This source file includes following definitions.
- write_nointr
- write_to_file
- change_to_userns
- change_to_mountns
- rmdir_protect_errno
- __do_binderfs_test
- binderfs_test_privileged
- binderfs_test_unprivileged
- main
1
2
3 #define _GNU_SOURCE
4 #include <errno.h>
5 #include <fcntl.h>
6 #include <sched.h>
7 #include <stdbool.h>
8 #include <stdio.h>
9 #include <stdlib.h>
10 #include <string.h>
11 #include <sys/ioctl.h>
12 #include <sys/mount.h>
13 #include <sys/stat.h>
14 #include <sys/types.h>
15 #include <unistd.h>
16 #include <linux/android/binder.h>
17 #include <linux/android/binderfs.h>
18 #include "../../kselftest.h"
19
20 static ssize_t write_nointr(int fd, const void *buf, size_t count)
21 {
22 ssize_t ret;
23 again:
24 ret = write(fd, buf, count);
25 if (ret < 0 && errno == EINTR)
26 goto again;
27
28 return ret;
29 }
30
31 static void write_to_file(const char *filename, const void *buf, size_t count,
32 int allowed_errno)
33 {
34 int fd, saved_errno;
35 ssize_t ret;
36
37 fd = open(filename, O_WRONLY | O_CLOEXEC);
38 if (fd < 0)
39 ksft_exit_fail_msg("%s - Failed to open file %s\n",
40 strerror(errno), filename);
41
42 ret = write_nointr(fd, buf, count);
43 if (ret < 0) {
44 if (allowed_errno && (errno == allowed_errno)) {
45 close(fd);
46 return;
47 }
48
49 goto on_error;
50 }
51
52 if ((size_t)ret != count)
53 goto on_error;
54
55 close(fd);
56 return;
57
58 on_error:
59 saved_errno = errno;
60 close(fd);
61 errno = saved_errno;
62
63 if (ret < 0)
64 ksft_exit_fail_msg("%s - Failed to write to file %s\n",
65 strerror(errno), filename);
66
67 ksft_exit_fail_msg("Failed to write to file %s\n", filename);
68 }
69
70 static void change_to_userns(void)
71 {
72 int ret;
73 uid_t uid;
74 gid_t gid;
75
76 char idmap[4096];
77
78 uid = getuid();
79 gid = getgid();
80
81 ret = unshare(CLONE_NEWUSER);
82 if (ret < 0)
83 ksft_exit_fail_msg("%s - Failed to unshare user namespace\n",
84 strerror(errno));
85
86 write_to_file("/proc/self/setgroups", "deny", strlen("deny"), ENOENT);
87
88 ret = snprintf(idmap, sizeof(idmap), "0 %d 1", uid);
89 if (ret < 0 || (size_t)ret >= sizeof(idmap))
90 ksft_exit_fail_msg("%s - Failed to prepare uid mapping\n",
91 strerror(errno));
92
93 write_to_file("/proc/self/uid_map", idmap, strlen(idmap), 0);
94
95 ret = snprintf(idmap, sizeof(idmap), "0 %d 1", gid);
96 if (ret < 0 || (size_t)ret >= sizeof(idmap))
97 ksft_exit_fail_msg("%s - Failed to prepare uid mapping\n",
98 strerror(errno));
99
100 write_to_file("/proc/self/gid_map", idmap, strlen(idmap), 0);
101
102 ret = setgid(0);
103 if (ret)
104 ksft_exit_fail_msg("%s - Failed to setgid(0)\n",
105 strerror(errno));
106
107 ret = setuid(0);
108 if (ret)
109 ksft_exit_fail_msg("%s - Failed to setgid(0)\n",
110 strerror(errno));
111 }
112
113 static void change_to_mountns(void)
114 {
115 int ret;
116
117 ret = unshare(CLONE_NEWNS);
118 if (ret < 0)
119 ksft_exit_fail_msg("%s - Failed to unshare mount namespace\n",
120 strerror(errno));
121
122 ret = mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, 0);
123 if (ret < 0)
124 ksft_exit_fail_msg("%s - Failed to mount / as private\n",
125 strerror(errno));
126 }
127
128 static void rmdir_protect_errno(const char *dir)
129 {
130 int saved_errno = errno;
131 (void)rmdir(dir);
132 errno = saved_errno;
133 }
134
135 static void __do_binderfs_test(void)
136 {
137 int fd, ret, saved_errno;
138 size_t len;
139 ssize_t wret;
140 bool keep = false;
141 struct binderfs_device device = { 0 };
142 struct binder_version version = { 0 };
143
144 change_to_mountns();
145
146 ret = mkdir("/dev/binderfs", 0755);
147 if (ret < 0) {
148 if (errno != EEXIST)
149 ksft_exit_fail_msg(
150 "%s - Failed to create binderfs mountpoint\n",
151 strerror(errno));
152
153 keep = true;
154 }
155
156 ret = mount(NULL, "/dev/binderfs", "binder", 0, 0);
157 if (ret < 0) {
158 if (errno != ENODEV)
159 ksft_exit_fail_msg("%s - Failed to mount binderfs\n",
160 strerror(errno));
161
162 keep ? : rmdir_protect_errno("/dev/binderfs");
163 ksft_exit_skip(
164 "The Android binderfs filesystem is not available\n");
165 }
166
167
168 ksft_inc_pass_cnt();
169
170 memcpy(device.name, "my-binder", strlen("my-binder"));
171
172 fd = open("/dev/binderfs/binder-control", O_RDONLY | O_CLOEXEC);
173 if (fd < 0)
174 ksft_exit_fail_msg(
175 "%s - Failed to open binder-control device\n",
176 strerror(errno));
177
178 ret = ioctl(fd, BINDER_CTL_ADD, &device);
179 saved_errno = errno;
180 close(fd);
181 errno = saved_errno;
182 if (ret < 0) {
183 keep ? : rmdir_protect_errno("/dev/binderfs");
184 ksft_exit_fail_msg(
185 "%s - Failed to allocate new binder device\n",
186 strerror(errno));
187 }
188
189 ksft_print_msg(
190 "Allocated new binder device with major %d, minor %d, and name %s\n",
191 device.major, device.minor, device.name);
192
193
194 ksft_inc_pass_cnt();
195
196 fd = open("/dev/binderfs/my-binder", O_CLOEXEC | O_RDONLY);
197 if (fd < 0) {
198 keep ? : rmdir_protect_errno("/dev/binderfs");
199 ksft_exit_fail_msg("%s - Failed to open my-binder device\n",
200 strerror(errno));
201 }
202
203 ret = ioctl(fd, BINDER_VERSION, &version);
204 saved_errno = errno;
205 close(fd);
206 errno = saved_errno;
207 if (ret < 0) {
208 keep ? : rmdir_protect_errno("/dev/binderfs");
209 ksft_exit_fail_msg(
210 "%s - Failed to open perform BINDER_VERSION request\n",
211 strerror(errno));
212 }
213
214 ksft_print_msg("Detected binder version: %d\n",
215 version.protocol_version);
216
217
218 ksft_inc_pass_cnt();
219
220 ret = unlink("/dev/binderfs/my-binder");
221 if (ret < 0) {
222 keep ? : rmdir_protect_errno("/dev/binderfs");
223 ksft_exit_fail_msg("%s - Failed to delete binder device\n",
224 strerror(errno));
225 }
226
227
228 ksft_inc_pass_cnt();
229
230 ret = unlink("/dev/binderfs/binder-control");
231 if (!ret) {
232 keep ? : rmdir_protect_errno("/dev/binderfs");
233 ksft_exit_fail_msg("Managed to delete binder-control device\n");
234 } else if (errno != EPERM) {
235 keep ? : rmdir_protect_errno("/dev/binderfs");
236 ksft_exit_fail_msg(
237 "%s - Failed to delete binder-control device but exited with unexpected error code\n",
238 strerror(errno));
239 }
240
241
242 ksft_inc_xfail_cnt();
243
244 on_error:
245 ret = umount2("/dev/binderfs", MNT_DETACH);
246 keep ?: rmdir_protect_errno("/dev/binderfs");
247 if (ret < 0)
248 ksft_exit_fail_msg("%s - Failed to unmount binderfs\n",
249 strerror(errno));
250
251
252 ksft_inc_pass_cnt();
253 }
254
255 static void binderfs_test_privileged()
256 {
257 if (geteuid() != 0)
258 ksft_print_msg(
259 "Tests are not run as root. Skipping privileged tests\n");
260 else
261 __do_binderfs_test();
262 }
263
264 static void binderfs_test_unprivileged()
265 {
266 change_to_userns();
267 __do_binderfs_test();
268 }
269
270 int main(int argc, char *argv[])
271 {
272 binderfs_test_privileged();
273 binderfs_test_unprivileged();
274 ksft_exit_pass();
275 }