Merge "Use UIDFaker to ensure Credentials_test cleans up setting UID"

#pragma clang diagnostic ignored "-Wconversion"

class CredentialsTest : public ::testing::Test {

protected:

    void SetUp() override {

        // Start the tests as root.

        seteuid(AID_ROOT);

        ASSERT_NO_FATAL_FAILURE(initClient());

    }

    void SetUp() override { ASSERT_NO_FATAL_FAILURE(initClient()); }

    void TearDown() override {

        mComposerClient->dispose();

        mBGSurfaceControl.clear();

        mComposerClient.clear();

        // Finish the tests as root.

        seteuid(AID_ROOT);

    }

    sp<IBinder> mDisplay;

                  t.setLayer(mBGSurfaceControl, INT_MAX - 3).show(mBGSurfaceControl).apply());

    }

    /**

     * Sets UID to imitate Graphic's process.

     */

    void setGraphicsUID() {

        seteuid(AID_ROOT);

        seteuid(AID_GRAPHICS);

    }

    /**

     * Sets UID to imitate System's process.

     */

    void setSystemUID() {

        seteuid(AID_ROOT);

        seteuid(AID_SYSTEM);

    }

    /**

     * Sets UID to imitate a process that doesn't have any special privileges in

     * our code.

     */

    void setBinUID() {

        seteuid(AID_ROOT);

        seteuid(AID_BIN);

    }

    /**

     * Template function the check a condition for different types of users: root

     * graphics, system, and non-supported user. Root, graphics, and system should

    template <typename T>

    void checkWithPrivileges(std::function<T()> condition, T privilegedValue, T unprivilegedValue) {

        // Check with root.

        seteuid(AID_ROOT);

        {

            UIDFaker f(AID_SYSTEM);

            ASSERT_EQ(privilegedValue, condition());

        }

        // Check as a Graphics user.

        setGraphicsUID();

        {

            UIDFaker f(AID_GRAPHICS);

            ASSERT_EQ(privilegedValue, condition());

        }

        // Check as a system user.

        setSystemUID();

        {

            UIDFaker f(AID_SYSTEM);

            ASSERT_EQ(privilegedValue, condition());

        }

        // Check as a non-supported user.

        setBinUID();

        {

            UIDFaker f(AID_BIN);

            ASSERT_EQ(unprivilegedValue, condition());

        }

        // Check as shell since shell has some additional permissions

        seteuid(AID_SHELL);

        ASSERT_EQ(unprivilegedValue, condition());

        {

            UIDFaker f(AID_SHELL);

            ASSERT_EQ(privilegedValue, condition());

        }

    }

};

    ASSERT_NO_FATAL_FAILURE(initClient());

    // Graphics can init the client.

    setGraphicsUID();

    {

        UIDFaker f(AID_GRAPHICS);

        ASSERT_NO_FATAL_FAILURE(initClient());

    }

    // System can init the client.

    setSystemUID();

    {

        UIDFaker f(AID_SYSTEM);

        ASSERT_NO_FATAL_FAILURE(initClient());

    }

    // Anyone else can init the client.

    setBinUID();

    {

        UIDFaker f(AID_BIN);

        mComposerClient = sp<SurfaceComposerClient>::make();

        ASSERT_NO_FATAL_FAILURE(initClient());

    }

}

TEST_F(CredentialsTest, GetBuiltInDisplayAccessTest) {

    std::function<bool()> condition = [] {

TEST_F(CredentialsTest, AllowedGetterMethodsTest) {

    // The following methods are tested with a UID that is not root, graphics,

    // or system, to show that anyone can access them.

    setBinUID();

    UIDFaker f(AID_BIN);

    const auto display = SurfaceComposerClient::getInternalDisplayToken();

    ASSERT_TRUE(display != nullptr);

    };

    // Check with root.

    seteuid(AID_ROOT);

    {

        UIDFaker f(AID_ROOT);

        ASSERT_FALSE(condition());

    }

    // Check as a Graphics user.

    setGraphicsUID();

    {

        UIDFaker f(AID_GRAPHICS);

        ASSERT_TRUE(condition());

    }

    // Check as a system user.

    setSystemUID();

    {

        UIDFaker f(AID_SYSTEM);

        ASSERT_TRUE(condition());

    }

    // Check as a non-supported user.

    setBinUID();

    {

        UIDFaker f(AID_BIN);

        ASSERT_FALSE(condition());

    }

    // Check as shell since shell has some additional permissions

    seteuid(AID_SHELL);

    {

        UIDFaker f(AID_SHELL);

        ASSERT_FALSE(condition());

    }

    condition = [=]() {

        sp<IBinder> testDisplay = SurfaceComposerClient::createDisplay(DISPLAY_NAME, false);

    // Historically, only root and shell can access the getLayerDebugInfo which

    // is called when we call dumpsys. I don't see a reason why we should change this.

    std::vector<LayerDebugInfo> outLayers;

    binder::Status status = binder::Status::ok();

    // Check with root.

    seteuid(AID_ROOT);

    binder::Status status = sf->getLayerDebugInfo(&outLayers);

    {

        UIDFaker f(AID_ROOT);

        status = sf->getLayerDebugInfo(&outLayers);

        ASSERT_EQ(NO_ERROR, statusTFromBinderStatus(status));

    }

    // Check as a shell.

    seteuid(AID_SHELL);

    {

        UIDFaker f(AID_SHELL);

        status = sf->getLayerDebugInfo(&outLayers);

        ASSERT_EQ(NO_ERROR, statusTFromBinderStatus(status));

    }

    // Check as anyone else.

    seteuid(AID_ROOT);

    seteuid(AID_BIN);

    {

        UIDFaker f(AID_BIN);

        status = sf->getLayerDebugInfo(&outLayers);

        ASSERT_EQ(PERMISSION_DENIED, statusTFromBinderStatus(status));

    }

}

TEST_F(CredentialsTest, IsWideColorDisplayBasicCorrectness) {

    const auto display = SurfaceComposerClient::getInternalDisplayToken();