| Name | Date | Size | #Lines | LOC | ||
|---|---|---|---|---|---|---|
| .. | - | - | ||||
| arm/ | 14-Jan-2024 | - | ||||
| arm64/ | 14-Jan-2024 | - | ||||
| x86/ | 14-Jan-2024 | - | ||||
| x86_64/ | 14-Jan-2024 | - | ||||
| Android.bp | D | 15-Dec-2024 | 1,013 | 32 | 28 | |
| OWNERS | D | 14-Jan-2024 | 46 | 3 | 2 | |
| README.md | D | 14-Jan-2024 | 2.7 KiB | 85 | 64 |
README.md
1How the test works 2================== 3ApkVerityTestApp is a test helper app to be installed with fs-verity signature 4file (.fsv\_sig). In order for this CTS test to run on a release build across 5vendors, the signature needs to be verified against a release certificate loaded 6to kernel. 7 8How to modify the test helper app 9================================= 10Modifying the test helper app will also require to sign the apk with a local debug 11key. You will also need to point the test to use your local build. 12 13How to load debug key 14--------------------- 15On debuggable build, it can be done by: 16 17``` 18adb root 19adb shell 'mini-keyctl padd asymmetric fsv-play .fs-verity' < fsverity-debug.x509.der 20``` 21 22On user build, the keyring is closed and doesn't accept extra key. A workaround 23is to copy the .der file to /system/etc/security/fsverity. Upon reboot, the 24certificate will be loaded to kernel as usual. 25 26How to use the app built locally 27-------------------------------- 28You need to override the prebuilts with the debug build. 29 301. Build the debug artifacts by `m CtsApkVerityTestDebugFiles`. Copy the output 31 to a temporary directory, e.g. 32 33``` 34(cd $ANDROID_BUILD_TOP && cp `cat 35out/soong/.intermediates/cts/hostsidetests/appsecurity/test-apps/ApkVerityTestApp/testdata/CtsApkVerityTestDebugFiles/gen/CtsApkVerityTestDebugFiles.txt` 36/tmp/prebuilts/) 37``` 38 392. Copy files to create bad app, e.g. in /tmp/prebuilts, 40 41``` 42cp CtsApkVerityTestApp.apk CtsApkVerityTestApp2.apk 43cp CtsApkVerityTestAppSplit.apk.fsv_sig CtsApkVerityTestApp2.apk.fsv_sig 44``` 45 463. Rename file names to match the test expectation. 47``` 48for f in CtsApkVerityTestApp*; do echo $f | sed -E 's/([^.]+)\.(.+)/mv & \1Prebuilt.\2/'; done | sh 49``` 50 514. Run the test. 52 53``` 54atest CtsAppSecurityHostTestCases:android.appsecurity.cts.ApkVerityInstallTest 55``` 56 57How to update the prebuilts 58=========================== 59 601. Download CtsApkVerityTestApp.apk, CtsApkVerityTestApp.apk.idsig and CtsApkVerityTestAppSplit.apk. 61The current prebuilts are downloaded from the links below. 62 63``` 64https://android-build.googleplex.com/builds/submitted/9178658/test_suites_arm64/latest/ 65https://android-build.googleplex.com/builds/submitted/9178658/test_suites_x86_64/latest/ 66``` 67 682. Ask the key owner to sign the .apk files with the "fsverity-release" key 69 (example: b/253983589). 703. Receive the release signature .fsv\_sig. 714. Override CtsApkVerityTestApp2 to create a bad signature. 72 73``` 74cp CtsApkVerityTestApp.apk CtsApkVerityTestApp2.apk 75cp CtsApkVerityTestAppSplit.apk.fsv_sig CtsApkVerityTestApp2.apk.fsv_sig 76``` 77 785. Rename to "Prebuilt". 79 80``` 81for f in CtsApkVerityTestApp*; do echo $f | sed -E 's/([^.]+)\.(.+)/mv & \1Prebuilt.\2/'; done | sh 82``` 83 846. Duplicate arm64 prebuilts into arm and arm64, x86\_64 into x86 and x86\_64. 85