Create fuzzy-fastboot pen tester
Test: Run on Sailfish, Walleye, and other devices
Bug: http://b/111126621
Change-Id: I309af79411d0a16d11874a048ce0db024770d7b2
diff --git a/fastboot/fastboot_driver.h b/fastboot/fastboot_driver.h
index fae9dc4..51be3db 100644
--- a/fastboot/fastboot_driver.h
+++ b/fastboot/fastboot_driver.h
@@ -56,6 +56,8 @@
};
class FastBootDriver {
+ friend class FastBootTest;
+
public:
static constexpr int RESP_TIMEOUT = 30; // 30 seconds
static constexpr uint32_t MAX_DOWNLOAD_SIZE = std::numeric_limits<uint32_t>::max();
diff --git a/fastboot/fuzzy_fastboot/Android.bp b/fastboot/fuzzy_fastboot/Android.bp
new file mode 100644
index 0000000..9a68ff3
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/Android.bp
@@ -0,0 +1,31 @@
+cc_test_host {
+ name: "fuzzy_fastboot",
+ compile_multilib: "first",
+
+ srcs: [
+ "main.cpp",
+ "extensions.cpp",
+ "usb_transport_sniffer.cpp",
+ "fixtures.cpp",
+ "test_utils.cpp",
+ ],
+
+ static_libs: [
+ "libfastboot2",
+ "libziparchive",
+ "libsparse",
+ "libutils",
+ "liblog",
+ "libz",
+ "libdiagnose_usb",
+ "libbase",
+ "libcutils",
+ "libgtest",
+ "libgtest_main",
+ "libbase",
+ "libadb_host",
+ "libtinyxml2",
+ "libsparse",
+ ],
+
+}
diff --git a/fastboot/fuzzy_fastboot/README.md b/fastboot/fuzzy_fastboot/README.md
new file mode 100644
index 0000000..72967c5
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/README.md
@@ -0,0 +1,394 @@
+# Fuzzy Fastboot
+
+Fuzzy Fastboot (FF) is a standalone automated conformance and penetration tester for
+validating device-side fastboot protocol implementations.
+The tool is completely generic, and uses a simple extensible XML
+configuration file to auto-generate device-specific tests for any device.
+Any Android device that uses the fastboot protocol should have fuzzy fastboot run on it prior to
+release to find implementation bugs, make sure it conforms to the fastboot spec,
+and that it safely handles malicious inputs.
+
+
+## Background
+The [fastboot protocol](../README.md) provides an easy way to manage low level
+aspects of the device directly from bootloader. However, with great power comes
+great responsibility. An improper or insecure fastboot implementation can
+open the possibility for critical security exploits on the bootloader via fastboot
+commands. Furthermore, an untrustworthy or insecure bootloader means nothing that is
+either directly or indirectly bootstrapped by the bootloader can be trusted (including Android).
+By checking a bootloader's conformance to the fastboot spec, as well as make sure
+nefarious/malformed input is properly and gracefully handled, easy exploits of a
+device's bootloaders can be mitigated.
+
+Additionally, since the fastboot tool itself must support a myriad of fastboot
+implementations, it is important to make sure an implementation is conforming to
+avoid potential incompatibilities with the fastboot command line tool itself.
+Thus, Fuzzy Fastboot also checks for proper conformance to the spec.
+
+## Overview
+Fuzzy Fastboot is written in C++ and uses [Google Test](https://github.com/google/googletest)
+for the underlying test framework. This means that Fuzzy Fastboot supports all of
+gtest's command line flags and options.
+
+Additionally, by using gtest it makes it extremely easy to add additional C++ based
+tests to Fuzzy Fastboot. However, in most cases the optional device specific
+XML configuration file that is provided to Fuzzy Fastboot supports the necessary
+features and hooks for testing device specific commands/features
+without touching the underlying C++.
+
+### Generic Tests
+Without a provided device XML configuration, Fuzzy Fastboot can only perform
+some basic tests that are generic to any fastboot device. These generic tests are
+divided into several test suite categories:
+
+1. **USBFunctionality** - Test USB communication
+2. **Conformance** - Test the device properly handles well-formed fastboot commands
+3. **UnlockPermissions** - Test commands only allowed in the unlocked state work
+4. **LockPermissions** - Test commands only not allowed in the locked state are rejected
+5. **Fuzz** - Test malicious and/or ill-formed commands are properly and gracefully handled
+
+
+### XML Generated Tests
+With a provided XML device configuration, Fuzzy Fastboot will be able to generate
+many more additional tests cases.
+
+The device config XML has five element pairs all inside a root level `<config>`:
+
+#### `<getvar>` Element
+Inside the `<getvar></getvar>` element pairs, one should list all the device's getvar
+variables, with an associated ECMAScript regex you wish the returned variable to match on.
+Each tested variable should appear in a `<var key="key" assert="regex"/>` format.
+For example:
+```xml
+<getvar>
+ <var key="product" assert="superphone2000"/>
+ <var key="secure" assert="no|yes"/>
+ <var key="battery-voltage" assert="[34][[:digit:]]{3}"/>
+ <!-- etc... -->
+</getvar>
+```
+
+#### `<partitions>` Element
+Inside the `<partitions></partitions>` element pairs, one should list all the device's
+partitions. Each device partition has should be put inside a `<part/>` element.
+The `<part/>` element supports the following attributes:
+
+
+| Attribute | Value | Purpose | Default |
+|-----------|----------------|---------------------------------------------------------------------------------------------|----------|
+| value | Partition name | The name of the partition | Required |
+| slots | "yes" or "no" | Is this partition is slotted | "no" |
+| test | "yes" or "no" | Is Fuzzy Fastboot is allowed to generate tests that overwrite this partition | Required |
+| hashable | "yes" or "no" | Is this partition hashable with the hash command specified in `<checksum>` | "yes" |
+| parsed | "yes" or "no" | Does the bootloader parse this partition, such as look for a header, look for magic, etc... | "no" |
+
+For example:
+```xml
+<!-- All the device partitions should be listed here -->
+<partitions>
+ <part value="boot" slots="yes" test="yes" hashable="yes" parsed="yes"/>
+ <part value="modem" slots="yes" test="yes" hashable="yes"/>
+ <part value="userdata" slots="no" test="yes" hashable="no"/>
+ <!-- etc... -->
+</partitions>
+```
+
+#### `<packed>` Element
+Most devices have pseudo partitions, such as a `bootloader` partition,
+that in reality is composed of several real partitions.
+When one of these pseudo partitions is flashed, the bootloader
+will internally expand the image into the individual images for each underlying
+partition. These pseudo partitions should be listed inside a `<part></part>`
+element pair. Each element `<part>` has a mandatory attribute `value`,
+which lists the name of this pseudo partition, and a `slots` attribute,
+which can be yes or no if this pseudo partition is slotted.
+Additionally, inside the `<part></part>` element pair, one should list
+all the real partition that make up this pseudo partition inside of
+`<child>PART_NAME</child>` element pairs.
+An example is should below:
+
+```xml
+<!-- All the device packed partitions should be listed here -->
+<packed>
+ <part value="bootloader" slots="yes">
+ <!-- We list the real partitions it is composed of -->
+ <child>foo1</child>
+ <child>foo2</child>
+ <child>bar3</child>
+ <!-- We list tests, expect defaults to 'okay' -->
+ <test packed="bootloader.img" unpacked="unpacked"/>
+ <test packed="bootloader_garbage.img" expect="fail"/>
+ </part>
+</packed>
+```
+
+You might notice there are additional `<test/>` elements as well contained inside of
+a `<part></part>` pair. This is because Fuzzy Fastboot allows (and recommends) one to specify
+valid and invalid test packed images for flashing this particular pseudo partition.
+Additionally, one should specify a folder with all the partitions' images
+that the packed image unpacks to. If your device supports hashing partitions, this
+will allow Fuzzy Fastboot to validate the images are unpacking correctly, and
+the correct slots are being flashed.
+
+Each `<test/>` element has the following supported attributes:
+
+| Attribute | Value | Purpose | Default |
+|-----------|---------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------|
+| packed | The name of the packed test image | The image uploaded to the device. It is searched for in dir if --search_path=dir | Required |
+| unpacked | The name of the directory containing the unpacked version of packed | Searched for in dir if --search_path=dir. This folder should have the all the images that packed unpacks to. The name of each of the images should be the name of the real partition it is flashed to. | Required if expect != "fail" |
+| expect | "okay" or "fail" | If uploading a invalid or garbage image the bootloader should reject use "fail" otherwise "okay" | "okay" |
+
+
+#### `<oem>` Element
+Vendors can extend the fastboot protocol with oem commands. This allows vendors
+to support device/vendor specific features/commands over the fastboot protocol.
+Fuzzy Fastboot allows testing these oem commands as well.
+
+Oem commands are specefied in `<command></command>` element pairs. Each command
+element supports the following attributes:
+
+
+| Attribute | Value | Purpose | Default |
+|-------------|----------------------|---------------------------------------------------------------|----------|
+| value | The oem command name | Ex: if value="foo", the oem command will start with "oem foo" | Required |
+| permissions | "none" or "unlocked" | Whether the bootloader must be "unlocked" to perform command | "none" |
+
+An example is should below:
+```xml
+<oem>
+ <command value="self_destruct" permissions="unlocked">
+ <!-- This will test that "oem self_destruct now" returns 'okay' -->
+ <test value="now" expect="okay"/>
+ <!-- This will test that "oem self_destruct yesterday" returns 'fail' -->
+ <test value="yesterday" expect="fail" />
+ </command>
+
+ <command value="foobar" permissions="unlocked">
+ <!-- FF will first stage test_image.img before running 'oem foobar use_staged' -->
+ <test value="use_staged" expect="okay" input="test_image.img" />
+ <!-- FF will run 'oem foobar send_response', upload data from device, then run the validator script -->
+ <test value="send_response" expect="fail" validate="python validator.py"/>
+ </command>
+<oem/>
+```
+
+Again you will notice that one can, and should, specify tests to run with `<test/>` elements.
+The test elements support the following attributes:
+
+
+| Attribute | Value | Purpose | Default |
+|-----------|--------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|
+| value | The oem command argument | Ex: if value="bar", and the oem command name was "foo", the full command will be "oem foo bar" | Empty String (no argument) |
+| expect | "okay" or "fail" | Whether the bootloader should accept or reject this command | "okay" |
+| input | A image filename | Some oem commands require staging files before the command is executed | Empty String (no argument) |
+| validate | A program/script to run to validate the response | Some oem commands will stage data that can be downloaded afterwards and should be validated to be correct. Fuzzy Fastboot will launch the validation program with the first arg the oem command executed, the second arg the path to the downloaded image. Ex: "python validate.py'. If the program has a non-zero return code, the validation is marked as failed and anything from the launched programs stderr is logged in the test failure. | Empty String (no argument) |
+| assert | A Regular expression | In the "okay" or "fail" response, Fuzzy Fastboot will assert the response matches this regular expression. | Empty String (no argument) |
+| output | The name of the saved file | This is the name of the saved output file passed to the validation script. It is saved in whatever location is specified by the --output_path argument | out.img |
+
+
+#### `<checksum/>` Element
+If the bootloader supports hashing partitions (implementing this is strongly recommended), Fuzzy Fastboot can
+use it to do a bunch more testing. Make sure this hash is a cryptographically secure hash, as a non-secure one
+might reveal secrets about the partitions' contents.
+
+The checksum element has no children and only two required attributes:
+
+- **value** - The command that hashes a partition. Note that the name of the partition will be appended to the end of the command. For example, if `value="oem hash"`, hashing the partition `bar` would be issued with `oem hash bar`.
+- **parser** - How the hash is returned is up to the vendor's implementation. It could be part of the `OKAY` response, or be encoded in `INFO` responses. Thus, the parser attribute is used to specify a program/script that will extract the hash. The first argument to the program will be the be the response from `OKAY`, the second argument will be all the `INFO` responses joined by newlines. The extracted hash should be sent back to Fuzzy Fastboot as a string written to stderr, and a return code of 0 to signal the parsing was successful. In the case of failure, return a non-zero return code, an optionally an associated error message written to stderr.
+
+
+
+## Full Example XML Configuration
+Here is a basic example configuration. This can also be found in the 'example' folder
+as well as the associated python scripts 'checksum_parser.py' (used to extract partition hash),
+and 'validator.py' (used to validate an oem command that returns data).
+```xml
+<?xml version="1.0"?>
+<config>
+<!-- All the device getvar variables should be listed here -->
+<getvar>
+ <var key="product" assert="superphone2000"/>
+ <var key="secure" assert="no|yes"/>
+</getvar>
+
+<!-- All the device partitions should be listed here -->
+<partitions>
+ <part value="boot" slots="yes" test="yes" hashable="yes" parsed="yes"/>
+ <part value="modem" slots="yes" test="yes" hashable="yes"/>
+ <part value="userdata" slots="no" test="yes" hashable="no"/>
+
+ <!-- Bootloader partitions -->
+ <part value="foo1" slots="yes" test="no" hashable="yes"/>
+ <part value="foo2" slots="yes" test="no" hashable="yes"/>
+ <part value="bar3" slots="yes" test="no" hashable="yes"/>
+</partitions>
+
+<!-- All the device packed partitions should be listed here -->
+<packed>
+ <part value="bootloader" slots="yes">
+ <!-- We list the real partitions it is composed of -->
+ <child>foo1</child>
+ <child>foo2</child>
+ <child>bar3</child>
+ <!-- We list tests, expect defaults to 'okay' -->
+ <test packed="bootloader.img" unpacked="unpacked"/>
+ <test packed="bootloader_garbage.img" expect="fail"/>
+ </part>
+</packed>
+
+<!-- All the oem commands should be listed here -->
+<oem>
+ <!-- The 'oem self_destruct' command requires an unlocked bootloader -->
+ <command value="self_destruct" permissions="unlocked">
+ <!-- This will test that "oem self_destruct now" returns 'okay' -->
+ <test value="now" expect="okay"/>
+ <test value="yesterday" expect="fail" />
+ </command>
+
+ <!-- Test a fictional 'oem get' command -->
+ <command value="get" permissions="none">
+ <test value="batch_id" expect="okay" assert="[[:digit:]]+"/>
+ <test value="device_color" expect="okay" assert="green|blue"/>
+ <test value="build_num" expect="okay" assert="[\w\-.]+"/>
+ <test value="garbage" expect="fail" assert="Invalid var '[\w ]+'"/>
+ </command>
+
+ <!-- Some oem commands might require staging or downloading data, or both -->
+ <command value="foobar" permissions="unlocked">
+ <!-- FF will first stage test_image.img before running 'oem foobar use_staged' -->
+ <test value="use_staged" expect="okay" input="test_image.img" />
+ <!-- FF will run 'oem foobar send_response', upload data from device, then run the validator script -->
+ <test value="send_response" expect="fail" validate="python validator.py"/>
+ </command>
+</oem>
+
+<!-- If there is a custom oem checksum command to hash partitions, add it here -->
+<checksum value="oem sha1sum"/>
+</config>
+
+```
+
+## Running Fuzzy Fastboot
+Fuzzy Fastboot is built with the fastboot tool itself. It will appear in `out/host/linux-x86/testcases/fuzzy_fastboot/x86_64`.
+
+### Command Line Arguments
+- **--config=**: Specify the name of the configuration XML file. If omitted, only the generic tests will be available.
+- **--search_path=**: Specify the path where Fuzzy Fastboot will look for files referenced in the XML. This includes all the test images and the referenced programs/scripts. This is also where the --config is searched for. If this argument is omitted it defaults to the current directory.
+- **--output_path**: Some oem tests can download an image to the host for validation. This is the location where that image is stored. This deafults to '/tmp'.
+- **--serial_port**: Many devices have a UART or serial log, that reports logging information. Fuzzy Fastboot can include this logging information in the backtraces it generates. This can make debugging far easier. If your device has this, it can be specified with the path to the tty device. Ex: "/dev/ttyUSB0".
+- **--gtest_***: Any valid gtest argument (they all start with 'gtest_')
+- **-h**: Print gtest's help message
+
+
+## Using Fuzzy Fastboot on my Device
+All Fuzzy Fastboot tests should pass on your device. No test should be able to
+crash the bootloader. Invalid input MUST be handled gracefully. Using "asserts"
+or panicking on invalid or malformed input is not an acceptable way to handle
+these tests, as ungraceful forced termination of the bootloader can expose
+vulnerabilities and leave the device in a bad state.
+
+The following is the recommended workflow for using Fuzzy Fastboot on a new device:
+
+### Step 1: Pass the generic Conformance tests
+Begin with just the generic tests (i.e. no XML file). In particular, make sure all
+the conformance tests are passing before you move on. All other tests require that
+the basic generic conformance tests all pass for them to be valid. The conformance
+tests can be run with `./fuzzy_fastboot --gtests_filter=Conformance.*`.
+
+#### Understanding and Fixing Failed Tests
+Whenever a test fails, it will print out to the console the reason for failure
+and the lines and file where the error happened. At the end of each failure
+block, there will usually be a message that Fuzzy Fastboot reports to gtest
+explaining what went wrong. An example is shown below:
+
+```
+Expected equality of these values:
+ resp
+ Which is: "no"
+ unlock ? "yes" : "no"
+ Which is: "yes"
+getvar:unlocked response was not 'no' or 'yes': no
+system/core/fastboot/fuzzy_fastboot/fixtures.cpp:227: Failure
+Expected: SetLockState(UNLOCKED) doesn't generate new fatal failures in the current thread.
+ Actual: it does.
+[THERE WILL BE A MESSAGE HERE EXPLAINING WHY IT FAILED]
+```
+
+In most cases this message at the bottom is all that is needed to figure out why it failed.
+If this is not enough information, below this, gtest will also print out a human readable
+backtrace of the underlying fastboot commands leading up the failure in this test.
+Here is an example:
+```
+<<<<<<<< TRACE BEGIN >>>>>>>>>
+[WRITE 0ms](15 bytes): "getvar:unlocked"
+[READ 20ms](6 bytes): "OKAYno"
+<<<<<<<< TRACE END >>>>>>>>>
+```
+One can easily see the reason for the failure was the test expected the device to
+be unlocked.
+
+If it is still unclear why the failure is happening, the last thing to do is look
+at what line number and file is generating the error. Gtest will always print this out.
+You can then manually look through Fuzzy Fastboot's test source code, and figure out
+what went wrong.
+
+
+### Step 2: Pass all the other generic tests
+Run all the other generic tests (still no XML file). A list of all of them can be
+printed out with: "./fuzzy_fastboot --gtest_list_tests". As before, "--gtest_filter"
+can be used to select certain tests to run, once you figure out which ones failed.
+
+One particular set of tests to watch out for are the ones that involve USB resets.
+USB resets effectively unplug and replug the device in software. Fuzzy Fastboot,
+expects USB resets to cancel whatever transaction is currently going on.
+This is also how Fuzzy Fastboot attempts to recover from errors when the device is
+unresponsive.
+
+### Step 3: Create a device XML configuration
+Without a device specific configuration file, Fuzzy Fastboot will have poor test
+coverage of your device. The vast majority of tests are auto-generated via the XML
+configuration file. Use the guide above to generate a configuration for your device.
+Make sure to be as thorough as possible, and list everything in the configuration
+that can be tested. Finally, make sure that the packed pseudo partitions and
+oem commands all have provided test cases. Be sure to test both the positive case
+(i.e. with valid input), as well as the opposite. Make sure the failure tests
+have good coverage by thinking about all the ways invalid and malicious inputs
+could be formed. These means creating images with malformed headers, illegal chars,
+and other evil inputs.
+
+Now run fuzzy_fastboot with the supplied configuration file. If you do "--gtest_list_tests",
+you should see a ton more tests that were autogenerated by Fuzzy Fastboot.
+As before, run these tests till everything passes. Again, use "--gtest_filter"
+to select specific tests to run once you know what fail,
+as running the whole things with a large configuration can take over 30 minutes.
+See the gtest documentation, for nifty tricks and command line options.
+
+### Step 4: Figure out what Fuzzy Fastboot can't/isn't testing
+While Fuzzy Fastboot with a XML configuration file, should provide good test coverage.
+Think about what device specific things are not being tested, and test them manually.
+In particular, things that if not handled carefully could create security exploits.
+Don't be lazy here, as you already put in the time to get this far.
+
+### Step 5: Celebrate
+You're done :). Now you can be more confident that your implementation is sound, and
+have piece of mind knowing you are protecting the users' security and data by
+running these tests. Don't get too complacent. If the bootloader's source code
+is modified in a way that could introduce bugs or security issues. Make sure to
+test again. You might have to add to your existing configuration file.
+
+## Limitations and Warnings
+- Currently this only works on Linux (even if it builds on Mac)
+- Only fastboot over USB is currently supported
+- Passing these tests does not mean there are not bugs/security issues. For example, a buffer overrun might not always trigger a crash or have any noticeable side effects.
+- **Be extremely careful of the Fuzzy Fastboot tests you are running. Know exactly what the tests do you are about to run before you run them. It is very possible to brick a device with many of these tests.**
+
+## Fuzzy Fastboot Missing Features TODO's
+The following are missing features that should eventually be added
+- *Sparse Image Tests*: Currently there are no tests that tests sparse images. Both well-formed and malicious images need to be tested.
+- *Unlocking/Locking Critical*: Currently there are no tests that tests that locking/unlocking critical functionality.
+- *Saved Test Log*: Fuzzy Fastboot should be able to create a failure log for every failing test and save it to a file. This file should include the test information, the reason it failed, and the fastboot command trace (with the serial console logs). Currently it just prints it to the console at the end of every test.
+- *Host Side Hashing*: One should be able to provide the hashing algorithm to the Fuzzy Fastboot, so it can be checked to agree with what the device is reporting.
+
+
+## Author
+Aaron Wisner - awisner@google.com
diff --git a/fastboot/fuzzy_fastboot/example/checksum_parser.py b/fastboot/fuzzy_fastboot/example/checksum_parser.py
new file mode 100644
index 0000000..1a890e6
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/example/checksum_parser.py
@@ -0,0 +1,37 @@
+'''
+Some bootloader's support hashing partitions. This is a great feature for testing
+correctness. However, the format for the way the hash is returned depends on the
+implementation. The hash could be send through an INFO response, or be as part
+of the OKAY response itself. This script is called with the first argument
+as the string mesage from the okay response. The second argument is each
+info response joined by newlines into one argument.
+'''
+
+import sys
+
+
+def main():
+ '''
+ Data is sent back to the parent fuzzy_fastboot process through the stderr pipe.
+ There are two interpretations of this data by FF.
+
+ 0 return code:
+ Anything written to STDERR will be interpreted as part of the hash.
+
+ non-zero return code:
+ Anything written to STDERR is part of the error message that will logged by FF
+ to explain why hash extraction failed.
+
+ Feel free to print to to STDOUT with print() as usual to print info to console
+ '''
+ script, response, info = sys.argv
+ # the info responses are concated by newlines
+ infos = [s.strip() for s in info.splitlines()]
+ sys.stderr.write(infos[-1])
+ print("Extracted checksum: '%s'" % infos[-1])
+ # non-zero return code signals error
+ return 0
+
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/fastboot/fuzzy_fastboot/example/config.xml b/fastboot/fuzzy_fastboot/example/config.xml
new file mode 100644
index 0000000..af2a3b9
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/example/config.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0"?>
+<config>
+<!-- All the device getvar variables should be listed here -->
+<getvar>
+ <var key="product" assert="superphone2000"/>
+ <var key="secure" assert="no|yes"/>
+</getvar>
+
+<!-- All the device partitions should be listed here -->
+<partitions>
+ <part value="boot" slots="yes" test="yes" hashable="yes" parsed="yes"/>
+ <part value="modem" slots="yes" test="yes" hashable="yes"/>
+ <part value="userdata" slots="no" test="yes" hashable="no"/>
+
+ <!-- Bootloader partitions -->
+ <part value="foo1" slots="yes" test="no" hashable="yes"/>
+ <part value="foo2" slots="yes" test="no" hashable="yes"/>
+ <part value="bar3" slots="yes" test="no" hashable="yes"/>
+</partitions>
+
+<!-- All the device packed partitions should be listed here -->
+<packed>
+ <part value="bootloader" slots="yes">
+ <!-- We list the real partitions it is composed of -->
+ <child>foo1</child>
+ <child>foo2</child>
+ <child>bar3</child>
+ <!-- We list tests, expect defaults to 'okay' -->
+ <test packed="bootloader.img" unpacked="unpacked"/>
+ <test packed="bootloader_garbage.img" expect="fail"/>
+ </part>
+</packed>
+
+<!-- All the oem commands should be listed here -->
+<oem>
+ <!-- The 'oem self_destruct' command requires an unlocked bootloader -->
+ <command value="self_destruct" permissions="unlocked">
+ <!-- This will test that "oem self_destruct now" returns 'okay' -->
+ <test value="now" expect="okay"/>
+ <test value="yesterday" expect="fail" />
+ </command>
+
+ <!-- Test a fictional 'oem get' command -->
+ <command value="get" permissions="none">
+ <test value="batch_id" expect="okay" assert="[[:digit:]]+"/>
+ <test value="device_color" expect="okay" assert="green|blue"/>
+ <test value="build_num" expect="okay" assert="[\w\-.]+"/>
+ <test value="garbage" expect="fail" assert="Invalid var '[\w ]+'"/>
+ </command>
+
+ <!-- Some oem commands might require staging or downloading data, or both -->
+ <command value="foobar" permissions="unlocked">
+ <!-- FF will first stage test_image.img before running 'oem foobar use_staged' -->
+ <test value="use_staged" expect="okay" input="test_image.img" />
+ <!-- FF will run 'oem foobar send_response', upload data from device, then run the validator script -->
+ <test value="send_response" expect="fail" validate="python validator.py"/>
+ </command>
+</oem>
+
+<!-- If there is a custom oem checksum command to hash partitions, add it here -->
+<checksum value="oem sha1sum"/>
+</config>
diff --git a/fastboot/fuzzy_fastboot/example/validator.py b/fastboot/fuzzy_fastboot/example/validator.py
new file mode 100644
index 0000000..9c5081f
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/example/validator.py
@@ -0,0 +1,37 @@
+'''
+This is an example validator to be used with oem commands that allow you to
+upload data afterwards that you wish to validate locally.
+'''
+import sys
+
+def eprint(msg):
+ '''
+ A helper function for logging error messages to fuzzy_fastboot
+ Use this function as you would "print()"
+ '''
+ sys.stderr.write(msg + '\n')
+
+
+def main():
+ '''
+ Data is sent back to the parent fuzzy_fastboot process through the stderr pipe.
+
+ If this script has a non-zero return code, anything written to STDERR is part of
+ the error message that will logged by FF to explain why this validation failed.
+
+ Feel free to print to to STDOUT with print() as usual to print info to console
+ '''
+ script, command, fname = sys.argv
+ eprint("Messages here will go to the parent testers logs")
+ eprint("Hello world")
+ print("This goes to stdout as expected")
+ with open(fname, "rb") as fd:
+ # Do some validation on the buffer
+ pass
+
+ # non-zero return code signals error
+ return -1
+
+
+if __name__ == "__main__":
+ sys.exit(main())
diff --git a/fastboot/fuzzy_fastboot/extensions.cpp b/fastboot/fuzzy_fastboot/extensions.cpp
new file mode 100644
index 0000000..62ef5ba
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/extensions.cpp
@@ -0,0 +1,314 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <csignal>
+#include <cstdlib>
+#include <fstream>
+
+#include "extensions.h"
+#include "test_utils.h"
+#include "tinyxml2.h"
+
+namespace fastboot {
+namespace extension {
+
+namespace { // private to this file
+
+// Since exceptions are disabled, a bad regex will trigger an abort in the constructor
+// We at least need to print something out
+std::regex MakeRegex(const std::string& regex_str, int line_num,
+ std::regex_constants::syntax_option_type type = std::regex::ECMAScript) {
+ // The signal handler can only access static vars
+ static std::string err_str;
+ err_str = android::base::StringPrintf("'%s' is not a valid regex string (line %d)\n",
+ regex_str.c_str(), line_num);
+ const auto sighandler = [](int) {
+ int nbytes = write(fileno(stderr), err_str.c_str(), err_str.length());
+ static_cast<void>(nbytes); // need to supress the unused nbytes/ or unused result
+ };
+ std::signal(SIGABRT, sighandler);
+ // Now attempt to create the regex
+ std::regex ret(regex_str, type);
+ // unregister
+ std::signal(SIGABRT, SIG_DFL);
+
+ return ret;
+}
+
+bool XMLAssert(bool cond, const tinyxml2::XMLElement* elem, const char* msg) {
+ if (!cond) {
+ printf("%s (line %d)\n", msg, elem->GetLineNum());
+ }
+ return !cond;
+}
+
+const std::string XMLAttribute(const tinyxml2::XMLElement* elem, const std::string key,
+ const std::string key_default = "") {
+ if (!elem->Attribute(key.c_str())) {
+ return key_default;
+ }
+
+ return elem->Attribute(key.c_str());
+}
+
+bool XMLYesNo(const tinyxml2::XMLElement* elem, const std::string key, bool* res,
+ bool def = false) {
+ if (!elem->Attribute(key.c_str())) {
+ *res = def;
+ return true;
+ }
+ const std::string val = elem->Attribute(key.c_str());
+ if (val != "yes" && val != "no") {
+ return false;
+ }
+ *res = (val == "yes");
+ return true;
+}
+
+bool ExtractPartitions(tinyxml2::XMLConstHandle handle, Configuration* config) {
+ // Extract partitions
+ const tinyxml2::XMLElement* part = handle.FirstChildElement("part").ToElement();
+ while (part) {
+ Configuration::PartitionInfo part_info;
+ const std::string name = XMLAttribute(part, "value");
+ const std::string test = XMLAttribute(part, "test");
+ if (XMLAssert(!name.empty(), part, "The name of a partition can not be empty") ||
+ XMLAssert(XMLYesNo(part, "slots", &part_info.slots), part,
+ "Slots attribute must be 'yes' or 'no'") ||
+ XMLAssert(XMLYesNo(part, "hashable", &part_info.hashable, true), part,
+ "Hashable attribute must be 'yes' or 'no'") ||
+ XMLAssert(XMLYesNo(part, "parsed", &part_info.parsed), part,
+ "Parsed attribute must be 'yes' or 'no'"))
+ return false;
+
+ bool allowed = test == "yes" || test == "no-writes" || test == "no";
+ if (XMLAssert(allowed, part, "The test attribute must be 'yes' 'no-writes' or 'no'"))
+ return false;
+ if (XMLAssert(config->partitions.find(name) == config->partitions.end(), part,
+ "The same partition name is listed twice"))
+ return false;
+ part_info.test = (test == "yes")
+ ? Configuration::PartitionInfo::YES
+ : (test == "no-writes") ? Configuration::PartitionInfo::NO_WRITES
+ : Configuration::PartitionInfo::NO;
+ config->partitions[name] = part_info;
+ part = part->NextSiblingElement("part");
+ }
+ return true;
+}
+
+bool ExtractPacked(tinyxml2::XMLConstHandle handle, Configuration* config) {
+ // Extract partitions
+ const tinyxml2::XMLElement* part = handle.FirstChildElement("part").ToElement();
+ while (part) {
+ Configuration::PackedInfo packed_info;
+ const std::string name = XMLAttribute(part, "value");
+
+ if (XMLAssert(!name.empty(), part, "The name of a packed partition can not be empty") ||
+ XMLAssert(XMLYesNo(part, "slots", &packed_info.slots), part,
+ "Slots attribute must be 'yes' or 'no'") ||
+ XMLAssert(config->partitions.find(name) == config->partitions.end(), part,
+ "A packed partition can not have same name as a real one") ||
+ XMLAssert(config->partitions.find(name) == config->partitions.end(), part,
+ "The same partition name is listed twice"))
+ return false;
+
+ // Extract children partitions
+ const tinyxml2::XMLElement* child = part->FirstChildElement("child")
+ ? part->FirstChildElement("child")->ToElement()
+ : nullptr;
+ while (child) {
+ const std::string text(child->GetText());
+ // Make sure child exists
+ if (XMLAssert(config->partitions.find(text) != config->partitions.end(), child,
+ "The child partition was not listed in <partitions>"))
+ return false;
+ packed_info.children.insert(text);
+ child = child->NextSiblingElement("child");
+ }
+
+ // Extract tests
+ const tinyxml2::XMLElement* test = part->FirstChildElement("test")
+ ? part->FirstChildElement("test")->ToElement()
+ : nullptr;
+ while (test) {
+ Configuration::PackedInfoTest packed_test;
+ packed_test.packed_img = XMLAttribute(test, "packed");
+ packed_test.unpacked_dir = XMLAttribute(test, "unpacked");
+ const std::string expect = XMLAttribute(test, "expect", "okay");
+
+ if (XMLAssert(!packed_test.packed_img.empty(), test,
+ "The packed image location must be specified") ||
+ XMLAssert(CMD_EXPECTS.find(expect) != CMD_EXPECTS.end(), test,
+ "Expect attribute must be 'okay' or 'fail'"))
+ return false;
+
+ packed_test.expect = CMD_EXPECTS.at(expect);
+ // The expect is only unpacked directory is only needed if success
+ if (packed_test.expect == OKAY &&
+ XMLAssert(!packed_test.unpacked_dir.empty(), test,
+ "The unpacked image folder location must be specified"))
+ return false;
+
+ packed_info.tests.push_back(packed_test);
+ test = test->NextSiblingElement("test");
+ }
+
+ config->packed[name] = packed_info;
+ part = part->NextSiblingElement("part");
+ }
+ return true;
+}
+
+bool ExtractGetVars(tinyxml2::XMLConstHandle handle, Configuration* config) {
+ // Extract getvars
+ const tinyxml2::XMLElement* var = handle.FirstChildElement("var").ToElement();
+ while (var) {
+ const std::string key = XMLAttribute(var, "key");
+ const std::string reg = XMLAttribute(var, "assert");
+ if (XMLAssert(key.size(), var, "The var key name is empty")) return false;
+ if (XMLAssert(config->getvars.find(key) == config->getvars.end(), var,
+ "The same getvar variable name is listed twice"))
+ return false;
+ Configuration::GetVar getvar{reg, MakeRegex(reg, var->GetLineNum()), var->GetLineNum()};
+ config->getvars[key] = std::move(getvar);
+ var = var->NextSiblingElement("var");
+ }
+ return true;
+}
+
+bool ExtractOem(tinyxml2::XMLConstHandle handle, Configuration* config) {
+ // Extract getvars
+ // Extract oem commands
+ const tinyxml2::XMLElement* command = handle.FirstChildElement("command").ToElement();
+ while (command) {
+ const std::string cmd = XMLAttribute(command, "value");
+ const std::string permissions = XMLAttribute(command, "permissions");
+ if (XMLAssert(cmd.size(), command, "Empty command value")) return false;
+ if (XMLAssert(permissions == "none" || permissions == "unlocked", command,
+ "Permissions attribute must be 'none' or 'unlocked'"))
+ return false;
+
+ // Each command has tests
+ std::vector<Configuration::CommandTest> tests;
+ const tinyxml2::XMLElement* test = command->FirstChildElement("test");
+ while (test) { // iterate through tests
+ Configuration::CommandTest ctest;
+
+ ctest.line_num = test->GetLineNum();
+ const std::string default_name = "XMLTest-line-" + std::to_string(test->GetLineNum());
+ ctest.name = XMLAttribute(test, "name", default_name);
+ ctest.arg = XMLAttribute(test, "value");
+ ctest.input = XMLAttribute(test, "input");
+ ctest.output = XMLAttribute(test, "output");
+ ctest.validator = XMLAttribute(test, "validate");
+ ctest.regex_str = XMLAttribute(test, "assert");
+
+ const std::string expect = XMLAttribute(test, "expect");
+
+ if (XMLAssert(CMD_EXPECTS.find(expect) != CMD_EXPECTS.end(), test,
+ "Expect attribute must be 'okay' or 'fail'"))
+ return false;
+ ctest.expect = CMD_EXPECTS.at(expect);
+ std::regex regex;
+ if (expect == "okay" && ctest.regex_str.size()) {
+ ctest.regex = MakeRegex(ctest.regex_str, test->GetLineNum());
+ }
+ tests.push_back(std::move(ctest));
+ test = test->NextSiblingElement("test");
+ }
+
+ // Build the command struct
+ const Configuration::OemCommand oem_cmd{permissions == "unlocked", std::move(tests)};
+ config->oem[cmd] = std::move(oem_cmd);
+
+ command = command->NextSiblingElement("command");
+ }
+ return true;
+}
+
+bool ExtractChecksum(tinyxml2::XMLConstHandle handle, Configuration* config) {
+ const tinyxml2::XMLElement* checksum = handle.ToElement();
+ if (checksum && checksum->Attribute("value")) {
+ config->checksum = XMLAttribute(checksum, "value");
+ config->checksum_parser = XMLAttribute(checksum, "parser");
+ if (XMLAssert(config->checksum_parser != "", checksum,
+ "A checksum parser attribute is mandatory"))
+ return false;
+ }
+ return true;
+}
+
+} // anonymous namespace
+
+bool ParseXml(const std::string& file, Configuration* config) {
+ tinyxml2::XMLDocument doc;
+ if (doc.LoadFile(file.c_str())) {
+ printf("Failed to open/parse XML file '%s'\nXMLError: %s\n", file.c_str(), doc.ErrorStr());
+ return false;
+ }
+
+ tinyxml2::XMLConstHandle handle(&doc);
+ tinyxml2::XMLConstHandle root(handle.FirstChildElement("config"));
+
+ // Extract the getvars
+ if (!ExtractGetVars(root.FirstChildElement("getvar"), config)) {
+ return false;
+ }
+ // Extract the partition info
+ if (!ExtractPartitions(root.FirstChildElement("partitions"), config)) {
+ return false;
+ }
+
+ // Extract packed
+ if (!ExtractPacked(root.FirstChildElement("packed"), config)) {
+ return false;
+ }
+
+ // Extract oem commands
+ if (!ExtractOem(root.FirstChildElement("oem"), config)) {
+ return false;
+ }
+
+ // Extract checksum
+ if (!ExtractChecksum(root.FirstChildElement("checksum"), config)) {
+ return false;
+ }
+
+ return true;
+}
+
+} // namespace extension
+} // namespace fastboot
diff --git a/fastboot/fuzzy_fastboot/extensions.h b/fastboot/fuzzy_fastboot/extensions.h
new file mode 100644
index 0000000..58312e5
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/extensions.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#pragma once
+
+#include <regex>
+#include <string>
+#include <unordered_map>
+#include <unordered_set>
+#include <vector>
+
+namespace fastboot {
+namespace extension {
+
+enum Expect { OKAY = 0, FAIL, DATA };
+
+static const std::unordered_map<std::string, Expect> CMD_EXPECTS = {
+ {"okay", OKAY},
+ {"fail", FAIL},
+ {"data", DATA},
+};
+
+static const std::unordered_map<Expect, std::string> EXPECTS_STR = {
+ {OKAY, "okay"},
+ {FAIL, "fail"},
+ {DATA, "data"},
+};
+
+struct Configuration {
+ struct GetVar {
+ std::string regex_str;
+ std::regex regex;
+ int line_num;
+
+ // So gtest can print me
+ friend ::std::ostream& operator<<(::std::ostream& os, const GetVar& self) {
+ return os << "<regex='" << self.regex_str << "' line_num=" << self.line_num << ">";
+ }
+ };
+ struct PartitionInfo {
+ enum TestConfig { NO = 0, NO_WRITES, YES };
+ bool hashable;
+ bool slots; // Does it have slots
+ bool parsed; // Does the bootloader do parsing on the img?
+ TestConfig test;
+
+ // So gtest can print me
+ friend ::std::ostream& operator<<(::std::ostream& os, const PartitionInfo& pinfo) {
+ return os << "<hashable=" << pinfo.hashable << " slots=" << pinfo.slots
+ << " parsed=" << pinfo.parsed << ">";
+ }
+ };
+
+ struct PackedInfoTest {
+ Expect expect; // Does it have slots
+ std::string packed_img;
+ std::string unpacked_dir;
+
+ // So gtest can print me
+ friend ::std::ostream& operator<<(::std::ostream& os, const PackedInfoTest& pinfo) {
+ return os << "<"
+ << "expect=" << EXPECTS_STR.at(pinfo.expect)
+ << " packed_img=" << pinfo.packed_img
+ << " unpacked_dir=" << pinfo.unpacked_dir << ">";
+ }
+ };
+
+ struct PackedInfo {
+ bool slots; // Does it have slots
+ std::unordered_set<std::string> children;
+ std::vector<PackedInfoTest> tests;
+ };
+
+ struct CommandTest {
+ std::string name;
+ int line_num;
+ std::string arg;
+ Expect expect;
+ std::string regex_str;
+ std::regex regex;
+ std::string input;
+ std::string output;
+ std::string validator;
+
+ // So gtest can print me
+ friend ::std::ostream& operator<<(::std::ostream& os, const CommandTest& self) {
+ return os << "test: " << self.name << " (line: " << self.line_num << ")";
+ }
+ };
+
+ struct OemCommand {
+ bool restricted; // Does device need to be unlocked?
+ std::vector<CommandTest> tests;
+ };
+
+ std::unordered_map<std::string, GetVar> getvars;
+ std::unordered_map<std::string, PartitionInfo> partitions;
+ std::unordered_map<std::string, PackedInfo> packed;
+ std::unordered_map<std::string, OemCommand> oem;
+
+ std::string checksum;
+ std::string checksum_parser;
+};
+
+bool ParseXml(const std::string& file, Configuration* config);
+
+} // namespace extension
+} // namespace fastboot
diff --git a/fastboot/fuzzy_fastboot/fixtures.cpp b/fastboot/fuzzy_fastboot/fixtures.cpp
new file mode 100644
index 0000000..0a87598
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/fixtures.cpp
@@ -0,0 +1,288 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include <errno.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <termios.h>
+#include <unistd.h>
+#include <chrono>
+#include <cstdlib>
+#include <fstream>
+#include <map>
+#include <random>
+#include <regex>
+#include <set>
+#include <thread>
+#include <vector>
+
+#include <android-base/stringprintf.h>
+#include <gtest/gtest.h>
+
+#include "fastboot_driver.h"
+#include "usb.h"
+
+#include "extensions.h"
+#include "fixtures.h"
+#include "test_utils.h"
+#include "usb_transport_sniffer.h"
+
+namespace fastboot {
+
+int FastBootTest::MatchFastboot(usb_ifc_info* info, const char* local_serial) {
+ if (info->ifc_class != 0xff || info->ifc_subclass != 0x42 || info->ifc_protocol != 0x03) {
+ return -1;
+ }
+
+ cb_scratch = info->device_path;
+
+ // require matching serial number or device path if requested
+ // at the command line with the -s option.
+ if (local_serial && (strcmp(local_serial, info->serial_number) != 0 &&
+ strcmp(local_serial, info->device_path) != 0))
+ return -1;
+ return 0;
+}
+
+bool FastBootTest::UsbStillAvailible() {
+ // For some reason someone decided to prefix the path with "usb:"
+ std::string prefix("usb:");
+ if (std::equal(prefix.begin(), prefix.end(), device_path.begin())) {
+ std::string fname(device_path.begin() + prefix.size(), device_path.end());
+ std::string real_path =
+ android::base::StringPrintf("/sys/bus/usb/devices/%s/serial", fname.c_str());
+ std::ifstream f(real_path.c_str());
+ return f.good();
+ }
+ exit(-1); // This should never happen
+ return true;
+}
+
+RetCode FastBootTest::DownloadCommand(uint32_t size, std::string* response,
+ std::vector<std::string>* info) {
+ return fb->DownloadCommand(size, response, info);
+}
+
+RetCode FastBootTest::SendBuffer(const std::vector<char>& buf) {
+ return fb->SendBuffer(buf);
+}
+
+RetCode FastBootTest::HandleResponse(std::string* response, std::vector<std::string>* info,
+ int* dsize) {
+ return fb->HandleResponse(response, info, dsize);
+}
+
+void FastBootTest::SetUp() {
+ if (device_path != "") { // make sure the device is still connected
+ ASSERT_TRUE(UsbStillAvailible()); // The device disconnected
+ }
+
+ const auto matcher = [](usb_ifc_info* info) -> int { return MatchFastboot(info, nullptr); };
+ for (int i = 0; i < MAX_USB_TRIES && !transport; i++) {
+ std::unique_ptr<UsbTransport> usb(usb_open(matcher, USB_TIMEOUT));
+ if (usb)
+ transport = std::unique_ptr<UsbTransportSniffer>(
+ new UsbTransportSniffer(std::move(usb), serial_port));
+ std::this_thread::sleep_for(std::chrono::milliseconds(10));
+ }
+
+ ASSERT_TRUE(transport); // no nullptr
+
+ if (device_path == "") { // We set it the first time, then make sure it never changes
+ device_path = cb_scratch;
+ } else {
+ ASSERT_EQ(device_path, cb_scratch); // The path can not change
+ }
+ fb = std::unique_ptr<FastBootDriver>(
+ new FastBootDriver(transport.get(), [](std::string&) {}, true));
+}
+
+void FastBootTest::TearDown() {
+ EXPECT_TRUE(UsbStillAvailible()) << USB_PORT_GONE;
+
+ TearDownSerial();
+
+ fb.reset();
+
+ if (transport) {
+ transport->Close();
+ transport.reset();
+ }
+
+ ASSERT_TRUE(UsbStillAvailible()) << USB_PORT_GONE;
+}
+
+// TODO, this should eventually be piped to a file instead of stdout
+void FastBootTest::TearDownSerial() {
+ if (!transport) return;
+ // One last read from serial
+ transport->ProcessSerial();
+ if (HasFailure()) {
+ // TODO, print commands leading up
+ printf("<<<<<<<< TRACE BEGIN >>>>>>>>>\n");
+ printf("%s", transport->CreateTrace().c_str());
+ printf("<<<<<<<< TRACE END >>>>>>>>>\n");
+ // std::vector<std::pair<const TransferType, const std::vector<char>>> prev =
+ // transport->Transfers();
+ }
+}
+
+void FastBootTest::SetLockState(bool unlock, bool assert_change) {
+ if (!fb) {
+ return;
+ }
+
+ std::string resp;
+ std::vector<std::string> info;
+ // To avoid risk of bricking device, make sure unlock ability is set to 1
+ ASSERT_EQ(fb->RawCommand("flashing get_unlock_ability", &resp, &info), SUCCESS)
+ << "'flashing get_unlock_ability' failed";
+
+ // There are two ways this can be reported, through info or the actual response
+ if (!resp.empty()) { // must be in the info response
+ ASSERT_EQ(resp.back(), '1')
+ << "Unlock ability must be set to 1 to avoid bricking device, see "
+ "'https://source.android.com/devices/bootloader/unlock-trusty'";
+ } else {
+ ASSERT_FALSE(info.empty()) << "'flashing get_unlock_ability' returned empty response";
+ ASSERT_FALSE(info.back().empty()) << "Expected non-empty info response";
+ ASSERT_EQ(info.back().back(), '1')
+ << "Unlock ability must be set to 1 to avoid bricking device, see "
+ "'https://source.android.com/devices/bootloader/unlock-trusty'";
+ }
+
+ EXPECT_EQ(fb->GetVar("unlocked", &resp), SUCCESS) << "getvar:unlocked failed";
+ ASSERT_TRUE(resp == "no" || resp == "yes")
+ << "getvar:unlocked response was not 'no' or 'yes': " + resp;
+
+ if ((unlock && resp == "no") || (!unlock && resp == "yes")) {
+ std::string cmd = unlock ? "unlock" : "lock";
+ ASSERT_EQ(fb->RawCommand("flashing " + cmd, &resp), SUCCESS)
+ << "Attempting to change locked state, but 'flashing" + cmd + "' command failed";
+ fb.reset();
+ transport->Close();
+ transport.reset();
+ printf("PLEASE RESPOND TO PROMPT FOR '%sing' BOOTLOADER ON DEVICE\n", cmd.c_str());
+ while (UsbStillAvailible())
+ ; // Wait for disconnect
+ printf("WAITING FOR DEVICE");
+ // Need to wait for device
+ const auto matcher = [](usb_ifc_info* info) -> int { return MatchFastboot(info, nullptr); };
+ while (!transport) {
+ std::unique_ptr<UsbTransport> usb(usb_open(matcher, USB_TIMEOUT));
+ if (usb) {
+ transport = std::unique_ptr<UsbTransportSniffer>(
+ new UsbTransportSniffer(std::move(usb), serial_port));
+ }
+ std::this_thread::sleep_for(std::chrono::milliseconds(1000));
+ putchar('.');
+ }
+ device_path = cb_scratch;
+ fb = std::unique_ptr<FastBootDriver>(
+ new FastBootDriver(transport.get(), [](std::string&) {}, true));
+ if (assert_change) {
+ ASSERT_EQ(fb->GetVar("unlocked", &resp), SUCCESS) << "getvar:unlocked failed";
+ ASSERT_EQ(resp, unlock ? "yes" : "no")
+ << "getvar:unlocked response was not 'no' or 'yes': " + resp;
+ }
+ printf("SUCCESS\n");
+ }
+}
+
+std::string FastBootTest::device_path = "";
+std::string FastBootTest::cb_scratch = "";
+int FastBootTest::serial_port = 0;
+
+template <bool UNLOCKED>
+void ModeTest<UNLOCKED>::SetUp() {
+ ASSERT_NO_FATAL_FAILURE(FastBootTest::SetUp());
+ ASSERT_NO_FATAL_FAILURE(SetLockState(UNLOCKED));
+}
+// Need to instatiate it, so linker can find it later
+template class ModeTest<true>;
+template class ModeTest<false>;
+
+void Fuzz::TearDown() {
+ ASSERT_TRUE(UsbStillAvailible()) << USB_PORT_GONE;
+
+ TearDownSerial();
+
+ std::string tmp;
+ if (fb->GetVar("product", &tmp) != SUCCESS) {
+ printf("DEVICE UNRESPONSE, attempting to recover...");
+ transport->Reset();
+ printf("issued USB reset...");
+
+ if (fb->GetVar("product", &tmp) != SUCCESS) {
+ printf("FAIL\n");
+ exit(-1);
+ }
+ printf("SUCCESS!\n");
+ }
+
+ if (transport) {
+ transport->Close();
+ transport.reset();
+ }
+
+ ASSERT_TRUE(UsbStillAvailible()) << USB_PORT_GONE;
+}
+
+template <bool UNLOCKED>
+void ExtensionsPartition<UNLOCKED>::SetUp() {
+ ASSERT_NO_FATAL_FAILURE(FastBootTest::SetUp());
+ ASSERT_NO_FATAL_FAILURE(SetLockState(UNLOCKED));
+
+ if (!fb) {
+ return;
+ }
+ const std::string name = GetParam().first;
+
+ std::string var;
+ ASSERT_EQ(fb->GetVar("slot-count", &var), SUCCESS) << "Getting slot count failed";
+ int32_t num_slots = strtol(var.c_str(), nullptr, 10);
+ real_parts = GeneratePartitionNames(name, GetParam().second.slots ? num_slots : 0);
+
+ ASSERT_EQ(fb->GetVar("partition-size:" + real_parts.front(), &var), SUCCESS)
+ << "Getting partition size failed";
+ part_size = strtoll(var.c_str(), nullptr, 16);
+ ASSERT_GT(part_size, 0) << "Partition size reported was invalid";
+
+ ASSERT_EQ(fb->GetVar("max-download-size", &var), SUCCESS) << "Getting max download size failed";
+ max_dl = strtoll(var.c_str(), nullptr, 16);
+ ASSERT_GT(max_dl, 0) << "Max download size reported was invalid";
+
+ max_flash = std::min(part_size, max_dl);
+}
+template class ExtensionsPartition<true>;
+template class ExtensionsPartition<false>;
+
+} // end namespace fastboot
diff --git a/fastboot/fuzzy_fastboot/fixtures.h b/fastboot/fuzzy_fastboot/fixtures.h
new file mode 100644
index 0000000..efbf43c
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/fixtures.h
@@ -0,0 +1,136 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#pragma once
+#include <gtest/gtest.h>
+
+#include "fastboot_driver.h"
+
+#include "extensions.h"
+#include "usb_transport_sniffer.h"
+
+namespace fastboot {
+
+const int USB_TIMEOUT = 30000;
+
+constexpr char USB_PORT_GONE[] =
+ "The USB port has disappeared, this is usually due to the bootloader crashing";
+
+class FastBootTest : public testing::Test {
+ public:
+ static int serial_port;
+ static constexpr int MAX_USB_TRIES = 10;
+
+ static int MatchFastboot(usb_ifc_info* info, const char* local_serial = nullptr);
+ bool UsbStillAvailible();
+
+ protected:
+ RetCode DownloadCommand(uint32_t size, std::string* response = nullptr,
+ std::vector<std::string>* info = nullptr);
+
+ RetCode SendBuffer(const std::vector<char>& buf);
+ RetCode HandleResponse(std::string* response = nullptr,
+ std::vector<std::string>* info = nullptr, int* dsize = nullptr);
+
+ void SetUp() override;
+ void TearDown() override;
+ void TearDownSerial();
+ void SetLockState(bool unlock, bool assert_change = true);
+
+ std::unique_ptr<UsbTransportSniffer> transport;
+ std::unique_ptr<FastBootDriver> fb;
+
+ private:
+ // This is an annoying hack
+ static std::string cb_scratch;
+ static std::string device_path;
+};
+
+template <bool UNLOCKED>
+class ModeTest : public FastBootTest {
+ protected:
+ void SetUp() override;
+};
+
+class Fuzz : public ModeTest<true> {
+ protected:
+ void TearDown() override;
+};
+
+// These derived classes without overrides serve no purpose other than to allow gtest to name them
+// differently
+class BasicFunctionality : public ModeTest<true> {};
+class Conformance : public ModeTest<true> {};
+class UnlockPermissions : public ModeTest<true> {};
+class LockPermissions : public ModeTest<false> {};
+
+// Magic C++ double inheritance
+class ExtensionsGetVarConformance
+ : public ModeTest<true>,
+ public ::testing::WithParamInterface<
+ std::pair<std::string, extension::Configuration::GetVar>> {};
+
+class ExtensionsOemConformance
+ : public ModeTest<true>,
+ public ::testing::WithParamInterface<
+ std::tuple<std::string, bool, extension::Configuration::CommandTest>> {};
+
+class ExtensionsPackedValid
+ : public ModeTest<true>,
+ public ::testing::WithParamInterface<
+ std::pair<std::string, extension::Configuration::PackedInfoTest>> {};
+
+class ExtensionsPackedInvalid
+ : public ModeTest<true>,
+ public ::testing::WithParamInterface<
+ std::pair<std::string, extension::Configuration::PackedInfoTest>> {};
+
+template <bool UNLOCKED>
+class ExtensionsPartition
+ : public FastBootTest,
+ public ::testing::WithParamInterface<
+ std::pair<std::string, extension::Configuration::PartitionInfo>> {
+ protected:
+ void SetUp() override;
+ int64_t part_size;
+ int64_t max_flash;
+ int64_t max_dl;
+ std::vector<std::string> real_parts; // includes the slots
+};
+
+class AnyPartition : public ExtensionsPartition<true> {};
+class WriteablePartition : public ExtensionsPartition<true> {};
+class WriteHashablePartition : public ExtensionsPartition<true> {};
+class WriteHashNonParsedPartition : public ExtensionsPartition<true> {};
+
+class FuzzWriteablePartition : public ExtensionsPartition<true> {};
+class FuzzWriteableParsedPartition : public ExtensionsPartition<true> {};
+class FuzzAnyPartitionLocked : public ExtensionsPartition<false> {};
+
+class UserdataPartition : public ExtensionsPartition<true> {};
+
+} // end namespace fastboot
diff --git a/fastboot/fuzzy_fastboot/main.cpp b/fastboot/fuzzy_fastboot/main.cpp
new file mode 100644
index 0000000..8dd46bc
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/main.cpp
@@ -0,0 +1,1489 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include <errno.h>
+#include <fcntl.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <unistd.h>
+#include <chrono>
+#include <cstdlib>
+#include <fstream>
+#include <map>
+#include <random>
+#include <regex>
+#include <set>
+#include <thread>
+#include <vector>
+
+#include <android-base/stringprintf.h>
+#include <gtest/gtest.h>
+#include <sparse/sparse.h>
+
+#include "fastboot_driver.h"
+#include "usb.h"
+
+#include "extensions.h"
+#include "fixtures.h"
+#include "test_utils.h"
+#include "usb_transport_sniffer.h"
+
+namespace fastboot {
+
+extension::Configuration config; // The parsed XML config
+
+std::string SEARCH_PATH;
+std::string OUTPUT_PATH;
+
+// gtest's INSTANTIATE_TEST_CASE_P() must be at global scope,
+// so our autogenerated tests must be as well
+std::vector<std::pair<std::string, extension::Configuration::GetVar>> GETVAR_XML_TESTS;
+std::vector<std::tuple<std::string, bool, extension::Configuration::CommandTest>> OEM_XML_TESTS;
+std::vector<std::pair<std::string, extension::Configuration::PartitionInfo>> PARTITION_XML_TESTS;
+std::vector<std::pair<std::string, extension::Configuration::PartitionInfo>>
+ PARTITION_XML_WRITEABLE;
+std::vector<std::pair<std::string, extension::Configuration::PartitionInfo>>
+ PARTITION_XML_WRITE_HASHABLE;
+std::vector<std::pair<std::string, extension::Configuration::PartitionInfo>>
+ PARTITION_XML_WRITE_PARSED;
+std::vector<std::pair<std::string, extension::Configuration::PartitionInfo>>
+ PARTITION_XML_WRITE_HASH_NONPARSED;
+std::vector<std::pair<std::string, extension::Configuration::PartitionInfo>>
+ PARTITION_XML_USERDATA_CHECKSUM_WRITEABLE;
+std::vector<std::pair<std::string, extension::Configuration::PackedInfoTest>>
+ PACKED_XML_SUCCESS_TESTS;
+std::vector<std::pair<std::string, extension::Configuration::PackedInfoTest>> PACKED_XML_FAIL_TESTS;
+
+const std::string DEFAULT_OUPUT_NAME = "out.img";
+// const char scratch_partition[] = "userdata";
+const std::vector<std::string> CMDS{"boot", "continue", "download:", "erase:",
+ "flash:", "getvar:", "powerdown", "reboot",
+ "set_active:", "upload", "verify"};
+
+// For pretty printing we need all these overloads
+::std::ostream& operator<<(::std::ostream& os, const RetCode& ret) {
+ return os << FastBootDriver::RCString(ret);
+}
+
+bool PartitionHash(FastBootDriver* fb, const std::string& part, std::string* hash, int* retcode,
+ std::string* err_msg) {
+ if (config.checksum.empty()) {
+ return -1;
+ }
+
+ std::string resp;
+ std::vector<std::string> info;
+ const std::string cmd = config.checksum + ' ' + part;
+ RetCode ret;
+ if ((ret = fb->RawCommand(cmd, &resp, &info)) != SUCCESS) {
+ *err_msg =
+ android::base::StringPrintf("Hashing partition with command '%s' failed with: %s",
+ cmd.c_str(), fb->RCString(ret).c_str());
+ return false;
+ }
+ std::stringstream imploded;
+ std::copy(info.begin(), info.end(), std::ostream_iterator<std::string>(imploded, "\n"));
+
+ // If payload, we validate that as well
+ const std::vector<std::string> args = SplitBySpace(config.checksum_parser);
+ std::vector<std::string> prog_args(args.begin() + 1, args.end());
+ prog_args.push_back(resp); // Pass in the full command
+ prog_args.push_back(SEARCH_PATH + imploded.str()); // Pass in the save location
+
+ int pipe;
+ pid_t pid = StartProgram(args[0], prog_args, &pipe);
+ if (pid <= 0) {
+ *err_msg = android::base::StringPrintf("Launching hash parser '%s' failed with: %s",
+ config.checksum_parser.c_str(), strerror(errno));
+ return false;
+ }
+ *retcode = WaitProgram(pid, pipe, hash);
+ if (*retcode) {
+ // In this case the stderr pipe is a log message
+ *err_msg = android::base::StringPrintf("Hash parser '%s' failed with: %s",
+ config.checksum_parser.c_str(), hash->c_str());
+ return false;
+ }
+
+ return true;
+}
+
+// Only allow alphanumeric, _, -, and .
+const auto not_allowed = [](char c) -> int {
+ return !(isalnum(c) || c == '_' || c == '-' || c == '.');
+};
+
+// Test that USB even works
+TEST(USBFunctionality, USBConnect) {
+ const auto matcher = [](usb_ifc_info* info) -> int {
+ return FastBootTest::MatchFastboot(info, nullptr);
+ };
+ Transport* transport = nullptr;
+ for (int i = 0; i < FastBootTest::MAX_USB_TRIES && !transport; i++) {
+ transport = usb_open(matcher);
+ std::this_thread::sleep_for(std::chrono::milliseconds(10));
+ }
+ ASSERT_NE(transport, nullptr) << "Could not find the fastboot device after: "
+ << 10 * FastBootTest::MAX_USB_TRIES << "ms";
+ if (transport) {
+ transport->Close();
+ delete transport;
+ }
+}
+
+// Conformance tests
+TEST_F(Conformance, GetVar) {
+ std::string product;
+ EXPECT_EQ(fb->GetVar("product", &product), SUCCESS) << "getvar:product failed";
+ EXPECT_NE(product, "") << "getvar:product response was empty string";
+ EXPECT_EQ(std::count_if(product.begin(), product.end(), not_allowed), 0)
+ << "getvar:product response contained illegal chars";
+ EXPECT_LE(product.size(), FB_RESPONSE_SZ - 4) << "getvar:product response was too large";
+}
+
+TEST_F(Conformance, GetVarVersionBootloader) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("version-bootloader", &var), SUCCESS)
+ << "getvar:version-bootloader failed";
+ EXPECT_NE(var, "") << "getvar:version-bootloader response was empty string";
+ EXPECT_EQ(std::count_if(var.begin(), var.end(), not_allowed), 0)
+ << "getvar:version-bootloader response contained illegal chars";
+ EXPECT_LE(var.size(), FB_RESPONSE_SZ - 4) << "getvar:version-bootloader response was too large";
+}
+
+TEST_F(Conformance, GetVarVersionBaseband) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("version-baseband", &var), SUCCESS) << "getvar:version-baseband failed";
+ EXPECT_NE(var, "") << "getvar:version-baseband response was empty string";
+ EXPECT_EQ(std::count_if(var.begin(), var.end(), not_allowed), 0)
+ << "getvar:version-baseband response contained illegal chars";
+ EXPECT_LE(var.size(), FB_RESPONSE_SZ - 4) << "getvar:version-baseband response was too large";
+}
+
+TEST_F(Conformance, GetVarSerialNo) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("serialno", &var), SUCCESS) << "getvar:serialno failed";
+ EXPECT_NE(var, "") << "getvar:serialno can not be empty string";
+ EXPECT_EQ(std::count_if(var.begin(), var.end(), isalnum), var.size())
+ << "getvar:serialno must be alpha-numeric";
+ EXPECT_LE(var.size(), FB_RESPONSE_SZ - 4) << "getvar:serialno response is too long";
+}
+
+TEST_F(Conformance, GetVarSecure) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("secure", &var), SUCCESS);
+ EXPECT_TRUE(var == "yes" || var == "no");
+}
+
+TEST_F(Conformance, GetVarOffModeCharge) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("off-mode-charge", &var), SUCCESS) << "getvar:off-mode-charge failed";
+ EXPECT_TRUE(var == "0" || var == "1") << "getvar:off-mode-charge response must be '0' or '1'";
+}
+
+TEST_F(Conformance, GetVarVariant) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("variant", &var), SUCCESS) << "getvar:variant failed";
+ EXPECT_NE(var, "") << "getvar:variant response can not be empty";
+ EXPECT_LE(var.size(), FB_RESPONSE_SZ - 4) << "getvar:variant response is too large";
+}
+
+TEST_F(Conformance, GetVarRevision) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("hw-revision", &var), SUCCESS) << "getvar:hw-revision failed";
+ EXPECT_NE(var, "") << "getvar:battery-voltage response was empty";
+ EXPECT_EQ(std::count_if(var.begin(), var.end(), not_allowed), 0)
+ << "getvar:hw-revision contained illegal ASCII chars";
+ EXPECT_LE(var.size(), FB_RESPONSE_SZ - 4) << "getvar:hw-revision response was too large";
+}
+
+TEST_F(Conformance, GetVarBattVoltage) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("battery-voltage", &var), SUCCESS) << "getvar:battery-voltage failed";
+ EXPECT_NE(var, "") << "getvar:battery-voltage response was empty";
+ EXPECT_EQ(std::count_if(var.begin(), var.end(), not_allowed), 0)
+ << "getvar:battery-voltage response contains illegal ASCII chars";
+ EXPECT_LE(var.size(), FB_RESPONSE_SZ - 4)
+ << "getvar:battery-voltage response is too large: " + var;
+}
+
+TEST_F(Conformance, GetVarBattVoltageOk) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("battery-soc-ok", &var), SUCCESS) << "getvar:battery-soc-ok failed";
+ EXPECT_TRUE(var == "yes" || var == "no") << "getvar:battery-soc-ok must be 'yes' or 'no'";
+}
+
+TEST_F(Conformance, GetVarDownloadSize) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("max-download-size", &var), SUCCESS) << "getvar:max-download-size failed";
+ EXPECT_NE(var, "") << "getvar:max-download-size responded with empty string";
+ // This must start with 0x
+ EXPECT_FALSE(isspace(var.front()))
+ << "getvar:max-download-size responded with a string with leading whitespace";
+ EXPECT_FALSE(var.compare(0, 2, "0x"))
+ << "getvar:max-download-size responded with a string that does not start with 0x...";
+ int64_t size = strtoll(var.c_str(), nullptr, 16);
+ EXPECT_GT(size, 0) << "'" + var + "' is not a valid response from getvar:max-download-size";
+ // At most 32-bits
+ EXPECT_LE(size, std::numeric_limits<uint32_t>::max())
+ << "getvar:max-download-size must fit in a uint32_t";
+ EXPECT_LE(var.size(), FB_RESPONSE_SZ - 4)
+ << "getvar:max-download-size responded with too large of string: " + var;
+}
+
+TEST_F(Conformance, GetVarAll) {
+ std::vector<std::string> vars;
+ EXPECT_EQ(fb->GetVarAll(&vars), SUCCESS) << "getvar:all failed";
+ EXPECT_GT(vars.size(), 0) << "getvar:all did not respond with any INFO responses";
+ for (const auto s : vars) {
+ EXPECT_LE(s.size(), FB_RESPONSE_SZ - 4)
+ << "getvar:all included an INFO response: 'INFO" + s << "' which is too long";
+ }
+}
+
+TEST_F(Conformance, UnlockAbility) {
+ std::string resp;
+ std::vector<std::string> info;
+ EXPECT_EQ(fb->RawCommand("flashing get_unlock_ability", &resp, &info), SUCCESS)
+ << "'flashing get_unlock_ability' failed";
+ // There are two ways this can be reported, through info or the actual response
+ char last;
+ if (!resp.empty()) { // must be in the response
+ last = resp.back();
+ } else { // else must be in info
+ ASSERT_FALSE(info.empty()) << "'flashing get_unlock_ability' returned empty response";
+ ASSERT_FALSE(info.back().empty()) << "Expected non-empty info response";
+ last = info.back().back();
+ }
+ ASSERT_TRUE(last == '1' || last == '0') << "Unlock ability must report '0' or '1' in response";
+}
+
+TEST_F(Conformance, PartitionInfo) {
+ std::vector<std::tuple<std::string, uint32_t>> parts;
+ EXPECT_EQ(fb->Partitions(&parts), SUCCESS) << "getvar:all failed";
+ EXPECT_GT(parts.size(), 0)
+ << "getvar:all did not report any partition-size: through INFO responses";
+ std::set<std::string> allowed{"ext4", "f2fs", "raw"};
+ for (const auto p : parts) {
+ EXPECT_GT(std::get<1>(p), 0);
+ std::string part(std::get<0>(p));
+ std::set<std::string> allowed{"ext4", "f2fs", "raw"};
+ std::string resp;
+ EXPECT_EQ(fb->GetVar("partition-type:" + part, &resp), SUCCESS);
+ EXPECT_NE(allowed.find(resp), allowed.end()) << "getvar:partition-type:" + part << " was '"
+ << resp << "' this is not a valid type";
+ const std::string cmd = "partition-size:" + part;
+ EXPECT_EQ(fb->GetVar(cmd, &resp), SUCCESS);
+
+ // This must start with 0x
+ EXPECT_FALSE(isspace(resp.front()))
+ << cmd + " responded with a string with leading whitespace";
+ EXPECT_FALSE(resp.compare(0, 2, "0x"))
+ << cmd + "responded with a string that does not start with 0x...";
+ int64_t size = strtoll(resp.c_str(), nullptr, 16);
+ EXPECT_GT(size, 0) << "'" + resp + "' is not a valid response from " + cmd;
+ }
+}
+
+TEST_F(Conformance, Slots) {
+ std::string var;
+ ASSERT_EQ(fb->GetVar("slot-count", &var), SUCCESS) << "getvar:slot-count failed";
+ ASSERT_EQ(std::count_if(var.begin(), var.end(), isdigit), var.size())
+ << "'" << var << "' is not all digits which it should be for getvar:slot-count";
+ int32_t num_slots = strtol(var.c_str(), nullptr, 10);
+
+ // Can't run out of alphabet letters...
+ ASSERT_LE(num_slots, 26) << "What?! You can't have more than 26 slots";
+
+ std::vector<std::tuple<std::string, uint32_t>> parts;
+ EXPECT_EQ(fb->Partitions(&parts), SUCCESS) << "getvar:all failed";
+
+ std::map<std::string, std::set<char>> part_slots;
+ if (num_slots > 0) {
+ EXPECT_EQ(fb->GetVar("current-slot", &var), SUCCESS) << "getvar:current-slot failed";
+
+ for (const auto p : parts) {
+ std::string part(std::get<0>(p));
+ std::regex reg("([[:graph:]]*)_([[:lower:]])");
+ std::smatch sm;
+
+ if (std::regex_match(part, sm, reg)) { // This partition has slots
+ std::string part_base(sm[1]);
+ std::string slot(sm[2]);
+ EXPECT_EQ(fb->GetVar("has-slot:" + part_base, &var), SUCCESS)
+ << "'getvar:has-slot:" << part_base << "' failed";
+ EXPECT_EQ(var, "yes") << "'getvar:has-slot:" << part_base << "' was not 'yes'";
+ EXPECT_TRUE(islower(slot.front()))
+ << "'" << slot.front() << "' is an invalid slot-suffix for " << part_base;
+ std::set<char> tmp{slot.front()};
+ part_slots.emplace(part_base, tmp);
+ part_slots.at(part_base).insert(slot.front());
+ } else {
+ EXPECT_EQ(fb->GetVar("has-slot:" + part, &var), SUCCESS)
+ << "'getvar:has-slot:" << part << "' failed";
+ EXPECT_EQ(var, "no") << "'getvar:has-slot:" << part << "' should be no";
+ }
+ }
+ // Ensure each partition has the correct slot suffix
+ for (const auto iter : part_slots) {
+ const std::set<char>& char_set = iter.second;
+ std::string chars;
+ for (char c : char_set) {
+ chars += c;
+ chars += ',';
+ }
+ EXPECT_EQ(char_set.size(), num_slots)
+ << "There should only be slot suffixes from a to " << 'a' + num_slots - 1
+ << " instead encountered: " << chars;
+ for (const char c : char_set) {
+ EXPECT_GE(c, 'a') << "Encountered invalid slot suffix of '" << c << "'";
+ EXPECT_LT(c, 'a' + num_slots) << "Encountered invalid slot suffix of '" << c << "'";
+ }
+ }
+ }
+}
+
+TEST_F(Conformance, SetActive) {
+ std::string var;
+ ASSERT_EQ(fb->GetVar("slot-count", &var), SUCCESS) << "getvar:slot-count failed";
+ ASSERT_EQ(std::count_if(var.begin(), var.end(), isdigit), var.size())
+ << "'" << var << "' is not all digits which it should be for getvar:slot-count";
+ int32_t num_slots = strtol(var.c_str(), nullptr, 10);
+
+ // Can't run out of alphabet letters...
+ ASSERT_LE(num_slots, 26) << "You can't have more than 26 slots";
+
+ for (char c = 'a'; c < 'a' + num_slots; c++) {
+ const std::string slot(&c, &c + 1);
+ ASSERT_EQ(fb->SetActive(slot), SUCCESS) << "Set active for slot '" << c << "' failed";
+ ASSERT_EQ(fb->GetVar("current-slot", &var), SUCCESS) << "getvar:current-slot failed";
+ EXPECT_EQ(var, slot) << "getvar:current-slot repots incorrect slot after setting it";
+ }
+}
+
+TEST_F(Conformance, LockAndUnlockPrompt) {
+ std::string resp;
+ ASSERT_EQ(fb->GetVar("unlocked", &resp), SUCCESS) << "getvar:unlocked failed";
+ ASSERT_TRUE(resp == "yes" || resp == "no")
+ << "Device did not respond with 'yes' or 'no' for getvar:unlocked";
+ bool curr = resp == "yes";
+
+ for (int i = 0; i < 2; i++) {
+ std::string action = !curr ? "unlock" : "lock";
+ printf("Device should prompt to '%s' bootloader, select 'no'\n", action.c_str());
+ SetLockState(!curr, false);
+ ASSERT_EQ(fb->GetVar("unlocked", &resp), SUCCESS) << "getvar:unlocked failed";
+ ASSERT_EQ(resp, curr ? "yes" : "no") << "The locked/unlocked state of the bootloader "
+ "incorrectly changed after selecting no";
+ printf("Device should prompt to '%s' bootloader, select 'yes'\n", action.c_str());
+ SetLockState(!curr, true);
+ ASSERT_EQ(fb->GetVar("unlocked", &resp), SUCCESS) << "getvar:unlocked failed";
+ ASSERT_EQ(resp, !curr ? "yes" : "no") << "The locked/unlocked state of the bootloader "
+ "failed to change after selecting yes";
+ curr = !curr;
+ }
+}
+
+TEST_F(Conformance, SparseBlockSupport0) {
+ // The sparse block size can be any multiple of 4
+ std::string var;
+ EXPECT_EQ(fb->GetVar("max-download-size", &var), SUCCESS) << "getvar:max-download-size failed";
+ int64_t size = strtoll(var.c_str(), nullptr, 16);
+
+ // It is reasonable to expect it to handle a single dont care block equal to its DL size
+ for (int64_t bs = 4; bs < size; bs <<= 1) {
+ SparseWrapper sparse(bs, bs);
+ ASSERT_TRUE(*sparse) << "Sparse file creation failed on: " << bs;
+ EXPECT_EQ(fb->Download(*sparse), SUCCESS) << "Download sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Download(*sparse, true), SUCCESS)
+ << "Download sparse with crc failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+ }
+}
+
+TEST_F(Conformance, SparseBlockSupport1) {
+ // The sparse block size can be any multiple of 4
+ std::string var;
+ EXPECT_EQ(fb->GetVar("max-download-size", &var), SUCCESS) << "getvar:max-download-size failed";
+ int64_t size = strtoll(var.c_str(), nullptr, 16);
+
+ // handle a packed block to half its max download size block
+ for (int64_t bs = 4; bs < size / 2; bs <<= 1) {
+ SparseWrapper sparse(bs, bs);
+ ASSERT_TRUE(*sparse) << "Sparse file creation failed on: " << bs;
+ std::vector<char> buf = RandomBuf(bs);
+ ASSERT_EQ(sparse_file_add_data(*sparse, buf.data(), buf.size(), 0), 0)
+ << "Adding data failed to sparse file: " << sparse.Rep();
+ EXPECT_EQ(fb->Download(*sparse), SUCCESS) << "Download sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Download(*sparse, true), SUCCESS)
+ << "Download sparse with crc failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+ }
+}
+
+// A single don't care download
+TEST_F(Conformance, SparseDownload0) {
+ SparseWrapper sparse(4096, 4096);
+ ASSERT_TRUE(*sparse) << "Sparse image creation failed";
+ EXPECT_EQ(fb->Download(*sparse), SUCCESS) << "Download sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Download(*sparse, true), SUCCESS)
+ << "Download sparse with crc failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+}
+
+TEST_F(Conformance, SparseDownload1) {
+ SparseWrapper sparse(4096, 10 * 4096);
+ ASSERT_TRUE(*sparse) << "Sparse image creation failed";
+ std::vector<char> buf = RandomBuf(4096);
+ ASSERT_EQ(sparse_file_add_data(*sparse, buf.data(), buf.size(), 9), 0)
+ << "Adding data failed to sparse file: " << sparse.Rep();
+ EXPECT_EQ(fb->Download(*sparse), SUCCESS) << "Download sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Download(*sparse, true), SUCCESS)
+ << "Download sparse with crc failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+}
+
+TEST_F(Conformance, SparseDownload2) {
+ SparseWrapper sparse(4096, 4097);
+ ASSERT_TRUE(*sparse) << "Sparse image creation failed";
+ std::vector<char> buf = RandomBuf(4096);
+ ASSERT_EQ(sparse_file_add_data(*sparse, buf.data(), buf.size(), 0), 0)
+ << "Adding data failed to sparse file: " << sparse.Rep();
+ std::vector<char> buf2 = RandomBuf(1);
+ ASSERT_EQ(sparse_file_add_data(*sparse, buf.data(), buf.size(), 1), 0)
+ << "Adding data failed to sparse file: " << sparse.Rep();
+ EXPECT_EQ(fb->Download(*sparse), SUCCESS) << "Download sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Download(*sparse, true), SUCCESS)
+ << "Download sparse with crc failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+}
+
+TEST_F(Conformance, SparseDownload3) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("max-download-size", &var), SUCCESS) << "getvar:max-download-size failed";
+ int size = strtoll(var.c_str(), nullptr, 16);
+
+ SparseWrapper sparse(4096, size);
+ ASSERT_TRUE(*sparse) << "Sparse image creation failed";
+ // Don't want this to take forever
+ unsigned num_chunks = std::min(1000, size / (2 * 4096));
+ for (int i = 0; i < num_chunks; i++) {
+ std::vector<char> buf;
+ int r = random_int(0, 2);
+ // Three cases
+ switch (r) {
+ case 0:
+ break; // Dont Care chunnk
+ case 1: // Buffer
+ buf = RandomBuf(4096);
+ ASSERT_EQ(sparse_file_add_data(*sparse, buf.data(), buf.size(), i), 0)
+ << "Adding data failed to sparse file: " << sparse.Rep();
+ break;
+ case 2: // fill
+ ASSERT_EQ(sparse_file_add_fill(*sparse, 0xdeadbeef, 4096, i), 0)
+ << "Adding fill to sparse file failed: " << sparse.Rep();
+ break;
+ }
+ }
+ EXPECT_EQ(fb->Download(*sparse), SUCCESS) << "Download sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Download(*sparse, true), SUCCESS)
+ << "Download sparse with crc failed: " << sparse.Rep();
+ EXPECT_EQ(fb->Flash("userdata"), SUCCESS) << "Flashing sparse failed: " << sparse.Rep();
+}
+
+TEST_F(UnlockPermissions, Download) {
+ std::vector<char> buf{'a', 'o', 's', 'p'};
+ EXPECT_EQ(fb->Download(buf), SUCCESS) << "Download 4-byte payload failed";
+}
+
+TEST_F(UnlockPermissions, DownloadFlash) {
+ std::vector<char> buf{'a', 'o', 's', 'p'};
+ EXPECT_EQ(fb->Download(buf), SUCCESS) << "Download failed in unlocked mode";
+ ;
+ std::vector<std::tuple<std::string, uint32_t>> parts;
+ EXPECT_EQ(fb->Partitions(&parts), SUCCESS) << "getvar:all failed in unlocked mode";
+}
+
+TEST_F(LockPermissions, DownloadFlash) {
+ std::vector<char> buf{'a', 'o', 's', 'p'};
+ EXPECT_EQ(fb->Download(buf), SUCCESS) << "Download failed in locked mode";
+ std::vector<std::tuple<std::string, uint32_t>> parts;
+ EXPECT_EQ(fb->Partitions(&parts), SUCCESS) << "getvar:all failed in locked mode";
+ std::string resp;
+ for (const auto tup : parts) {
+ EXPECT_EQ(fb->Flash(std::get<0>(tup), &resp), DEVICE_FAIL)
+ << "Device did not respond with FAIL when trying to flash '" << std::get<0>(tup)
+ << "' in locked mode";
+ EXPECT_GT(resp.size(), 0)
+ << "Device sent empty error message after FAIL"; // meaningful error message
+ }
+}
+
+TEST_F(LockPermissions, Erase) {
+ std::vector<std::tuple<std::string, uint32_t>> parts;
+ EXPECT_EQ(fb->Partitions(&parts), SUCCESS) << "getvar:all failed";
+ std::string resp;
+ for (const auto tup : parts) {
+ EXPECT_EQ(fb->Erase(std::get<0>(tup), &resp), DEVICE_FAIL)
+ << "Device did not respond with FAIL when trying to erase '" << std::get<0>(tup)
+ << "' in locked mode";
+ EXPECT_GT(resp.size(), 0) << "Device sent empty error message after FAIL";
+ }
+}
+
+TEST_F(LockPermissions, SetActive) {
+ std::vector<std::tuple<std::string, uint32_t>> parts;
+ EXPECT_EQ(fb->Partitions(&parts), SUCCESS) << "getvar:all failed";
+
+ std::string resp;
+ EXPECT_EQ(fb->GetVar("slot-count", &resp), SUCCESS) << "getvar:slot-count failed";
+ int32_t num_slots = strtol(resp.c_str(), nullptr, 10);
+
+ for (const auto tup : parts) {
+ std::string part(std::get<0>(tup));
+ std::regex reg("([[:graph:]]*)_([[:lower:]])");
+ std::smatch sm;
+
+ if (std::regex_match(part, sm, reg)) { // This partition has slots
+ std::string part_base(sm[1]);
+ for (char c = 'a'; c < 'a' + num_slots; c++) {
+ // We should not be able to SetActive any of these
+ EXPECT_EQ(fb->SetActive(part_base + '_' + c, &resp), DEVICE_FAIL)
+ << "set:active:" << part_base + '_' + c << " did not fail in locked mode";
+ }
+ }
+ }
+}
+
+TEST_F(LockPermissions, Boot) {
+ std::vector<char> buf;
+ buf.resize(1000);
+ EXPECT_EQ(fb->Download(buf), SUCCESS) << "A 1000 byte download failed";
+ std::string resp;
+ ASSERT_EQ(fb->Boot(&resp), DEVICE_FAIL)
+ << "The device did not respond with failure for 'boot' when locked";
+ EXPECT_GT(resp.size(), 0) << "No error message was returned by device after FAIL";
+}
+
+TEST_F(Fuzz, DownloadSize) {
+ std::string var;
+ EXPECT_EQ(fb->GetVar("max-download-size", &var), SUCCESS) << "getvar:max-download-size failed";
+ int64_t size = strtoll(var.c_str(), nullptr, 0);
+ EXPECT_GT(size, 0) << '\'' << var << "' is not a valid response for getvar:max-download-size";
+
+ EXPECT_EQ(DownloadCommand(size + 1), DEVICE_FAIL)
+ << "Device reported max-download-size as '" << size
+ << "' but did not reject a download of " << size + 1;
+
+ std::vector<char> buf(size);
+ EXPECT_EQ(fb->Download(buf), SUCCESS) << "Device reported max-download-size as '" << size
+ << "' but downloading a payload of this size failed";
+ ASSERT_TRUE(UsbStillAvailible()) << USB_PORT_GONE;
+}
+
+TEST_F(Fuzz, DownloadPartialBuf) {
+ std::vector<char> buf{'a', 'o', 's', 'p'};
+ ASSERT_EQ(DownloadCommand(buf.size() + 1), SUCCESS)
+ << "Download command for " << buf.size() + 1 << " bytes failed";
+
+ std::string resp;
+ RetCode ret = SendBuffer(buf);
+ EXPECT_EQ(ret, SUCCESS) << "Device did not accept partial payload download";
+ // Send the partial buffer, then cancel it with a reset
+ EXPECT_EQ(transport->Reset(), 0) << "USB reset failed";
+
+ ASSERT_TRUE(UsbStillAvailible()) << USB_PORT_GONE;
+ // The device better still work after all that if we unplug and replug
+ EXPECT_EQ(fb->GetVar("product", &resp), SUCCESS) << "getvar:product failed";
+}
+
+TEST_F(Fuzz, DownloadOverRun) {
+ std::vector<char> buf(1000, 'F');
+ ASSERT_EQ(DownloadCommand(10), SUCCESS) << "Device rejected download request for 10 bytes";
+ // There are two ways to handle this
+ // Accept download, but send error response
+ // Reject the download outright
+ std::string resp;
+ RetCode ret = SendBuffer(buf);
+ if (ret == SUCCESS) {
+ // If it accepts the buffer, it better send back an error response
+ EXPECT_EQ(HandleResponse(&resp), DEVICE_FAIL)
+ << "After sending too large of a payload for a download command, device accepted "
+ "payload and did not respond with FAIL";
+ } else {
+ EXPECT_EQ(ret, IO_ERROR) << "After sending too large of a payload for a download command, "
+ "device did not return error";
+ }
+
+ ASSERT_TRUE(UsbStillAvailible()) << USB_PORT_GONE;
+ // The device better still work after all that if we unplug and replug
+ EXPECT_EQ(transport->Reset(), 0) << "USB reset failed";
+ EXPECT_EQ(fb->GetVar("product", &resp), SUCCESS)
+ << "Device did not respond with SUCCESS to getvar:product.";
+}
+
+TEST_F(Fuzz, DownloadInvalid1) {
+ EXPECT_EQ(DownloadCommand(0), DEVICE_FAIL)
+ << "Device did not respond with FAIL for malformed download command 'download:0'";
+}
+
+TEST_F(Fuzz, DownloadInvalid2) {
+ std::string cmd("download:1");
+ EXPECT_EQ(fb->RawCommand("download:1"), DEVICE_FAIL)
+ << "Device did not respond with FAIL for malformed download command '" << cmd << "'";
+}
+
+TEST_F(Fuzz, DownloadInvalid3) {
+ std::string cmd("download:-1");
+ EXPECT_EQ(fb->RawCommand("download:-1"), DEVICE_FAIL)
+ << "Device did not respond with FAIL for malformed download command '" << cmd << "'";
+}
+
+TEST_F(Fuzz, DownloadInvalid4) {
+ std::string cmd("download:-01000000");
+ EXPECT_EQ(fb->RawCommand(cmd), DEVICE_FAIL)
+ << "Device did not respond with FAIL for malformed download command '" << cmd << "'";
+}
+
+TEST_F(Fuzz, DownloadInvalid5) {
+ std::string cmd("download:-0100000");
+ EXPECT_EQ(fb->RawCommand(cmd), DEVICE_FAIL)
+ << "Device did not respond with FAIL for malformed download command '" << cmd << "'";
+}
+
+TEST_F(Fuzz, DownloadInvalid6) {
+ std::string cmd("download:");
+ EXPECT_EQ(fb->RawCommand(cmd), DEVICE_FAIL)
+ << "Device did not respond with FAIL for malformed download command '" << cmd << "'";
+}
+
+TEST_F(Fuzz, DownloadInvalid7) {
+ std::string cmd("download:01000000\0999", sizeof("download:01000000\0999"));
+ EXPECT_EQ(fb->RawCommand(cmd), DEVICE_FAIL)
+ << "Device did not respond with FAIL for malformed download command '" << cmd << "'";
+}
+
+TEST_F(Fuzz, DownloadInvalid8) {
+ std::string cmd("download:01000000\0dkjfvijafdaiuybgidabgybr",
+ sizeof("download:01000000\0dkjfvijafdaiuybgidabgybr"));
+ EXPECT_EQ(fb->RawCommand(cmd), DEVICE_FAIL)
+ << "Device did not respond with FAIL for malformed download command '" << cmd << "'";
+}
+
+TEST_F(Fuzz, GetVarAllSpam) {
+ auto start = std::chrono::high_resolution_clock::now();
+ std::chrono::duration<double> elapsed;
+ unsigned i = 1;
+ do {
+ std::vector<std::string> vars;
+ ASSERT_EQ(fb->GetVarAll(&vars), SUCCESS) << "Device did not respond with success after "
+ << i << "getvar:all commands in a row";
+ ASSERT_GT(vars.size(), 0)
+ << "Device did not send any INFO responses after getvar:all command";
+ elapsed = std::chrono::high_resolution_clock::now() - start;
+ } while (i++, elapsed.count() < 5);
+}
+
+TEST_F(Fuzz, BadCommandTooLarge) {
+ std::string s = RandomString(fastboot::FB_COMMAND_SZ + 1, rand_legal);
+ EXPECT_EQ(fb->RawCommand(s), DEVICE_FAIL)
+ << "Device did not respond with failure after sending length " << s.size()
+ << " string of random ASCII chars";
+ std::string s1 = RandomString(1000, rand_legal);
+ EXPECT_EQ(fb->RawCommand(s1), DEVICE_FAIL)
+ << "Device did not respond with failure after sending length " << s1.size()
+ << " string of random ASCII chars";
+ std::string s2 = RandomString(1000, rand_illegal);
+ EXPECT_EQ(fb->RawCommand(s2), DEVICE_FAIL)
+ << "Device did not respond with failure after sending length " << s1.size()
+ << " string of random non-ASCII chars";
+ std::string s3 = RandomString(1000, rand_char);
+ EXPECT_EQ(fb->RawCommand(s3), DEVICE_FAIL)
+ << "Device did not respond with failure after sending length " << s1.size()
+ << " string of random chars";
+}
+
+TEST_F(Fuzz, CommandTooLarge) {
+ for (const std::string& s : CMDS) {
+ std::string rs = RandomString(1000, rand_char);
+ EXPECT_EQ(fb->RawCommand(s + rs), DEVICE_FAIL)
+ << "Device did not respond with failure after '" << s + rs << "'";
+ ASSERT_TRUE(UsbStillAvailible()) << USB_PORT_GONE;
+ std::string resp;
+ EXPECT_EQ(fb->GetVar("product", &resp), SUCCESS)
+ << "Device is unresponsive to getvar command";
+ }
+}
+
+TEST_F(Fuzz, CommandMissingArgs) {
+ for (const std::string& s : CMDS) {
+ if (s.back() == ':') {
+ EXPECT_EQ(fb->RawCommand(s), DEVICE_FAIL)
+ << "Device did not respond with failure after '" << s << "'";
+ std::string sub(s.begin(), s.end() - 1);
+ EXPECT_EQ(fb->RawCommand(sub), DEVICE_FAIL)
+ << "Device did not respond with failure after '" << sub << "'";
+ } else {
+ std::string rs = RandomString(10, rand_illegal);
+ EXPECT_EQ(fb->RawCommand(rs + s), DEVICE_FAIL)
+ << "Device did not respond with failure after '" << rs + s << "'";
+ }
+ std::string resp;
+ EXPECT_EQ(fb->GetVar("product", &resp), SUCCESS)
+ << "Device is unresponsive to getvar command";
+ }
+}
+
+TEST_F(Fuzz, USBResetSpam) {
+ auto start = std::chrono::high_resolution_clock::now();
+ std::chrono::duration<double> elapsed;
+ int i = 0;
+ do {
+ ASSERT_EQ(transport->Reset(), 0) << "USB Reset failed after " << i << " resets in a row";
+ elapsed = std::chrono::high_resolution_clock::now() - start;
+ } while (i++, elapsed.count() < 5);
+ std::string resp;
+ EXPECT_EQ(fb->GetVar("product", &resp), SUCCESS)
+ << "getvar failed after " << i << " USB reset(s) in a row";
+}
+
+TEST_F(Fuzz, USBResetCommandSpam) {
+ auto start = std::chrono::high_resolution_clock::now();
+ std::chrono::duration<double> elapsed;
+ do {
+ std::string resp;
+ std::vector<std::string> all;
+ ASSERT_EQ(transport->Reset(), 0) << "USB Reset failed";
+ EXPECT_EQ(fb->GetVarAll(&all), SUCCESS) << "getvar:all failed after USB reset";
+ EXPECT_EQ(fb->GetVar("product", &resp), SUCCESS) << "getvar:product failed";
+ elapsed = std::chrono::high_resolution_clock::now() - start;
+ } while (elapsed.count() < 10);
+}
+
+TEST_F(Fuzz, USBResetAfterDownload) {
+ std::vector<char> buf;
+ buf.resize(1000000);
+ EXPECT_EQ(DownloadCommand(buf.size()), SUCCESS) << "Download command failed";
+ EXPECT_EQ(transport->Reset(), 0) << "USB Reset failed";
+ std::vector<std::string> all;
+ EXPECT_EQ(fb->GetVarAll(&all), SUCCESS) << "getvar:all failed after USB reset.";
+}
+
+// Getvar XML tests
+TEST_P(ExtensionsGetVarConformance, VarExists) {
+ std::string resp;
+ EXPECT_EQ(fb->GetVar(GetParam().first, &resp), SUCCESS);
+}
+
+TEST_P(ExtensionsGetVarConformance, VarMatchesRegex) {
+ std::string resp;
+ ASSERT_EQ(fb->GetVar(GetParam().first, &resp), SUCCESS);
+ std::smatch sm;
+ std::regex_match(resp, sm, GetParam().second.regex);
+ EXPECT_FALSE(sm.empty()) << "The regex did not match";
+}
+
+INSTANTIATE_TEST_CASE_P(XMLGetVar, ExtensionsGetVarConformance,
+ ::testing::ValuesIn(GETVAR_XML_TESTS));
+
+TEST_P(AnyPartition, ReportedGetVarAll) {
+ // As long as the partition is reported in INFO, it would be tested by generic Conformance
+ std::vector<std::tuple<std::string, uint32_t>> parts;
+ ASSERT_EQ(fb->Partitions(&parts), SUCCESS) << "getvar:all failed";
+ const std::string name = GetParam().first;
+ if (GetParam().second.slots) {
+ auto matcher = [&](const std::tuple<std::string, uint32_t>& tup) {
+ return std::get<0>(tup) == name + "_a";
+ };
+ EXPECT_NE(std::find_if(parts.begin(), parts.end(), matcher), parts.end())
+ << "partition '" + name + "_a' not reported in getvar:all";
+ } else {
+ auto matcher = [&](const std::tuple<std::string, uint32_t>& tup) {
+ return std::get<0>(tup) == name;
+ };
+ EXPECT_NE(std::find_if(parts.begin(), parts.end(), matcher), parts.end())
+ << "partition '" + name + "' not reported in getvar:all";
+ }
+}
+
+TEST_P(AnyPartition, Hashable) {
+ const std::string name = GetParam().first;
+ if (!config.checksum.empty()) { // We can use hash to validate
+ for (const auto& part_name : real_parts) {
+ // Get hash
+ std::string hash;
+ int retcode;
+ std::string err_msg;
+ if (GetParam().second.hashable) {
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash, &retcode, &err_msg))
+ << err_msg;
+ EXPECT_EQ(retcode, 0) << err_msg;
+ } else { // Make sure it fails
+ const std::string cmd = config.checksum + ' ' + part_name;
+ EXPECT_EQ(fb->RawCommand(cmd), DEVICE_FAIL)
+ << part_name + " is marked as non-hashable, but hashing did not fail";
+ }
+ }
+ }
+}
+
+TEST_P(WriteablePartition, FlashCheck) {
+ const std::string name = GetParam().first;
+ auto part_info = GetParam().second;
+
+ for (const auto& part_name : real_parts) {
+ std::vector<char> buf = RandomBuf(max_flash, rand_char);
+ EXPECT_EQ(fb->FlashPartition(part_name, buf), part_info.parsed ? DEVICE_FAIL : SUCCESS)
+ << "A partition with an image parsed by the bootloader should reject random "
+ "garbage "
+ "otherwise it should succeed";
+ }
+}
+
+TEST_P(WriteablePartition, EraseCheck) {
+ const std::string name = GetParam().first;
+
+ for (const auto& part_name : real_parts) {
+ ASSERT_EQ(fb->Erase(part_name), SUCCESS) << "Erasing " + part_name + " failed";
+ }
+}
+
+TEST_P(WriteHashNonParsedPartition, EraseZerosData) {
+ const std::string name = GetParam().first;
+
+ for (const auto& part_name : real_parts) {
+ std::string err_msg;
+ int retcode;
+ const std::vector<char> buf = RandomBuf(max_flash, rand_char);
+ // Partition is too big to write to entire thing
+ // This can eventually be supported by using sparse images if too large
+ if (max_flash < part_size) {
+ std::string hash_before, hash_after;
+ ASSERT_EQ(fb->FlashPartition(part_name, buf), SUCCESS);
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_before, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ ASSERT_EQ(fb->Erase(part_name), SUCCESS) << "Erasing " + part_name + " failed";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_after, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_NE(hash_before, hash_after)
+ << "The partition hash for " + part_name +
+ " did not change after erasing a known value";
+ } else {
+ std::string hash_zeros, hash_ones, hash_middle, hash_after;
+ const std::vector<char> buf_zeros(max_flash, 0);
+ const std::vector<char> buf_ones(max_flash, -1); // All bits are set to 1
+ ASSERT_EQ(fb->FlashPartition(part_name, buf_zeros), SUCCESS);
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_zeros, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ ASSERT_EQ(fb->FlashPartition(part_name, buf_ones), SUCCESS);
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_ones, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ ASSERT_NE(hash_zeros, hash_ones)
+ << "Hashes of partion should not be the same when all bytes are 0xFF or 0x00";
+ ASSERT_EQ(fb->FlashPartition(part_name, buf), SUCCESS);
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_middle, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ ASSERT_NE(hash_zeros, hash_middle)
+ << "Hashes of partion are the same when all bytes are 0x00 or test payload";
+ ASSERT_NE(hash_ones, hash_middle)
+ << "Hashes of partion are the same when all bytes are 0xFF or test payload";
+ ASSERT_EQ(fb->Erase(part_name), SUCCESS) << "Erasing " + part_name + " failed";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_after, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_TRUE(hash_zeros == hash_after || hash_ones == hash_after)
+ << "Erasing " + part_name + " should set all the bytes to 0xFF or 0x00";
+ }
+ }
+}
+
+// Only partitions that we can write and hash (name, fixture), TEST_P is (Fixture, test_name)
+INSTANTIATE_TEST_CASE_P(XMLPartitionsWriteHashNonParsed, WriteHashNonParsedPartition,
+ ::testing::ValuesIn(PARTITION_XML_WRITE_HASH_NONPARSED));
+
+INSTANTIATE_TEST_CASE_P(XMLPartitionsWriteHashable, WriteHashablePartition,
+ ::testing::ValuesIn(PARTITION_XML_WRITE_HASHABLE));
+
+// only partitions writeable
+INSTANTIATE_TEST_CASE_P(XMLPartitionsWriteable, WriteablePartition,
+ ::testing::ValuesIn(PARTITION_XML_WRITEABLE));
+
+// Every partition
+INSTANTIATE_TEST_CASE_P(XMLPartitionsAll, AnyPartition, ::testing::ValuesIn(PARTITION_XML_TESTS));
+
+// Partition Fuzz tests
+TEST_P(FuzzWriteablePartition, BoundsCheck) {
+ const std::string name = GetParam().first;
+ auto part_info = GetParam().second;
+
+ for (const auto& part_name : real_parts) {
+ // try and flash +1 too large, first erase and get a hash, make sure it does not change
+ std::vector<char> buf = RandomBuf(max_flash + 1); // One too large
+ if (part_info.hashable) {
+ std::string hash_before, hash_after, err_msg;
+ int retcode;
+ ASSERT_EQ(fb->Erase(part_name), SUCCESS) << "Erasing " + part_name + " failed";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_before, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_EQ(fb->FlashPartition(part_name, buf), DEVICE_FAIL)
+ << "Flashing an image 1 byte too large to " + part_name + " did not fail";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_after, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_EQ(hash_before, hash_after)
+ << "Flashing too large of an image resulted in a changed partition hash for " +
+ part_name;
+ } else {
+ EXPECT_EQ(fb->FlashPartition(part_name, buf), DEVICE_FAIL)
+ << "Flashing an image 1 byte too large to " + part_name + " did not fail";
+ }
+ }
+}
+
+INSTANTIATE_TEST_CASE_P(XMLFuzzPartitionsWriteable, FuzzWriteablePartition,
+ ::testing::ValuesIn(PARTITION_XML_WRITEABLE));
+
+// A parsed partition should have magic and such that is checked by the bootloader
+// Attempting to flash a random single byte should definately fail
+TEST_P(FuzzWriteableParsedPartition, FlashGarbageImageSmall) {
+ const std::string name = GetParam().first;
+ auto part_info = GetParam().second;
+
+ for (const auto& part_name : real_parts) {
+ std::vector<char> buf = RandomBuf(1);
+ if (part_info.hashable) {
+ std::string hash_before, hash_after, err_msg;
+ int retcode;
+ ASSERT_EQ(fb->Erase(part_name), SUCCESS) << "Erasing " + part_name + " failed";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_before, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_EQ(fb->FlashPartition(part_name, buf), DEVICE_FAIL)
+ << "A parsed partition should fail on a single byte";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_after, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_EQ(hash_before, hash_after)
+ << "Flashing a single byte to parsed partition " + part_name +
+ " should fail and not change the partition hash";
+ } else {
+ EXPECT_EQ(fb->FlashPartition(part_name, buf), DEVICE_FAIL)
+ << "Flashing a 1 byte image to a parsed partition should fail";
+ }
+ }
+}
+
+TEST_P(FuzzWriteableParsedPartition, FlashGarbageImageLarge) {
+ const std::string name = GetParam().first;
+ auto part_info = GetParam().second;
+
+ for (const auto& part_name : real_parts) {
+ std::vector<char> buf = RandomBuf(max_flash);
+ if (part_info.hashable) {
+ std::string hash_before, hash_after, err_msg;
+ int retcode;
+ ASSERT_EQ(fb->Erase(part_name), SUCCESS) << "Erasing " + part_name + " failed";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_before, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_EQ(fb->FlashPartition(part_name, buf), DEVICE_FAIL)
+ << "A parsed partition should not accept randomly generated images";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_after, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_EQ(hash_before, hash_after)
+ << "The hash of the partition has changed after attempting to flash garbage to "
+ "a parsed partition";
+ } else {
+ EXPECT_EQ(fb->FlashPartition(part_name, buf), DEVICE_FAIL)
+ << "A parsed partition should not accept randomly generated images";
+ }
+ }
+}
+
+TEST_P(FuzzWriteableParsedPartition, FlashGarbageImageLarge2) {
+ const std::string name = GetParam().first;
+ auto part_info = GetParam().second;
+
+ for (const auto& part_name : real_parts) {
+ std::vector<char> buf(max_flash, -1); // All 1's
+ if (part_info.hashable) {
+ std::string hash_before, hash_after, err_msg;
+ int retcode;
+ ASSERT_EQ(fb->Erase(part_name), SUCCESS) << "Erasing " + part_name + " failed";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_before, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_EQ(fb->FlashPartition(part_name, buf), DEVICE_FAIL)
+ << "A parsed partition should not accept a image of all 0xFF";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_after, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_EQ(hash_before, hash_after)
+ << "The hash of the partition has changed after attempting to flash garbage to "
+ "a parsed partition";
+ } else {
+ EXPECT_EQ(fb->FlashPartition(part_name, buf), DEVICE_FAIL)
+ << "A parsed partition should not accept a image of all 0xFF";
+ }
+ }
+}
+
+TEST_P(FuzzWriteableParsedPartition, FlashGarbageImageLarge3) {
+ const std::string name = GetParam().first;
+ auto part_info = GetParam().second;
+
+ for (const auto& part_name : real_parts) {
+ std::vector<char> buf(max_flash, 0); // All 0's
+ if (part_info.hashable) {
+ std::string hash_before, hash_after, err_msg;
+ int retcode;
+ ASSERT_EQ(fb->Erase(part_name), SUCCESS) << "Erasing " + part_name + " failed";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_before, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_EQ(fb->FlashPartition(part_name, buf), DEVICE_FAIL)
+ << "A parsed partition should not accept a image of all 0x00";
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash_after, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ EXPECT_EQ(hash_before, hash_after)
+ << "The hash of the partition has changed after attempting to flash garbage to "
+ "a parsed partition";
+ } else {
+ EXPECT_EQ(fb->FlashPartition(part_name, buf), DEVICE_FAIL)
+ << "A parsed partition should not accept a image of all 0x00";
+ }
+ }
+}
+
+INSTANTIATE_TEST_CASE_P(XMLFuzzPartitionsWriteableParsed, FuzzWriteableParsedPartition,
+ ::testing::ValuesIn(PARTITION_XML_WRITE_PARSED));
+
+// Make sure all attempts to flash things are rejected
+TEST_P(FuzzAnyPartitionLocked, RejectFlash) {
+ std::vector<char> buf = RandomBuf(5);
+ for (const auto& part_name : real_parts) {
+ ASSERT_EQ(fb->FlashPartition(part_name, buf), DEVICE_FAIL)
+ << "Flashing a partition should always fail in locked mode";
+ }
+}
+
+INSTANTIATE_TEST_CASE_P(XMLFuzzAnyPartitionLocked, FuzzAnyPartitionLocked,
+ ::testing::ValuesIn(PARTITION_XML_TESTS));
+
+// Test flashing unlock erases userdata
+TEST_P(UserdataPartition, UnlockErases) {
+ // Get hash after an erase
+ int retcode;
+ std::string err_msg, hash_before, hash_buf, hash_after;
+ ASSERT_EQ(fb->Erase("userdata"), SUCCESS) << "Erasing uesrdata failed";
+ ASSERT_TRUE(PartitionHash(fb.get(), "userdata", &hash_before, &retcode, &err_msg)) << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+
+ // Write garbage
+ std::vector<char> buf = RandomBuf(max_flash / 2);
+ ASSERT_EQ(fb->FlashPartition("userdata", buf), SUCCESS);
+ ASSERT_TRUE(PartitionHash(fb.get(), "userdata", &hash_buf, &retcode, &err_msg)) << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+
+ // Sanity check of hash
+ EXPECT_NE(hash_before, hash_buf)
+ << "Writing a random buffer to 'userdata' had the same hash as after erasing it";
+ SetLockState(true); // Lock the device
+
+ SetLockState(false); // Unlock the device (should cause erase)
+ ASSERT_TRUE(PartitionHash(fb.get(), "userdata", &hash_after, &retcode, &err_msg)) << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+
+ EXPECT_NE(hash_after, hash_buf) << "Unlocking the device did not cause the hash of userdata to "
+ "change (i.e. it was not erased as required)";
+ EXPECT_EQ(hash_after, hash_before) << "Unlocking the device did not produce the same hash of "
+ "userdata as after doing an erase to userdata";
+}
+
+// This is a hack to make this test disapeer if there is not a checsum, userdata is not hashable,
+// or userdata is not marked to be writeable in testing
+INSTANTIATE_TEST_CASE_P(XMLUserdataLocked, UserdataPartition,
+ ::testing::ValuesIn(PARTITION_XML_USERDATA_CHECKSUM_WRITEABLE));
+
+// Packed images test
+TEST_P(ExtensionsPackedValid, TestDeviceUnpack) {
+ const std::string& packed_name = GetParam().first;
+ const std::string& packed_image = GetParam().second.packed_img;
+ const std::string& unpacked = GetParam().second.unpacked_dir;
+
+ // First we need to check for existence of images
+ const extension::Configuration::PackedInfo& info = config.packed[packed_name];
+
+ const auto flash_part = [&](const std::string fname, const std::string part_name) {
+ FILE* to_flash = fopen((SEARCH_PATH + fname).c_str(), "rb");
+ ASSERT_NE(to_flash, nullptr) << "'" << fname << "'"
+ << " failed to open for flashing";
+ int fd = fileno(to_flash);
+ size_t fsize = lseek(fd, 0, SEEK_END);
+ ASSERT_GT(fsize, 0) << fname + " appears to be an empty image";
+ ASSERT_EQ(fb->FlashPartition(part_name, fd, fsize), SUCCESS);
+ fclose(to_flash);
+ };
+
+ // We first need to set the slot count
+ std::string var;
+ int num_slots = 1;
+ if (info.slots) {
+ ASSERT_EQ(fb->GetVar("slot-count", &var), SUCCESS) << "Getting slot count failed";
+ num_slots = strtol(var.c_str(), nullptr, 10);
+ } else {
+ for (const auto& part : info.children) {
+ EXPECT_FALSE(config.partitions[part].slots)
+ << "A partition can not have slots if the packed image does not";
+ }
+ }
+
+ for (int i = 0; i < num_slots; i++) {
+ std::unordered_map<std::string, std::string> initial_hashes;
+ const std::string packed_suffix =
+ info.slots ? android::base::StringPrintf("_%c", 'a' + i) : "";
+
+ // Flash the paritions manually and get hash
+ for (const auto& part : info.children) {
+ const extension::Configuration::PartitionInfo& part_info = config.partitions[part];
+ const std::string suffix = part_info.slots ? packed_suffix : "";
+ const std::string part_name = part + suffix;
+
+ ASSERT_EQ(fb->Erase(part_name), SUCCESS);
+ const std::string fpath = unpacked + '/' + part + ".img";
+ ASSERT_NO_FATAL_FAILURE(flash_part(fpath, part_name))
+ << "Failed to flash '" + fpath + "'";
+ // If the partition is hashable we store it
+ if (part_info.hashable) {
+ std::string hash, err_msg;
+ int retcode;
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ initial_hashes[part] = hash;
+ }
+ }
+
+ // erase once at the end, to avoid false positives if flashing does nothing
+ for (const auto& part : info.children) {
+ const std::string suffix = config.partitions[part].slots ? packed_suffix : "";
+ ASSERT_EQ(fb->Erase(part + suffix), SUCCESS);
+ }
+
+ // Now we flash the packed image and compare our hashes
+ ASSERT_NO_FATAL_FAILURE(flash_part(packed_image, packed_name + packed_suffix));
+
+ for (const auto& part : info.children) {
+ const extension::Configuration::PartitionInfo& part_info = config.partitions[part];
+ // If the partition is hashable we check it
+ if (part_info.hashable) {
+ const std::string suffix = part_info.slots ? packed_suffix : "";
+ const std::string part_name = part + suffix;
+ std::string hash, err_msg;
+ int retcode;
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ std::string msg =
+ "The hashes between flashing the packed image and directly flashing '" +
+ part_name + "' does not match";
+ EXPECT_EQ(hash, initial_hashes[part]) << msg;
+ }
+ }
+ }
+}
+
+INSTANTIATE_TEST_CASE_P(XMLTestPacked, ExtensionsPackedValid,
+ ::testing::ValuesIn(PACKED_XML_SUCCESS_TESTS));
+
+// Packed images test
+TEST_P(ExtensionsPackedInvalid, TestDeviceUnpack) {
+ const std::string& packed_name = GetParam().first;
+ const std::string& packed_image = GetParam().second.packed_img;
+
+ // First we need to check for existence of images
+ const extension::Configuration::PackedInfo& info = config.packed[packed_name];
+
+ // We first need to set the slot count
+ std::string var;
+ int num_slots = 1;
+ if (info.slots) {
+ ASSERT_EQ(fb->GetVar("slot-count", &var), SUCCESS) << "Getting slot count failed";
+ num_slots = strtol(var.c_str(), nullptr, 10);
+ } else {
+ for (const auto& part : info.children) {
+ EXPECT_FALSE(config.partitions[part].slots)
+ << "A partition can not have slots if the packed image does not";
+ }
+ }
+
+ for (int i = 0; i < num_slots; i++) {
+ std::unordered_map<std::string, std::string> initial_hashes;
+ const std::string packed_suffix =
+ info.slots ? android::base::StringPrintf("_%c", 'a' + i) : "";
+
+ // manually and get hash
+ for (const auto& part : info.children) {
+ const extension::Configuration::PartitionInfo& part_info = config.partitions[part];
+ const std::string suffix = part_info.slots ? packed_suffix : "";
+ const std::string part_name = part + suffix;
+
+ // If the partition is hashable we store it
+ if (part_info.hashable) {
+ std::string hash, err_msg;
+ int retcode;
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ initial_hashes[part] = hash;
+ }
+ }
+
+ // Attempt to flash the invalid file
+ FILE* to_flash = fopen((SEARCH_PATH + packed_image).c_str(), "rb");
+ ASSERT_NE(to_flash, nullptr) << "'" << packed_image << "'"
+ << " failed to open for flashing";
+ int fd = fileno(to_flash);
+ size_t fsize = lseek(fd, 0, SEEK_END);
+ ASSERT_GT(fsize, 0) << packed_image + " appears to be an empty image";
+ ASSERT_EQ(fb->FlashPartition(packed_name + packed_suffix, fd, fsize), DEVICE_FAIL)
+ << "Expected flashing to fail for " + packed_image;
+ fclose(to_flash);
+
+ for (const auto& part : info.children) {
+ const extension::Configuration::PartitionInfo& part_info = config.partitions[part];
+ // If the partition is hashable we check it
+ if (part_info.hashable) {
+ const std::string suffix = part_info.slots ? packed_suffix : "";
+ const std::string part_name = part + suffix;
+ std::string hash, err_msg;
+ int retcode;
+ ASSERT_TRUE(PartitionHash(fb.get(), part_name, &hash, &retcode, &err_msg))
+ << err_msg;
+ ASSERT_EQ(retcode, 0) << err_msg;
+ std::string msg = "Flashing an invalid image changed the hash of '" + part_name;
+ EXPECT_EQ(hash, initial_hashes[part]) << msg;
+ }
+ }
+ }
+}
+
+INSTANTIATE_TEST_CASE_P(XMLTestPacked, ExtensionsPackedInvalid,
+ ::testing::ValuesIn(PACKED_XML_FAIL_TESTS));
+
+// OEM xml tests
+TEST_P(ExtensionsOemConformance, RunOEMTest) {
+ const std::string& cmd = std::get<0>(GetParam());
+ // bool restricted = std::get<1>(GetParam());
+ const extension::Configuration::CommandTest& test = std::get<2>(GetParam());
+
+ const RetCode expect = (test.expect == extension::FAIL) ? DEVICE_FAIL : SUCCESS;
+
+ // Does the test require staging something?
+ if (!test.input.empty()) { // Non-empty string
+ FILE* to_stage = fopen((SEARCH_PATH + test.input).c_str(), "rb");
+ ASSERT_NE(to_stage, nullptr) << "'" << test.input << "'"
+ << " failed to open for staging";
+ int fd = fileno(to_stage);
+ size_t fsize = lseek(fd, 0, SEEK_END);
+ std::string var;
+ EXPECT_EQ(fb->GetVar("max-download-size", &var), SUCCESS);
+ int64_t size = strtoll(var.c_str(), nullptr, 16);
+ EXPECT_LT(fsize, size) << "'" << test.input << "'"
+ << " is too large for staging";
+ ASSERT_EQ(fb->Download(fd, fsize), SUCCESS) << "'" << test.input << "'"
+ << " failed to download for staging";
+ fclose(to_stage);
+ }
+ // Run the command
+ int dsize = -1;
+ std::string resp;
+ const std::string full_cmd = "oem " + cmd + " " + test.arg;
+ ASSERT_EQ(fb->RawCommand(full_cmd, &resp, nullptr, &dsize), expect);
+
+ // This is how we test if indeed data response
+ if (test.expect == extension::DATA) {
+ EXPECT_GT(dsize, 0);
+ }
+
+ // Validate response if neccesary
+ if (!test.regex_str.empty()) {
+ std::smatch sm;
+ std::regex_match(resp, sm, test.regex);
+ EXPECT_FALSE(sm.empty()) << "The oem regex did not match";
+ }
+
+ // If payload, we validate that as well
+ const std::vector<std::string> args = SplitBySpace(test.validator);
+ if (args.size()) {
+ // Save output
+ const std::string save_loc =
+ OUTPUT_PATH + (test.output.empty() ? DEFAULT_OUPUT_NAME : test.output);
+ std::string resp;
+ ASSERT_EQ(fb->Upload(save_loc, &resp), SUCCESS)
+ << "Saving output file failed with (" << fb->Error() << ") " << resp;
+ // Build the arguments to the validator
+ std::vector<std::string> prog_args(args.begin() + 1, args.end());
+ prog_args.push_back(full_cmd); // Pass in the full command
+ prog_args.push_back(save_loc); // Pass in the save location
+ // Run the validation program
+ int pipe;
+ const pid_t pid = StartProgram(args[0], prog_args, &pipe);
+ ASSERT_GT(pid, 0) << "Failed to launch validation program: " << args[0];
+ std::string error_msg;
+ int ret = WaitProgram(pid, pipe, &error_msg);
+ EXPECT_EQ(ret, 0) << error_msg; // Program exited correctly
+ }
+}
+
+INSTANTIATE_TEST_CASE_P(XMLOEM, ExtensionsOemConformance, ::testing::ValuesIn(OEM_XML_TESTS));
+
+void GenerateXmlTests(const extension::Configuration& config) {
+ // Build the getvar tests
+ for (const auto it : config.getvars) {
+ GETVAR_XML_TESTS.push_back(std::make_pair(it.first, it.second));
+ }
+
+ // Build the partition tests, to interface with gtest we need to do it this way
+ for (const auto it : config.partitions) {
+ const auto tup = std::make_tuple(it.first, it.second);
+ PARTITION_XML_TESTS.push_back(tup); // All partitions
+
+ if (it.second.test == it.second.YES) {
+ PARTITION_XML_WRITEABLE.push_back(tup); // All writeable partitions
+
+ if (it.second.hashable) {
+ PARTITION_XML_WRITE_HASHABLE.push_back(tup); // All write and hashable
+ if (!it.second.parsed) {
+ PARTITION_XML_WRITE_HASH_NONPARSED.push_back(
+ tup); // All write hashed and non-parsed
+ }
+ }
+ if (it.second.parsed) {
+ PARTITION_XML_WRITE_PARSED.push_back(tup); // All write and parsed
+ }
+ }
+ }
+
+ // Build the packed tests, only useful if we have a hash
+ if (!config.checksum.empty()) {
+ for (const auto it : config.packed) {
+ for (const auto& test : it.second.tests) {
+ const auto tup = std::make_tuple(it.first, test);
+ if (test.expect == extension::OKAY) { // only testing the success case
+ PACKED_XML_SUCCESS_TESTS.push_back(tup);
+ } else {
+ PACKED_XML_FAIL_TESTS.push_back(tup);
+ }
+ }
+ }
+ }
+
+ // This is a hack to make this test disapeer if there is not a checksum, userdata is not
+ // hashable, or userdata is not marked to be writeable in testing
+ const auto part_info = config.partitions.find("userdata");
+ if (!config.checksum.empty() && part_info != config.partitions.end() &&
+ part_info->second.hashable &&
+ part_info->second.test == extension::Configuration::PartitionInfo::YES) {
+ PARTITION_XML_USERDATA_CHECKSUM_WRITEABLE.push_back(
+ std::make_tuple(part_info->first, part_info->second));
+ }
+
+ // Build oem tests
+ for (const auto it : config.oem) {
+ auto oem_cmd = it.second;
+ for (const auto& t : oem_cmd.tests) {
+ OEM_XML_TESTS.push_back(std::make_tuple(it.first, oem_cmd.restricted, t));
+ }
+ }
+}
+
+} // namespace fastboot
+
+int main(int argc, char** argv) {
+ std::string err;
+ // Parse the args
+ const std::unordered_map<std::string, std::string> args = fastboot::ParseArgs(argc, argv, &err);
+ if (!err.empty()) {
+ printf("%s\n", err.c_str());
+ return -1;
+ }
+
+ if (args.find("config") != args.end()) {
+ auto found = args.find("search_path");
+ fastboot::SEARCH_PATH = (found != args.end()) ? found->second + "/" : "";
+ found = args.find("output_path");
+ fastboot::OUTPUT_PATH = (found != args.end()) ? found->second + "/" : "/tmp/";
+ if (!fastboot::extension::ParseXml(fastboot::SEARCH_PATH + args.at("config"),
+ &fastboot::config)) {
+ printf("XML config parsing failed\n");
+ return -1;
+ }
+ // To interface with gtest, must set global scope test variables
+ fastboot::GenerateXmlTests(fastboot::config);
+ }
+
+ setbuf(stdout, NULL); // no buffering
+ printf("<Waiting for Device>\n");
+ const auto matcher = [](usb_ifc_info* info) -> int {
+ return fastboot::FastBootTest::MatchFastboot(info, nullptr);
+ };
+ Transport* transport = nullptr;
+ while (!transport) {
+ transport = usb_open(matcher);
+ std::this_thread::sleep_for(std::chrono::milliseconds(10));
+ }
+ transport->Close();
+
+ if (args.find("serial_port") != args.end()) {
+ fastboot::FastBootTest::serial_port = fastboot::ConfigureSerial(args.at("serial_port"));
+ }
+
+ ::testing::InitGoogleTest(&argc, argv);
+ auto ret = RUN_ALL_TESTS();
+ if (fastboot::FastBootTest::serial_port > 0) {
+ close(fastboot::FastBootTest::serial_port);
+ }
+ return ret;
+}
diff --git a/fastboot/fuzzy_fastboot/test_listeners.h b/fastboot/fuzzy_fastboot/test_listeners.h
new file mode 100644
index 0000000..ae5b0cb
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/test_listeners.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#pragma once
+
+// TODO, print out logs for each failed test with custom listner
+
+class MinimalistPrinter : public ::testing::EmptyTestEventListener {
+ // Called before a test starts.
+ virtual void OnTestStart(const ::testing::TestInfo& test_info) {
+ printf("*** Test %s.%s starting.\n", test_info.test_case_name(), test_info.name());
+ }
+
+ // Called after a failed assertion or a SUCCESS().
+ virtual void OnTestPartResult(const ::testing::TestPartResult& test_part_result) {
+ printf("%s in %s:%d\n%s\n", test_part_result.failed() ? "*** Failure" : "Success",
+ test_part_result.file_name(), test_part_result.line_number(),
+ test_part_result.summary());
+ }
+
+ // Called after a test ends.
+ virtual void OnTestEnd(const ::testing::TestInfo& test_info) {
+ printf("*** Test %s.%s ending.\n", test_info.test_case_name(), test_info.name());
+ }
+};
diff --git a/fastboot/fuzzy_fastboot/test_utils.cpp b/fastboot/fuzzy_fastboot/test_utils.cpp
new file mode 100644
index 0000000..9ad98be
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/test_utils.cpp
@@ -0,0 +1,208 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include "test_utils.h"
+#include <fcntl.h>
+#include <termios.h>
+#include <sstream>
+
+namespace fastboot {
+
+namespace {
+constexpr int rand_seed = 0;
+std::default_random_engine rnd(rand_seed);
+} // namespace
+
+char rand_legal() {
+ return rnd() % 128;
+}
+
+char rand_illegal() {
+ return rand_legal() + 128;
+}
+
+char rand_char() {
+ return rnd() % 256;
+}
+
+int random_int(int start, int end) {
+ std::uniform_int_distribution<int> uni(start, end);
+ return uni(rnd);
+}
+
+std::string RandomString(size_t length, std::function<char(void)> provider) {
+ std::string str(length, 0);
+ std::generate_n(str.begin(), length, provider);
+ return str;
+}
+
+std::vector<char> RandomBuf(size_t length, std::function<char(void)> provider) {
+ std::vector<char> ret;
+ ret.resize(length);
+ std::generate_n(ret.begin(), length, provider);
+ return ret;
+}
+
+std::vector<std::string> SplitBySpace(const std::string& s) {
+ std::istringstream iss(s);
+ return std::vector<std::string>{std::istream_iterator<std::string>{iss},
+ std::istream_iterator<std::string>{}};
+}
+
+std::vector<std::string> GeneratePartitionNames(const std::string& base, int num_slots) {
+ if (!num_slots) {
+ return std::vector<std::string>{base};
+ }
+ std::vector<std::string> ret;
+ for (char c = 'a'; c < 'a' + num_slots; c++) {
+ ret.push_back(base + '_' + c);
+ }
+
+ return ret;
+}
+
+std::unordered_map<std::string, std::string> ParseArgs(int argc, char** argv,
+ std::string* err_msg) {
+ // We ignore any gtest stuff
+ std::unordered_map<std::string, std::string> ret;
+
+ for (int i = 1; i < argc - 1; i++) {
+ std::string arg(argv[i]);
+
+ const std::string gtest_start("--gtest");
+ // We found a non gtest argument
+ if (!arg.find("-h") ||
+ (!arg.find("--") && arg.find("--gtest") && arg.find("=") != arg.npos)) {
+ const std::string start(arg.begin() + 2, arg.begin() + arg.find("="));
+ const std::string end(arg.begin() + arg.find("=") + 1, arg.end());
+ ret[start] = end;
+ } else if (arg.find("--gtest") != 0) {
+ *err_msg = android::base::StringPrintf("Illegal argument '%s'\n", arg.c_str());
+ return ret;
+ }
+ }
+
+ return ret;
+}
+
+int ConfigureSerial(const std::string& port) {
+ int fd = open(port.c_str(), O_RDONLY | O_NOCTTY | O_NONBLOCK);
+
+ if (fd <= 0) {
+ return fd;
+ }
+
+ struct termios tty;
+ tcgetattr(fd, &tty);
+
+ cfsetospeed(&tty, (speed_t)B115200);
+ cfsetispeed(&tty, (speed_t)B115200);
+
+ tty.c_cflag &= ~PARENB;
+ tty.c_cflag &= ~CSTOPB;
+ tty.c_cflag &= ~CSIZE;
+ tty.c_cflag |= CS8;
+
+ tty.c_cflag &= ~CRTSCTS;
+ tty.c_cc[VMIN] = 0;
+ tty.c_cc[VTIME] = 2;
+ tty.c_cflag &= ~(ICANON | ECHO | ECHOE | ISIG);
+
+ cfmakeraw(&tty);
+
+ tcflush(fd, TCIFLUSH);
+ if (tcsetattr(fd, TCSANOW, &tty) != 0) {
+ return -1;
+ }
+
+ return fd;
+}
+
+int StartProgram(const std::string program, const std::vector<std::string> args, int* rpipe) {
+ int link[2];
+ if (pipe(link) < 0) {
+ return -1;
+ }
+
+ pid_t pid = fork();
+ if (pid < 0) { // error
+ return -1;
+ }
+
+ if (pid) { // parent
+ close(link[1]);
+ *rpipe = link[0];
+ fcntl(*rpipe, F_SETFL, O_NONBLOCK); // Non-blocking
+ } else { // child
+ std::vector<const char*> argv(args.size() + 2, nullptr);
+ argv[0] = program.c_str();
+
+ for (int i = 0; i < args.size(); i++) {
+ argv[i + 1] = args[i].c_str();
+ }
+
+ // We pipe any stderr writes to the parent test process
+ dup2(link[1], STDERR_FILENO); // close stdout and have it now be link[1]
+ // Close duplicates
+ close(link[0]);
+ close(link[1]);
+
+ execvp(program.c_str(), const_cast<char* const*>(argv.data()));
+ fprintf(stderr, "Launching validator process '%s' failed with: %s\n", program.c_str(),
+ strerror(errno));
+ exit(-1);
+ }
+
+ return pid;
+}
+
+int WaitProgram(const int pid, const int pipe, std::string* error_msg) {
+ int status;
+ if (waitpid(pid, &status, 0) != pid) {
+ close(pipe);
+ return -1;
+ }
+ // Read from pipe
+ char buf[1024];
+ int n;
+ while ((n = read(pipe, buf, sizeof(buf))) > 0) {
+ buf[n] = 0; /* terminate the string */
+ error_msg->append(buf, n);
+ }
+ close(pipe);
+
+ if (WIFEXITED(status)) {
+ // This WEXITSTATUS macro masks off lower bytes, with no sign extension
+ // casting it as a signed char fixes the sign extension issue
+ int retmask = WEXITSTATUS(status);
+ return reinterpret_cast<int8_t*>(&retmask)[0];
+ }
+
+ return -1;
+}
+
+} // namespace fastboot
diff --git a/fastboot/fuzzy_fastboot/test_utils.h b/fastboot/fuzzy_fastboot/test_utils.h
new file mode 100644
index 0000000..0b032e4
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/test_utils.h
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#pragma once
+
+#include <sparse/sparse.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include <cstdlib>
+#include <fstream>
+#include <random>
+#include <string>
+#include <unordered_map>
+#include "fastboot_driver.h"
+
+namespace fastboot {
+
+char rand_legal();
+char rand_illegal();
+char rand_char();
+// start and end are inclusive
+int random_int(int start, int end);
+
+// I don't want to have to manage memory for this guy
+struct SparseWrapper {
+ SparseWrapper(unsigned int block_size, int64_t len) {
+ sparse = sparse_file_new(block_size, len);
+ }
+
+ SparseWrapper(struct sparse_file* sf) { sparse = sf; }
+
+ ~SparseWrapper() {
+ if (sparse) {
+ sparse_file_destroy(sparse);
+ }
+ }
+
+ const std::string Rep() {
+ unsigned bs = sparse_file_block_size(sparse);
+ unsigned len = sparse_file_len(sparse, true, false);
+ return android::base::StringPrintf("[block_size=%u, len=%u]", bs, len);
+ }
+
+ struct sparse_file* operator*() {
+ return sparse;
+ }
+
+ struct sparse_file* sparse;
+};
+
+std::string RandomString(size_t length, std::function<char(void)> provider);
+// RVO will avoid copy
+std::vector<char> RandomBuf(size_t length, std::function<char(void)> provider = rand_char);
+
+std::vector<std::string> SplitBySpace(const std::string& s);
+
+std::unordered_map<std::string, std::string> ParseArgs(int argc, char** argv, std::string* err_msg);
+
+std::vector<std::string> GeneratePartitionNames(const std::string& base, int num_slots = 0);
+
+int ConfigureSerial(const std::string& port);
+
+int StartProgram(const std::string program, const std::vector<std::string> args, int* pipe);
+int WaitProgram(const pid_t pid, const int pipe, std::string* error_msg);
+
+} // namespace fastboot
diff --git a/fastboot/fuzzy_fastboot/usb_transport_sniffer.cpp b/fastboot/fuzzy_fastboot/usb_transport_sniffer.cpp
new file mode 100644
index 0000000..ee510e9
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/usb_transport_sniffer.cpp
@@ -0,0 +1,189 @@
+#include "usb_transport_sniffer.h"
+#include <android-base/stringprintf.h>
+#include <sys/select.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <iomanip>
+#include <sstream>
+
+namespace fastboot {
+
+UsbTransportSniffer::UsbTransportSniffer(std::unique_ptr<UsbTransport> transport,
+ const int serial_fd)
+ : transport_(std::move(transport)), serial_fd_(serial_fd) {}
+
+ssize_t UsbTransportSniffer::Read(void* data, size_t len) {
+ ProcessSerial();
+
+ ssize_t ret = transport_->Read(data, len);
+ if (ret < 0) {
+ const char* err = strerror(errno);
+ std::vector<char> buf(err, err + strlen(err));
+ Event e(READ_ERROR, std::move(buf));
+ transfers_.push_back(e);
+ return ret;
+ }
+
+ char* cdata = static_cast<char*>(data);
+ std::vector<char> buf(cdata, cdata + ret);
+ Event e(READ, std::move(buf));
+ transfers_.push_back(e);
+
+ ProcessSerial();
+ return ret;
+}
+
+ssize_t UsbTransportSniffer::Write(const void* data, size_t len) {
+ ProcessSerial();
+
+ size_t ret = transport_->Write(data, len);
+ if (ret != len) {
+ const char* err = strerror(errno);
+ std::vector<char> buf(err, err + strlen(err));
+ Event e(WRITE_ERROR, std::move(buf));
+ transfers_.push_back(e);
+ return ret;
+ }
+
+ const char* cdata = static_cast<const char*>(data);
+ std::vector<char> buf(cdata, cdata + len);
+ Event e(WRITE, std::move(buf));
+ transfers_.push_back(e);
+
+ ProcessSerial();
+ return ret;
+}
+
+int UsbTransportSniffer::Close() {
+ return transport_->Close();
+}
+
+int UsbTransportSniffer::Reset() {
+ ProcessSerial();
+ int ret = transport_->Reset();
+ std::vector<char> buf;
+ Event e(RESET, std::move(buf));
+ transfers_.push_back(e);
+ ProcessSerial();
+ return ret;
+}
+
+const std::vector<UsbTransportSniffer::Event> UsbTransportSniffer::Transfers() {
+ return transfers_;
+}
+
+/*
+ * When a test fails, we want a human readable log of everything going on up until
+ * the failure. This method will look through its log of captured events, and
+ * create a clean printable string of everything that happened.
+ */
+std::string UsbTransportSniffer::CreateTrace() {
+ std::string ret;
+
+ const auto no_print = [](char c) -> bool { return !isprint(c); };
+ // This lambda creates a humand readable representation of a byte buffer
+ // It first attempts to figure out whether it should be interpreted as an ASCII buffer,
+ // and be printed as a string, or just a raw byte-buffer
+ const auto msg = [&ret, no_print](const std::vector<char>& buf) {
+ ret += android::base::StringPrintf("(%lu bytes): ", buf.size());
+ std::vector<const char>::iterator iter = buf.end();
+ const unsigned max_chars = 50;
+ if (buf.size() > max_chars) {
+ iter = buf.begin() + max_chars;
+ }
+ ret += '"';
+ if (std::count_if(buf.begin(), iter, no_print) == 0) { // print as ascii
+ ret.insert(ret.end(), buf.begin(), iter);
+ } else { // print as hex
+ std::stringstream ss;
+ for (auto c = buf.begin(); c < iter; c++) {
+ ss << std::hex << std::setw(2) << std::setfill('0')
+ << static_cast<uint16_t>(static_cast<uint8_t>(*c));
+ ss << ',';
+ }
+ ret += ss.str();
+ }
+ if (buf.size() > max_chars) {
+ ret += android::base::StringPrintf("...\"(+%lu bytes)\n", buf.size() - max_chars);
+ } else {
+ ret += "\"\n";
+ }
+ };
+
+ // Now we just scan through the log of everything that happened and create a
+ // printable string for each one
+ for (const auto& event : transfers_) {
+ const std::vector<char>& cbuf = event.buf;
+ const std::string tmp(cbuf.begin(), cbuf.end());
+ auto start = transfers_.front().start;
+ auto durr = event.start - start;
+ auto millis = std::chrono::duration_cast<std::chrono::milliseconds>(durr).count();
+
+ switch (event.type) {
+ case READ:
+ ret += android::base::StringPrintf("[READ %lldms]", millis);
+ msg(cbuf);
+ break;
+
+ case WRITE:
+ ret += android::base::StringPrintf("[WRITE %lldms]", millis);
+ msg(cbuf);
+ break;
+
+ case RESET:
+ ret += android::base::StringPrintf("[RESET %lldms]\n", millis);
+ break;
+
+ case READ_ERROR:
+ ret += android::base::StringPrintf("[READ_ERROR %lldms] %s\n", millis, tmp.c_str());
+ break;
+
+ case WRITE_ERROR:
+ ret += android::base::StringPrintf("[WRITE_ERROR %lldms] %s\n", millis,
+ tmp.c_str());
+ break;
+
+ case SERIAL:
+ ret += android::base::StringPrintf("[SERIAL %lldms] %s", millis, tmp.c_str());
+ if (ret.back() != '\n') ret += '\n';
+ break;
+ }
+ }
+ return ret;
+}
+
+// This is a quick call to flush any UART logs the device might have sent
+// to our internal event log. It will wait up to 10ms for data to appear
+void UsbTransportSniffer::ProcessSerial() {
+ if (serial_fd_ <= 0) return;
+
+ fd_set set;
+ struct timeval timeout;
+
+ FD_ZERO(&set);
+ FD_SET(serial_fd_, &set);
+ timeout.tv_sec = 0;
+ timeout.tv_usec = 10000; // 10ms
+
+ int count = 0;
+ int n = 0;
+ std::vector<char> buf;
+ buf.resize(1000);
+ while (select(serial_fd_ + 1, &set, NULL, NULL, &timeout) > 0) {
+ n = read(serial_fd_, buf.data() + count, buf.size() - count);
+ if (n > 0) {
+ count += n;
+ } else {
+ break;
+ }
+ }
+
+ buf.resize(count);
+
+ if (count > 0) {
+ Event e(SERIAL, std::move(buf));
+ transfers_.push_back(e);
+ }
+}
+
+} // namespace fastboot
diff --git a/fastboot/fuzzy_fastboot/usb_transport_sniffer.h b/fastboot/fuzzy_fastboot/usb_transport_sniffer.h
new file mode 100644
index 0000000..693f042
--- /dev/null
+++ b/fastboot/fuzzy_fastboot/usb_transport_sniffer.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#pragma once
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <chrono>
+#include <cstdlib>
+#include <fstream>
+#include <string>
+#include <vector>
+
+#include "usb.h"
+
+namespace fastboot {
+
+/* A special class for sniffing reads and writes
+ *
+ * A useful debugging tool is to see the raw fastboot transactions going between
+ * the host and device. This class wraps the UsbTransport class, and snoops and saves
+ * all the transactions going on. Additionally, if there is a console serial port
+ * from the device, this class can monitor it as well and capture the interleaving of
+ * transport transactions and UART log messages.
+ */
+class UsbTransportSniffer : public UsbTransport {
+ public:
+ enum EventType {
+ READ,
+ WRITE,
+ RESET,
+ SERIAL, // Serial log message from device
+ READ_ERROR,
+ WRITE_ERROR,
+ };
+
+ struct Event {
+ Event(EventType t, const std::vector<char> cbuf) : type(t), buf(cbuf) {
+ start = std::chrono::high_resolution_clock::now();
+ };
+ EventType type;
+ std::chrono::high_resolution_clock::time_point start;
+ const std::vector<char> buf;
+ };
+
+ UsbTransportSniffer(std::unique_ptr<UsbTransport> transport, const int serial_fd = 0);
+
+ virtual ssize_t Read(void* data, size_t len) override;
+ virtual ssize_t Write(const void* data, size_t len) override;
+ virtual int Close() override;
+ virtual int Reset() override;
+
+ const std::vector<Event> Transfers();
+ std::string CreateTrace();
+ void ProcessSerial();
+
+ private:
+ std::vector<Event> transfers_;
+ std::unique_ptr<UsbTransport> transport_;
+ const int serial_fd_;
+};
+
+} // End namespace fastboot