| # Copyright 2022 The Fuchsia Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import("//build/assembly/assembled_system.gni") |
| import("//build/assembly/board_configuration.gni") |
| import("//build/assembly/generated_partitions_config.gni") |
| import("//build/assembly/product_assembly_configuration.gni") |
| import("//build/assembly/update_package.gni") |
| import("//build/components.gni") |
| import("//build/images/args.gni") |
| import("//build/product.gni") |
| import("//build/python/python_binary.gni") |
| import("//build/sdk/product_bundle.gni") |
| import("//build/security/verifier/verify_structured_config.gni") |
| import("//build/testing/host_test.gni") |
| import("//src/developer/ffx/config.gni") |
| import("//src/storage/fshost/generated_fshost_config.gni") |
| import("//src/sys/core/build/core.gni") |
| import("//src/sys/core/build/core_shard.gni") |
| import("//zircon/kernel/phys/qemu.gni") |
| |
| if (is_fuchsia) { |
| # NB: These strings must match the assertions in the python scripts in this directory which test |
| # the configuration values of the assembly we create here. |
| component_name = "component_with_structured_config" |
| package_name = "package_with_structured_config_for_scrutiny_testing" |
| expected_value_in_policy = "check this string!" |
| expected_value_for_dont_check = "don't check this string!" |
| |
| fuchsia_component(component_name) { |
| testonly = true |
| manifest = "meta/component_with_structured_config.cml" |
| |
| # We don't intend to run this component, just make its config visible to scrutiny. |
| check_references = false |
| } |
| |
| fuchsia_structured_config_values("values") { |
| testonly = true |
| cm_label = ":component_with_structured_config_manifest_compile" |
| values = { |
| # NB: If these field names are changed the python scripts must be updated as well. |
| asserted_by_scrutiny_test = expected_value_in_policy |
| verifier_fails_due_to_mutability_parent = expected_value_for_dont_check |
| } |
| } |
| |
| fuchsia_package("package") { |
| testonly = true |
| package_name = package_name |
| deps = [ |
| ":component_with_structured_config", |
| ":values", |
| ] |
| } |
| |
| core_shard("core_shard") { |
| shard_file = "meta/core_shard.cml" |
| } |
| |
| core_realm_definition("core_realm") { |
| deps = [ ":core_shard" ] |
| } |
| |
| files = { |
| board_config = "$target_out_dir/fuchsia.board_config.json" |
| partitions_config = "$target_out_dir/partitions_config.json" |
| |
| outdir = target_out_dir + "/assembly" |
| packages_json = "${outdir}/packages.json" |
| images_json = "${outdir}/images.json" |
| |
| blobfs = "${outdir}/blob.blk" |
| zbi = "${outdir}/assembly.zbi" |
| fvm = "${outdir}/fvm.blk" |
| fvm_sparse = "${outdir}/fvm.sparse.blk" |
| |
| qemu_kernel = qemu_boot_shim.path |
| |
| product_bundle = target_out_dir + "/product_bundle" |
| } |
| |
| board_configuration("board_config") { |
| name = "test" |
| filesystems = { |
| fvm = { |
| sparse_output = { |
| } |
| } |
| } |
| } |
| |
| product_assembly_configuration("product_assembly_config") { |
| platform = { |
| build_type = "user" |
| feature_set_level = "utility" |
| storage = { |
| filesystems = { |
| image_name = "assembly" |
| volume = { |
| fvm = { |
| data = { |
| } |
| blob = { |
| } |
| } |
| } |
| } |
| } |
| } |
| } |
| |
| assembled_system("assembly") { |
| testonly = true |
| generate_fvm = true |
| generate_fvm_fastboot = false |
| generate_vbmeta = false |
| product_assembly_config_label = ":product_assembly_config" |
| board_config_label = ":board_config" |
| |
| # Needed for scrutiny to find root.cm and other component config. |
| bootfs_labels = [ "//build/input:bootfs" ] |
| base_packages = [ ":package" ] |
| |
| generate_image_metadata = false |
| |
| # Needed for scrutiny to find things for the component model. |
| core_realm_definition = ":core_realm" |
| } |
| |
| generated_partitions_config("partitions_config") { |
| testonly = true |
| output_path = files.partitions_config |
| hw_revision = board_name |
| } |
| |
| update_package("update") { |
| testonly = true |
| deps = [ |
| ":assembly", |
| ":partitions_config", |
| "//build/info:build_info_files", |
| ] |
| partitions = files.partitions_config |
| system_a = files.images_json |
| version_file = build_info_files.version |
| board_name = "fake_board" |
| epoch = "1" |
| } |
| |
| product_bundle("product_bundle") { |
| testonly = true |
| name = "scrutiny-structured-config-test" |
| deps = [ |
| ":assembly", |
| ":partitions_config", |
| "//build/info:build_info_files", |
| ] |
| |
| update = { |
| version_file = build_info_files.version |
| epoch = "1" |
| } |
| |
| partitions = files.partitions_config |
| system_a = files.images_json |
| |
| # Create lists of the files that are referenced by the assembly manifests. |
| _assembly_contents = [ |
| files.blobfs, |
| files.fvm, |
| files.fvm_sparse, |
| files.qemu_kernel, |
| files.zbi, |
| ] |
| system_a_contents = _assembly_contents |
| } |
| |
| extract_assembled_structured_config("extractor") { |
| testonly = true |
| product_bundle_path = "$target_out_dir/product_bundle" |
| output = "$target_out_dir/structured_config.json" |
| deps = [ ":product_bundle" ] |
| } |
| } |
| |
| if (is_host) { |
| group("host_tests") { |
| testonly = true |
| |
| # TODO(https://fxbug.dev/42076896): Support Fxblob in scrutiny |
| if (fxfs_blob) { |
| deps = [] |
| } else { |
| deps = [ |
| ":check_extracted_config", |
| ":check_failing_policy", |
| ] |
| } |
| } |
| |
| labels = { |
| extractor = ":extractor($target_toolchain)" |
| image_assembler = ":assembly.image_assembler($target_toolchain)" |
| product_bundle = ":product_bundle($target_toolchain)" |
| update_package = ":update($target_toolchain)" |
| } |
| |
| files = { |
| ffx = "$ffx_test_host_tools_out_dir/ffx-scrutiny" |
| |
| product_bundle_target_out_dir = |
| get_label_info(labels.product_bundle, "target_out_dir") |
| product_bundle_target_name = get_label_info(labels.product_bundle, "name") |
| |
| product_bundle_dir = |
| "$product_bundle_target_out_dir/$product_bundle_target_name" |
| } |
| |
| python_binary("check_extracted_config_bin") { |
| enable_mypy = true |
| main_source = "check_extracted_structured_config.py" |
| } |
| |
| host_test_data("test_bin") { |
| sources = get_target_outputs(":check_extracted_config_bin") |
| deps = [ ":check_extracted_config_bin" ] |
| } |
| |
| extracted_config_target_dir = |
| get_label_info(labels.extractor, "target_out_dir") |
| extracted_config_path = "$extracted_config_target_dir/structured_config.json" |
| host_test_data("extracted_config") { |
| sources = [ extracted_config_path ] |
| deps = [ labels.extractor ] |
| } |
| check_extracted_python_binary = |
| get_target_outputs(":check_extracted_config_bin") |
| check_extracted_python_binary = check_extracted_python_binary[0] |
| |
| host_test("check_extracted_config") { |
| binary_path = python_exe_src |
| args = [ |
| rebase_path(check_extracted_python_binary, root_build_dir), |
| "--extracted-config", |
| rebase_path(extracted_config_path, root_build_dir), |
| ] |
| deps = [ |
| ":extracted_config", |
| ":test_bin", |
| "//build/python:interpreter", |
| ] |
| } |
| |
| python_binary("check_failed_verifier_bin") { |
| enable_mypy = true |
| main_source = "check_failed_verifier_policy.py" |
| } |
| |
| host_test_data("failed_policy_test_data") { |
| sources = get_target_outputs(":check_failed_verifier_bin") |
| sources += [ |
| "failing_policy.json5", |
| files.product_bundle_dir, |
| ] |
| deps = [ |
| ":check_failed_verifier_bin", |
| labels.product_bundle, |
| ] |
| } |
| |
| check_failed_verifier_binary = |
| get_target_outputs(":check_failed_verifier_bin") |
| check_failed_verifier_binary = check_failed_verifier_binary[0] |
| host_test("check_failing_policy") { |
| binary_path = python_exe_src |
| |
| depfile = "$target_out_dir/check_failed_policy.d" |
| args = [ |
| rebase_path(check_failed_verifier_binary, root_build_dir), |
| "--ffx-bin", |
| rebase_path(files.ffx, root_build_dir), |
| "--policy", |
| rebase_path("failing_policy.json5", root_build_dir), |
| "--depfile", |
| rebase_path(depfile, root_build_dir), |
| "--product-bundle", |
| rebase_path(files.product_bundle_dir, root_build_dir), |
| ] |
| depfile = [ depfile ] |
| |
| deps = [ |
| ":failed_policy_test_data", |
| "//build/python:interpreter", |
| "//src/developer/ffx/plugins/scrutiny:ffx_scrutiny_tool_test_data", |
| ] |
| } |
| } |