Added a CTS test to verify run-as has an exact set of caps.
Modified the testRunAsHasCorrectCapabilities() test to check that
/system/bin/run-as has exactly the set of extended capabilities. The
previous version of the test ensured it had at least SETUID and SETGID
extended capabilities, but it did not cover the case of it having too
many privileges, which could create security issues. This change
addresses that concern.
Added the android.permission.cts.FileUtils.CapabilitySet class that
takes a set of extended capabilities and provides a method that checks
whether exactly that set of extended capabilities are present. The test
relies on this helper to verify that exactly SETUID and SETGID extended
attributes are present on /system/bin/run-as.
This change also cleans up the native implementation of some of the
methods. In addition to adding the new behavior, it replaces JNI
create/release method pairs with scoped helper classes. This allows
simplification of some of the exit code. A few unused parameters
were also commented out to eliminate warnings from the native code.
Change-Id: Ic9ae68a6508de4b83b0c460ae8d1d45c8b287adc
4 files changed