openkylin
/
platform_system_core
mirror of https://gitee.com/openkylin/platform_system_core.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

liblog: test: liblog.__security miscalculation 

(cherry pick from commit b867beac56)

The gTest should not be able to set ro.device_owner, either as a unit
test or a CTS test.  The CTS test should not be able to set
persist.logd.security, the gTest may as it is run on userdebug with
root, so check if we are root to discern expectations.

Test: gTest liblog-unit-tests --gtest_filter=liblog.__security
Test: cts-tradefed run cts-dev -a armeabi-v7a -m CtsLiblogTestCases -t liblog#__security
Bug: 36480230
Change-Id: I1da88aae34da4e2fca8dd88d740eeb879d9c65bb
This commit is contained in:
Mark Salyzyn 2017-04-20 09:59:01 -07:00
parent ad8d533a04
commit b7140c26d5
1 changed files with 51 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
liblog/tests/liblog_test.cpp
View File

@ -1839,6 +1839,7 @@ TEST(liblog, __security) {
// that it can be determined the property is not set.
static const char nothing_val[] = "_NOTHING_TO_SEE_HERE_";
char persist[PROP_VALUE_MAX];
char persist_hold[PROP_VALUE_MAX];
char readonly[PROP_VALUE_MAX];
// First part of this test requires the test itself to have the appropriate
@ -1846,14 +1847,16 @@ TEST(liblog, __security) {
// bail rather than give a failing grade.
property_get(persist_key, persist, "");
fprintf(stderr, "INFO: getprop %s -> %s\n", persist_key, persist);
strncpy(persist_hold, persist, PROP_VALUE_MAX);
property_get(readonly_key, readonly, nothing_val);
fprintf(stderr, "INFO: getprop %s -> %s\n", readonly_key, readonly);
if (!strcmp(readonly, nothing_val)) {
// Lets check if we can set the value (we should not be allowed to do so)
EXPECT_FALSE(__android_log_security());
fprintf(stderr, "WARNING: setting ro.device_owner to a domain\n");
static const char domain[] = "com.google.android.SecOps.DeviceOwner";
property_set(readonly_key, domain);
EXPECT_NE(0, property_set(readonly_key, domain));
useconds_t total_time = 0;
static const useconds_t seconds = 1000000;
static const useconds_t max_time = 5 * seconds; // not going to happen
@ -1870,9 +1873,12 @@ TEST(liblog, __security) {
break;
}
}
EXPECT_STREQ(readonly, domain);
} else if (!strcasecmp(readonly, "false") || !readonly[0]) {
// not enough permissions to run
EXPECT_STRNE(domain, readonly);
}
if (!strcasecmp(readonly, "false") || !readonly[0] ||
!strcmp(readonly, nothing_val)) {
// not enough permissions to run tests surrounding persist.logd.security
EXPECT_FALSE(__android_log_security());
return;
}
@ -1883,16 +1889,51 @@ TEST(liblog, __security) {
EXPECT_FALSE(__android_log_security());
}
property_set(persist_key, "TRUE");
EXPECT_TRUE(__android_log_security());
property_get(persist_key, persist, "");
uid_t uid = getuid();
gid_t gid = getgid();
bool perm = (gid == AID_ROOT) || (uid == AID_ROOT);
EXPECT_STREQ(perm ? "TRUE" : persist_hold, persist);
if (!strcasecmp(persist, "true")) {
EXPECT_TRUE(__android_log_security());
} else {
EXPECT_FALSE(__android_log_security());
}
property_set(persist_key, "FALSE");
EXPECT_FALSE(__android_log_security());
property_get(persist_key, persist, "");
EXPECT_STREQ(perm ? "FALSE" : persist_hold, persist);
if (!strcasecmp(persist, "true")) {
EXPECT_TRUE(__android_log_security());
} else {
EXPECT_FALSE(__android_log_security());
}
property_set(persist_key, "true");
EXPECT_TRUE(__android_log_security());
property_get(persist_key, persist, "");
EXPECT_STREQ(perm ? "true" : persist_hold, persist);
if (!strcasecmp(persist, "true")) {
EXPECT_TRUE(__android_log_security());
} else {
EXPECT_FALSE(__android_log_security());
}
property_set(persist_key, "false");
EXPECT_FALSE(__android_log_security());
property_get(persist_key, persist, "");
EXPECT_STREQ(perm ? "false" : persist_hold, persist);
if (!strcasecmp(persist, "true")) {
EXPECT_TRUE(__android_log_security());
} else {
EXPECT_FALSE(__android_log_security());
}
property_set(persist_key, "");
EXPECT_FALSE(__android_log_security());
property_set(persist_key, persist);
property_get(persist_key, persist, "");
EXPECT_STREQ(perm ? "" : persist_hold, persist);
if (!strcasecmp(persist, "true")) {
EXPECT_TRUE(__android_log_security());
} else {
EXPECT_FALSE(__android_log_security());
}
property_set(persist_key, persist_hold);
property_get(persist_key, persist, "");
EXPECT_STREQ(persist_hold, persist);
#else
GTEST_LOG_(INFO) << "This test does nothing.\n";
#endif