Loading services/surfaceflinger/tests/Credentials_test.cpp +67 −68 Original line number Diff line number Diff line Loading @@ -52,19 +52,12 @@ const String8 SURFACE_NAME("Test Surface Name"); #pragma clang diagnostic ignored "-Wconversion" class CredentialsTest : public ::testing::Test { protected: void SetUp() override { // Start the tests as root. seteuid(AID_ROOT); ASSERT_NO_FATAL_FAILURE(initClient()); } void SetUp() override { ASSERT_NO_FATAL_FAILURE(initClient()); } void TearDown() override { mComposerClient->dispose(); mBGSurfaceControl.clear(); mComposerClient.clear(); // Finish the tests as root. seteuid(AID_ROOT); } sp<IBinder> mDisplay; Loading Loading @@ -98,31 +91,6 @@ protected: t.setLayer(mBGSurfaceControl, INT_MAX - 3).show(mBGSurfaceControl).apply()); } /** * Sets UID to imitate Graphic's process. */ void setGraphicsUID() { seteuid(AID_ROOT); seteuid(AID_GRAPHICS); } /** * Sets UID to imitate System's process. */ void setSystemUID() { seteuid(AID_ROOT); seteuid(AID_SYSTEM); } /** * Sets UID to imitate a process that doesn't have any special privileges in * our code. */ void setBinUID() { seteuid(AID_ROOT); seteuid(AID_BIN); } /** * Template function the check a condition for different types of users: root * graphics, system, and non-supported user. Root, graphics, and system should Loading @@ -131,24 +99,34 @@ protected: template <typename T> void checkWithPrivileges(std::function<T()> condition, T privilegedValue, T unprivilegedValue) { // Check with root. seteuid(AID_ROOT); { UIDFaker f(AID_SYSTEM); ASSERT_EQ(privilegedValue, condition()); } // Check as a Graphics user. setGraphicsUID(); { UIDFaker f(AID_GRAPHICS); ASSERT_EQ(privilegedValue, condition()); } // Check as a system user. setSystemUID(); { UIDFaker f(AID_SYSTEM); ASSERT_EQ(privilegedValue, condition()); } // Check as a non-supported user. setBinUID(); { UIDFaker f(AID_BIN); ASSERT_EQ(unprivilegedValue, condition()); } // Check as shell since shell has some additional permissions seteuid(AID_SHELL); ASSERT_EQ(unprivilegedValue, condition()); { UIDFaker f(AID_SHELL); ASSERT_EQ(privilegedValue, condition()); } } }; Loading @@ -157,18 +135,24 @@ TEST_F(CredentialsTest, ClientInitTest) { ASSERT_NO_FATAL_FAILURE(initClient()); // Graphics can init the client. setGraphicsUID(); { UIDFaker f(AID_GRAPHICS); ASSERT_NO_FATAL_FAILURE(initClient()); } // System can init the client. setSystemUID(); { UIDFaker f(AID_SYSTEM); ASSERT_NO_FATAL_FAILURE(initClient()); } // Anyone else can init the client. setBinUID(); { UIDFaker f(AID_BIN); mComposerClient = new SurfaceComposerClient; ASSERT_NO_FATAL_FAILURE(initClient()); } } TEST_F(CredentialsTest, GetBuiltInDisplayAccessTest) { std::function<bool()> condition = [] { Loading @@ -181,7 +165,7 @@ TEST_F(CredentialsTest, GetBuiltInDisplayAccessTest) { TEST_F(CredentialsTest, AllowedGetterMethodsTest) { // The following methods are tested with a UID that is not root, graphics, // or system, to show that anyone can access them. setBinUID(); UIDFaker f(AID_BIN); const auto display = SurfaceComposerClient::getInternalDisplayToken(); ASSERT_TRUE(display != nullptr); Loading Loading @@ -250,24 +234,34 @@ TEST_F(CredentialsTest, CreateDisplayTest) { }; // Check with root. seteuid(AID_ROOT); { UIDFaker f(AID_ROOT); ASSERT_FALSE(condition()); } // Check as a Graphics user. setGraphicsUID(); { UIDFaker f(AID_GRAPHICS); ASSERT_TRUE(condition()); } // Check as a system user. setSystemUID(); { UIDFaker f(AID_SYSTEM); ASSERT_TRUE(condition()); } // Check as a non-supported user. setBinUID(); { UIDFaker f(AID_BIN); ASSERT_FALSE(condition()); } // Check as shell since shell has some additional permissions seteuid(AID_SHELL); { UIDFaker f(AID_SHELL); ASSERT_FALSE(condition()); } condition = [=]() { sp<IBinder> testDisplay = SurfaceComposerClient::createDisplay(DISPLAY_NAME, false); Loading Loading @@ -313,18 +307,23 @@ TEST_F(CredentialsTest, GetLayerDebugInfo) { // is called when we call dumpsys. I don't see a reason why we should change this. std::vector<LayerDebugInfo> outLayers; // Check with root. seteuid(AID_ROOT); { UIDFaker f(AID_ROOT); ASSERT_EQ(NO_ERROR, sf->getLayerDebugInfo(&outLayers)); } // Check as a shell. seteuid(AID_SHELL); { UIDFaker f(AID_SHELL); ASSERT_EQ(NO_ERROR, sf->getLayerDebugInfo(&outLayers)); } // Check as anyone else. seteuid(AID_ROOT); seteuid(AID_BIN); { UIDFaker f(AID_BIN); ASSERT_EQ(PERMISSION_DENIED, sf->getLayerDebugInfo(&outLayers)); } } TEST_F(CredentialsTest, IsWideColorDisplayBasicCorrectness) { const auto display = SurfaceComposerClient::getInternalDisplayToken(); Loading Loading
services/surfaceflinger/tests/Credentials_test.cpp +67 −68 Original line number Diff line number Diff line Loading @@ -52,19 +52,12 @@ const String8 SURFACE_NAME("Test Surface Name"); #pragma clang diagnostic ignored "-Wconversion" class CredentialsTest : public ::testing::Test { protected: void SetUp() override { // Start the tests as root. seteuid(AID_ROOT); ASSERT_NO_FATAL_FAILURE(initClient()); } void SetUp() override { ASSERT_NO_FATAL_FAILURE(initClient()); } void TearDown() override { mComposerClient->dispose(); mBGSurfaceControl.clear(); mComposerClient.clear(); // Finish the tests as root. seteuid(AID_ROOT); } sp<IBinder> mDisplay; Loading Loading @@ -98,31 +91,6 @@ protected: t.setLayer(mBGSurfaceControl, INT_MAX - 3).show(mBGSurfaceControl).apply()); } /** * Sets UID to imitate Graphic's process. */ void setGraphicsUID() { seteuid(AID_ROOT); seteuid(AID_GRAPHICS); } /** * Sets UID to imitate System's process. */ void setSystemUID() { seteuid(AID_ROOT); seteuid(AID_SYSTEM); } /** * Sets UID to imitate a process that doesn't have any special privileges in * our code. */ void setBinUID() { seteuid(AID_ROOT); seteuid(AID_BIN); } /** * Template function the check a condition for different types of users: root * graphics, system, and non-supported user. Root, graphics, and system should Loading @@ -131,24 +99,34 @@ protected: template <typename T> void checkWithPrivileges(std::function<T()> condition, T privilegedValue, T unprivilegedValue) { // Check with root. seteuid(AID_ROOT); { UIDFaker f(AID_SYSTEM); ASSERT_EQ(privilegedValue, condition()); } // Check as a Graphics user. setGraphicsUID(); { UIDFaker f(AID_GRAPHICS); ASSERT_EQ(privilegedValue, condition()); } // Check as a system user. setSystemUID(); { UIDFaker f(AID_SYSTEM); ASSERT_EQ(privilegedValue, condition()); } // Check as a non-supported user. setBinUID(); { UIDFaker f(AID_BIN); ASSERT_EQ(unprivilegedValue, condition()); } // Check as shell since shell has some additional permissions seteuid(AID_SHELL); ASSERT_EQ(unprivilegedValue, condition()); { UIDFaker f(AID_SHELL); ASSERT_EQ(privilegedValue, condition()); } } }; Loading @@ -157,18 +135,24 @@ TEST_F(CredentialsTest, ClientInitTest) { ASSERT_NO_FATAL_FAILURE(initClient()); // Graphics can init the client. setGraphicsUID(); { UIDFaker f(AID_GRAPHICS); ASSERT_NO_FATAL_FAILURE(initClient()); } // System can init the client. setSystemUID(); { UIDFaker f(AID_SYSTEM); ASSERT_NO_FATAL_FAILURE(initClient()); } // Anyone else can init the client. setBinUID(); { UIDFaker f(AID_BIN); mComposerClient = new SurfaceComposerClient; ASSERT_NO_FATAL_FAILURE(initClient()); } } TEST_F(CredentialsTest, GetBuiltInDisplayAccessTest) { std::function<bool()> condition = [] { Loading @@ -181,7 +165,7 @@ TEST_F(CredentialsTest, GetBuiltInDisplayAccessTest) { TEST_F(CredentialsTest, AllowedGetterMethodsTest) { // The following methods are tested with a UID that is not root, graphics, // or system, to show that anyone can access them. setBinUID(); UIDFaker f(AID_BIN); const auto display = SurfaceComposerClient::getInternalDisplayToken(); ASSERT_TRUE(display != nullptr); Loading Loading @@ -250,24 +234,34 @@ TEST_F(CredentialsTest, CreateDisplayTest) { }; // Check with root. seteuid(AID_ROOT); { UIDFaker f(AID_ROOT); ASSERT_FALSE(condition()); } // Check as a Graphics user. setGraphicsUID(); { UIDFaker f(AID_GRAPHICS); ASSERT_TRUE(condition()); } // Check as a system user. setSystemUID(); { UIDFaker f(AID_SYSTEM); ASSERT_TRUE(condition()); } // Check as a non-supported user. setBinUID(); { UIDFaker f(AID_BIN); ASSERT_FALSE(condition()); } // Check as shell since shell has some additional permissions seteuid(AID_SHELL); { UIDFaker f(AID_SHELL); ASSERT_FALSE(condition()); } condition = [=]() { sp<IBinder> testDisplay = SurfaceComposerClient::createDisplay(DISPLAY_NAME, false); Loading Loading @@ -313,18 +307,23 @@ TEST_F(CredentialsTest, GetLayerDebugInfo) { // is called when we call dumpsys. I don't see a reason why we should change this. std::vector<LayerDebugInfo> outLayers; // Check with root. seteuid(AID_ROOT); { UIDFaker f(AID_ROOT); ASSERT_EQ(NO_ERROR, sf->getLayerDebugInfo(&outLayers)); } // Check as a shell. seteuid(AID_SHELL); { UIDFaker f(AID_SHELL); ASSERT_EQ(NO_ERROR, sf->getLayerDebugInfo(&outLayers)); } // Check as anyone else. seteuid(AID_ROOT); seteuid(AID_BIN); { UIDFaker f(AID_BIN); ASSERT_EQ(PERMISSION_DENIED, sf->getLayerDebugInfo(&outLayers)); } } TEST_F(CredentialsTest, IsWideColorDisplayBasicCorrectness) { const auto display = SurfaceComposerClient::getInternalDisplayToken(); Loading
