patchpanel: Prevent ConnectNamespace from allowing privileged PIDs.
Block PID 1 and the PID of the patchpanel process.
BUG=b:174735412
TEST=unit
Change-Id: Ic1eaed424d697851aed9931d80cb2895d7b2e73f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2571141
Tested-by: Garrick Evans <garrick@chromium.org>
Reviewed-by: Hugo Benichi <hugobenichi@google.com>
Commit-Queue: Garrick Evans <garrick@chromium.org>
diff --git a/patchpanel/dbus/client_test.cc b/patchpanel/dbus/client_test.cc
index 17811fd..c152620 100644
--- a/patchpanel/dbus/client_test.cc
+++ b/patchpanel/dbus/client_test.cc
@@ -40,10 +40,10 @@
TEST_F(ClientTest, ConnectNamespace) {
pid_t pid = 3456;
- std::string outboud_ifname = "";
+ std::string outbound_ifname = "";
- // Failure case
- auto result = client_->ConnectNamespace(pid, outboud_ifname, false);
+ // Failure case - invalid pid
+ auto result = client_->ConnectNamespace(pid, outbound_ifname, false);
EXPECT_FALSE(result.first.is_valid());
EXPECT_TRUE(result.second.peer_ifname().empty());
EXPECT_TRUE(result.second.host_ifname().empty());
@@ -52,6 +52,10 @@
EXPECT_EQ(0, result.second.ipv4_subnet().base_addr());
EXPECT_EQ(0, result.second.ipv4_subnet().prefix_len());
+ // Failure case - prohibited pid
+ result = client_->ConnectNamespace(1, outbound_ifname, false);
+ EXPECT_FALSE(result.first.is_valid());
+
// Success case
patchpanel::ConnectNamespaceResponse response_proto;
response_proto.set_peer_ifname("veth0");
@@ -67,7 +71,7 @@
EXPECT_CALL(*proxy_, CallMethodAndBlock(_, _))
.WillOnce(Return(ByMove(std::move(response))));
- result = client_->ConnectNamespace(pid, outboud_ifname, false);
+ result = client_->ConnectNamespace(pid, outbound_ifname, false);
EXPECT_TRUE(result.first.is_valid());
EXPECT_EQ("arc_ns0", result.second.host_ifname());
EXPECT_EQ("veth0", result.second.peer_ifname());