SecurityFeaturesTest: Verify PR_CAPBSET_DROP
Verify that all capabilities from the capabilities
bounding set have been dropped via prctl(PR_CAPBSET_DROP).
Change-Id: I508a9086753eca1eb749c3161e608e80cf359f36
diff --git a/tests/jni/android_os_cts_OSFeatures.cpp b/tests/jni/android_os_cts_OSFeatures.cpp
index 2df6414..4ee8454 100644
--- a/tests/jni/android_os_cts_OSFeatures.cpp
+++ b/tests/jni/android_os_cts_OSFeatures.cpp
@@ -22,9 +22,16 @@
return prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);
}
+jint android_os_cts_OSFeatures_prctlCapBsetRead(JNIEnv* env, jobject thiz, jint i)
+{
+ return prctl(PR_CAPBSET_READ, i, 0, 0, 0);
+}
+
static JNINativeMethod gMethods[] = {
{ "getNoNewPrivs", "()I",
(void *) android_os_cts_OSFeatures_getNoNewPrivs },
+ { "prctlCapBsetRead", "(I)I",
+ (void *) android_os_cts_OSFeatures_prctlCapBsetRead },
};
int register_android_os_cts_OSFeatures(JNIEnv* env)
diff --git a/tests/src/android/os/cts/OSFeatures.java b/tests/src/android/os/cts/OSFeatures.java
index a8d08a6..fd30f58 100644
--- a/tests/src/android/os/cts/OSFeatures.java
+++ b/tests/src/android/os/cts/OSFeatures.java
@@ -22,4 +22,5 @@
}
public static native int getNoNewPrivs();
+ public static native int prctlCapBsetRead(int i);
}
diff --git a/tests/tests/os/src/android/os/cts/SecurityFeaturesTest.java b/tests/tests/os/src/android/os/cts/SecurityFeaturesTest.java
index f1744a0..6a02974 100644
--- a/tests/tests/os/src/android/os/cts/SecurityFeaturesTest.java
+++ b/tests/tests/os/src/android/os/cts/SecurityFeaturesTest.java
@@ -27,4 +27,26 @@
// if newPrivs == 1, then new kernel with PR_SET_NO_NEW_PRIVS enabled (GOOD)
assertTrue(newPrivs != 0);
}
+
+ /**
+ * Iterate over all possible capabilities, testing to make sure each capability
+ * has been removed from the app's capability bounding set.
+ */
+ public void testPrCapbsetEmpty() {
+ int i = 0;
+ while (true) {
+ int result = OSFeatures.prctlCapBsetRead(i);
+ if (result == -1) {
+ // The kernel has told us that the capability we're inquiring about
+ // doesn't exist. Capabilities are assigned sequentially and
+ // and monotonically increase with each kernel release, so if we
+ // see -1, we know we've examined every capability the kernel
+ // knows about.
+ break;
+ }
+ assertEquals("capability " + i + " is still in the bounding set",
+ 0, result);
+ i++;
+ }
+ }
}