1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <linux/futex.h> 18 #include <pthread.h> 19 #include <sys/stat.h> 20 #include <unistd.h> 21 22 #include <string> 23 #include <thread> 24 #include <vector> 25 26 #include <android-base/file.h> 27 #include <android-base/scopeguard.h> 28 #include <android-base/test_utils.h> 29 #include <gtest/gtest.h> 30 #include <selinux/selinux.h> 31 32 using namespace std::string_literals; 33 34 template <typename T, typename F> 35 void WriteFromMultipleThreads(std::vector<std::pair<std::string, T>>& files_and_parameters, 36 F function) { 37 auto num_threads = files_and_parameters.size(); 38 pthread_barrier_t barrier; 39 pthread_barrier_init(&barrier, nullptr, num_threads); 40 auto barrier_destroy = 41 android::base::make_scope_guard([&barrier]() { pthread_barrier_destroy(&barrier); }); 42 43 auto make_thread_function = [&function, &barrier](const auto& file, const auto& parameter) { 44 return [&]() { 45 function(parameter); 46 pthread_barrier_wait(&barrier); 47 android::base::WriteStringToFile("<empty>", file); 48 }; 49 }; 50 51 std::vector<std::thread> threads; 52 // TODO(b/63712782): Structured bindings + templated containers are broken in clang :( 53 // for (const auto& [file, parameter] : files_and_parameters) { 54 for (const auto& pair : files_and_parameters) { 55 const auto& file = pair.first; 56 const auto& parameter = pair.second; 57 threads.emplace_back(std::thread(make_thread_function(file, parameter))); 58 } 59 60 for (auto& thread : threads) { 61 thread.join(); 62 } 63 } 64 65 TEST(ueventd, setegid_IsPerThread) { 66 if (getuid() != 0) { 67 GTEST_LOG_(INFO) << "Skipping test, must be run as root."; 68 return; 69 } 70 71 TemporaryDir dir; 72 73 gid_t gid = 0; 74 std::vector<std::pair<std::string, gid_t>> files_and_gids; 75 std::generate_n(std::back_inserter(files_and_gids), 100, [&gid, &dir]() { 76 gid++; 77 return std::pair(dir.path + "/gid_"s + std::to_string(gid), gid); 78 }); 79 80 WriteFromMultipleThreads(files_and_gids, [](gid_t gid) { EXPECT_EQ(0, setegid(gid)); }); 81 82 for (const auto& [file, expected_gid] : files_and_gids) { 83 struct stat info; 84 ASSERT_EQ(0, stat(file.c_str(), &info)); 85 EXPECT_EQ(expected_gid, info.st_gid); 86 } 87 } 88 89 TEST(ueventd, setfscreatecon_IsPerThread) { 90 if (getuid() != 0) { 91 GTEST_LOG_(INFO) << "Skipping test, must be run as root."; 92 return; 93 } 94 if (!is_selinux_enabled() || security_getenforce() == 1) { 95 GTEST_LOG_(INFO) << "Skipping test, SELinux must be enabled and in permissive mode."; 96 return; 97 } 98 99 const char* const contexts[] = { 100 "u:object_r:audio_device:s0", 101 "u:object_r:sensors_device:s0", 102 "u:object_r:video_device:s0" 103 "u:object_r:zero_device:s0", 104 }; 105 106 TemporaryDir dir; 107 std::vector<std::pair<std::string, std::string>> files_and_contexts; 108 for (const char* context : contexts) { 109 files_and_contexts.emplace_back(dir.path + "/context_"s + context, context); 110 } 111 112 WriteFromMultipleThreads(files_and_contexts, [](const std::string& context) { 113 EXPECT_EQ(0, setfscreatecon(context.c_str())); 114 }); 115 116 for (const auto& [file, expected_context] : files_and_contexts) { 117 char* file_context; 118 ASSERT_GT(getfilecon(file.c_str(), &file_context), 0); 119 EXPECT_EQ(expected_context, file_context); 120 freecon(file_context); 121 } 122 } 123
