95646e6666
We've talked about this many times in the past, but partners struggle to understand "expected 38, got 22" in these contexts, and I always have to go and check the header files just to be sure I'm sure. I actually think the glibc geterrorname_np() function (which would return "ENOSYS" rather than "Function not implemented") would be more helpful, but I'll have to go and implement that first, and then come back. Being forced to go through all our errno assertions did also make me want to use a more consistent style for our ENOSYS assertions in particular --- there's a particularly readable idiom, and I'll also come back and move more of those checks to the most readable idiom. I've added a few missing `errno = 0`s before tests, and removed a few stray `errno = 0`s from tests that don't actually make assertions about errno, since I had to look at every single reference to errno anyway. Test: treehugger Change-Id: Iba7c56f2adc30288c3e00ade106635e515e88179
119 lines
4 KiB
C++
119 lines
4 KiB
C++
/*
|
|
* Copyright (C) 2015 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include <inttypes.h>
|
|
#include <limits.h>
|
|
#include <stdio.h>
|
|
#include <sys/capability.h>
|
|
#include <sys/mman.h>
|
|
#include <sys/prctl.h>
|
|
#include <sys/utsname.h>
|
|
#include <unistd.h>
|
|
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include <gtest/gtest.h>
|
|
|
|
#include "android-base/file.h"
|
|
#include "android-base/strings.h"
|
|
|
|
#include "utils.h"
|
|
|
|
// http://b/20017123.
|
|
TEST(sys_prctl, bug_20017123) {
|
|
#if defined(PR_SET_VMA) // PR_SET_VMA is only available in Android kernels.
|
|
size_t page_size = static_cast<size_t>(sysconf(_SC_PAGESIZE));
|
|
void* p = mmap(NULL, page_size * 3, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
|
|
ASSERT_NE(MAP_FAILED, p);
|
|
ASSERT_EQ(0, mprotect(p, page_size, PROT_NONE));
|
|
ASSERT_NE(-1, prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, p, page_size * 3, "anonymous map space"));
|
|
// Now read the maps and verify that there are no overlapped maps.
|
|
std::string file_data;
|
|
ASSERT_TRUE(android::base::ReadFileToString("/proc/self/maps", &file_data));
|
|
|
|
uintptr_t last_end = 0;
|
|
std::vector<std::string> lines = android::base::Split(file_data, "\n");
|
|
for (size_t i = 0; i < lines.size(); i++) {
|
|
if (lines[i].empty()) {
|
|
continue;
|
|
}
|
|
uintptr_t start;
|
|
uintptr_t end;
|
|
ASSERT_EQ(2, sscanf(lines[i].c_str(), "%" SCNxPTR "-%" SCNxPTR " ", &start, &end))
|
|
<< "Failed to parse line: " << lines[i];
|
|
// This will never fail on the first line, so no need to do any special checking.
|
|
ASSERT_GE(start, last_end)
|
|
<< "Overlapping map detected:\n" << lines[i -1] << '\n' << lines[i] << '\n';
|
|
last_end = end;
|
|
}
|
|
|
|
ASSERT_EQ(0, munmap(p, page_size * 3));
|
|
#else
|
|
GTEST_SKIP() << "PR_SET_VMA not available";
|
|
#endif
|
|
}
|
|
|
|
TEST(sys_prctl, pr_cap_ambient) {
|
|
// PR_CAP_AMBIENT was introduced in v4.3. Android devices should always
|
|
// have a backport, but we can't guarantee it's available on the host.
|
|
#if defined(__ANDROID__) || defined(PR_CAP_AMBIENT)
|
|
const std::string caps_sha =
|
|
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/"
|
|
"?id=58319057b7847667f0c9585b9de0e8932b0fdb08";
|
|
const std::string caps_typo_sha =
|
|
"https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/"
|
|
"?id=b7f76ea2ef6739ee484a165ffbac98deb855d3d3";
|
|
|
|
utsname u = {};
|
|
ASSERT_EQ(0, uname(&u));
|
|
|
|
errno = 0;
|
|
auto err = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_CLEAR_ALL, 0, 0, 0);
|
|
EXPECT_EQ(0, err);
|
|
// EINVAL -> unrecognized prctl option
|
|
ASSERT_NE(EINVAL, errno) << "kernel (" << u.release << ") missing required commits:\n"
|
|
<< caps_sha << "\n"
|
|
<< caps_typo_sha << "\n";
|
|
|
|
// Unprivileged processes shouldn't be able to raise CAP_SYS_ADMIN,
|
|
// but they can check or lower it
|
|
err = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, CAP_SYS_ADMIN, 0, 0);
|
|
EXPECT_EQ(-1, err);
|
|
EXPECT_ERRNO(EPERM);
|
|
|
|
err = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, CAP_SYS_ADMIN, 0, 0);
|
|
EXPECT_EQ(0, err);
|
|
|
|
err = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, CAP_SYS_ADMIN, 0, 0);
|
|
EXPECT_EQ(0, err);
|
|
|
|
// ULONG_MAX isn't a legal cap
|
|
err = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, ULONG_MAX, 0, 0);
|
|
EXPECT_EQ(-1, err);
|
|
EXPECT_ERRNO(EINVAL);
|
|
|
|
err = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, ULONG_MAX, 0, 0);
|
|
EXPECT_EQ(-1, err);
|
|
EXPECT_ERRNO(EINVAL);
|
|
|
|
err = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, ULONG_MAX, 0, 0);
|
|
EXPECT_EQ(-1, err);
|
|
EXPECT_ERRNO(EINVAL);
|
|
#else
|
|
GTEST_SKIP() << "PR_CAP_AMBIENT not available";
|
|
#endif
|
|
}
|