Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 94055ca2 authored by Corey Tabaka's avatar Corey Tabaka
Browse files

Make default permission checks in performance service more restrictive. 

- Check sending process in unrestricted policies.
- Allow IsTrustedUid() to cache results for better runtime efficiency.
- Update tests to verify unrestricted policy behavior.

Bug: 62468109
Test: performance_service_tests passes.
Change-Id: I0614879c8bde35ffeda2f673a3da68092433dc1a
parent 77e9eeba

services/vr/performanced/performance_service.cpp

+1 −1
Original line number Diff line number Diff line
@@ -63,7 +63,7 @@ struct GroupId { 
// Returns true if the sender's euid is trusted according to VR manager service.

struct Trusted {

  static bool Check(const Message& sender, const Task&) {

    return IsTrustedUid(sender.GetEffectiveUserId(), false);

    return IsTrustedUid(sender.GetEffectiveUserId());

  }

};

services/vr/performanced/performance_service.h

+6 −3
Original line number Diff line number Diff line
@@ -53,10 +53,13 @@ class PerformanceService : public pdx::ServiceBase<PerformanceService> { 
        permission_check;



    // Check the permisison of the given task to use this scheduler class. If a

    // permission check function is not set then all tasks are allowed.

    bool IsAllowed(const pdx::Message& message, const Task& task) const {

    // permission check function is not set then operations are only allowed on

    // tasks in the sender's process.

    bool IsAllowed(const pdx::Message& sender, const Task& task) const {

      if (permission_check)

        return permission_check(message, task);

        return permission_check(sender, task);

      else if (!task || task.thread_group_id() != sender.GetProcessId())

        return false;

      else

        return true;

    }

services/vr/performanced/performance_service_tests.cpp

+11 −0
Original line number Diff line number Diff line
@@ -183,6 +183,17 @@ TEST(PerformanceTest, Permissions) { 
  ASSERT_EQ(AID_ROOT, original_uid)

      << "This test must run as root to function correctly!";



  // Test unprivileged policies on a task that does not belong to this process.

  // Use the init process (task_id=1) as the target.

  error = dvrSetSchedulerPolicy(1, "batch");

  EXPECT_EQ(-EINVAL, error);

  error = dvrSetSchedulerPolicy(1, "background");

  EXPECT_EQ(-EINVAL, error);

  error = dvrSetSchedulerPolicy(1, "foreground");

  EXPECT_EQ(-EINVAL, error);

  error = dvrSetSchedulerPolicy(1, "normal");

  EXPECT_EQ(-EINVAL, error);



  // Switch the uid/gid to an id that should not have permission to access any

  // privileged actions.

  ASSERT_EQ(0, setresgid(AID_NOBODY, AID_NOBODY, -1))