diff options
| author | Mark Salyzyn <salyzyn@google.com> | 2016-12-02 08:05:22 -0800 |
|---|---|---|
| committer | Mark Salyzyn <salyzyn@google.com> | 2016-12-05 11:26:39 -0800 |
| commit | 978fd0ea254f11f84e38b41a74bbe70c81edc197 (patch) | |
| tree | 9648713f103f13b660c368c56102ae8c1cba19c0 /init/util_test.cpp | |
| parent | e218fc673fcc0aa4a7291b4a2161d9427aa79aa3 (diff) | |
| download | system_core-978fd0ea254f11f84e38b41a74bbe70c81edc197.tar.gz system_core-978fd0ea254f11f84e38b41a74bbe70c81edc197.tar.bz2 system_core-978fd0ea254f11f84e38b41a74bbe70c81edc197.zip | |
init: service file command only opens existing files
Mixing open or create, along with attribute(MAC) and permissions(DAC)
is a security and confusion issue.
Fix an issue where fcntl F_SETFD was called to clear O_NONBLOCK, when
it should have been F_SETFL. Did not present a problem because the
current user of this feature does writes and control messages only.
Test: gTest logd-unit-tests and check dmesg for logd content.
Bug: 32450474
Bug: 33242020
Change-Id: I23cb9a9be5ddb7e8e9c58c79838bc07536e766e6
Diffstat (limited to 'init/util_test.cpp')
| -rw-r--r-- | init/util_test.cpp | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/init/util_test.cpp b/init/util_test.cpp index e9f164d82..24c75c42d 100644 --- a/init/util_test.cpp +++ b/init/util_test.cpp @@ -16,19 +16,9 @@ #include "util.h" -#include <ctype.h> #include <errno.h> -#include <fcntl.h> -#include <stdlib.h> -#include <sys/stat.h> -#include <sys/types.h> -#include <unistd.h> -#include <android-base/stringprintf.h> -#include <android-base/test_utils.h> -#include <cutils/android_get_control_file.h> #include <gtest/gtest.h> -#include <selinux/android.h> TEST(util, read_file_ENOENT) { std::string s("hello"); @@ -52,54 +42,3 @@ TEST(util, decode_uid) { EXPECT_EQ(UINT_MAX, decode_uid("toot")); EXPECT_EQ(123U, decode_uid("123")); } - -struct selabel_handle *sehandle; - -TEST(util, create_file) { - if (!sehandle) sehandle = selinux_android_file_context_handle(); - - TemporaryFile tf; - close(tf.fd); - EXPECT_GE(unlink(tf.path), 0); - - std::string key(ANDROID_FILE_ENV_PREFIX); - key += tf.path; - - std::for_each(key.begin(), key.end(), [] (char& c) { c = isalnum(c) ? c : '_'; }); - - EXPECT_EQ(unsetenv(key.c_str()), 0); - - uid_t uid = decode_uid("logd"); - gid_t gid = decode_uid("system"); - mode_t perms = S_IRWXU | S_IWGRP | S_IRGRP | S_IROTH; - static const char context[] = "u:object_r:misc_logd_file:s0"; - EXPECT_GE(tf.fd = create_file(tf.path, O_RDWR | O_CREAT, perms, uid, gid, context), 0); - if (tf.fd < 0) return; - static const char hello[] = "hello world\n"; - static const ssize_t len = strlen(hello); - EXPECT_EQ(write(tf.fd, hello, len), len); - char buffer[sizeof(hello) + 1]; - memset(buffer, 0, sizeof(buffer)); - EXPECT_GE(lseek(tf.fd, 0, SEEK_SET), 0); - EXPECT_EQ(read(tf.fd, buffer, sizeof(buffer)), len); - EXPECT_EQ(std::string(hello), buffer); - EXPECT_EQ(android_get_control_file(tf.path), -1); - EXPECT_EQ(setenv(key.c_str(), android::base::StringPrintf("%d", tf.fd).c_str(), true), 0); - EXPECT_EQ(android_get_control_file(tf.path), tf.fd); - close(tf.fd); - EXPECT_EQ(android_get_control_file(tf.path), -1); - EXPECT_EQ(unsetenv(key.c_str()), 0); - struct stat st; - EXPECT_EQ(stat(tf.path, &st), 0); - EXPECT_EQ(st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO), perms); - EXPECT_EQ(st.st_uid, uid); - EXPECT_EQ(st.st_gid, gid); - security_context_t con; - EXPECT_GE(getfilecon(tf.path, &con), 0); - EXPECT_NE(con, static_cast<security_context_t>(NULL)); - if (con) { - EXPECT_EQ(context, std::string(con)); - } - freecon(con); - EXPECT_EQ(unlink(tf.path), 0); -} |