summaryrefslogtreecommitdiffstats
path: root/tests/unit/install_test.cpp (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Force package installation with FUSE unless the package stores on deviceTianjie Xu2019-10-161-0/+28
| | | | | | | | | | | | | | | | | | | | | | The non-A/B package installation is subject to TOC/TOU flaw if the attacker can switch the package in the middle of installation. And the most pratical case is to store the package on an external device, e.g. a sdcard, and swap the device in the middle. To prevent that, we can adopt the same protection as used in sideloading a package with FUSE. Specifically, when we install the package with FUSE, we read the entire package to cryptographically verify its signature. The hash for each transfer block is recorded in the memory (TOC), and the subsequent reads (TOU) will be rejected upon dectecting a mismatch. This CL forces the package installation with FUSE when the package stays on a removable media. Bug: 136498130 Test: Run bin/recovery --update_package with various paths; and packages are installed from FUSE as expected Change-Id: Ibc9b095036a2fa624e8edf6c347ed4f12aef072f
* Track libziparchive API change.Elliott Hughes2019-05-061-2/+1
| | | | | | Bug: http://b/129068177 Test: treehugger Change-Id: Ie5b2b0cff087f2e9e65a4e77c187e3173357f3ad
* install: Return bool for a few check functions.Tao Bao2019-04-301-27/+27
| | | | | | | | | | | | | | | The results from these functions have boolean semantics. They're returning `int` prior to this CL, with some of them mixing 0 and InstallResult. Note that SetUpNonAbUpdateCommands() was returning INSTALL_CORRUPT / INSTALL_ERROR / 0 prior to this change, but all the callers handle INSTALL_CORRUPT and INSTALL_ERROR the same way. This CL changes them to return bool instead. Test: `mmma -j bootable/recovery` Test: TreeHugger Test: Sideload on taimen. Change-Id: Ic1b5dbf79aaca68b53ab8ea2c8ba3d19f988c571
* tests: Merge recovery_component_test into recovery_unit_test.Tao Bao2019-04-301-0/+598
Most of the tests in component/ are in fact unit tests. And it doesn't look practically beneficial to distinguish between the two: - They have the same test setup; - We always run both (recovery_unit_test and recovery_component_test) at the same time; - Breaking any of them would be equally bad. This CL merges the tests in recovery_component_test into recovery_unit_test to save the effort to maintain both. Test: Run recovery_unit_test on marlin (via `adb sync data`). Test: `atest recovery_unit_test` Change-Id: I93ff32e7219cd83425a4bcfe5613978a8dd48d75
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-22 20:52:08 +0200