// Returns true if the sender's euid is trusted according to VR manager service.
struct Trusted {
static bool Check(const Message& sender, const Task&) {
- return IsTrustedUid(sender.GetEffectiveUserId(), false);
+ return IsTrustedUid(sender.GetEffectiveUserId());
}
};
permission_check;
// Check the permisison of the given task to use this scheduler class. If a
- // permission check function is not set then all tasks are allowed.
- bool IsAllowed(const pdx::Message& message, const Task& task) const {
+ // permission check function is not set then operations are only allowed on
+ // tasks in the sender's process.
+ bool IsAllowed(const pdx::Message& sender, const Task& task) const {
if (permission_check)
- return permission_check(message, task);
+ return permission_check(sender, task);
+ else if (!task || task.thread_group_id() != sender.GetProcessId())
+ return false;
else
return true;
}
ASSERT_EQ(AID_ROOT, original_uid)
<< "This test must run as root to function correctly!";
+ // Test unprivileged policies on a task that does not belong to this process.
+ // Use the init process (task_id=1) as the target.
+ error = dvrSetSchedulerPolicy(1, "batch");
+ EXPECT_EQ(-EINVAL, error);
+ error = dvrSetSchedulerPolicy(1, "background");
+ EXPECT_EQ(-EINVAL, error);
+ error = dvrSetSchedulerPolicy(1, "foreground");
+ EXPECT_EQ(-EINVAL, error);
+ error = dvrSetSchedulerPolicy(1, "normal");
+ EXPECT_EQ(-EINVAL, error);
+
// Switch the uid/gid to an id that should not have permission to access any
// privileged actions.
ASSERT_EQ(0, setresgid(AID_NOBODY, AID_NOBODY, -1))