1 #!/bin/bash 2 # 3 # A test suite for recovery's package signature verifier. Run in a 4 # client where you have done envsetup, lunch, etc. 5 # 6 # TODO: find some way to get this run regularly along with the rest of 7 # the tests. 8 9 EMULATOR_PORT=5580 10 DATA_DIR=$ANDROID_BUILD_TOP/bootable/recovery/testdata 11 12 WORK_DIR=/data/local/tmp 13 14 # set to 0 to use a device instead 15 USE_EMULATOR=0 16 17 # ------------------------ 18 19 if [ "$USE_EMULATOR" == 1 ]; then 20 emulator -wipe-data -noaudio -no-window -port $EMULATOR_PORT & 21 pid_emulator=$! 22 ADB="adb -s emulator-$EMULATOR_PORT " 23 else 24 ADB="adb -d " 25 fi 26 27 echo "waiting to connect to device" 28 $ADB wait-for-device 29 30 # run a command on the device; exit with the exit status of the device 31 # command. 32 run_command() { 33 $ADB shell "$@" \; echo \$? | awk '{if (b) {print a}; a=$0; b=1} END {exit a}' 34 } 35 36 testname() { 37 echo 38 echo "::: testing $1 :::" 39 testname="$1" 40 } 41 42 fail() { 43 echo 44 echo FAIL: $testname 45 echo 46 [ "$open_pid" == "" ] || kill $open_pid 47 [ "$pid_emulator" == "" ] || kill $pid_emulator 48 exit 1 49 } 50 51 52 cleanup() { 53 # not necessary if we're about to kill the emulator, but nice for 54 # running on real devices or already-running emulators. 55 run_command rm $WORK_DIR/verifier_test 56 run_command rm $WORK_DIR/package.zip 57 58 [ "$pid_emulator" == "" ] || kill $pid_emulator 59 } 60 61 $ADB push $ANDROID_PRODUCT_OUT/system/bin/verifier_test \ 62 $WORK_DIR/verifier_test 63 64 expect_succeed() { 65 testname "$1 (should succeed)" 66 $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip 67 shift 68 run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip || fail 69 } 70 71 expect_fail() { 72 testname "$1 (should fail)" 73 $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip 74 shift 75 run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip && fail 76 } 77 78 # not signed at all 79 expect_fail unsigned.zip 80 # signed in the pre-donut way 81 expect_fail jarsigned.zip 82 83 # success cases 84 expect_succeed otasigned.zip -e3 85 expect_succeed otasigned_f4.zip -f4 86 expect_succeed otasigned_sha256.zip -e3 -sha256 87 expect_succeed otasigned_f4_sha256.zip -f4 -sha256 88 expect_succeed otasigned_ecdsa_sha256.zip -ec -sha256 89 90 # success with multiple keys 91 expect_succeed otasigned.zip -f4 -e3 92 expect_succeed otasigned_f4.zip -ec -f4 93 expect_succeed otasigned_sha256.zip -ec -e3 -e3 -sha256 94 expect_succeed otasigned_f4_sha256.zip -ec -sha256 -e3 -f4 -sha256 95 expect_succeed otasigned_ecdsa_sha256.zip -f4 -sha256 -e3 -ec -sha256 96 97 # verified against different key 98 expect_fail otasigned.zip -f4 99 expect_fail otasigned_f4.zip -e3 100 expect_fail otasigned_ecdsa_sha256.zip -e3 -sha256 101 102 # verified against right key but wrong hash algorithm 103 expect_fail otasigned.zip -e3 -sha256 104 expect_fail otasigned_f4.zip -f4 -sha256 105 expect_fail otasigned_sha256.zip 106 expect_fail otasigned_f4_sha256.zip -f4 107 expect_fail otasigned_ecdsa_sha256.zip 108 109 # various other cases 110 expect_fail random.zip 111 expect_fail fake-eocd.zip 112 expect_fail alter-metadata.zip 113 expect_fail alter-footer.zip 114 115 # --------------- cleanup ---------------------- 116 117 cleanup 118 119 echo 120 echo PASS 121 echo 122
