Loading services/vr/performanced/performance_service.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -63,7 +63,7 @@ struct GroupId { // Returns true if the sender's euid is trusted according to VR manager service. struct Trusted { static bool Check(const Message& sender, const Task&) { return IsTrustedUid(sender.GetEffectiveUserId(), false); return IsTrustedUid(sender.GetEffectiveUserId()); } }; Loading services/vr/performanced/performance_service.h +6 −3 Original line number Diff line number Diff line Loading @@ -53,10 +53,13 @@ class PerformanceService : public pdx::ServiceBase<PerformanceService> { permission_check; // Check the permisison of the given task to use this scheduler class. If a // permission check function is not set then all tasks are allowed. bool IsAllowed(const pdx::Message& message, const Task& task) const { // permission check function is not set then operations are only allowed on // tasks in the sender's process. bool IsAllowed(const pdx::Message& sender, const Task& task) const { if (permission_check) return permission_check(message, task); return permission_check(sender, task); else if (!task || task.thread_group_id() != sender.GetProcessId()) return false; else return true; } Loading services/vr/performanced/performance_service_tests.cpp +11 −0 Original line number Diff line number Diff line Loading @@ -183,6 +183,17 @@ TEST(PerformanceTest, Permissions) { ASSERT_EQ(AID_ROOT, original_uid) << "This test must run as root to function correctly!"; // Test unprivileged policies on a task that does not belong to this process. // Use the init process (task_id=1) as the target. error = dvrSetSchedulerPolicy(1, "batch"); EXPECT_EQ(-EINVAL, error); error = dvrSetSchedulerPolicy(1, "background"); EXPECT_EQ(-EINVAL, error); error = dvrSetSchedulerPolicy(1, "foreground"); EXPECT_EQ(-EINVAL, error); error = dvrSetSchedulerPolicy(1, "normal"); EXPECT_EQ(-EINVAL, error); // Switch the uid/gid to an id that should not have permission to access any // privileged actions. ASSERT_EQ(0, setresgid(AID_NOBODY, AID_NOBODY, -1)) Loading Loading
services/vr/performanced/performance_service.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -63,7 +63,7 @@ struct GroupId { // Returns true if the sender's euid is trusted according to VR manager service. struct Trusted { static bool Check(const Message& sender, const Task&) { return IsTrustedUid(sender.GetEffectiveUserId(), false); return IsTrustedUid(sender.GetEffectiveUserId()); } }; Loading
services/vr/performanced/performance_service.h +6 −3 Original line number Diff line number Diff line Loading @@ -53,10 +53,13 @@ class PerformanceService : public pdx::ServiceBase<PerformanceService> { permission_check; // Check the permisison of the given task to use this scheduler class. If a // permission check function is not set then all tasks are allowed. bool IsAllowed(const pdx::Message& message, const Task& task) const { // permission check function is not set then operations are only allowed on // tasks in the sender's process. bool IsAllowed(const pdx::Message& sender, const Task& task) const { if (permission_check) return permission_check(message, task); return permission_check(sender, task); else if (!task || task.thread_group_id() != sender.GetProcessId()) return false; else return true; } Loading
services/vr/performanced/performance_service_tests.cpp +11 −0 Original line number Diff line number Diff line Loading @@ -183,6 +183,17 @@ TEST(PerformanceTest, Permissions) { ASSERT_EQ(AID_ROOT, original_uid) << "This test must run as root to function correctly!"; // Test unprivileged policies on a task that does not belong to this process. // Use the init process (task_id=1) as the target. error = dvrSetSchedulerPolicy(1, "batch"); EXPECT_EQ(-EINVAL, error); error = dvrSetSchedulerPolicy(1, "background"); EXPECT_EQ(-EINVAL, error); error = dvrSetSchedulerPolicy(1, "foreground"); EXPECT_EQ(-EINVAL, error); error = dvrSetSchedulerPolicy(1, "normal"); EXPECT_EQ(-EINVAL, error); // Switch the uid/gid to an id that should not have permission to access any // privileged actions. ASSERT_EQ(0, setresgid(AID_NOBODY, AID_NOBODY, -1)) Loading
