha256 |
| expect_succeed otasigned_f4_sha256.zip -f4 -sha256 |
| expect_succeed otasigned_ecdsa_sha256.zip -ec -sha256 |
| |
| # success with multiple keys |
| expect_succeed otasigned.zip -f4 -e3 |
| expect_succeed otasigned_f4.zip -ec -f4 |
| expect_succeed otasigned_sha256.zip -ec -e3 -e3 -sha256 |
| expect_succeed otasigned_f4_sha256.zip -ec -sha256 -e3 -f4 -sha256 |
| expect_succeed otasigned_ecdsa_sha256.zip -f4 -sha256 -e3 -ec -sha256 |
| |
| # verified against different key |
| expect_fail otasigned.zip -f4 |
| expect_fail otasigned_f4.zip -e3 |
| expect_fail otasigned_ecdsa_sha256.zip -e3 -sha256 |
| |
| # verified against right key but wrong hash algorithm |
| expect_fail otasigned.zip -e3 -sha256 |
| expect_fail otasigned_f4.zip -f4 -sha256 |
| expect_fail otasigned_sha256.zip |
| expect_fail otasigned_f4_sha256.zip -f4 |
| expect_fail otasigned_ecdsa_sha256.zip |
| |
| # various other cases |
| expect_fail random.zip |
| expect_fail fake-eocd.zip |
| expect_fail alter-metadata.zip |
| expect_fail alter-footer.zip |
| |
| # --------------- cleanup ---------------------- |
| |
| cleanup |
| |
| echo |
| echo PASS |
| echo |