src/security/lib/scrutiny/tests/structured_config/BUILD.gn - fuchsia - Git at Google

 # Copyright 2022 The Fuchsia Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 import("//build/assembly/assembled_system.gni")
 import("//build/assembly/board_configuration.gni")
 import("//build/assembly/generated_partitions_config.gni")
 import("//build/assembly/product_assembly_configuration.gni")
 import("//build/assembly/update_package.gni")
 import("//build/components.gni")
 import("//build/images/args.gni")
 import("//build/product.gni")
 import("//build/python/python_binary.gni")
 import("//build/sdk/product_bundle.gni")
 import("//build/security/verifier/verify_structured_config.gni")
 import("//build/testing/host_test.gni")
 import("//src/developer/ffx/config.gni")
 import("//src/storage/fshost/generated_fshost_config.gni")
 import("//src/sys/core/build/core.gni")
 import("//src/sys/core/build/core_shard.gni")
 import("//zircon/kernel/phys/qemu.gni")

 if (is_fuchsia) {
   # NB: These strings must match the assertions in the python scripts in this directory which test
   # the configuration values of the assembly we create here.
   component_name = "component_with_structured_config"
   package_name = "package_with_structured_config_for_scrutiny_testing"
   expected_value_in_policy = "check this string!"
   expected_value_for_dont_check = "don't check this string!"

   fuchsia_component(component_name) {
     testonly = true
     manifest = "meta/component_with_structured_config.cml"

     # We don't intend to run this component, just make its config visible to scrutiny.
     check_references = false
   }

   fuchsia_structured_config_values("values") {
     testonly = true
     cm_label = ":component_with_structured_config_manifest_compile"
     values = {
       # NB: If these field names are changed the python scripts must be updated as well.
       asserted_by_scrutiny_test = expected_value_in_policy
       verifier_fails_due_to_mutability_parent = expected_value_for_dont_check
     }
   }

   fuchsia_package("package") {
     testonly = true
     package_name = package_name
     deps = [
       ":component_with_structured_config",
       ":values",
     ]
   }

   core_shard("core_shard") {
     shard_file = "meta/core_shard.cml"
   }

   core_realm_definition("core_realm") {
     deps = [ ":core_shard" ]
   }

   files = {
     board_config = "$target_out_dir/fuchsia.board_config.json"
     partitions_config = "$target_out_dir/partitions_config.json"

     outdir = target_out_dir + "/assembly"
     packages_json = "${outdir}/packages.json"
     images_json = "${outdir}/images.json"

     blobfs = "${outdir}/blob.blk"
     zbi = "${outdir}/assembly.zbi"
     fvm = "${outdir}/fvm.blk"
     fvm_sparse = "${outdir}/fvm.sparse.blk"

     qemu_kernel = qemu_boot_shim.path

     product_bundle = target_out_dir + "/product_bundle"
   }

   board_configuration("board_config") {
     name = "test"
     filesystems = {
       fvm = {
         sparse_output = {
         }
       }
     }
   }

   product_assembly_configuration("product_assembly_config") {
     platform = {
       build_type = "user"
       feature_set_level = "utility"
       storage = {
         configure_fshost = true
         filesystems = {
           image_name = "assembly"
           volume = {
             fvm = {
               data = {
               }
               blob = {
               }
             }
           }
         }
       }
     }
   }

   assembled_system("assembly") {
     testonly = true
     generate_fvm = true
     generate_fvm_fastboot = false
     generate_vbmeta = false
     product_assembly_config_label = ":product_assembly_config"
     board_config_label = ":board_config"

     # Needed for scrutiny to find root.cm and other component config.
     bootfs_labels = [ "//build/input:bootfs" ]
     base_packages = [ ":package" ]

     generate_image_metadata = false

     # Needed for scrutiny to find things for the component model.
     core_realm_definition = ":core_realm"
   }

   generated_partitions_config("partitions_config") {
     testonly = true
     output_path = files.partitions_config
     hw_revision = board_name
   }

   update_package("update") {
     testonly = true
     deps = [
       ":assembly",
       ":partitions_config",
       "//build/info:build_info_files",
     ]
     partitions = files.partitions_config
     system_a = files.images_json
     version_file = build_info_files.version
     board_name = "fake_board"
     epoch = "1"
   }

   product_bundle("product_bundle") {
     testonly = true
     name = "scrutiny-structured-config-test"
     deps = [
       ":assembly",
       ":partitions_config",
       "//build/info:build_info_files",
     ]

     update = {
       version_file = build_info_files.version
       epoch = "1"
     }

     partitions = files.partitions_config
     system_a = files.images_json

     # Create lists of the files that are referenced by the assembly manifests.
     _assembly_contents = [
       files.blobfs,
       files.fvm,
       files.fvm_sparse,
       files.qemu_kernel,
       files.zbi,
     ]
     system_a_contents = _assembly_contents
   }

   extract_assembled_structured_config("extractor") {
     testonly = true
     product_bundle_path = "$target_out_dir/product_bundle"
     output = "$target_out_dir/structured_config.json"
     deps = [ ":product_bundle" ]
   }
 }

 if (is_host) {
   group("host_tests") {
     testonly = true

     # TODO(https://fxbug.dev/42076896): Support Fxblob in scrutiny
     if (fxfs_blob) {
       deps = []
     } else {
       deps = [
         ":check_extracted_config",
         ":check_failing_policy",
       ]
     }
   }

   labels = {
     extractor = ":extractor($target_toolchain)"
     image_assembler = ":assembly.image_assembler($target_toolchain)"
     product_bundle = ":product_bundle($target_toolchain)"
     update_package = ":update($target_toolchain)"
   }

   files = {
     ffx = "$ffx_test_host_tools_out_dir/ffx-scrutiny"

     product_bundle_target_out_dir =
         get_label_info(labels.product_bundle, "target_out_dir")
     product_bundle_target_name = get_label_info(labels.product_bundle, "name")

     product_bundle_dir =
         "$product_bundle_target_out_dir/$product_bundle_target_name"
   }

   python_binary("check_extracted_config_bin") {
     enable_mypy = true
     main_source = "check_extracted_structured_config.py"
   }

   host_test_data("test_bin") {
     sources = get_target_outputs(":check_extracted_config_bin")
     deps = [ ":check_extracted_config_bin" ]
   }

   extracted_config_target_dir =
       get_label_info(labels.extractor, "target_out_dir")
   extracted_config_path = "$extracted_config_target_dir/structured_config.json"
   host_test_data("extracted_config") {
     sources = [ extracted_config_path ]
     deps = [ labels.extractor ]
   }
   check_extracted_python_binary =
       get_target_outputs(":check_extracted_config_bin")
   check_extracted_python_binary = check_extracted_python_binary[0]

   host_test("check_extracted_config") {
     binary_path = python_exe_src
     args = [
       rebase_path(check_extracted_python_binary, root_build_dir),
       "--extracted-config",
       rebase_path(extracted_config_path, root_build_dir),
     ]
     deps = [
       ":extracted_config",
       ":test_bin",
       "//build/python:interpreter",
     ]
   }

   python_binary("check_failed_verifier_bin") {
     enable_mypy = true
     main_source = "check_failed_verifier_policy.py"
   }

   host_test_data("failed_policy_test_data") {
     sources = get_target_outputs(":check_failed_verifier_bin")
     sources += [
       "failing_policy.json5",
       files.product_bundle_dir,
     ]
     deps = [
       ":check_failed_verifier_bin",
       labels.product_bundle,
     ]
   }

   check_failed_verifier_binary =
       get_target_outputs(":check_failed_verifier_bin")
   check_failed_verifier_binary = check_failed_verifier_binary[0]
   host_test("check_failing_policy") {
     binary_path = python_exe_src

     depfile = "$target_out_dir/check_failed_policy.d"
     args = [
       rebase_path(check_failed_verifier_binary, root_build_dir),
       "--ffx-bin",
       rebase_path(files.ffx, root_build_dir),
       "--policy",
       rebase_path("failing_policy.json5", root_build_dir),
       "--depfile",
       rebase_path(depfile, root_build_dir),
       "--product-bundle",
       rebase_path(files.product_bundle_dir, root_build_dir),
     ]
     depfile = [ depfile ]

     deps = [
       ":failed_policy_test_data",
       "//build/python:interpreter",
       "//src/developer/ffx/plugins/scrutiny:ffx_scrutiny_tool_test_data",
     ]
   }
 }
	# Copyright 2022 The Fuchsia Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	import("//build/assembly/assembled_system.gni")
	import("//build/assembly/board_configuration.gni")
	import("//build/assembly/generated_partitions_config.gni")
	import("//build/assembly/product_assembly_configuration.gni")
	import("//build/assembly/update_package.gni")
	import("//build/components.gni")
	import("//build/images/args.gni")
	import("//build/product.gni")
	import("//build/python/python_binary.gni")
	import("//build/sdk/product_bundle.gni")
	import("//build/security/verifier/verify_structured_config.gni")
	import("//build/testing/host_test.gni")
	import("//src/developer/ffx/config.gni")
	import("//src/storage/fshost/generated_fshost_config.gni")
	import("//src/sys/core/build/core.gni")
	import("//src/sys/core/build/core_shard.gni")
	import("//zircon/kernel/phys/qemu.gni")

	if (is_fuchsia) {
	# NB: These strings must match the assertions in the python scripts in this directory which test
	# the configuration values of the assembly we create here.
	component_name = "component_with_structured_config"
	package_name = "package_with_structured_config_for_scrutiny_testing"
	expected_value_in_policy = "check this string!"
	expected_value_for_dont_check = "don't check this string!"

	fuchsia_component(component_name) {
	testonly = true
	manifest = "meta/component_with_structured_config.cml"

	# We don't intend to run this component, just make its config visible to scrutiny.
	check_references = false
	}

	fuchsia_structured_config_values("values") {
	testonly = true
	cm_label = ":component_with_structured_config_manifest_compile"
	values = {
	# NB: If these field names are changed the python scripts must be updated as well.
	asserted_by_scrutiny_test = expected_value_in_policy
	verifier_fails_due_to_mutability_parent = expected_value_for_dont_check
	}
	}

	fuchsia_package("package") {
	testonly = true
	package_name = package_name
	deps = [
	":component_with_structured_config",
	":values",
	]
	}

	core_shard("core_shard") {
	shard_file = "meta/core_shard.cml"
	}

	core_realm_definition("core_realm") {
	deps = [ ":core_shard" ]
	}

	files = {
	board_config = "$target_out_dir/fuchsia.board_config.json"
	partitions_config = "$target_out_dir/partitions_config.json"

	outdir = target_out_dir + "/assembly"
	packages_json = "${outdir}/packages.json"
	images_json = "${outdir}/images.json"

	blobfs = "${outdir}/blob.blk"
	zbi = "${outdir}/assembly.zbi"
	fvm = "${outdir}/fvm.blk"
	fvm_sparse = "${outdir}/fvm.sparse.blk"

	qemu_kernel = qemu_boot_shim.path

	product_bundle = target_out_dir + "/product_bundle"
	}

	board_configuration("board_config") {
	name = "test"
	filesystems = {
	fvm = {
	sparse_output = {
	}
	}
	}
	}

	product_assembly_configuration("product_assembly_config") {
	platform = {
	build_type = "user"
	feature_set_level = "utility"
	storage = {
	configure_fshost = true
	filesystems = {
	image_name = "assembly"
	volume = {
	fvm = {
	data = {
	}
	blob = {
	}
	}
	}
	}
	}
	}
	}

	assembled_system("assembly") {
	testonly = true
	generate_fvm = true
	generate_fvm_fastboot = false
	generate_vbmeta = false
	product_assembly_config_label = ":product_assembly_config"
	board_config_label = ":board_config"

	# Needed for scrutiny to find root.cm and other component config.
	bootfs_labels = [ "//build/input:bootfs" ]
	base_packages = [ ":package" ]

	generate_image_metadata = false

	# Needed for scrutiny to find things for the component model.
	core_realm_definition = ":core_realm"
	}

	generated_partitions_config("partitions_config") {
	testonly = true
	output_path = files.partitions_config
	hw_revision = board_name
	}

	update_package("update") {
	testonly = true
	deps = [
	":assembly",
	":partitions_config",
	"//build/info:build_info_files",
	]
	partitions = files.partitions_config
	system_a = files.images_json
	version_file = build_info_files.version
	board_name = "fake_board"
	epoch = "1"
	}

	product_bundle("product_bundle") {
	testonly = true
	name = "scrutiny-structured-config-test"
	deps = [
	":assembly",
	":partitions_config",
	"//build/info:build_info_files",
	]

	update = {
	version_file = build_info_files.version
	epoch = "1"
	}

	partitions = files.partitions_config
	system_a = files.images_json

	# Create lists of the files that are referenced by the assembly manifests.
	_assembly_contents = [
	files.blobfs,
	files.fvm,
	files.fvm_sparse,
	files.qemu_kernel,
	files.zbi,
	]
	system_a_contents = _assembly_contents
	}

	extract_assembled_structured_config("extractor") {
	testonly = true
	product_bundle_path = "$target_out_dir/product_bundle"
	output = "$target_out_dir/structured_config.json"
	deps = [ ":product_bundle" ]
	}
	}

	if (is_host) {
	group("host_tests") {
	testonly = true

	# TODO(https://fxbug.dev/42076896): Support Fxblob in scrutiny
	if (fxfs_blob) {
	deps = []
	} else {
	deps = [
	":check_extracted_config",
	":check_failing_policy",
	]
	}
	}

	labels = {
	extractor = ":extractor($target_toolchain)"
	image_assembler = ":assembly.image_assembler($target_toolchain)"
	product_bundle = ":product_bundle($target_toolchain)"
	update_package = ":update($target_toolchain)"
	}

	files = {
	ffx = "$ffx_test_host_tools_out_dir/ffx-scrutiny"

	product_bundle_target_out_dir =
	get_label_info(labels.product_bundle, "target_out_dir")
	product_bundle_target_name = get_label_info(labels.product_bundle, "name")

	product_bundle_dir =
	"$product_bundle_target_out_dir/$product_bundle_target_name"
	}

	python_binary("check_extracted_config_bin") {
	enable_mypy = true
	main_source = "check_extracted_structured_config.py"
	}

	host_test_data("test_bin") {
	sources = get_target_outputs(":check_extracted_config_bin")
	deps = [ ":check_extracted_config_bin" ]
	}

	extracted_config_target_dir =
	get_label_info(labels.extractor, "target_out_dir")
	extracted_config_path = "$extracted_config_target_dir/structured_config.json"
	host_test_data("extracted_config") {
	sources = [ extracted_config_path ]
	deps = [ labels.extractor ]
	}
	check_extracted_python_binary =
	get_target_outputs(":check_extracted_config_bin")
	check_extracted_python_binary = check_extracted_python_binary[0]

	host_test("check_extracted_config") {
	binary_path = python_exe_src
	args = [
	rebase_path(check_extracted_python_binary, root_build_dir),
	"--extracted-config",
	rebase_path(extracted_config_path, root_build_dir),
	]
	deps = [
	":extracted_config",
	":test_bin",
	"//build/python:interpreter",
	]
	}

	python_binary("check_failed_verifier_bin") {
	enable_mypy = true
	main_source = "check_failed_verifier_policy.py"
	}

	host_test_data("failed_policy_test_data") {
	sources = get_target_outputs(":check_failed_verifier_bin")
	sources += [
	"failing_policy.json5",
	files.product_bundle_dir,
	]
	deps = [
	":check_failed_verifier_bin",
	labels.product_bundle,
	]
	}

	check_failed_verifier_binary =
	get_target_outputs(":check_failed_verifier_bin")
	check_failed_verifier_binary = check_failed_verifier_binary[0]
	host_test("check_failing_policy") {
	binary_path = python_exe_src

	depfile = "$target_out_dir/check_failed_policy.d"
	args = [
	rebase_path(check_failed_verifier_binary, root_build_dir),
	"--ffx-bin",
	rebase_path(files.ffx, root_build_dir),
	"--policy",
	rebase_path("failing_policy.json5", root_build_dir),
	"--depfile",
	rebase_path(depfile, root_build_dir),
	"--product-bundle",
	rebase_path(files.product_bundle_dir, root_build_dir),
	]
	depfile = [ depfile ]

	deps = [
	":failed_policy_test_data",
	"//build/python:interpreter",
	"//src/developer/ffx/plugins/scrutiny:ffx_scrutiny_tool_test_data",
	]
	}
	}