189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti/* 289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * Copyright 2016 The Android Open Source Project 389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * 489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * Licensed under the Apache License, Version 2.0 (the "License"); 589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * you may not use this file except in compliance with the License. 689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * You may obtain a copy of the License at 789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * 889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * http://www.apache.org/licenses/LICENSE-2.0 989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * 1089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * Unless required by applicable law or agreed to in writing, software 1189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * distributed under the License is distributed on an "AS IS" BASIS, 1289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * See the License for the specific language governing permissions and 1489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * limitations under the License. 1589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * 1689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti * binder_test.cpp - unit tests for netd binder RPCs. 1789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti */ 1889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 19b8087363143050d214d48e5620a330776ca95a69Robin Lee#include <cerrno> 20b8087363143050d214d48e5620a330776ca95a69Robin Lee#include <cinttypes> 2189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include <cstdint> 22dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti#include <cstdio> 23dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti#include <cstdlib> 24563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti#include <set> 2589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include <vector> 2689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 27755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti#include <fcntl.h> 28cc4f273830144d415cfba01d65314606c444577dErik Kline#include <ifaddrs.h> 29755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti#include <netdb.h> 30563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti#include <sys/socket.h> 31755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti#include <sys/types.h> 32563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti#include <netinet/in.h> 33755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti#include <linux/if.h> 34755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti#include <linux/if_tun.h> 35563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 36cc4f273830144d415cfba01d65314606c444577dErik Kline#include <android-base/macros.h> 3789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include <android-base/stringprintf.h> 38dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti#include <android-base/strings.h> 39b8087363143050d214d48e5620a330776ca95a69Robin Lee#include <cutils/multiuser.h> 4089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include <gtest/gtest.h> 4189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include <logwrap/logwrap.h> 42755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti#include <netutils/ifc.h> 4389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 4489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include "NetdConstants.h" 457e05cc933bf45f7a6e6e93027883f0d329a7101eRobin Lee#include "Stopwatch.h" 461e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti#include "tun_interface.h" 4789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include "android/net/INetd.h" 48b8087363143050d214d48e5620a330776ca95a69Robin Lee#include "android/net/UidRange.h" 4989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti#include "binder/IServiceManager.h" 5089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 51755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti#define TUN_DEV "/dev/tun" 52755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti 5389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittiusing namespace android; 5489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittiusing namespace android::base; 5589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittiusing namespace android::binder; 5689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittiusing android::net::INetd; 571e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colittiusing android::net::TunInterface; 58b8087363143050d214d48e5620a330776ca95a69Robin Leeusing android::net::UidRange; 59b8087363143050d214d48e5620a330776ca95a69Robin Lee 60b8087363143050d214d48e5620a330776ca95a69Robin Leestatic const char* IP_RULE_V4 = "-4"; 61b8087363143050d214d48e5620a330776ca95a69Robin Leestatic const char* IP_RULE_V6 = "-6"; 6289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 6389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitticlass BinderTest : public ::testing::Test { 6489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 6589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittipublic: 6689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti BinderTest() { 6789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti sp<IServiceManager> sm = defaultServiceManager(); 6889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti sp<IBinder> binder = sm->getService(String16("netd")); 6989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti if (binder != nullptr) { 7089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti mNetd = interface_cast<INetd>(binder); 7189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti } 7289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti } 7389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 74755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti void SetUp() override { 7589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti ASSERT_NE(nullptr, mNetd.get()); 7689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti } 7789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 78755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti // Static because setting up the tun interface takes about 40ms. 79755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti static void SetUpTestCase() { 801e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti ASSERT_EQ(0, sTun.init()); 811e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti ASSERT_LE(sTun.name().size(), static_cast<size_t>(IFNAMSIZ)); 82755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti } 83755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti 84755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti static void TearDownTestCase() { 85755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti // Closing the socket removes the interface and IP addresses. 861e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti sTun.destroy(); 87755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti } 88755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti 89755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti static void fakeRemoteSocketPair(int *clientSocket, int *serverSocket, int *acceptedSocket); 90755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti 9189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittiprotected: 9289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti sp<INetd> mNetd; 931e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti static TunInterface sTun; 9489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti}; 9589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 961e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo ColittiTunInterface BinderTest::sTun; 9789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 98699aa99dd9bdf850fc70b1a531eb11224304c766Lorenzo Colitticlass TimedOperation : public Stopwatch { 9989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittipublic: 1001805105559b296e83650f6a3ed6c6dabe898ad33Chih-Hung Hsieh explicit TimedOperation(const std::string &name): mName(name) {} 10189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti virtual ~TimedOperation() { 102699aa99dd9bdf850fc70b1a531eb11224304c766Lorenzo Colitti fprintf(stderr, " %s: %6.1f ms\n", mName.c_str(), timeTaken()); 10389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti } 10489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 10589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittiprivate: 10689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti std::string mName; 10789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti}; 10889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 10989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo ColittiTEST_F(BinderTest, TestIsAlive) { 11089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti TimedOperation t("isAlive RPC"); 11189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti bool isAlive = false; 11289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti mNetd->isAlive(&isAlive); 11389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti ASSERT_TRUE(isAlive); 11489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti} 11589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 11689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colittistatic int randomUid() { 11789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti return 100000 * arc4random_uniform(7) + 10000 + arc4random_uniform(5000); 11889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti} 11989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 120b8087363143050d214d48e5620a330776ca95a69Robin Leestatic std::vector<std::string> runCommand(const std::string& command) { 121dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti std::vector<std::string> lines; 12289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti FILE *f; 123dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 124dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti if ((f = popen(command.c_str(), "r")) == nullptr) { 12589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti perror("popen"); 126dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti return lines; 12789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti } 128dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 129dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti char *line = nullptr; 130b8087363143050d214d48e5620a330776ca95a69Robin Lee size_t bufsize = 0; 131b8087363143050d214d48e5620a330776ca95a69Robin Lee ssize_t linelen = 0; 132b8087363143050d214d48e5620a330776ca95a69Robin Lee while ((linelen = getline(&line, &bufsize, f)) >= 0) { 133dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti lines.push_back(std::string(line, linelen)); 134dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti free(line); 135dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti line = nullptr; 136dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti } 137dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 13889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti pclose(f); 139dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti return lines; 140dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti} 141dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 142b8087363143050d214d48e5620a330776ca95a69Robin Leestatic std::vector<std::string> listIpRules(const char *ipVersion) { 143b8087363143050d214d48e5620a330776ca95a69Robin Lee std::string command = StringPrintf("%s %s rule list", IP_PATH, ipVersion); 144b8087363143050d214d48e5620a330776ca95a69Robin Lee return runCommand(command); 145b8087363143050d214d48e5620a330776ca95a69Robin Lee} 146b8087363143050d214d48e5620a330776ca95a69Robin Lee 147b8087363143050d214d48e5620a330776ca95a69Robin Leestatic std::vector<std::string> listIptablesRule(const char *binary, const char *chainName) { 1488054577a51024c7883f0141181c9c527265c0ee8Lorenzo Colitti std::string command = StringPrintf("%s -w -n -L %s", binary, chainName); 149b8087363143050d214d48e5620a330776ca95a69Robin Lee return runCommand(command); 150b8087363143050d214d48e5620a330776ca95a69Robin Lee} 151b8087363143050d214d48e5620a330776ca95a69Robin Lee 152dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colittistatic int iptablesRuleLineLength(const char *binary, const char *chainName) { 153dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti return listIptablesRule(binary, chainName).size(); 15489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti} 15589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 15689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo ColittiTEST_F(BinderTest, TestFirewallReplaceUidChain) { 15789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti std::string chainName = StringPrintf("netd_binder_test_%u", arc4random_uniform(10000)); 15889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti const int kNumUids = 500; 15989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti std::vector<int32_t> noUids(0); 16089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti std::vector<int32_t> uids(kNumUids); 16189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti for (int i = 0; i < kNumUids; i++) { 16289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti uids[i] = randomUid(); 16389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti } 16489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 16589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti bool ret; 16689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti { 16789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti TimedOperation op(StringPrintf("Programming %d-UID whitelist chain", kNumUids)); 16889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti mNetd->firewallReplaceUidChain(String16(chainName.c_str()), true, uids, &ret); 16989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti } 17089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti EXPECT_EQ(true, ret); 171328a32e95a3e962d168fad681fb0d3376c209b55Lorenzo Colitti EXPECT_EQ((int) uids.size() + 7, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); 172328a32e95a3e962d168fad681fb0d3376c209b55Lorenzo Colitti EXPECT_EQ((int) uids.size() + 13, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); 17389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti { 17489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti TimedOperation op("Clearing whitelist chain"); 17589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, noUids, &ret); 17689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti } 17789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti EXPECT_EQ(true, ret); 178328a32e95a3e962d168fad681fb0d3376c209b55Lorenzo Colitti EXPECT_EQ(5, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); 179328a32e95a3e962d168fad681fb0d3376c209b55Lorenzo Colitti EXPECT_EQ(5, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); 18089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 18189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti { 18289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti TimedOperation op(StringPrintf("Programming %d-UID blacklist chain", kNumUids)); 18389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, uids, &ret); 18489faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti } 18589faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti EXPECT_EQ(true, ret); 186328a32e95a3e962d168fad681fb0d3376c209b55Lorenzo Colitti EXPECT_EQ((int) uids.size() + 5, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); 187328a32e95a3e962d168fad681fb0d3376c209b55Lorenzo Colitti EXPECT_EQ((int) uids.size() + 5, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); 18889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 18989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti { 19089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti TimedOperation op("Clearing blacklist chain"); 19189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, noUids, &ret); 19289faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti } 19389faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti EXPECT_EQ(true, ret); 194328a32e95a3e962d168fad681fb0d3376c209b55Lorenzo Colitti EXPECT_EQ(5, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str())); 195328a32e95a3e962d168fad681fb0d3376c209b55Lorenzo Colitti EXPECT_EQ(5, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str())); 19689faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti 19789faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti // Check that the call fails if iptables returns an error. 19889faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti std::string veryLongStringName = "netd_binder_test_UnacceptablyLongIptablesChainName"; 19989faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti mNetd->firewallReplaceUidChain(String16(veryLongStringName.c_str()), true, noUids, &ret); 20089faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti EXPECT_EQ(false, ret); 20189faa349525ad1110b6fa3f2149e6ef825c65662Lorenzo Colitti} 202dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 203dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colittistatic int bandwidthDataSaverEnabled(const char *binary) { 204464eabecf1174154b8f61845610c3f4f0ca294b3Lorenzo Colitti std::vector<std::string> lines = listIptablesRule(binary, "bw_data_saver"); 205dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 206dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti // Output looks like this: 207dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti // 208464eabecf1174154b8f61845610c3f4f0ca294b3Lorenzo Colitti // Chain bw_data_saver (1 references) 209dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti // target prot opt source destination 210dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti // RETURN all -- 0.0.0.0/0 0.0.0.0/0 211464eabecf1174154b8f61845610c3f4f0ca294b3Lorenzo Colitti EXPECT_EQ(3U, lines.size()); 212464eabecf1174154b8f61845610c3f4f0ca294b3Lorenzo Colitti if (lines.size() != 3) return -1; 213dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 214464eabecf1174154b8f61845610c3f4f0ca294b3Lorenzo Colitti EXPECT_TRUE(android::base::StartsWith(lines[2], "RETURN ") || 215464eabecf1174154b8f61845610c3f4f0ca294b3Lorenzo Colitti android::base::StartsWith(lines[2], "REJECT ")); 216dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 217464eabecf1174154b8f61845610c3f4f0ca294b3Lorenzo Colitti return android::base::StartsWith(lines[2], "REJECT"); 218dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti} 219dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 220dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colittibool enableDataSaver(sp<INetd>& netd, bool enable) { 221dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti TimedOperation op(enable ? " Enabling data saver" : "Disabling data saver"); 222dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti bool ret; 223dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti netd->bandwidthEnableDataSaver(enable, &ret); 224dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti return ret; 225dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti} 226dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 227dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colittiint getDataSaverState() { 228dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti const int enabled4 = bandwidthDataSaverEnabled(IPTABLES_PATH); 229dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti const int enabled6 = bandwidthDataSaverEnabled(IP6TABLES_PATH); 230dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti EXPECT_EQ(enabled4, enabled6); 231dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti EXPECT_NE(-1, enabled4); 232dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti EXPECT_NE(-1, enabled6); 233dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti if (enabled4 != enabled6 || (enabled6 != 0 && enabled6 != 1)) { 234dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti return -1; 235dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti } 236dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti return enabled6; 237dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti} 238dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 239dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo ColittiTEST_F(BinderTest, TestBandwidthEnableDataSaver) { 240dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti const int wasEnabled = getDataSaverState(); 241dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti ASSERT_NE(-1, wasEnabled); 242dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 243dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti if (wasEnabled) { 244dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti ASSERT_TRUE(enableDataSaver(mNetd, false)); 245dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti EXPECT_EQ(0, getDataSaverState()); 246dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti } 247dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 248dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti ASSERT_TRUE(enableDataSaver(mNetd, false)); 249dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti EXPECT_EQ(0, getDataSaverState()); 250dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 251dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti ASSERT_TRUE(enableDataSaver(mNetd, true)); 252dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti EXPECT_EQ(1, getDataSaverState()); 253dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 254dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti ASSERT_TRUE(enableDataSaver(mNetd, true)); 255dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti EXPECT_EQ(1, getDataSaverState()); 256dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti 257dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti if (!wasEnabled) { 258dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti ASSERT_TRUE(enableDataSaver(mNetd, false)); 259dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti EXPECT_EQ(0, getDataSaverState()); 260dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti } 261dedd271d9961dbe8b99ffa7d54ffd63ac326f866Lorenzo Colitti} 262b8087363143050d214d48e5620a330776ca95a69Robin Lee 263b8087363143050d214d48e5620a330776ca95a69Robin Leestatic bool ipRuleExistsForRange(const uint32_t priority, const UidRange& range, 264b8087363143050d214d48e5620a330776ca95a69Robin Lee const std::string& action, const char* ipVersion) { 265b8087363143050d214d48e5620a330776ca95a69Robin Lee // Output looks like this: 2666c84ef62d953eae93c36ffa831e9b451560afba0Robin Lee // "12500:\tfrom all fwmark 0x0/0x20000 iif lo uidrange 1000-2000 prohibit" 267b8087363143050d214d48e5620a330776ca95a69Robin Lee std::vector<std::string> rules = listIpRules(ipVersion); 268b8087363143050d214d48e5620a330776ca95a69Robin Lee 269b8087363143050d214d48e5620a330776ca95a69Robin Lee std::string prefix = StringPrintf("%" PRIu32 ":", priority); 270b8087363143050d214d48e5620a330776ca95a69Robin Lee std::string suffix = StringPrintf(" iif lo uidrange %d-%d %s\n", 271b8087363143050d214d48e5620a330776ca95a69Robin Lee range.getStart(), range.getStop(), action.c_str()); 272b8087363143050d214d48e5620a330776ca95a69Robin Lee for (std::string line : rules) { 273b8087363143050d214d48e5620a330776ca95a69Robin Lee if (android::base::StartsWith(line, prefix.c_str()) 274b8087363143050d214d48e5620a330776ca95a69Robin Lee && android::base::EndsWith(line, suffix.c_str())) { 275b8087363143050d214d48e5620a330776ca95a69Robin Lee return true; 276b8087363143050d214d48e5620a330776ca95a69Robin Lee } 277b8087363143050d214d48e5620a330776ca95a69Robin Lee } 278b8087363143050d214d48e5620a330776ca95a69Robin Lee return false; 279b8087363143050d214d48e5620a330776ca95a69Robin Lee} 280b8087363143050d214d48e5620a330776ca95a69Robin Lee 281b8087363143050d214d48e5620a330776ca95a69Robin Leestatic bool ipRuleExistsForRange(const uint32_t priority, const UidRange& range, 282b8087363143050d214d48e5620a330776ca95a69Robin Lee const std::string& action) { 283b8087363143050d214d48e5620a330776ca95a69Robin Lee bool existsIp4 = ipRuleExistsForRange(priority, range, action, IP_RULE_V4); 284b8087363143050d214d48e5620a330776ca95a69Robin Lee bool existsIp6 = ipRuleExistsForRange(priority, range, action, IP_RULE_V6); 285b8087363143050d214d48e5620a330776ca95a69Robin Lee EXPECT_EQ(existsIp4, existsIp6); 286b8087363143050d214d48e5620a330776ca95a69Robin Lee return existsIp4; 287b8087363143050d214d48e5620a330776ca95a69Robin Lee} 288b8087363143050d214d48e5620a330776ca95a69Robin Lee 289b8087363143050d214d48e5620a330776ca95a69Robin LeeTEST_F(BinderTest, TestNetworkRejectNonSecureVpn) { 2906c84ef62d953eae93c36ffa831e9b451560afba0Robin Lee constexpr uint32_t RULE_PRIORITY = 12500; 291b8087363143050d214d48e5620a330776ca95a69Robin Lee 292fe3cbd68b08553f48a3cea2ea9f365d4dbd424ecJeff Sharkey constexpr int baseUid = AID_USER_OFFSET * 5; 293b8087363143050d214d48e5620a330776ca95a69Robin Lee std::vector<UidRange> uidRanges = { 294b8087363143050d214d48e5620a330776ca95a69Robin Lee {baseUid + 150, baseUid + 224}, 295b8087363143050d214d48e5620a330776ca95a69Robin Lee {baseUid + 226, baseUid + 300} 296b8087363143050d214d48e5620a330776ca95a69Robin Lee }; 297b8087363143050d214d48e5620a330776ca95a69Robin Lee 298b8087363143050d214d48e5620a330776ca95a69Robin Lee const std::vector<std::string> initialRulesV4 = listIpRules(IP_RULE_V4); 299b8087363143050d214d48e5620a330776ca95a69Robin Lee const std::vector<std::string> initialRulesV6 = listIpRules(IP_RULE_V6); 300b8087363143050d214d48e5620a330776ca95a69Robin Lee 301b8087363143050d214d48e5620a330776ca95a69Robin Lee // Create two valid rules. 302b8087363143050d214d48e5620a330776ca95a69Robin Lee ASSERT_TRUE(mNetd->networkRejectNonSecureVpn(true, uidRanges).isOk()); 303b8087363143050d214d48e5620a330776ca95a69Robin Lee EXPECT_EQ(initialRulesV4.size() + 2, listIpRules(IP_RULE_V4).size()); 304b8087363143050d214d48e5620a330776ca95a69Robin Lee EXPECT_EQ(initialRulesV6.size() + 2, listIpRules(IP_RULE_V6).size()); 305b8087363143050d214d48e5620a330776ca95a69Robin Lee for (auto const& range : uidRanges) { 306b8087363143050d214d48e5620a330776ca95a69Robin Lee EXPECT_TRUE(ipRuleExistsForRange(RULE_PRIORITY, range, "prohibit")); 307b8087363143050d214d48e5620a330776ca95a69Robin Lee } 308b8087363143050d214d48e5620a330776ca95a69Robin Lee 309b8087363143050d214d48e5620a330776ca95a69Robin Lee // Remove the rules. 310b8087363143050d214d48e5620a330776ca95a69Robin Lee ASSERT_TRUE(mNetd->networkRejectNonSecureVpn(false, uidRanges).isOk()); 311b8087363143050d214d48e5620a330776ca95a69Robin Lee EXPECT_EQ(initialRulesV4.size(), listIpRules(IP_RULE_V4).size()); 312b8087363143050d214d48e5620a330776ca95a69Robin Lee EXPECT_EQ(initialRulesV6.size(), listIpRules(IP_RULE_V6).size()); 313b8087363143050d214d48e5620a330776ca95a69Robin Lee for (auto const& range : uidRanges) { 314b8087363143050d214d48e5620a330776ca95a69Robin Lee EXPECT_FALSE(ipRuleExistsForRange(RULE_PRIORITY, range, "prohibit")); 315b8087363143050d214d48e5620a330776ca95a69Robin Lee } 316b8087363143050d214d48e5620a330776ca95a69Robin Lee 317b8087363143050d214d48e5620a330776ca95a69Robin Lee // Fail to remove the rules a second time after they are already deleted. 318b8087363143050d214d48e5620a330776ca95a69Robin Lee binder::Status status = mNetd->networkRejectNonSecureVpn(false, uidRanges); 319b8087363143050d214d48e5620a330776ca95a69Robin Lee ASSERT_EQ(binder::Status::EX_SERVICE_SPECIFIC, status.exceptionCode()); 320b8087363143050d214d48e5620a330776ca95a69Robin Lee EXPECT_EQ(ENOENT, status.serviceSpecificErrorCode()); 321b8087363143050d214d48e5620a330776ca95a69Robin Lee 322b8087363143050d214d48e5620a330776ca95a69Robin Lee // All rules should be the same as before. 323b8087363143050d214d48e5620a330776ca95a69Robin Lee EXPECT_EQ(initialRulesV4, listIpRules(IP_RULE_V4)); 324b8087363143050d214d48e5620a330776ca95a69Robin Lee EXPECT_EQ(initialRulesV6, listIpRules(IP_RULE_V6)); 325b8087363143050d214d48e5620a330776ca95a69Robin Lee} 326563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 327755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti// Create a socket pair that isLoopbackSocket won't think is local. 328755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colittivoid BinderTest::fakeRemoteSocketPair(int *clientSocket, int *serverSocket, int *acceptedSocket) { 329563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti *serverSocket = socket(AF_INET6, SOCK_STREAM, 0); 3301e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti struct sockaddr_in6 server6 = { .sin6_family = AF_INET6, .sin6_addr = sTun.dstAddr() }; 331563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti ASSERT_EQ(0, bind(*serverSocket, (struct sockaddr *) &server6, sizeof(server6))); 332563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 333563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti socklen_t addrlen = sizeof(server6); 334563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti ASSERT_EQ(0, getsockname(*serverSocket, (struct sockaddr *) &server6, &addrlen)); 335563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti ASSERT_EQ(0, listen(*serverSocket, 10)); 336563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 337563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti *clientSocket = socket(AF_INET6, SOCK_STREAM, 0); 3381e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti struct sockaddr_in6 client6 = { .sin6_family = AF_INET6, .sin6_addr = sTun.srcAddr() }; 339755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti ASSERT_EQ(0, bind(*clientSocket, (struct sockaddr *) &client6, sizeof(client6))); 340563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti ASSERT_EQ(0, connect(*clientSocket, (struct sockaddr *) &server6, sizeof(server6))); 341563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti ASSERT_EQ(0, getsockname(*clientSocket, (struct sockaddr *) &client6, &addrlen)); 342563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 343563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti *acceptedSocket = accept(*serverSocket, (struct sockaddr *) &server6, &addrlen); 344563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti ASSERT_NE(-1, *acceptedSocket); 345563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 346563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti ASSERT_EQ(0, memcmp(&client6, &server6, sizeof(client6))); 347563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti} 348563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 349563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colittivoid checkSocketpairOpen(int clientSocket, int acceptedSocket) { 350563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti char buf[4096]; 351563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti EXPECT_EQ(4, write(clientSocket, "foo", sizeof("foo"))); 352563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti EXPECT_EQ(4, read(acceptedSocket, buf, sizeof(buf))); 353563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti EXPECT_EQ(0, memcmp(buf, "foo", sizeof("foo"))); 354563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti} 355563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 356563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colittivoid checkSocketpairClosed(int clientSocket, int acceptedSocket) { 357563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti // Check that the client socket was closed with ECONNABORTED. 358563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti int ret = write(clientSocket, "foo", sizeof("foo")); 359563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti int err = errno; 360563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti EXPECT_EQ(-1, ret); 361563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti EXPECT_EQ(ECONNABORTED, err); 362563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 363563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti // Check that it sent a RST to the server. 364563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti ret = write(acceptedSocket, "foo", sizeof("foo")); 365563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti err = errno; 366563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti EXPECT_EQ(-1, ret); 367563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti EXPECT_EQ(ECONNRESET, err); 368563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti} 369563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 370563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo ColittiTEST_F(BinderTest, TestSocketDestroy) { 371563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti int clientSocket, serverSocket, acceptedSocket; 372755faa9dae1fbe7cead43702a05fe2821c1573d3Lorenzo Colitti ASSERT_NO_FATAL_FAILURE(fakeRemoteSocketPair(&clientSocket, &serverSocket, &acceptedSocket)); 373563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 374563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti // Pick a random UID in the system UID range. 375563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti constexpr int baseUid = AID_APP - 2000; 376563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti static_assert(baseUid > 0, "Not enough UIDs? Please fix this test."); 377563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti int uid = baseUid + 500 + arc4random_uniform(1000); 378563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti EXPECT_EQ(0, fchown(clientSocket, uid, -1)); 379563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 380563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti // UID ranges that don't contain uid. 381563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti std::vector<UidRange> uidRanges = { 382563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti {baseUid + 42, baseUid + 449}, 383563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti {baseUid + 1536, AID_APP - 4}, 384563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti {baseUid + 498, uid - 1}, 385563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti {uid + 1, baseUid + 1520}, 386563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti }; 387563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti // A skip list that doesn't contain UID. 388563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti std::vector<int32_t> skipUids { baseUid + 123, baseUid + 1600 }; 389563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 390563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti // Close sockets. Our test socket should be intact. 391563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti EXPECT_TRUE(mNetd->socketDestroy(uidRanges, skipUids).isOk()); 392563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti checkSocketpairOpen(clientSocket, acceptedSocket); 393563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 394563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti // UID ranges that do contain uid. 395563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti uidRanges = { 396563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti {baseUid + 42, baseUid + 449}, 397563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti {baseUid + 1536, AID_APP - 4}, 398563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti {baseUid + 498, baseUid + 1520}, 399563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti }; 400563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti // Add uid to the skip list. 401563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti skipUids.push_back(uid); 402563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 403563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti // Close sockets. Our test socket should still be intact because it's in the skip list. 404563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti EXPECT_TRUE(mNetd->socketDestroy(uidRanges, skipUids).isOk()); 405563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti checkSocketpairOpen(clientSocket, acceptedSocket); 406563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 407563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti // Now remove uid from skipUids, and close sockets. Our test socket should have been closed. 408563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti skipUids.resize(skipUids.size() - 1); 409563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti EXPECT_TRUE(mNetd->socketDestroy(uidRanges, skipUids).isOk()); 410563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti checkSocketpairClosed(clientSocket, acceptedSocket); 411563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti 412563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti close(clientSocket); 413563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti close(serverSocket); 414563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti close(acceptedSocket); 415563d98b27d02a1d694fc4ed82b5554fd534c9dafLorenzo Colitti} 416cc4f273830144d415cfba01d65314606c444577dErik Kline 417cc4f273830144d415cfba01d65314606c444577dErik Klinenamespace { 418cc4f273830144d415cfba01d65314606c444577dErik Kline 419cc4f273830144d415cfba01d65314606c444577dErik Klineint netmaskToPrefixLength(const uint8_t *buf, size_t buflen) { 420cc4f273830144d415cfba01d65314606c444577dErik Kline if (buf == nullptr) return -1; 421cc4f273830144d415cfba01d65314606c444577dErik Kline 422cc4f273830144d415cfba01d65314606c444577dErik Kline int prefixLength = 0; 423cc4f273830144d415cfba01d65314606c444577dErik Kline bool endOfContiguousBits = false; 424cc4f273830144d415cfba01d65314606c444577dErik Kline for (unsigned int i = 0; i < buflen; i++) { 425cc4f273830144d415cfba01d65314606c444577dErik Kline const uint8_t value = buf[i]; 426cc4f273830144d415cfba01d65314606c444577dErik Kline 427cc4f273830144d415cfba01d65314606c444577dErik Kline // Bad bit sequence: check for a contiguous set of bits from the high 428cc4f273830144d415cfba01d65314606c444577dErik Kline // end by verifying that the inverted value + 1 is a power of 2 429cc4f273830144d415cfba01d65314606c444577dErik Kline // (power of 2 iff. (v & (v - 1)) == 0). 430cc4f273830144d415cfba01d65314606c444577dErik Kline const uint8_t inverse = ~value + 1; 431cc4f273830144d415cfba01d65314606c444577dErik Kline if ((inverse & (inverse - 1)) != 0) return -1; 432cc4f273830144d415cfba01d65314606c444577dErik Kline 433cc4f273830144d415cfba01d65314606c444577dErik Kline prefixLength += (value == 0) ? 0 : CHAR_BIT - ffs(value) + 1; 434cc4f273830144d415cfba01d65314606c444577dErik Kline 435cc4f273830144d415cfba01d65314606c444577dErik Kline // Bogus netmask. 436cc4f273830144d415cfba01d65314606c444577dErik Kline if (endOfContiguousBits && value != 0) return -1; 437cc4f273830144d415cfba01d65314606c444577dErik Kline 438cc4f273830144d415cfba01d65314606c444577dErik Kline if (value != 0xff) endOfContiguousBits = true; 439cc4f273830144d415cfba01d65314606c444577dErik Kline } 440cc4f273830144d415cfba01d65314606c444577dErik Kline 441cc4f273830144d415cfba01d65314606c444577dErik Kline return prefixLength; 442cc4f273830144d415cfba01d65314606c444577dErik Kline} 443cc4f273830144d415cfba01d65314606c444577dErik Kline 444cc4f273830144d415cfba01d65314606c444577dErik Klinetemplate<typename T> 445cc4f273830144d415cfba01d65314606c444577dErik Klineint netmaskToPrefixLength(const T *p) { 446cc4f273830144d415cfba01d65314606c444577dErik Kline return netmaskToPrefixLength(reinterpret_cast<const uint8_t*>(p), sizeof(T)); 447cc4f273830144d415cfba01d65314606c444577dErik Kline} 448cc4f273830144d415cfba01d65314606c444577dErik Kline 449cc4f273830144d415cfba01d65314606c444577dErik Kline 450cc4f273830144d415cfba01d65314606c444577dErik Klinestatic bool interfaceHasAddress( 451cc4f273830144d415cfba01d65314606c444577dErik Kline const std::string &ifname, const char *addrString, int prefixLength) { 452cc4f273830144d415cfba01d65314606c444577dErik Kline struct addrinfo *addrinfoList = nullptr; 453cc4f273830144d415cfba01d65314606c444577dErik Kline ScopedAddrinfo addrinfoCleanup(addrinfoList); 454cc4f273830144d415cfba01d65314606c444577dErik Kline 455cc4f273830144d415cfba01d65314606c444577dErik Kline const struct addrinfo hints = { 456cc4f273830144d415cfba01d65314606c444577dErik Kline .ai_flags = AI_NUMERICHOST, 457cc4f273830144d415cfba01d65314606c444577dErik Kline .ai_family = AF_UNSPEC, 458cc4f273830144d415cfba01d65314606c444577dErik Kline .ai_socktype = SOCK_DGRAM, 459cc4f273830144d415cfba01d65314606c444577dErik Kline }; 460cc4f273830144d415cfba01d65314606c444577dErik Kline if (getaddrinfo(addrString, nullptr, &hints, &addrinfoList) != 0 || 461cc4f273830144d415cfba01d65314606c444577dErik Kline addrinfoList == nullptr || addrinfoList->ai_addr == nullptr) { 462cc4f273830144d415cfba01d65314606c444577dErik Kline return false; 463cc4f273830144d415cfba01d65314606c444577dErik Kline } 464cc4f273830144d415cfba01d65314606c444577dErik Kline 465cc4f273830144d415cfba01d65314606c444577dErik Kline struct ifaddrs *ifaddrsList = nullptr; 466cc4f273830144d415cfba01d65314606c444577dErik Kline ScopedIfaddrs ifaddrsCleanup(ifaddrsList); 467cc4f273830144d415cfba01d65314606c444577dErik Kline 468cc4f273830144d415cfba01d65314606c444577dErik Kline if (getifaddrs(&ifaddrsList) != 0) { 469cc4f273830144d415cfba01d65314606c444577dErik Kline return false; 470cc4f273830144d415cfba01d65314606c444577dErik Kline } 471cc4f273830144d415cfba01d65314606c444577dErik Kline 472cc4f273830144d415cfba01d65314606c444577dErik Kline for (struct ifaddrs *addr = ifaddrsList; addr != nullptr; addr = addr->ifa_next) { 473cc4f273830144d415cfba01d65314606c444577dErik Kline if (std::string(addr->ifa_name) != ifname || 474cc4f273830144d415cfba01d65314606c444577dErik Kline addr->ifa_addr == nullptr || 475cc4f273830144d415cfba01d65314606c444577dErik Kline addr->ifa_addr->sa_family != addrinfoList->ai_addr->sa_family) { 476cc4f273830144d415cfba01d65314606c444577dErik Kline continue; 477cc4f273830144d415cfba01d65314606c444577dErik Kline } 478cc4f273830144d415cfba01d65314606c444577dErik Kline 479cc4f273830144d415cfba01d65314606c444577dErik Kline switch (addr->ifa_addr->sa_family) { 480cc4f273830144d415cfba01d65314606c444577dErik Kline case AF_INET: { 481cc4f273830144d415cfba01d65314606c444577dErik Kline auto *addr4 = reinterpret_cast<const struct sockaddr_in*>(addr->ifa_addr); 482cc4f273830144d415cfba01d65314606c444577dErik Kline auto *want = reinterpret_cast<const struct sockaddr_in*>(addrinfoList->ai_addr); 483cc4f273830144d415cfba01d65314606c444577dErik Kline if (memcmp(&addr4->sin_addr, &want->sin_addr, sizeof(want->sin_addr)) != 0) { 484cc4f273830144d415cfba01d65314606c444577dErik Kline continue; 485cc4f273830144d415cfba01d65314606c444577dErik Kline } 486cc4f273830144d415cfba01d65314606c444577dErik Kline 487cc4f273830144d415cfba01d65314606c444577dErik Kline if (prefixLength < 0) return true; // not checking prefix lengths 488cc4f273830144d415cfba01d65314606c444577dErik Kline 489cc4f273830144d415cfba01d65314606c444577dErik Kline if (addr->ifa_netmask == nullptr) return false; 490cc4f273830144d415cfba01d65314606c444577dErik Kline auto *nm = reinterpret_cast<const struct sockaddr_in*>(addr->ifa_netmask); 491cc4f273830144d415cfba01d65314606c444577dErik Kline EXPECT_EQ(prefixLength, netmaskToPrefixLength(&nm->sin_addr)); 492cc4f273830144d415cfba01d65314606c444577dErik Kline return (prefixLength == netmaskToPrefixLength(&nm->sin_addr)); 493cc4f273830144d415cfba01d65314606c444577dErik Kline } 494cc4f273830144d415cfba01d65314606c444577dErik Kline case AF_INET6: { 495cc4f273830144d415cfba01d65314606c444577dErik Kline auto *addr6 = reinterpret_cast<const struct sockaddr_in6*>(addr->ifa_addr); 496cc4f273830144d415cfba01d65314606c444577dErik Kline auto *want = reinterpret_cast<const struct sockaddr_in6*>(addrinfoList->ai_addr); 497cc4f273830144d415cfba01d65314606c444577dErik Kline if (memcmp(&addr6->sin6_addr, &want->sin6_addr, sizeof(want->sin6_addr)) != 0) { 498cc4f273830144d415cfba01d65314606c444577dErik Kline continue; 499cc4f273830144d415cfba01d65314606c444577dErik Kline } 500cc4f273830144d415cfba01d65314606c444577dErik Kline 501cc4f273830144d415cfba01d65314606c444577dErik Kline if (prefixLength < 0) return true; // not checking prefix lengths 502cc4f273830144d415cfba01d65314606c444577dErik Kline 503cc4f273830144d415cfba01d65314606c444577dErik Kline if (addr->ifa_netmask == nullptr) return false; 504cc4f273830144d415cfba01d65314606c444577dErik Kline auto *nm = reinterpret_cast<const struct sockaddr_in6*>(addr->ifa_netmask); 505cc4f273830144d415cfba01d65314606c444577dErik Kline EXPECT_EQ(prefixLength, netmaskToPrefixLength(&nm->sin6_addr)); 506cc4f273830144d415cfba01d65314606c444577dErik Kline return (prefixLength == netmaskToPrefixLength(&nm->sin6_addr)); 507cc4f273830144d415cfba01d65314606c444577dErik Kline } 508cc4f273830144d415cfba01d65314606c444577dErik Kline default: 509cc4f273830144d415cfba01d65314606c444577dErik Kline // Cannot happen because we have already screened for matching 510cc4f273830144d415cfba01d65314606c444577dErik Kline // address families at the top of each iteration. 511cc4f273830144d415cfba01d65314606c444577dErik Kline continue; 512cc4f273830144d415cfba01d65314606c444577dErik Kline } 513cc4f273830144d415cfba01d65314606c444577dErik Kline } 514cc4f273830144d415cfba01d65314606c444577dErik Kline 515cc4f273830144d415cfba01d65314606c444577dErik Kline return false; 516cc4f273830144d415cfba01d65314606c444577dErik Kline} 517cc4f273830144d415cfba01d65314606c444577dErik Kline 518cc4f273830144d415cfba01d65314606c444577dErik Kline} // namespace 519cc4f273830144d415cfba01d65314606c444577dErik Kline 520cc4f273830144d415cfba01d65314606c444577dErik KlineTEST_F(BinderTest, TestInterfaceAddRemoveAddress) { 521cc4f273830144d415cfba01d65314606c444577dErik Kline static const struct TestData { 522cc4f273830144d415cfba01d65314606c444577dErik Kline const char *addrString; 523cc4f273830144d415cfba01d65314606c444577dErik Kline const int prefixLength; 524cc4f273830144d415cfba01d65314606c444577dErik Kline const bool expectSuccess; 525cc4f273830144d415cfba01d65314606c444577dErik Kline } kTestData[] = { 526cc4f273830144d415cfba01d65314606c444577dErik Kline { "192.0.2.1", 24, true }, 527cc4f273830144d415cfba01d65314606c444577dErik Kline { "192.0.2.2", 25, true }, 528cc4f273830144d415cfba01d65314606c444577dErik Kline { "192.0.2.3", 32, true }, 529cc4f273830144d415cfba01d65314606c444577dErik Kline { "192.0.2.4", 33, false }, 530cc4f273830144d415cfba01d65314606c444577dErik Kline { "192.not.an.ip", 24, false }, 531cc4f273830144d415cfba01d65314606c444577dErik Kline { "2001:db8::1", 64, true }, 532cc4f273830144d415cfba01d65314606c444577dErik Kline { "2001:db8::2", 65, true }, 533cc4f273830144d415cfba01d65314606c444577dErik Kline { "2001:db8::3", 128, true }, 534cc4f273830144d415cfba01d65314606c444577dErik Kline { "2001:db8::4", 129, false }, 535cc4f273830144d415cfba01d65314606c444577dErik Kline { "foo:bar::bad", 64, false }, 536cc4f273830144d415cfba01d65314606c444577dErik Kline }; 537cc4f273830144d415cfba01d65314606c444577dErik Kline 538cc4f273830144d415cfba01d65314606c444577dErik Kline for (unsigned int i = 0; i < arraysize(kTestData); i++) { 539cc4f273830144d415cfba01d65314606c444577dErik Kline const auto &td = kTestData[i]; 540cc4f273830144d415cfba01d65314606c444577dErik Kline 541cc4f273830144d415cfba01d65314606c444577dErik Kline // [1.a] Add the address. 542cc4f273830144d415cfba01d65314606c444577dErik Kline binder::Status status = mNetd->interfaceAddAddress( 5431e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti sTun.name(), td.addrString, td.prefixLength); 544cc4f273830144d415cfba01d65314606c444577dErik Kline if (td.expectSuccess) { 545cc4f273830144d415cfba01d65314606c444577dErik Kline EXPECT_TRUE(status.isOk()) << status.exceptionMessage(); 546cc4f273830144d415cfba01d65314606c444577dErik Kline } else { 547cc4f273830144d415cfba01d65314606c444577dErik Kline ASSERT_EQ(binder::Status::EX_SERVICE_SPECIFIC, status.exceptionCode()); 548cc4f273830144d415cfba01d65314606c444577dErik Kline ASSERT_NE(0, status.serviceSpecificErrorCode()); 549cc4f273830144d415cfba01d65314606c444577dErik Kline } 550cc4f273830144d415cfba01d65314606c444577dErik Kline 551cc4f273830144d415cfba01d65314606c444577dErik Kline // [1.b] Verify the addition meets the expectation. 552cc4f273830144d415cfba01d65314606c444577dErik Kline if (td.expectSuccess) { 5531e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti EXPECT_TRUE(interfaceHasAddress(sTun.name(), td.addrString, td.prefixLength)); 554cc4f273830144d415cfba01d65314606c444577dErik Kline } else { 5551e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti EXPECT_FALSE(interfaceHasAddress(sTun.name(), td.addrString, -1)); 556cc4f273830144d415cfba01d65314606c444577dErik Kline } 557cc4f273830144d415cfba01d65314606c444577dErik Kline 558cc4f273830144d415cfba01d65314606c444577dErik Kline // [2.a] Try to remove the address. If it was not previously added, removing it fails. 5591e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti status = mNetd->interfaceDelAddress(sTun.name(), td.addrString, td.prefixLength); 560cc4f273830144d415cfba01d65314606c444577dErik Kline if (td.expectSuccess) { 561cc4f273830144d415cfba01d65314606c444577dErik Kline EXPECT_TRUE(status.isOk()) << status.exceptionMessage(); 562cc4f273830144d415cfba01d65314606c444577dErik Kline } else { 563cc4f273830144d415cfba01d65314606c444577dErik Kline ASSERT_EQ(binder::Status::EX_SERVICE_SPECIFIC, status.exceptionCode()); 564cc4f273830144d415cfba01d65314606c444577dErik Kline ASSERT_NE(0, status.serviceSpecificErrorCode()); 565cc4f273830144d415cfba01d65314606c444577dErik Kline } 566cc4f273830144d415cfba01d65314606c444577dErik Kline 567cc4f273830144d415cfba01d65314606c444577dErik Kline // [2.b] No matter what, the address should not be present. 5681e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti EXPECT_FALSE(interfaceHasAddress(sTun.name(), td.addrString, -1)); 569cc4f273830144d415cfba01d65314606c444577dErik Kline } 570cc4f273830144d415cfba01d65314606c444577dErik Kline} 57155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 57255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik KlineTEST_F(BinderTest, TestSetProcSysNet) { 57355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline static const struct TestData { 57455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const int family; 57555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const int which; 57655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const char *ifname; 57755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const char *parameter; 57855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const char *value; 57955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const int expectedReturnCode; 58055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } kTestData[] = { 5811e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti { INetd::IPV4, INetd::CONF, sTun.name().c_str(), "arp_ignore", "1", 0 }, 5821e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti { -1, INetd::CONF, sTun.name().c_str(), "arp_ignore", "1", EAFNOSUPPORT }, 5831e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti { INetd::IPV4, -1, sTun.name().c_str(), "arp_ignore", "1", EINVAL }, 58455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline { INetd::IPV4, INetd::CONF, "..", "conf/lo/arp_ignore", "1", EINVAL }, 58555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline { INetd::IPV4, INetd::CONF, ".", "lo/arp_ignore", "1", EINVAL }, 5861e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti { INetd::IPV4, INetd::CONF, sTun.name().c_str(), "../all/arp_ignore", "1", EINVAL }, 5871e299c63fd42f02f23547690275d4f6f9cd5fcc4Lorenzo Colitti { INetd::IPV6, INetd::NEIGH, sTun.name().c_str(), "ucast_solicit", "7", 0 }, 58855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline }; 58955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 59055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline for (unsigned int i = 0; i < arraysize(kTestData); i++) { 59155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const auto &td = kTestData[i]; 59255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 59355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline const binder::Status status = mNetd->setProcSysNet( 59455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline td.family, td.which, td.ifname, td.parameter, 59555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline td.value); 59655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline 59755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline if (td.expectedReturnCode == 0) { 59855b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline SCOPED_TRACE(String8::format("test case %d should have passed", i)); 59955b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline EXPECT_EQ(0, status.exceptionCode()); 60055b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline EXPECT_EQ(0, status.serviceSpecificErrorCode()); 60155b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } else { 60255b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline SCOPED_TRACE(String8::format("test case %d should have failed", i)); 60355b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline EXPECT_EQ(binder::Status::EX_SERVICE_SPECIFIC, status.exceptionCode()); 60455b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline EXPECT_EQ(td.expectedReturnCode, status.serviceSpecificErrorCode()); 60555b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } 60655b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline } 60755b06f85b13553b7b0b5a76f650f452d5a9473c5Erik Kline} 608