diff options
author | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-02-04 21:27:47 -0800 |
---|---|---|
committer | Jorge Lucangeli Obes <jorgelo@google.com> | 2016-02-05 11:18:02 -0800 |
commit | 0e3fe532a9fdf42bed41e371939134af38dd53b5 (patch) | |
tree | fa7d9e9975f81324c13b5ffa498d10300fc6bbed | |
parent | 3c8375cdf37104998ded0edc5ed072ab3b07c00d (diff) | |
download | minijail-0e3fe532a9fdf42bed41e371939134af38dd53b5.tar.gz |
Add check for supplementary groups.
This binary will be used by a new Brillo Autotest test.
Also tie the return value of the binary to the result of the checks =).
Bug: 25368607
Change-Id: Ia338cb8270916cafdbbfbbb8808b88759906327f
-rw-r--r-- | test/libminijail_test.cpp | 48 |
1 files changed, 40 insertions, 8 deletions
diff --git a/test/libminijail_test.cpp b/test/libminijail_test.cpp index c8b26c4..aa64655 100644 --- a/test/libminijail_test.cpp +++ b/test/libminijail_test.cpp @@ -33,7 +33,7 @@ size_t getgroups_with_alloc(gid_t **plist) { return 0; } if (nsupp_groups == 0) { - LOG(INFO) << "no supplemental groups"; + LOG(INFO) << "No supplementary groups."; return 0; } @@ -49,19 +49,50 @@ size_t getgroups_with_alloc(gid_t **plist) { bool check_ugid(uid_t expected_id) { bool success = true; + uid_t ruid = getuid(); if (ruid != expected_id) { - LOG(ERROR) << "rUID << " << ruid << " is not " << expected_id; + LOG(ERROR) << "rUID " << ruid << " is not " << expected_id; success = false; } gid_t rgid = getgid(); if (rgid != expected_id) { - LOG(ERROR) << "rGID << " << ruid << " is not " << expected_id; + LOG(ERROR) << "rGID " << ruid << " is not " << expected_id; success = false; } return success; } +bool check_groups(size_t expected_size, gid_t *expected_list) { + bool success = true; + + gid_t *actual_list; + size_t actual_size = getgroups_with_alloc(&actual_list); + + if (expected_size != actual_size) { + LOG(ERROR) << "Mismatched supplementary group list size: expected " + << expected_size << ", actual " << actual_size; + success = false; + } + + for (size_t i = 0; i < expected_size; i++) { + bool found = false; + for (size_t j = 0; j < actual_size; j++) { + if (expected_list[i] == actual_list[j]) { + // Test next expected GID. + found = true; + break; + } + } + if (!found) { + LOG(ERROR) << "Expected GID " << expected_list[i] << " not found."; + success = false; + } + } + free(actual_list); + return success; +} + void log_resugid() { uid_t ruid, euid, suid; gid_t rgid, egid, sgid; @@ -80,15 +111,16 @@ void log_resugid() { } int main(void) { - log_resugid(); minijail *j = minijail_new(); minijail_change_user(j, "system"); minijail_change_group(j, "system"); - minijail_set_supplementary_gids(j, sizeof(groups) / sizeof(groups[0]), groups); + size_t num_groups = sizeof(groups) / sizeof(groups[0]); + minijail_set_supplementary_gids(j, num_groups, groups); minijail_use_caps(j, CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID)); minijail_enter(j); - check_ugid(kSystemUid); + bool success = check_ugid(kSystemUid); + success = success && check_groups(num_groups, groups); minijail_destroy(j); minijail *j2 = minijail_new(); @@ -96,7 +128,7 @@ int main(void) { minijail_change_gid(j2, 5 * kSystemUid); minijail_enter(j2); - check_ugid(5 * kSystemUid); + success = success && check_ugid(5 * kSystemUid); - return 0; + return success? 0 : 1; } |