src/chromiumos/tast/remote/bundles/cros/policy/enterprise_rollback_in_place.go - chromiumos/platform/tast-tests - Git at Google

 // Copyright 2021 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 package policy

 import (
 	"context"
 	"encoding/json"
 	"time"

 	"github.com/golang/protobuf/ptypes/empty"

 	"chromiumos/tast/common/hwsec"
 	"chromiumos/tast/common/policy"
 	"chromiumos/tast/ctxutil"
 	"chromiumos/tast/dut"
 	"chromiumos/tast/errors"
 	"chromiumos/tast/remote/policyutil"
 	"chromiumos/tast/rpc"
 	aupb "chromiumos/tast/services/cros/autoupdate"
 	ps "chromiumos/tast/services/cros/policy"
 	"chromiumos/tast/testing"
 )

 func init() {
 	testing.AddTest(&testing.Test{
 		Func:         EnterpriseRollbackInPlace,
 		LacrosStatus: testing.LacrosVariantUnneeded,
 		Desc:         "Check the enterprise rollback data restore mechanism while faking a rollback on one image",
 		Contacts: []string{
 			"mpolzer@google.com", // Test author
 			"crisguerrero@chromium.org",
 			"chromeos-commercial-remote-management@google.com",
 		},
 		Attr:         []string{"group:enrollment"},
 		SoftwareDeps: []string{"reboot", "chrome"},
 		ServiceDeps: []string{
 			"tast.cros.policy.PolicyService",
 			"tast.cros.autoupdate.RollbackService",
 		},
 		Timeout: 10 * time.Minute,
 	})
 }

 var logsAndCrashes = []string{"/var/log", "/var/spool/crash", "/home/chronos/crash", "/mnt/stateful_partition/unencrypted/preserve/crash", "/run/crash_reporter/crash"}

 func EnterpriseRollbackInPlace(ctx context.Context, s *testing.State) {
 	cleanupCtx := ctx
 	ctx, cancel := ctxutil.Shorten(ctx, 3*time.Minute)
 	defer cancel()
 	defer func(ctx context.Context) {
 		s.DUT().Conn().CommandContext(ctx, "stop", "oobe_config_save").Run()

 		if err := s.DUT().Conn().CommandContext(ctx, "rm", "-f", "/mnt/stateful_partition/.save_rollback_data").Run(); err != nil {
 			s.Error("Failed to remove data save flag: ", err)
 		}

 		if err := s.DUT().Conn().CommandContext(ctx, "rm", "-f", "/mnt/stateful_partition/rollback_data").Run(); err != nil {
 			s.Error("Failed to remove rollback data: ", err)
 		}

 		if err := policyutil.EnsureTPMAndSystemStateAreResetRemote(ctx, s.DUT()); err != nil {
 			s.Error("Failed to reset TPM after test: ", err)
 		}
 	}(cleanupCtx)

 	if err := resetTPM(ctx, s.DUT()); err != nil {
 		s.Fatal("Failed to reset TPM before test: ", err)
 	}
 	if err := enroll(ctx, s.DUT(), s.RPCHint()); err != nil {
 		s.Fatal("Failed to enroll before rollback: ", err)
 	}
 	networksInfo, err := configureNetworks(ctx, s.DUT(), s.RPCHint())
 	if err != nil {
 		s.Fatal("Failed to configure network: ", err)
 	}
 	if err := saveRollbackData(ctx, s.DUT()); err != nil {
 		s.Fatal("Failed to save rollback data: ", err)
 	}

 	sensitive, err := sensitiveDataForPstore(ctx, s.DUT())
 	if err != nil {
 		s.Fatal("Failed to read sensitive data for pstore: ", err)
 	}

 	// Ineffective reset is ok here as the device steps through oobe automatically
 	// which initiates retaking of TPM ownership.
 	if err := resetTPM(ctx, s.DUT()); err != nil && !errors.Is(err, hwsec.ErrIneffectiveReset) {
 		s.Fatal("Failed to reset TPM to fake an enterprise rollback: ", err)
 	}

 	if err := ensureSensitiveDataIsNotLogged(ctx, s.DUT(), sensitive); err != nil {
 		s.Fatal("Failed while checking that sensitive data is not logged: ", err)
 	}

 	if err := verifyRollback(ctx, networksInfo, s.DUT(), s.RPCHint()); err != nil {
 		s.Fatal("Failed to verify rollback: ", err)
 	}
 }

 func resetTPM(ctx context.Context, dut *dut.DUT) error {
 	return policyutil.EnsureTPMAndSystemStateAreResetRemote(ctx, dut)
 }

 func enroll(ctx context.Context, dut *dut.DUT, rpcHint *testing.RPCHint) error {
 	client, err := rpc.Dial(ctx, dut, rpcHint)
 	if err != nil {
 		return errors.Wrap(err, "failed to connect to the RPC service on the DUT")
 	}
 	defer client.Close(ctx)

 	policyJSON, err := json.Marshal(policy.NewBlob())
 	if err != nil {
 		return errors.Wrap(err, "failed to serialize policies")
 	}

 	policyClient := ps.NewPolicyServiceClient(client.Conn)
 	defer policyClient.StopChromeAndFakeDMS(ctx, &empty.Empty{})

 	if _, err := policyClient.EnrollUsingChrome(ctx, &ps.EnrollUsingChromeRequest{
 		PolicyJson: policyJSON,
 	}); err != nil {
 		return errors.Wrap(err, "failed to enroll before rollback")
 	}
 	return nil
 }

 func configureNetworks(ctx context.Context, dut *dut.DUT, rpcHint *testing.RPCHint) ([]*aupb.NetworkInformation, error) {
 	client, err := rpc.Dial(ctx, dut, rpcHint)
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to connect to the RPC service on the DUT")
 	}
 	defer client.Close(ctx)

 	rollbackService := aupb.NewRollbackServiceClient(client.Conn)
 	response, err := rollbackService.SetUpNetworks(ctx, &aupb.SetUpNetworksRequest{})
 	if err != nil {
 		return nil, errors.Wrap(err, "failed to configure networks on client")
 	}
 	return response.Networks, nil
 }

 func saveRollbackData(ctx context.Context, dut *dut.DUT) error {
 	if err := dut.Conn().CommandContext(ctx, "touch", "/mnt/stateful_partition/.save_rollback_data").Run(); err != nil {
 		return errors.Wrap(err, "failed to write rollback data save file")
 	}

 	if err := dut.Conn().CommandContext(ctx, "start", "oobe_config_save").Run(); err != nil {
 		return errors.Wrap(err, "failed to run oobe_config_save")
 	}

 	// The following two commands would be done by clobber_state during powerwash
 	// but the test does not powerwash.
 	if err := dut.Conn().CommandContext(ctx, "sh", "-c", `cat /var/lib/oobe_config_save/data_for_pstore > /dev/pmsg0`).Run(); err != nil {
 		return errors.Wrap(err, "failed to read rollback key")
 	}
 	// Adds a newline to pstore.
 	if err := dut.Conn().CommandContext(ctx, "sh", "-c", `echo "" >> /dev/pmsg0`).Run(); err != nil {
 		return errors.Wrap(err, "failed to add newline after rollback key")
 	}

 	return nil
 }

 func sensitiveDataForPstore(ctx context.Context, dut *dut.DUT) (string, error) {
 	sensitive, err := dut.Conn().CommandContext(ctx, "cat", "/var/lib/oobe_config_save/data_for_pstore").Output()
 	if err != nil {
 		return "", errors.Wrap(err, "failed to read data_for_pstore")
 	}
 	return string(sensitive), nil
 }

 func ensureSensitiveDataIsNotLogged(ctx context.Context, dut *dut.DUT, sensitive string) error {
 	for _, folder := range logsAndCrashes {
 		err := dut.Conn().CommandContext(ctx, "grep", "-rq", sensitive, folder).Run()
 		if err == nil {
 			return errors.Errorf("sensitive data found by grep in folder %q", folder)
 		}
 	}
 	return nil
 }

 func verifyRollback(ctx context.Context, networks []*aupb.NetworkInformation, dut *dut.DUT, rpcHint *testing.RPCHint) error {
 	client, err := rpc.Dial(ctx, dut, rpcHint)
 	if err != nil {
 		return errors.Wrap(err, "failed to connect to the RPC service on the DUT")
 	}
 	defer client.Close(ctx)

 	rollbackService := aupb.NewRollbackServiceClient(client.Conn)
 	response, err := rollbackService.VerifyRollback(ctx, &aupb.VerifyRollbackRequest{Networks: networks})
 	if err != nil {
 		return errors.Wrap(err, "failed to verify rollback on client")
 	}
 	if !response.Successful {
 		return errors.Errorf("rollback was not successful: %s", response.VerificationDetails)
 	}

 	return nil
 }
	// Copyright 2021 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	package policy

	import (
	"context"
	"encoding/json"
	"time"

	"github.com/golang/protobuf/ptypes/empty"

	"chromiumos/tast/common/hwsec"
	"chromiumos/tast/common/policy"
	"chromiumos/tast/ctxutil"
	"chromiumos/tast/dut"
	"chromiumos/tast/errors"
	"chromiumos/tast/remote/policyutil"
	"chromiumos/tast/rpc"
	aupb "chromiumos/tast/services/cros/autoupdate"
	ps "chromiumos/tast/services/cros/policy"
	"chromiumos/tast/testing"
	)

	func init() {
	testing.AddTest(&testing.Test{
	Func: EnterpriseRollbackInPlace,
	LacrosStatus: testing.LacrosVariantUnneeded,
	Desc: "Check the enterprise rollback data restore mechanism while faking a rollback on one image",
	Contacts: []string{
	"mpolzer@google.com", // Test author
	"crisguerrero@chromium.org",
	"chromeos-commercial-remote-management@google.com",
	},
	Attr: []string{"group:enrollment"},
	SoftwareDeps: []string{"reboot", "chrome"},
	ServiceDeps: []string{
	"tast.cros.policy.PolicyService",
	"tast.cros.autoupdate.RollbackService",
	},
	Timeout: 10 * time.Minute,
	})
	}

	var logsAndCrashes = []string{"/var/log", "/var/spool/crash", "/home/chronos/crash", "/mnt/stateful_partition/unencrypted/preserve/crash", "/run/crash_reporter/crash"}

	func EnterpriseRollbackInPlace(ctx context.Context, s *testing.State) {
	cleanupCtx := ctx
	ctx, cancel := ctxutil.Shorten(ctx, 3*time.Minute)
	defer cancel()
	defer func(ctx context.Context) {
	s.DUT().Conn().CommandContext(ctx, "stop", "oobe_config_save").Run()

	if err := s.DUT().Conn().CommandContext(ctx, "rm", "-f", "/mnt/stateful_partition/.save_rollback_data").Run(); err != nil {
	s.Error("Failed to remove data save flag: ", err)
	}

	if err := s.DUT().Conn().CommandContext(ctx, "rm", "-f", "/mnt/stateful_partition/rollback_data").Run(); err != nil {
	s.Error("Failed to remove rollback data: ", err)
	}

	if err := policyutil.EnsureTPMAndSystemStateAreResetRemote(ctx, s.DUT()); err != nil {
	s.Error("Failed to reset TPM after test: ", err)
	}
	}(cleanupCtx)

	if err := resetTPM(ctx, s.DUT()); err != nil {
	s.Fatal("Failed to reset TPM before test: ", err)
	}
	if err := enroll(ctx, s.DUT(), s.RPCHint()); err != nil {
	s.Fatal("Failed to enroll before rollback: ", err)
	}
	networksInfo, err := configureNetworks(ctx, s.DUT(), s.RPCHint())
	if err != nil {
	s.Fatal("Failed to configure network: ", err)
	}
	if err := saveRollbackData(ctx, s.DUT()); err != nil {
	s.Fatal("Failed to save rollback data: ", err)
	}

	sensitive, err := sensitiveDataForPstore(ctx, s.DUT())
	if err != nil {
	s.Fatal("Failed to read sensitive data for pstore: ", err)
	}

	// Ineffective reset is ok here as the device steps through oobe automatically
	// which initiates retaking of TPM ownership.
	if err := resetTPM(ctx, s.DUT()); err != nil && !errors.Is(err, hwsec.ErrIneffectiveReset) {
	s.Fatal("Failed to reset TPM to fake an enterprise rollback: ", err)
	}

	if err := ensureSensitiveDataIsNotLogged(ctx, s.DUT(), sensitive); err != nil {
	s.Fatal("Failed while checking that sensitive data is not logged: ", err)
	}

	if err := verifyRollback(ctx, networksInfo, s.DUT(), s.RPCHint()); err != nil {
	s.Fatal("Failed to verify rollback: ", err)
	}
	}

	func resetTPM(ctx context.Context, dut *dut.DUT) error {
	return policyutil.EnsureTPMAndSystemStateAreResetRemote(ctx, dut)
	}

	func enroll(ctx context.Context, dut dut.DUT, rpcHint testing.RPCHint) error {
	client, err := rpc.Dial(ctx, dut, rpcHint)
	if err != nil {
	return errors.Wrap(err, "failed to connect to the RPC service on the DUT")
	}
	defer client.Close(ctx)

	policyJSON, err := json.Marshal(policy.NewBlob())
	if err != nil {
	return errors.Wrap(err, "failed to serialize policies")
	}

	policyClient := ps.NewPolicyServiceClient(client.Conn)
	defer policyClient.StopChromeAndFakeDMS(ctx, &empty.Empty{})

	if _, err := policyClient.EnrollUsingChrome(ctx, &ps.EnrollUsingChromeRequest{
	PolicyJson: policyJSON,
	}); err != nil {
	return errors.Wrap(err, "failed to enroll before rollback")
	}
	return nil
	}

	func configureNetworks(ctx context.Context, dut dut.DUT, rpcHint testing.RPCHint) ([]*aupb.NetworkInformation, error) {
	client, err := rpc.Dial(ctx, dut, rpcHint)
	if err != nil {
	return nil, errors.Wrap(err, "failed to connect to the RPC service on the DUT")
	}
	defer client.Close(ctx)

	rollbackService := aupb.NewRollbackServiceClient(client.Conn)
	response, err := rollbackService.SetUpNetworks(ctx, &aupb.SetUpNetworksRequest{})
	if err != nil {
	return nil, errors.Wrap(err, "failed to configure networks on client")
	}
	return response.Networks, nil
	}

	func saveRollbackData(ctx context.Context, dut *dut.DUT) error {
	if err := dut.Conn().CommandContext(ctx, "touch", "/mnt/stateful_partition/.save_rollback_data").Run(); err != nil {
	return errors.Wrap(err, "failed to write rollback data save file")
	}

	if err := dut.Conn().CommandContext(ctx, "start", "oobe_config_save").Run(); err != nil {
	return errors.Wrap(err, "failed to run oobe_config_save")
	}

	// The following two commands would be done by clobber_state during powerwash
	// but the test does not powerwash.
	if err := dut.Conn().CommandContext(ctx, "sh", "-c", `cat /var/lib/oobe_config_save/data_for_pstore > /dev/pmsg0`).Run(); err != nil {
	return errors.Wrap(err, "failed to read rollback key")
	}
	// Adds a newline to pstore.
	if err := dut.Conn().CommandContext(ctx, "sh", "-c", `echo "" >> /dev/pmsg0`).Run(); err != nil {
	return errors.Wrap(err, "failed to add newline after rollback key")
	}

	return nil
	}

	func sensitiveDataForPstore(ctx context.Context, dut *dut.DUT) (string, error) {
	sensitive, err := dut.Conn().CommandContext(ctx, "cat", "/var/lib/oobe_config_save/data_for_pstore").Output()
	if err != nil {
	return "", errors.Wrap(err, "failed to read data_for_pstore")
	}
	return string(sensitive), nil
	}

	func ensureSensitiveDataIsNotLogged(ctx context.Context, dut *dut.DUT, sensitive string) error {
	for _, folder := range logsAndCrashes {
	err := dut.Conn().CommandContext(ctx, "grep", "-rq", sensitive, folder).Run()
	if err == nil {
	return errors.Errorf("sensitive data found by grep in folder %q", folder)
	}
	}
	return nil
	}

	func verifyRollback(ctx context.Context, networks []aupb.NetworkInformation, dut dut.DUT, rpcHint *testing.RPCHint) error {
	client, err := rpc.Dial(ctx, dut, rpcHint)
	if err != nil {
	return errors.Wrap(err, "failed to connect to the RPC service on the DUT")
	}
	defer client.Close(ctx)

	rollbackService := aupb.NewRollbackServiceClient(client.Conn)
	response, err := rollbackService.VerifyRollback(ctx, &aupb.VerifyRollbackRequest{Networks: networks})
	if err != nil {
	return errors.Wrap(err, "failed to verify rollback on client")
	}
	if !response.Successful {
	return errors.Errorf("rollback was not successful: %s", response.VerificationDetails)
	}

	return nil
	}