diff options
| author | Luke Huang <huangluke@google.com> | 2020-06-18 10:45:58 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2020-06-18 10:45:58 +0000 |
| commit | 3eb8f9bc0fdb52c7441a79b20934b4142a605d3f (patch) | |
| tree | ce5ba81c0aaaa050df78afdc4440d1857dd827c4 | |
| parent | b49f8b7ccf011cd27379f9e8c378a33dc5e5147e (diff) | |
| parent | 27f6c3d4b7ab3b8844bfaa287493540dd9af73d8 (diff) | |
| download | netd-3eb8f9bc0fdb52c7441a79b20934b4142a605d3f.tar.gz | |
Merge "Add unit for setAllowNetworkingForProcess" into rvc-dev
| -rw-r--r-- | client/NetdClientTest.cpp | 52 | ||||
| -rw-r--r-- | client/netdclient_priv.h | 5 |
2 files changed, 57 insertions, 0 deletions
diff --git a/client/NetdClientTest.cpp b/client/NetdClientTest.cpp index 126c7fd1..20f601a7 100644 --- a/client/NetdClientTest.cpp +++ b/client/NetdClientTest.cpp @@ -31,6 +31,16 @@ namespace { // Keep in sync with FrameworkListener.cpp (500, "Command not recognized") constexpr char NOT_SUPPORT_MSG[] = "500 Command not recognized"; +int openDnsProxyFuncStub() { + return -1; +}; + +typedef int (*DnsOpenProxyType)(); +typedef int (*SocketFunctionType)(int, int, int); + +DnsOpenProxyType openDnsProxyFuncPtr = openDnsProxyFuncStub; +SocketFunctionType socketFuncPtr = socket; + void serverLoop(int dnsProxyFd) { while (true) { pollfd fds[1] = {{.fd = dnsProxyFd, .events = POLLIN}}; @@ -49,6 +59,35 @@ void serverLoop(int dnsProxyFd) { } } +void expectAllowNetworkingForProcess() { + // netdClientSocket + android::base::unique_fd ipv4(socketFuncPtr(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0)), + ipv6(socketFuncPtr(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0)); + EXPECT_LE(3, ipv4); + EXPECT_LE(3, ipv6); + + // dns_open_proxy + android::base::unique_fd dnsproxydSocket(openDnsProxyFuncPtr()); + EXPECT_LE(3, dnsproxydSocket); +} + +void expectNotAllowNetworkingForProcess() { + // netdClientSocket + android::base::unique_fd unixSocket(socketFuncPtr(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)); + EXPECT_LE(3, unixSocket); + android::base::unique_fd ipv4(socketFuncPtr(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0)); + EXPECT_EQ(-1, ipv4); + EXPECT_EQ(errno, EPERM); + android::base::unique_fd ipv6(socketFuncPtr(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0)); + EXPECT_EQ(-1, ipv6); + EXPECT_EQ(errno, EPERM); + + // dns_open_proxy + android::base::unique_fd dnsproxydSocket(openDnsProxyFuncPtr()); + EXPECT_EQ(-1, dnsproxydSocket); + EXPECT_EQ(errno, EPERM); +} + } // namespace TEST(NetdClientTest, getNetworkForDnsInternal) { @@ -92,3 +131,16 @@ TEST(NetdClientTest, protectFromVpnTcp6) { EXPECT_EQ(0, protectFromVpn(s)); close(s); } + +TEST(NetdClientTest, setAllowNetworkingForProcess) { + netdClientInitDnsOpenProxy(&openDnsProxyFuncPtr); + netdClientInitSocket(&socketFuncPtr); + // At the beginning, we should be able to use socket since the default setting is allowing. + expectAllowNetworkingForProcess(); + // Disable + setAllowNetworkingForProcess(false); + expectNotAllowNetworkingForProcess(); + // Reset + setAllowNetworkingForProcess(true); + expectAllowNetworkingForProcess(); +} diff --git a/client/netdclient_priv.h b/client/netdclient_priv.h index 52952c54..c2fbc53c 100644 --- a/client/netdclient_priv.h +++ b/client/netdclient_priv.h @@ -19,4 +19,9 @@ int getNetworkForDnsInternal(int fd, unsigned* dnsNetId); +extern "C" { +void netdClientInitDnsOpenProxy(int (**DnsOpenProxyType)()); +void netdClientInitSocket(int (**SocketFunctionType)(int, int, int)); +} + #endif // NETD_CLIENT_NETD_CLIENT_PRIV_H |