commit 0e3fe532a9fdf42bed41e371939134af38dd53b5
author Jorge Lucangeli Obes <jorgelo@google.com> Thu Feb 04 21:27:47 2016 -0800
committer Jorge Lucangeli Obes <jorgelo@google.com> Fri Feb 05 11:18:02 2016 -0800
tree fa7d9e9975f81324c13b5ffa498d10300fc6bbed
parent 3c8375cdf37104998ded0edc5ed072ab3b07c00d

Add check for supplementary groups.

This binary will be used by a new Brillo Autotest test.

Also tie the return value of the binary to the result of the checks =).

Bug: 25368607
Change-Id: Ia338cb8270916cafdbbfbbb8808b88759906327f

test/libminijail_test.cpp

diff --git a/test/libminijail_test.cpp b/test/libminijail_test.cpp
index c8b26c4..aa64655 100644
--- a/test/libminijail_test.cpp
+++ b/test/libminijail_test.cpp
@@ -33,7 +33,7 @@
         return 0;
     }
     if (nsupp_groups == 0) {
-        LOG(INFO) << "no supplemental groups";
+        LOG(INFO) << "No supplementary groups.";
         return 0;
     }
 
@@ -49,19 +49,50 @@
 
 bool check_ugid(uid_t expected_id) {
     bool success = true;
+
     uid_t ruid = getuid();
     if (ruid != expected_id) {
-        LOG(ERROR) << "rUID << " << ruid << " is not " << expected_id;
+        LOG(ERROR) << "rUID " << ruid << " is not " << expected_id;
         success = false;
     }
     gid_t rgid = getgid();
     if (rgid != expected_id) {
-        LOG(ERROR) << "rGID << " << ruid << " is not " << expected_id;
+        LOG(ERROR) << "rGID " << ruid << " is not " << expected_id;
         success = false;
     }
     return success;
 }
 
+bool check_groups(size_t expected_size, gid_t *expected_list) {
+    bool success = true;
+
+    gid_t *actual_list;
+    size_t actual_size = getgroups_with_alloc(&actual_list);
+
+    if (expected_size != actual_size) {
+        LOG(ERROR) << "Mismatched supplementary group list size: expected "
+                   << expected_size << ", actual " << actual_size;
+        success = false;
+    }
+
+    for (size_t i = 0; i < expected_size; i++) {
+        bool found = false;
+        for (size_t j = 0; j < actual_size; j++) {
+            if (expected_list[i] == actual_list[j]) {
+                // Test next expected GID.
+                found = true;
+                break;
+            }
+        }
+        if (!found) {
+            LOG(ERROR) << "Expected GID " << expected_list[i] << " not found.";
+            success = false;
+        }
+    }
+    free(actual_list);
+    return success;
+}
+
 void log_resugid() {
     uid_t ruid, euid, suid;
     gid_t rgid, egid, sgid;
@@ -80,15 +111,16 @@
 }
 
 int main(void) {
-    log_resugid();
     minijail *j = minijail_new();
     minijail_change_user(j, "system");
     minijail_change_group(j, "system");
-    minijail_set_supplementary_gids(j, sizeof(groups) / sizeof(groups[0]), groups);
+    size_t num_groups = sizeof(groups) / sizeof(groups[0]);
+    minijail_set_supplementary_gids(j, num_groups, groups);
     minijail_use_caps(j, CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID));
     minijail_enter(j);
 
-    check_ugid(kSystemUid);
+    bool success = check_ugid(kSystemUid);
+    success = success && check_groups(num_groups, groups);
 
     minijail_destroy(j);
     minijail *j2 = minijail_new();
@@ -96,7 +128,7 @@
     minijail_change_gid(j2, 5 * kSystemUid);
     minijail_enter(j2);
 
-    check_ugid(5 * kSystemUid);
+    success = success && check_ugid(5 * kSystemUid);
 
-    return 0;
+    return success? 0 : 1;
 }