xref: /aosp_15_r20/platform_testing/utils/shell-as/shell-as-main.cpp (revision dd0948b35e70be4c0246aabd6c72554a5eb8b22a) 
1*dd0948b3SAndroid Build Coastguard Worker /*
2*dd0948b3SAndroid Build Coastguard Worker  * Copyright (C) 2023 The Android Open Source Project
3*dd0948b3SAndroid Build Coastguard Worker  *
4*dd0948b3SAndroid Build Coastguard Worker  * Licensed under the Apache License, Version 2.0 (the "License");
5*dd0948b3SAndroid Build Coastguard Worker  * you may not use this file except in compliance with the License.
6*dd0948b3SAndroid Build Coastguard Worker  * You may obtain a copy of the License at
7*dd0948b3SAndroid Build Coastguard Worker  *
8*dd0948b3SAndroid Build Coastguard Worker  *     http://www.apache.org/licenses/LICENSE-2.0
9*dd0948b3SAndroid Build Coastguard Worker  *
10*dd0948b3SAndroid Build Coastguard Worker  * Unless required by applicable law or agreed to in writing, software
11*dd0948b3SAndroid Build Coastguard Worker  * distributed under the License is distributed on an "AS IS" BASIS,
12*dd0948b3SAndroid Build Coastguard Worker  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*dd0948b3SAndroid Build Coastguard Worker  * See the License for the specific language governing permissions and
14*dd0948b3SAndroid Build Coastguard Worker  * limitations under the License.
15*dd0948b3SAndroid Build Coastguard Worker  */
16*dd0948b3SAndroid Build Coastguard Worker 
17*dd0948b3SAndroid Build Coastguard Worker #include <iostream>
18*dd0948b3SAndroid Build Coastguard Worker #include <memory>
19*dd0948b3SAndroid Build Coastguard Worker #include <string>
20*dd0948b3SAndroid Build Coastguard Worker 
21*dd0948b3SAndroid Build Coastguard Worker #include "./command-line.h"
22*dd0948b3SAndroid Build Coastguard Worker #include "./context.h"
23*dd0948b3SAndroid Build Coastguard Worker #include "./execute.h"
24*dd0948b3SAndroid Build Coastguard Worker 
main(const int argc,char * const argv[])25*dd0948b3SAndroid Build Coastguard Worker int main(const int argc, char* const argv[]) {
26*dd0948b3SAndroid Build Coastguard Worker   bool verbose = false;
27*dd0948b3SAndroid Build Coastguard Worker   auto context = std::make_unique<shell_as::SecurityContext>();
28*dd0948b3SAndroid Build Coastguard Worker   char* const* execute_arguments = nullptr;
29*dd0948b3SAndroid Build Coastguard Worker   if (!shell_as::ParseOptions(argc, argv, &verbose, context.get(),
30*dd0948b3SAndroid Build Coastguard Worker                               &execute_arguments)) {
31*dd0948b3SAndroid Build Coastguard Worker     return 1;
32*dd0948b3SAndroid Build Coastguard Worker   }
33*dd0948b3SAndroid Build Coastguard Worker 
34*dd0948b3SAndroid Build Coastguard Worker   if (verbose) {
35*dd0948b3SAndroid Build Coastguard Worker     std::cerr << "Dropping privileges to:" << std::endl;
36*dd0948b3SAndroid Build Coastguard Worker     std::cerr << "\tuser ID = "
37*dd0948b3SAndroid Build Coastguard Worker               << (context->user_id.has_value()
38*dd0948b3SAndroid Build Coastguard Worker                       ? std::to_string(context->user_id.value())
39*dd0948b3SAndroid Build Coastguard Worker                       : "<no value>")
40*dd0948b3SAndroid Build Coastguard Worker               << std::endl;
41*dd0948b3SAndroid Build Coastguard Worker 
42*dd0948b3SAndroid Build Coastguard Worker     std::cerr << "\tgroup ID = "
43*dd0948b3SAndroid Build Coastguard Worker               << (context->group_id.has_value()
44*dd0948b3SAndroid Build Coastguard Worker                       ? std::to_string(context->group_id.value())
45*dd0948b3SAndroid Build Coastguard Worker                       : "<no value>")
46*dd0948b3SAndroid Build Coastguard Worker               << std::endl;
47*dd0948b3SAndroid Build Coastguard Worker 
48*dd0948b3SAndroid Build Coastguard Worker     std::cerr << "\tsupplementary group IDs = ";
49*dd0948b3SAndroid Build Coastguard Worker     if (!context->supplementary_group_ids.has_value()) {
50*dd0948b3SAndroid Build Coastguard Worker       std::cerr << "<no value>";
51*dd0948b3SAndroid Build Coastguard Worker     } else {
52*dd0948b3SAndroid Build Coastguard Worker       for (auto& id : context->supplementary_group_ids.value()) {
53*dd0948b3SAndroid Build Coastguard Worker         std::cerr << id << " ";
54*dd0948b3SAndroid Build Coastguard Worker       }
55*dd0948b3SAndroid Build Coastguard Worker     }
56*dd0948b3SAndroid Build Coastguard Worker     std::cerr << std::endl;
57*dd0948b3SAndroid Build Coastguard Worker 
58*dd0948b3SAndroid Build Coastguard Worker     std::cerr << "\tSELinux = "
59*dd0948b3SAndroid Build Coastguard Worker               << (context->selinux_context.has_value()
60*dd0948b3SAndroid Build Coastguard Worker                       ? context->selinux_context.value()
61*dd0948b3SAndroid Build Coastguard Worker                       : "<no value>")
62*dd0948b3SAndroid Build Coastguard Worker               << std::endl;
63*dd0948b3SAndroid Build Coastguard Worker 
64*dd0948b3SAndroid Build Coastguard Worker     std::cerr << "\tseccomp = ";
65*dd0948b3SAndroid Build Coastguard Worker     if (!context->seccomp_filter.has_value()) {
66*dd0948b3SAndroid Build Coastguard Worker       std::cerr << "<no value>";
67*dd0948b3SAndroid Build Coastguard Worker     } else {
68*dd0948b3SAndroid Build Coastguard Worker       switch (context->seccomp_filter.value()) {
69*dd0948b3SAndroid Build Coastguard Worker         case shell_as::kAppFilter:
70*dd0948b3SAndroid Build Coastguard Worker           std::cerr << "app";
71*dd0948b3SAndroid Build Coastguard Worker           break;
72*dd0948b3SAndroid Build Coastguard Worker         case shell_as::kAppZygoteFilter:
73*dd0948b3SAndroid Build Coastguard Worker           std::cerr << "app-zygote";
74*dd0948b3SAndroid Build Coastguard Worker           break;
75*dd0948b3SAndroid Build Coastguard Worker         case shell_as::kSystemFilter:
76*dd0948b3SAndroid Build Coastguard Worker           std::cerr << "system";
77*dd0948b3SAndroid Build Coastguard Worker           break;
78*dd0948b3SAndroid Build Coastguard Worker       }
79*dd0948b3SAndroid Build Coastguard Worker     }
80*dd0948b3SAndroid Build Coastguard Worker     std::cerr << std::endl;
81*dd0948b3SAndroid Build Coastguard Worker 
82*dd0948b3SAndroid Build Coastguard Worker     std::cerr << "\tcapabilities = ";
83*dd0948b3SAndroid Build Coastguard Worker     if (!context->capabilities.has_value()) {
84*dd0948b3SAndroid Build Coastguard Worker       std::cerr << "<no value>";
85*dd0948b3SAndroid Build Coastguard Worker     } else {
86*dd0948b3SAndroid Build Coastguard Worker       std::cerr << "'" << cap_to_text(context->capabilities.value(), nullptr)
87*dd0948b3SAndroid Build Coastguard Worker                 << "'";
88*dd0948b3SAndroid Build Coastguard Worker     }
89*dd0948b3SAndroid Build Coastguard Worker     std::cerr << std::endl;
90*dd0948b3SAndroid Build Coastguard Worker   }
91*dd0948b3SAndroid Build Coastguard Worker 
92*dd0948b3SAndroid Build Coastguard Worker   return !shell_as::ExecuteInContext(execute_arguments, context.get());
93*dd0948b3SAndroid Build Coastguard Worker }
94