Make default permission checks in performance service more restrictive.

author Corey Tabaka <eieio@google.com>

Fri, 30 Jun 2017 18:27:57 +0000 (11:27 -0700)

committer Corey Tabaka <eieio@google.com>

Fri, 30 Jun 2017 18:46:39 +0000 (11:46 -0700)
author Corey Tabaka <eieio@google.com>
Fri, 30 Jun 2017 18:27:57 +0000 (11:27 -0700)
committer Corey Tabaka <eieio@google.com>
Fri, 30 Jun 2017 18:46:39 +0000 (11:46 -0700)
diff --git a/services/vr/performanced/performance_service.cpp b/services/vr/performanced/performance_service.cpp

index 3f7009a..4b9fbe0 100644 (file)
--- a/services/vr/performanced/performance_service.cpp
+++ b/services/vr/performanced/performance_service.cpp
@@ -63,7 +63,7 @@ struct GroupId {
  // Returns true if the sender's euid is trusted according to VR manager service.
  struct Trusted {
    static bool Check(const Message& sender, const Task&) {
-    return IsTrustedUid(sender.GetEffectiveUserId(), false);
+    return IsTrustedUid(sender.GetEffectiveUserId());
    }
  };
  
diff --git a/services/vr/performanced/performance_service.h b/services/vr/performanced/performance_service.h

index b812535..b28d94a 100644 (file)
--- a/services/vr/performanced/performance_service.h
+++ b/services/vr/performanced/performance_service.h
@@ -53,10 +53,13 @@ class PerformanceService : public pdx::ServiceBase<PerformanceService> {
          permission_check;
  
      // Check the permisison of the given task to use this scheduler class. If a
-    // permission check function is not set then all tasks are allowed.
-    bool IsAllowed(const pdx::Message& message, const Task& task) const {
+    // permission check function is not set then operations are only allowed on
+    // tasks in the sender's process.
+    bool IsAllowed(const pdx::Message& sender, const Task& task) const {
        if (permission_check)
-        return permission_check(message, task);
+        return permission_check(sender, task);
+      else if (!task || task.thread_group_id() != sender.GetProcessId())
+        return false;
        else
          return true;
      }
diff --git a/services/vr/performanced/performance_service_tests.cpp b/services/vr/performanced/performance_service_tests.cpp

index 7de1f08..274a1b3 100644 (file)
--- a/services/vr/performanced/performance_service_tests.cpp
+++ b/services/vr/performanced/performance_service_tests.cpp
@@ -183,6 +183,17 @@ TEST(PerformanceTest, Permissions) {
    ASSERT_EQ(AID_ROOT, original_uid)
        << "This test must run as root to function correctly!";
  
+  // Test unprivileged policies on a task that does not belong to this process.
+  // Use the init process (task_id=1) as the target.
+  error = dvrSetSchedulerPolicy(1, "batch");
+  EXPECT_EQ(-EINVAL, error);
+  error = dvrSetSchedulerPolicy(1, "background");
+  EXPECT_EQ(-EINVAL, error);
+  error = dvrSetSchedulerPolicy(1, "foreground");
+  EXPECT_EQ(-EINVAL, error);
+  error = dvrSetSchedulerPolicy(1, "normal");
+  EXPECT_EQ(-EINVAL, error);
+
    // Switch the uid/gid to an id that should not have permission to access any
    // privileged actions.
    ASSERT_EQ(0, setresgid(AID_NOBODY, AID_NOBODY, -1))
author	Corey Tabaka <eieio@google.com>
	Fri, 30 Jun 2017 18:27:57 +0000 (11:27 -0700)
committer	Corey Tabaka <eieio@google.com>
	Fri, 30 Jun 2017 18:46:39 +0000 (11:46 -0700)
services/vr/performanced/performance_service.cpp		patch \| blob \| history
services/vr/performanced/performance_service.h		patch \| blob \| history
services/vr/performanced/performance_service_tests.cpp		patch \| blob \| history