From b867beac562edeec9006f876956407d00b71b314 Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Thu, 20 Apr 2017 09:59:01 -0700
Subject: [PATCH] liblog: test: liblog.__security miscalculation

The gTest should not be able to set ro.device_owner, either as a unit
test or a CTS test.  The CTS test should not be able to set
persist.logd.security, the gTest may as it is run on userdebug with
root, so check if we are root to discern expectations.

Test: gTest liblog-unit-tests --gtest_filter=liblog.__security
Test: cts-tradefed run cts-dev -a armeabi-v7a -m CtsLiblogTestCases -t liblog#__security
Bug: 36480230
Change-Id: I1da88aae34da4e2fca8dd88d740eeb879d9c65bb
---
 liblog/tests/liblog_test.cpp | 61 ++++++++++++++++++++++++++++++------
 1 file changed, 51 insertions(+), 10 deletions(-)

diff --git a/liblog/tests/liblog_test.cpp b/liblog/tests/liblog_test.cpp
index 70b8a28a4..ec32da076 100644
--- a/liblog/tests/liblog_test.cpp
+++ b/liblog/tests/liblog_test.cpp
@@ -1839,6 +1839,7 @@ TEST(liblog, __security) {
   // that it can be determined the property is not set.
   static const char nothing_val[] = "_NOTHING_TO_SEE_HERE_";
   char persist[PROP_VALUE_MAX];
+  char persist_hold[PROP_VALUE_MAX];
   char readonly[PROP_VALUE_MAX];
 
   // First part of this test requires the test itself to have the appropriate
@@ -1846,14 +1847,16 @@ TEST(liblog, __security) {
   // bail rather than give a failing grade.
   property_get(persist_key, persist, "");
   fprintf(stderr, "INFO: getprop %s -> %s\n", persist_key, persist);
+  strncpy(persist_hold, persist, PROP_VALUE_MAX);
   property_get(readonly_key, readonly, nothing_val);
   fprintf(stderr, "INFO: getprop %s -> %s\n", readonly_key, readonly);
 
   if (!strcmp(readonly, nothing_val)) {
+    // Lets check if we can set the value (we should not be allowed to do so)
     EXPECT_FALSE(__android_log_security());
     fprintf(stderr, "WARNING: setting ro.device_owner to a domain\n");
     static const char domain[] = "com.google.android.SecOps.DeviceOwner";
-    property_set(readonly_key, domain);
+    EXPECT_NE(0, property_set(readonly_key, domain));
     useconds_t total_time = 0;
     static const useconds_t seconds = 1000000;
     static const useconds_t max_time = 5 * seconds;  // not going to happen
@@ -1870,9 +1873,12 @@ TEST(liblog, __security) {
         break;
       }
     }
-    EXPECT_STREQ(readonly, domain);
-  } else if (!strcasecmp(readonly, "false") || !readonly[0]) {
-    // not enough permissions to run
+    EXPECT_STRNE(domain, readonly);
+  }
+
+  if (!strcasecmp(readonly, "false") || !readonly[0] ||
+      !strcmp(readonly, nothing_val)) {
+    // not enough permissions to run tests surrounding persist.logd.security
     EXPECT_FALSE(__android_log_security());
     return;
   }
@@ -1883,16 +1889,51 @@ TEST(liblog, __security) {
     EXPECT_FALSE(__android_log_security());
   }
   property_set(persist_key, "TRUE");
-  EXPECT_TRUE(__android_log_security());
+  property_get(persist_key, persist, "");
+  uid_t uid = getuid();
+  gid_t gid = getgid();
+  bool perm = (gid == AID_ROOT) || (uid == AID_ROOT);
+  EXPECT_STREQ(perm ? "TRUE" : persist_hold, persist);
+  if (!strcasecmp(persist, "true")) {
+    EXPECT_TRUE(__android_log_security());
+  } else {
+    EXPECT_FALSE(__android_log_security());
+  }
   property_set(persist_key, "FALSE");
-  EXPECT_FALSE(__android_log_security());
+  property_get(persist_key, persist, "");
+  EXPECT_STREQ(perm ? "FALSE" : persist_hold, persist);
+  if (!strcasecmp(persist, "true")) {
+    EXPECT_TRUE(__android_log_security());
+  } else {
+    EXPECT_FALSE(__android_log_security());
+  }
   property_set(persist_key, "true");
-  EXPECT_TRUE(__android_log_security());
+  property_get(persist_key, persist, "");
+  EXPECT_STREQ(perm ? "true" : persist_hold, persist);
+  if (!strcasecmp(persist, "true")) {
+    EXPECT_TRUE(__android_log_security());
+  } else {
+    EXPECT_FALSE(__android_log_security());
+  }
   property_set(persist_key, "false");
-  EXPECT_FALSE(__android_log_security());
+  property_get(persist_key, persist, "");
+  EXPECT_STREQ(perm ? "false" : persist_hold, persist);
+  if (!strcasecmp(persist, "true")) {
+    EXPECT_TRUE(__android_log_security());
+  } else {
+    EXPECT_FALSE(__android_log_security());
+  }
   property_set(persist_key, "");
-  EXPECT_FALSE(__android_log_security());
-  property_set(persist_key, persist);
+  property_get(persist_key, persist, "");
+  EXPECT_STREQ(perm ? "" : persist_hold, persist);
+  if (!strcasecmp(persist, "true")) {
+    EXPECT_TRUE(__android_log_security());
+  } else {
+    EXPECT_FALSE(__android_log_security());
+  }
+  property_set(persist_key, persist_hold);
+  property_get(persist_key, persist, "");
+  EXPECT_STREQ(persist_hold, persist);
 #else
   GTEST_LOG_(INFO) << "This test does nothing.\n";
 #endif