diff --git a/libcutils/include/cutils/multiuser.h b/libcutils/include/cutils/multiuser.h index 9a2305c98..229ee3a9a 100644 --- a/libcutils/include/cutils/multiuser.h +++ b/libcutils/include/cutils/multiuser.h @@ -30,6 +30,7 @@ extern userid_t multiuser_get_user_id(uid_t uid); extern appid_t multiuser_get_app_id(uid_t uid); extern uid_t multiuser_get_uid(userid_t user_id, appid_t app_id); +extern uid_t multiuser_get_sdk_sandbox_uid(userid_t user_id, appid_t app_id); extern gid_t multiuser_get_cache_gid(userid_t user_id, appid_t app_id); extern gid_t multiuser_get_ext_gid(userid_t user_id, appid_t app_id); diff --git a/libcutils/include/private/android_filesystem_config.h b/libcutils/include/private/android_filesystem_config.h index 8e6b81c2b..ec3f1c756 100644 --- a/libcutils/include/private/android_filesystem_config.h +++ b/libcutils/include/private/android_filesystem_config.h @@ -210,6 +210,10 @@ */ #define AID_OVERFLOWUID 65534 /* unmapped user in the user namespace */ +/* use the ranges below to determine whether a process is sdk sandbox */ +#define AID_SDK_SANDBOX_PROCESS_START 20000 /* start of uids allocated to sdk sandbox processes */ +#define AID_SDK_SANDBOX_PROCESS_END 29999 /* end of uids allocated to sdk sandbox processes */ + /* use the ranges below to determine whether a process is isolated */ #define AID_ISOLATED_START 90000 /* start of uids for fully isolated sandboxed processes */ #define AID_ISOLATED_END 99999 /* end of uids for fully isolated sandboxed processes */ diff --git a/libcutils/multiuser.cpp b/libcutils/multiuser.cpp index 0fd3d0c52..979cbf43b 100644 --- a/libcutils/multiuser.cpp +++ b/libcutils/multiuser.cpp @@ -29,6 +29,15 @@ uid_t multiuser_get_uid(userid_t user_id, appid_t app_id) { return (user_id * AID_USER_OFFSET) + (app_id % AID_USER_OFFSET); } +uid_t multiuser_get_sdk_sandbox_uid(userid_t user_id, appid_t app_id) { + int sdk_sandbox_offset = AID_SDK_SANDBOX_PROCESS_START - AID_APP_START; + if (app_id >= AID_APP_START && app_id <= AID_APP_END) { + return (user_id * AID_USER_OFFSET) + (app_id % AID_USER_OFFSET) + sdk_sandbox_offset; + } else { + return -1; + } +} + gid_t multiuser_get_cache_gid(userid_t user_id, appid_t app_id) { if (app_id >= AID_APP_START && app_id <= AID_APP_END) { return multiuser_get_uid(user_id, (app_id - AID_APP_START) + AID_CACHE_GID_START); diff --git a/libcutils/multiuser_test.cpp b/libcutils/multiuser_test.cpp index 4b0fd130f..62dd5e02c 100644 --- a/libcutils/multiuser_test.cpp +++ b/libcutils/multiuser_test.cpp @@ -18,6 +18,7 @@ #include static constexpr auto ERR_GID = static_cast(-1); +static constexpr auto ERR_UID = static_cast(-1); TEST(MultiuserTest, TestMerge) { EXPECT_EQ(0U, multiuser_get_uid(0, 0)); @@ -30,6 +31,22 @@ TEST(MultiuserTest, TestMerge) { EXPECT_EQ(1050000U, multiuser_get_uid(10, 50000)); } +TEST(MultiuserTest, TestSdkSandboxUid) { + EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(0, 0)); + EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(0, 1000)); + EXPECT_EQ(20000U, multiuser_get_sdk_sandbox_uid(0, 10000)); + EXPECT_EQ(25000U, multiuser_get_sdk_sandbox_uid(0, 15000)); + EXPECT_EQ(29999U, multiuser_get_sdk_sandbox_uid(0, 19999)); + EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(0, 50000)); + + EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(10, 0)); + EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(10, 1000)); + EXPECT_EQ(1020000U, multiuser_get_sdk_sandbox_uid(10, 10000)); + EXPECT_EQ(1025000U, multiuser_get_sdk_sandbox_uid(10, 15000)); + EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(10, 20000)); + EXPECT_EQ(ERR_UID, multiuser_get_sdk_sandbox_uid(10, 50000)); +} + TEST(MultiuserTest, TestSplitUser) { EXPECT_EQ(0U, multiuser_get_user_id(0)); EXPECT_EQ(0U, multiuser_get_user_id(1000));