Make 'app' users/groups more accurate
In an attempt to make bionic's reporting of users and groups more
accurate, this change makes the user / group functions do the
following:
1) Fail to query a uid/gid for a secondary user when the uid/gid
doesn't exist. Currently bionic would return successfully but with
a empty string for the name.
2) Fail to query a platform uid/gid, except a limited pre-allocated
set for a secondary user, as these are not used by second users.
3) Fail to query uids for all users for the GID-only app ranges:
CACHE_GID, EXT_GID, EXT_CACHE_GID, SHARED_GID.
4) Fail to query gids in SHARED_GID range for secondary users, as
these GIDs are only allocated for the first user.
5) Use "u#_a#_ext" and u#_a#_ext_cache" for EXT_GID and EXT_CACHE_GID
ranges. This both allows querying based on these names and
returning these names for the appropriate uids/gids.
This also consolidates the tests for better readability.
Test: these unit tests, boot
Change-Id: I59a1af0792e7806d423439582e56ce7f9f801c94
diff --git a/libc/bionic/grp_pwd.cpp b/libc/bionic/grp_pwd.cpp
index bd5c27d..d37fadd 100644
--- a/libc/bionic/grp_pwd.cpp
+++ b/libc/bionic/grp_pwd.cpp
@@ -26,6 +26,8 @@
* SUCH DAMAGE.
*/
+#include "private/grp_pwd.h"
+
#include <android/api-level.h>
#include <ctype.h>
#include <errno.h>
@@ -37,12 +39,12 @@
#include <stdlib.h>
#include <string.h>
#include <sys/system_properties.h>
+#include <sys/types.h>
#include <unistd.h>
+#include "private/ErrnoRestorer.h"
#include "private/android_filesystem_config.h"
#include "private/bionic_macros.h"
-#include "private/grp_pwd.h"
-#include "private/ErrnoRestorer.h"
// Generated android_ids array
#include "generated_android_ids.h"
@@ -127,10 +129,17 @@
// These are a list of the reserved app ranges, and should never contain anything below
// AID_APP_START. They exist per user, so a given uid/gid modulo AID_USER_OFFSET will map
// to these ranges.
-static constexpr struct {
- uid_t start;
- uid_t end;
-} user_ranges[] = {
+struct IdRange {
+ id_t start;
+ id_t end;
+};
+
+static constexpr IdRange user_ranges[] = {
+ { AID_APP_START, AID_APP_END },
+ { AID_ISOLATED_START, AID_ISOLATED_END },
+};
+
+static constexpr IdRange group_ranges[] = {
{ AID_APP_START, AID_APP_END },
{ AID_CACHE_GID_START, AID_CACHE_GID_END },
{ AID_EXT_GID_START, AID_EXT_GID_END },
@@ -139,22 +148,40 @@
{ AID_ISOLATED_START, AID_ISOLATED_END },
};
-static constexpr bool verify_user_ranges_ascending() {
- auto array_size = arraysize(user_ranges);
+template <class T, size_t N>
+static constexpr bool verify_user_ranges_ascending(T (&ranges)[N]) {
+ auto array_size = N;
if (array_size < 2) return false;
- if (user_ranges[0].start > user_ranges[0].end) return false;
+ if (ranges[0].start > ranges[0].end) return false;
for (size_t i = 1; i < array_size; ++i) {
- if (user_ranges[i].start > user_ranges[i].end) return false;
- if (user_ranges[i - 1].end > user_ranges[i].start) return false;
+ if (ranges[i].start > ranges[i].end) return false;
+ if (ranges[i - 1].end > ranges[i].start) return false;
}
return true;
}
-static_assert(verify_user_ranges_ascending(), "user_ranges must have ascending ranges");
+static_assert(verify_user_ranges_ascending(user_ranges), "user_ranges must have ascending ranges");
+static_assert(verify_user_ranges_ascending(group_ranges), "user_ranges must have ascending ranges");
-static bool is_valid_app_id(id_t id) {
+// This list comes from PackageManagerService.java, where platform AIDs are added to list of valid
+// AIDs for packages via addSharedUserLPw().
+static constexpr const id_t secondary_user_platform_ids[] = {
+ AID_SYSTEM, AID_RADIO, AID_LOG, AID_NFC, AID_BLUETOOTH,
+ AID_SHELL, AID_SECURE_ELEMENT, AID_NETWORK_STACK,
+};
+
+static bool platform_id_secondary_user_allowed(id_t id) {
+ for (const auto& allowed_id : secondary_user_platform_ids) {
+ if (allowed_id == id) {
+ return true;
+ }
+ }
+ return false;
+}
+
+static bool is_valid_app_id(id_t id, bool is_group) {
id_t appid = id % AID_USER_OFFSET;
// AID_OVERFLOWUID is never a valid app id, so we explicitly return false to ensure this.
@@ -163,15 +190,23 @@
return false;
}
- // If we've resolved to something before app_start, we have already checked against
- // android_ids, so no need to check again.
- if (appid < user_ranges[0].start) {
+ auto ranges_size = is_group ? arraysize(group_ranges) : arraysize(user_ranges);
+ auto ranges = is_group ? group_ranges : user_ranges;
+
+ // If we're checking an appid that resolves below the user range, then it's a platform AID for a
+ // seconary user. We only allow a reduced set of these, so we must check that it is allowed.
+ if (appid < ranges[0].start && platform_id_secondary_user_allowed(appid)) {
return true;
}
+ // The shared GID range is only valid for the first user.
+ if (appid >= AID_SHARED_GID_START && appid <= AID_SHARED_GID_END && appid != id) {
+ return false;
+ }
+
// Otherwise check that the appid is in one of the reserved ranges.
- for (size_t i = 0; i < arraysize(user_ranges); ++i) {
- if (appid >= user_ranges[i].start && appid <= user_ranges[i].end) {
+ for (size_t i = 0; i < ranges_size; ++i) {
+ if (appid >= ranges[i].start && appid <= ranges[i].end) {
return true;
}
}
@@ -180,26 +215,29 @@
}
// This provides an iterater for app_ids within the first user's app id's.
-static uid_t get_next_app_id(uid_t current_id) {
- // If current_id is below the first of the user_ranges, then we're uninitialized, and return the
- // first valid id.
- if (current_id < user_ranges[0].start) {
- return user_ranges[0].start;
+static id_t get_next_app_id(id_t current_id, bool is_group) {
+ auto ranges_size = is_group ? arraysize(group_ranges) : arraysize(user_ranges);
+ auto ranges = is_group ? group_ranges : user_ranges;
+
+ // If current_id is below the first of the ranges, then we're uninitialized, and return the first
+ // valid id.
+ if (current_id < ranges[0].start) {
+ return ranges[0].start;
}
- uid_t incremented_id = current_id + 1;
+ id_t incremented_id = current_id + 1;
// Check to see if our incremented_id is between two ranges, and if so, return the beginning of
// the next valid range.
- for (size_t i = 1; i < arraysize(user_ranges); ++i) {
- if (incremented_id > user_ranges[i - 1].end && incremented_id < user_ranges[i].start) {
- return user_ranges[i].start;
+ for (size_t i = 1; i < ranges_size; ++i) {
+ if (incremented_id > ranges[i - 1].end && incremented_id < ranges[i].start) {
+ return ranges[i].start;
}
}
// Check to see if our incremented_id is above final range, and return -1 to indicate that we've
// completed if so.
- if (incremented_id > user_ranges[arraysize(user_ranges) - 1].end) {
+ if (incremented_id > ranges[ranges_size - 1].end) {
return -1;
}
@@ -209,6 +247,8 @@
// Translate a user/group name to the corresponding user/group id.
// all_a1234 -> 0 * AID_USER_OFFSET + AID_SHARED_GID_START + 1234 (group name only)
+// u0_a1234_ext_cache -> 0 * AID_USER_OFFSET + AID_EXT_CACHE_GID_START + 1234 (group name only)
+// u0_a1234_ext -> 0 * AID_USER_OFFSET + AID_EXT_GID_START + 1234 (group name only)
// u0_a1234_cache -> 0 * AID_USER_OFFSET + AID_CACHE_GID_START + 1234 (group name only)
// u0_a1234 -> 0 * AID_USER_OFFSET + AID_APP_START + 1234
// u2_i1000 -> 2 * AID_USER_OFFSET + AID_ISOLATED_START + 1000
@@ -247,9 +287,19 @@
} else {
// end will point to \0 if the strtoul below succeeds.
appid = strtoul(end+2, &end, 10);
- if (is_group && !strcmp(end, "_cache")) {
- end += 6;
- appid += AID_CACHE_GID_START;
+ if (is_group) {
+ if (!strcmp(end, "_ext_cache")) {
+ end += 10;
+ appid += AID_EXT_CACHE_GID_START;
+ } else if (!strcmp(end, "_ext")) {
+ end += 4;
+ appid += AID_EXT_GID_START;
+ } else if (!strcmp(end, "_cache")) {
+ end += 6;
+ appid += AID_CACHE_GID_START;
+ } else {
+ appid += AID_APP_START;
+ }
} else {
appid += AID_APP_START;
}
@@ -260,6 +310,10 @@
} else if (auto* android_id_info = find_android_id_info(end + 1); android_id_info != nullptr) {
appid = android_id_info->aid;
end += strlen(android_id_info->name) + 1;
+ if (!platform_id_secondary_user_allowed(appid)) {
+ errno = ENOENT;
+ return 0;
+ }
}
// Check that the entire string was consumed by one of the 3 cases above.
@@ -304,6 +358,10 @@
snprintf(buffer, bufferlen, "u%u_i%u", userid, appid - AID_ISOLATED_START);
} else if (userid == 0 && appid >= AID_SHARED_GID_START && appid <= AID_SHARED_GID_END) {
snprintf(buffer, bufferlen, "all_a%u", appid - AID_SHARED_GID_START);
+ } else if (appid >= AID_EXT_CACHE_GID_START && appid <= AID_EXT_CACHE_GID_END) {
+ snprintf(buffer, bufferlen, "u%u_a%u_ext_cache", userid, appid - AID_EXT_CACHE_GID_START);
+ } else if (appid >= AID_EXT_GID_START && appid <= AID_EXT_GID_END) {
+ snprintf(buffer, bufferlen, "u%u_a%u_ext", userid, appid - AID_EXT_GID_START);
} else if (appid >= AID_CACHE_GID_START && appid <= AID_CACHE_GID_END) {
snprintf(buffer, bufferlen, "u%u_a%u_cache", userid, appid - AID_CACHE_GID_START);
} else if (appid < AID_APP_START) {
@@ -405,7 +463,7 @@
// AID_USER_OFFSET+ -> u1_radio, u1_a1234, u2_i1234, etc.
// returns a passwd structure (sets errno to ENOENT on failure).
static passwd* app_id_to_passwd(uid_t uid, passwd_state_t* state) {
- if (uid < AID_APP_START || !is_valid_app_id(uid)) {
+ if (uid < AID_APP_START || !is_valid_app_id(uid, false)) {
errno = ENOENT;
return nullptr;
}
@@ -430,7 +488,7 @@
// Translate a gid into the corresponding app_<gid>
// group structure (sets errno to ENOENT on failure).
static group* app_id_to_group(gid_t gid, group_state_t* state) {
- if (gid < AID_APP_START || !is_valid_app_id(gid)) {
+ if (gid < AID_APP_START || !is_valid_app_id(gid, true)) {
errno = ENOENT;
return nullptr;
}
@@ -575,7 +633,7 @@
state->getpwent_idx++ - start + AID_OEM_RESERVED_2_START, state);
}
- state->getpwent_idx = get_next_app_id(state->getpwent_idx);
+ state->getpwent_idx = get_next_app_id(state->getpwent_idx, false);
if (state->getpwent_idx != -1) {
return app_id_to_passwd(state->getpwent_idx, state);
@@ -698,7 +756,7 @@
start = end;
end += AID_USER_OFFSET - AID_APP_START; // Do not expose higher groups
- state->getgrent_idx = get_next_app_id(state->getgrent_idx);
+ state->getgrent_idx = get_next_app_id(state->getgrent_idx, true);
if (state->getgrent_idx != -1) {
return app_id_to_group(state->getgrent_idx, state);
diff --git a/tests/grp_pwd_test.cpp b/tests/grp_pwd_test.cpp
index ebc357c..5b6eed8 100644
--- a/tests/grp_pwd_test.cpp
+++ b/tests/grp_pwd_test.cpp
@@ -46,6 +46,8 @@
using android::base::Split;
using android::base::StartsWith;
+using namespace std::literals;
+
enum uid_type_t {
TYPE_APP,
TYPE_SYSTEM,
@@ -130,12 +132,41 @@
static void check_get_passwd(const char* username, uid_t uid, uid_type_t uid_type,
bool check_username = true) {
+ SCOPED_TRACE("username '"s + username + "'");
check_getpwuid(username, uid, uid_type, check_username);
check_getpwnam(username, uid, uid_type, check_username);
check_getpwuid_r(username, uid, uid_type, check_username);
check_getpwnam_r(username, uid, uid_type, check_username);
}
+static void expect_no_passwd_id(uid_t uid) {
+ SCOPED_TRACE("uid '" + std::to_string(uid) + "'");
+ errno = 0;
+ passwd* passwd = nullptr;
+ passwd = getpwuid(uid);
+ EXPECT_EQ(nullptr, passwd) << "name = '" << passwd->pw_name << "'";
+ EXPECT_EQ(ENOENT, errno);
+
+ struct passwd passwd_storage;
+ char buf[512];
+ EXPECT_EQ(ENOENT, getpwuid_r(uid, &passwd_storage, buf, sizeof(buf), &passwd));
+ EXPECT_EQ(nullptr, passwd) << "name = '" << passwd->pw_name << "'";
+}
+
+static void expect_no_passwd_name(const char* username) {
+ SCOPED_TRACE("username '"s + username + "'");
+ errno = 0;
+ passwd* passwd = nullptr;
+ passwd = getpwnam(username);
+ EXPECT_EQ(nullptr, passwd) << "name = '" << passwd->pw_name << "'";
+ EXPECT_EQ(ENOENT, errno);
+
+ struct passwd passwd_storage;
+ char buf[512];
+ EXPECT_EQ(ENOENT, getpwnam_r(username, &passwd_storage, buf, sizeof(buf), &passwd));
+ EXPECT_EQ(nullptr, passwd) << "name = '" << passwd->pw_name << "'";
+}
+
#else // !defined(__BIONIC__)
static void check_get_passwd(const char* /* username */, uid_t /* uid */, uid_type_t /* uid_type */,
@@ -147,75 +178,124 @@
GTEST_SKIP() << "bionic-only test";
}
+static void expect_no_passwd_id(uid_t /* uid */) {
+ GTEST_SKIP() << "bionic-only test";
+}
+
+static void expect_no_passwd_name(const char* /* username */) {
+ GTEST_SKIP() << "bionic-only test";
+}
+
#endif
-TEST(pwd, getpwnam_system_id_root) {
+TEST(pwd, getpwnam_platform_ids) {
check_get_passwd("root", 0, TYPE_SYSTEM);
-}
+ check_get_passwd("daemon", 1, TYPE_SYSTEM);
+ check_get_passwd("bin", 2, TYPE_SYSTEM);
-TEST(pwd, getpwnam_system_id_system) {
check_get_passwd("system", 1000, TYPE_SYSTEM);
-}
-
-TEST(pwd, getpwnam_app_id_radio) {
check_get_passwd("radio", 1001, TYPE_SYSTEM);
-}
-TEST(pwd, getpwnam_oem_id_5000) {
- check_get_passwd("oem_5000", 5000, TYPE_VENDOR, false);
-}
+ check_get_passwd("shell", 2000, TYPE_SYSTEM);
-TEST(pwd, getpwnam_oem_id_5999) {
- check_get_passwd("oem_5999", 5999, TYPE_VENDOR, false);
-}
-
-TEST(pwd, getpwnam_oem_id_2900) {
- check_get_passwd("oem_2900", 2900, TYPE_VENDOR, false);
-}
-
-TEST(pwd, getpwnam_oem_id_2999) {
- check_get_passwd("oem_2999", 2999, TYPE_VENDOR, false);
-}
-
-TEST(pwd, getpwnam_app_id_nobody) {
check_get_passwd("nobody", 9999, TYPE_SYSTEM);
}
-TEST(pwd, getpwnam_app_id_u0_a0) {
+TEST(pwd, getpwnam_oem_ids) {
+ check_get_passwd("oem_2900", 2900, TYPE_VENDOR, false);
+ check_get_passwd("oem_2945", 2945, TYPE_VENDOR, false);
+ check_get_passwd("oem_2999", 2999, TYPE_VENDOR, false);
+ check_get_passwd("oem_5000", 5000, TYPE_VENDOR, false);
+ check_get_passwd("oem_5454", 5454, TYPE_VENDOR, false);
+ check_get_passwd("oem_5999", 5999, TYPE_VENDOR, false);
+}
+
+TEST(pwd, getpwnam_non_exist) {
+ expect_no_passwd_id(999); // End of the system reserved range, unallocated.
+ expect_no_passwd_id(1999); // End of the system reserved range, unallocated.
+ expect_no_passwd_id(2899); // End of the system reserved range, unallocated.
+
+ // These ranges are for GIDs only.
+ expect_no_passwd_id(20000);
+ expect_no_passwd_id(30000);
+ expect_no_passwd_id(40000);
+ expect_no_passwd_id(50000);
+
+ // These should not be parsed as users, only as groups.
+ expect_no_passwd_name("u0_a9999_cache");
+ expect_no_passwd_name("u0_a9999_ext");
+ expect_no_passwd_name("u0_a9999_ext_cache");
+ expect_no_passwd_name("all_a9999");
+}
+
+TEST(pwd, getpwnam_u0_app_ids) {
check_get_passwd("u0_a0", 10000, TYPE_APP);
-}
-
-TEST(pwd, getpwnam_app_id_u0_a1234) {
check_get_passwd("u0_a1234", 11234, TYPE_APP);
-}
+ check_get_passwd("u0_a9999", 19999, TYPE_APP);
-// Test the difference between uid and shared gid.
-TEST(pwd, getpwnam_app_id_u0_a49999) {
- check_get_passwd("u0_a49999", 59999, TYPE_APP);
-}
-
-TEST(pwd, getpwnam_app_id_u0_i1) {
check_get_passwd("u0_i1", 90001, TYPE_APP);
+ check_get_passwd("u0_i4545", 94545, TYPE_APP);
+ check_get_passwd("u0_i9999", 99999, TYPE_APP);
}
-TEST(pwd, getpwnam_app_id_u1_root) {
- check_get_passwd("u1_root", 100000, TYPE_SYSTEM);
-}
-
-TEST(pwd, getpwnam_app_id_u1_radio) {
+TEST(pwd, getpwnam_app_id_u1_ids) {
+ check_get_passwd("u1_system", 101000, TYPE_SYSTEM);
check_get_passwd("u1_radio", 101001, TYPE_SYSTEM);
-}
-TEST(pwd, getpwnam_app_id_u1_a0) {
check_get_passwd("u1_a0", 110000, TYPE_APP);
+ check_get_passwd("u1_a1234", 111234, TYPE_APP);
+ check_get_passwd("u1_a9999", 119999, TYPE_APP);
+
+ check_get_passwd("u1_i1", 190001, TYPE_APP);
+ check_get_passwd("u1_i4545", 194545, TYPE_APP);
+ check_get_passwd("u1_i9999", 199999, TYPE_APP);
}
-TEST(pwd, getpwnam_app_id_u1_a40000) {
- check_get_passwd("u1_a40000", 150000, TYPE_APP);
+TEST(pwd, getpwnam_app_id_u31_ids) {
+ check_get_passwd("u31_system", 3101000, TYPE_SYSTEM);
+ check_get_passwd("u31_radio", 3101001, TYPE_SYSTEM);
+
+ check_get_passwd("u31_a0", 3110000, TYPE_APP);
+ check_get_passwd("u31_a1234", 3111234, TYPE_APP);
+ check_get_passwd("u31_a9999", 3119999, TYPE_APP);
+
+ check_get_passwd("u31_i1", 3190001, TYPE_APP);
+ check_get_passwd("u31_i4545", 3194545, TYPE_APP);
+ check_get_passwd("u31_i9999", 3199999, TYPE_APP);
}
-TEST(pwd, getpwnam_app_id_u1_i0) {
- check_get_passwd("u1_i0", 190000, TYPE_APP);
+TEST(pwd, getpwnam_app_id_not_allowed_platform) {
+ expect_no_passwd_name("u1_root");
+ expect_no_passwd_name("u1_debuggerd");
+
+ expect_no_passwd_name("u31_root");
+ expect_no_passwd_name("u31_debuggerd");
+}
+
+TEST(pwd, getpwuid_app_id_u1_non_exist) {
+ expect_no_passwd_id(100000); // There is no 'root' for secondary users.
+ expect_no_passwd_id(101999); // End of the system reserved range, unallocated.
+ expect_no_passwd_id(102900); // The OEM ranges were never allocated to secondary users.
+ expect_no_passwd_id(105000); // The OEM ranges were never allocated to secondary users.
+
+ // These ranges are for GIDs only.
+ expect_no_passwd_id(120000);
+ expect_no_passwd_id(130000);
+ expect_no_passwd_id(140000);
+ expect_no_passwd_id(150000);
+}
+
+TEST(pwd, getpwuid_app_id_u31_non_exist) {
+ expect_no_passwd_id(3100000); // There is no 'root' for secondary users.
+ expect_no_passwd_id(3101999); // End of the system reserved range, unallocated.
+ expect_no_passwd_id(3102900); // The OEM ranges were never allocated to secondary users.
+ expect_no_passwd_id(3105000); // The OEM ranges were never allocated to secondary users.
+
+ // These ranges are for GIDs only.
+ expect_no_passwd_id(3120000);
+ expect_no_passwd_id(3130000);
+ expect_no_passwd_id(3140000);
+ expect_no_passwd_id(3150000);
}
TEST(pwd, getpwnam_r_alignment) {
@@ -302,7 +382,7 @@
#if defined(__BIONIC__)
template <typename T>
-static void expect_ids(const T& ids) {
+static void expect_ids(const T& ids, bool is_group) {
std::set<typename T::key_type> expected_ids;
// Ensure that all android_ids are iterated through.
for (size_t n = 0; n < android_id_count; ++n) {
@@ -321,10 +401,12 @@
expect_range(AID_OEM_RESERVED_START, AID_OEM_RESERVED_END);
expect_range(AID_OEM_RESERVED_2_START, AID_OEM_RESERVED_2_END);
expect_range(AID_APP_START, AID_APP_END);
- expect_range(AID_CACHE_GID_START, AID_CACHE_GID_END);
- expect_range(AID_EXT_GID_START, AID_EXT_GID_END);
- expect_range(AID_EXT_CACHE_GID_START, AID_EXT_CACHE_GID_END);
- expect_range(AID_SHARED_GID_START, AID_SHARED_GID_END);
+ if (is_group) {
+ expect_range(AID_CACHE_GID_START, AID_CACHE_GID_END);
+ expect_range(AID_EXT_GID_START, AID_EXT_GID_END);
+ expect_range(AID_EXT_CACHE_GID_START, AID_EXT_CACHE_GID_END);
+ expect_range(AID_SHARED_GID_START, AID_SHARED_GID_END);
+ }
expect_range(AID_ISOLATED_START, AID_ISOLATED_END);
// TODO(73062966): We still don't have a good way to create vendor AIDs in the system or other
@@ -388,7 +470,7 @@
}
endpwent();
- expect_ids(uids);
+ expect_ids(uids, false);
#else
GTEST_SKIP() << "bionic-only test";
#endif
@@ -453,12 +535,41 @@
}
static void check_get_group(const char* group_name, gid_t gid, bool check_groupname = true) {
+ SCOPED_TRACE("groupname '"s + group_name + "'");
check_getgrgid(group_name, gid, check_groupname);
check_getgrnam(group_name, gid, check_groupname);
check_getgrgid_r(group_name, gid, check_groupname);
check_getgrnam_r(group_name, gid, check_groupname);
}
+static void expect_no_group_id(gid_t gid) {
+ SCOPED_TRACE("gid '" + std::to_string(gid) + "'");
+ errno = 0;
+ group* group = nullptr;
+ group = getgrgid(gid);
+ EXPECT_EQ(nullptr, group) << "name = '" << group->gr_name << "'";
+ EXPECT_EQ(ENOENT, errno);
+
+ struct group group_storage;
+ char buf[512];
+ EXPECT_EQ(ENOENT, getgrgid_r(gid, &group_storage, buf, sizeof(buf), &group));
+ EXPECT_EQ(nullptr, group) << "name = '" << group->gr_name << "'";
+}
+
+static void expect_no_group_name(const char* groupname) {
+ SCOPED_TRACE("groupname '"s + groupname + "'");
+ errno = 0;
+ group* group = nullptr;
+ group = getgrnam(groupname);
+ EXPECT_EQ(nullptr, group) << "name = '" << group->gr_name << "'";
+ EXPECT_EQ(ENOENT, errno);
+
+ struct group group_storage;
+ char buf[512];
+ EXPECT_EQ(ENOENT, getgrnam_r(groupname, &group_storage, buf, sizeof(buf), &group));
+ EXPECT_EQ(nullptr, group) << "name = '" << group->gr_name << "'";
+}
+
#else // !defined(__BIONIC__)
static void check_get_group(const char*, gid_t, bool) {
@@ -469,95 +580,144 @@
GTEST_SKIP() << "bionic-only test";
}
+static void expect_no_group_id(gid_t /* gid */) {
+ GTEST_SKIP() << "bionic-only test";
+}
+
+static void expect_no_group_name(const char* /* groupname */) {
+ GTEST_SKIP() << "bionic-only test";
+}
+
#endif
-TEST(grp, getgrnam_system_id_root) {
+TEST(grp, getgrnam_platform_ids) {
check_get_group("root", 0);
-}
+ check_get_group("daemon", 1);
+ check_get_group("bin", 2);
-TEST(grp, getgrnam_system_id_system) {
check_get_group("system", 1000);
-}
-
-TEST(grp, getgrnam_app_id_radio) {
check_get_group("radio", 1001);
-}
-TEST(grp, getgrnam_oem_id_5000) {
- check_get_group("oem_5000", 5000, false);
-}
+ check_get_group("shell", 2000);
-TEST(grp, getgrnam_oem_id_5999) {
- check_get_group("oem_5999", 5999, false);
-}
-
-TEST(grp, getgrnam_oem_id_2900) {
- check_get_group("oem_2900", 2900, false);
-}
-
-TEST(grp, getgrnam_oem_id_2999) {
- check_get_group("oem_2999", 2999, false);
-}
-
-TEST(grp, getgrnam_app_id_nobody) {
check_get_group("nobody", 9999);
}
-TEST(grp, getgrnam_app_id_u0_a0) {
+TEST(grp, getgrnam_oem_ids) {
+ check_get_group("oem_2900", 2900, false);
+ check_get_group("oem_2945", 2945, false);
+ check_get_group("oem_2999", 2999, false);
+ check_get_group("oem_5000", 5000, false);
+ check_get_group("oem_5454", 5454, false);
+ check_get_group("oem_5999", 5999, false);
+}
+
+TEST(grp, getgrnam_non_exist) {
+ expect_no_passwd_id(999); // End of the system reserved range, unallocated.
+ expect_no_passwd_id(1999); // End of the system reserved range, unallocated.
+ expect_no_passwd_id(2899); // End of the system reserved range, unallocated.
+}
+
+TEST(grp, getgrnam_u0_app_ids) {
check_get_group("u0_a0", 10000);
-}
-
-TEST(grp, getgrnam_app_id_u0_a1234) {
check_get_group("u0_a1234", 11234);
-}
-
-TEST(grp, getgrnam_app_id_u0_a9999) {
check_get_group("u0_a9999", 19999);
-}
-TEST(getgrnam, app_id_u0_a0_cache) {
check_get_group("u0_a0_cache", 20000);
-}
-
-TEST(getgrnam, app_id_u0_a1234_cache) {
check_get_group("u0_a1234_cache", 21234);
-}
-
-TEST(getgrnam, app_id_u0_a9999_cache) {
check_get_group("u0_a9999_cache", 29999);
-}
-TEST(getgrnam, app_id_u10_a1234_cache) {
- check_get_group("u10_a1234_cache", 1021234);
-}
+ check_get_group("u0_a0_ext", 30000);
+ check_get_group("u0_a4545_ext", 34545);
+ check_get_group("u0_a9999_ext", 39999);
-// Test the difference between uid and shared gid.
-TEST(grp, getgrnam_app_id_all_a9999) {
+ check_get_group("u0_a0_ext_cache", 40000);
+ check_get_group("u0_a4545_ext_cache", 44545);
+ check_get_group("u0_a9999_ext_cache", 49999);
+
+ check_get_group("all_a0", 50000);
+ check_get_group("all_a4545", 54545);
check_get_group("all_a9999", 59999);
-}
-TEST(grp, getgrnam_app_id_u0_i1) {
check_get_group("u0_i1", 90001);
}
-TEST(grp, getgrnam_app_id_u1_root) {
- check_get_group("u1_root", 100000);
-}
-
-TEST(grp, getgrnam_app_id_u1_radio) {
+TEST(grp, getgrnam_u1_app_ids) {
+ check_get_group("u1_system", 101000);
check_get_group("u1_radio", 101001);
-}
-TEST(grp, getgrnam_app_id_u1_a0) {
check_get_group("u1_a0", 110000);
+ check_get_group("u1_a1234", 111234);
+ check_get_group("u1_a9999", 119999);
+
+ check_get_group("u1_a0_cache", 120000);
+ check_get_group("u1_a1234_cache", 121234);
+ check_get_group("u1_a9999_cache", 129999);
+
+ check_get_group("u1_a0_ext", 130000);
+ check_get_group("u1_a4545_ext", 134545);
+ check_get_group("u1_a9999_ext", 139999);
+
+ check_get_group("u1_a0_ext_cache", 140000);
+ check_get_group("u1_a4545_ext_cache", 144545);
+ check_get_group("u1_a9999_ext_cache", 149999);
+
+ check_get_group("u1_i1", 190001);
}
-TEST(grp, getgrnam_app_id_u1_a40000) {
- check_get_group("u1_a40000", 150000);
+TEST(grp, getgrnam_u31_app_ids) {
+ check_get_group("u31_system", 3101000);
+ check_get_group("u31_radio", 3101001);
+
+ check_get_group("u31_a0", 3110000);
+ check_get_group("u31_a1234", 3111234);
+ check_get_group("u31_a9999", 3119999);
+
+ check_get_group("u31_a0_cache", 3120000);
+ check_get_group("u31_a1234_cache", 3121234);
+ check_get_group("u31_a9999_cache", 3129999);
+
+ check_get_group("u31_a0_cache", 3120000);
+ check_get_group("u31_a1234_cache", 3121234);
+ check_get_group("u31_a9999_cache", 3129999);
+
+ check_get_group("u31_a0_ext", 3130000);
+ check_get_group("u31_a4545_ext", 3134545);
+ check_get_group("u31_a9999_ext", 3139999);
+
+ check_get_group("u31_a0_ext_cache", 3140000);
+ check_get_group("u31_a4545_ext_cache", 3144545);
+ check_get_group("u31_a9999_ext_cache", 3149999);
+
+ check_get_group("u31_i1", 3190001);
}
-TEST(grp, getgrnam_app_id_u1_i0) {
- check_get_group("u1_i0", 190000);
+TEST(grp, getpgram_app_id_not_allowed_platform) {
+ expect_no_group_name("u1_root");
+ expect_no_group_name("u1_debuggerd");
+
+ expect_no_group_name("u31_root");
+ expect_no_group_name("u31_debuggerd");
+}
+
+TEST(grp, getgrgid_app_id_u1_non_exist) {
+ expect_no_group_id(100000); // There is no 'root' for secondary users.
+ expect_no_group_id(101999); // End of the system reserved range, unallocated.
+ expect_no_group_id(102900); // The OEM ranges were never allocated to secondary users.
+ expect_no_group_id(105000); // The OEM ranges were never allocated to secondary users.
+
+ // The shared range is shared among users, and therefore doesn't exist for secondary users.
+ expect_no_group_id(150000);
+}
+
+TEST(grp, getgrgid_app_id_u31_non_exist) {
+ expect_no_group_id(3100000); // There is no 'root' for secondary users.
+ expect_no_group_id(3101999); // End of the system reserved range, unallocated.
+ expect_no_group_id(3102900); // The OEM ranges were never allocated to secondary users.
+ expect_no_group_id(3105000); // The OEM ranges were never allocated to secondary users.
+
+ // The shared range is shared among users, and therefore doesn't exist for secondary users.
+ expect_no_group_id(3150000);
}
TEST(grp, getgrnam_r_alignment) {
@@ -660,7 +820,7 @@
}
endgrent();
- expect_ids(gids);
+ expect_ids(gids, true);
#else
GTEST_SKIP() << "bionic-only test";
#endif