Launch dhcpcd using Minijail.
dhcpcd runs as root and listens on the network. Launch it using Minijail
so that we can run it as a regular user, mitigating the risk of an eventual
compromise.
Add a mock Minijail wrapper for unittesting.
BUG=chromium-os:28336
TEST=dhcp_config_unittest
TEST=network_netperf2
TEST=Manual connection to ethernet, GoogleGuest, Google-A.
CQ-DEPEND=I243e02c82f70c6a3469ca712e539ec9fb6e3e4d4
Change-Id: I14c4e843eba478ed39b10fa4fcb0e25eb3186c1a
Reviewed-on: https://gerrit.chromium.org/gerrit/20414
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
diff --git a/mock_minijail.h b/mock_minijail.h
new file mode 100644
index 0000000..fe4169c
--- /dev/null
+++ b/mock_minijail.h
@@ -0,0 +1,36 @@
+// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef SHILL_MOCK_MINIJAIL_H_
+#define SHILL_MOCK_MINIJAIL_H_
+
+#include <base/basictypes.h>
+#include <gmock/gmock.h>
+
+#include "shill/minijail.h"
+
+namespace shill {
+
+class MockMinijail : public Minijail {
+ public:
+ MockMinijail();
+ virtual ~MockMinijail();
+
+ MOCK_METHOD0(New, struct minijail *());
+ MOCK_METHOD1(Destroy, void (struct minijail *));
+
+ MOCK_METHOD2(DropRoot, bool(struct minijail *jail, const char *user));
+ MOCK_METHOD2(UseCapabilities, void(struct minijail *jail, uint64_t capmask));
+ MOCK_METHOD3(Run, bool(struct minijail *jail,
+ std::vector<char *> args, pid_t *pid));
+ MOCK_METHOD3(RunAndDestroy, bool(struct minijail *jail,
+ std::vector<char *> args, pid_t *pid));
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(MockMinijail);
+};
+
+} // namespace shill
+
+#endif // SHILL_MOCK_MINIJAIL_H_