diff options
author | Lorenzo Colitti <lorenzo@google.com> | 2017-08-10 18:50:10 +0900 |
---|---|---|
committer | Lorenzo Colitti <lorenzo@google.com> | 2017-08-19 22:20:19 +0900 |
commit | 066b822f78666758ff82c43321ade07fd0d54eb3 (patch) | |
tree | 2f987e927e321fc1f9656e69aec31564014c5eef | |
parent | be79d6547d93c0be373db811d3f0265a93a76f3f (diff) | |
download | netd-066b822f78666758ff82c43321ade07fd0d54eb3.tar.gz |
Delete all remaining callers of iptables.
Also move to binder_test.cpp some string constants that are used
only there.
(cherry picked from commit 5c68b9c1e4b7d8cf05b6ce9f6d1458ffda225eac)
Bug: 28362720
Test: bullhead builds,boots
Test: netd_{unit,integration}_test pass
Change-Id: Icebaac93fc3a661902deced985119d2d1735732e
Merged-In: I3f72946de374a7deaeef88b1dd5589d9a20ccce7
-rw-r--r-- | server/BandwidthController.cpp | 2 | ||||
-rw-r--r-- | server/BandwidthControllerTest.cpp | 3 | ||||
-rw-r--r-- | server/IptablesBaseTest.cpp | 77 | ||||
-rw-r--r-- | server/IptablesBaseTest.h | 5 | ||||
-rw-r--r-- | server/IptablesRestoreControllerTest.cpp | 10 | ||||
-rw-r--r-- | server/NetdConstants.cpp | 82 | ||||
-rw-r--r-- | server/NetdConstants.h | 6 | ||||
-rw-r--r-- | tests/binder_test.cpp | 3 |
8 files changed, 3 insertions, 185 deletions
diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp index d875f007..903390bd 100644 --- a/server/BandwidthController.cpp +++ b/server/BandwidthController.cpp @@ -64,8 +64,6 @@ const char BandwidthController::LOCAL_OUTPUT[] = "bw_OUTPUT"; const char BandwidthController::LOCAL_RAW_PREROUTING[] = "bw_raw_PREROUTING"; const char BandwidthController::LOCAL_MANGLE_POSTROUTING[] = "bw_mangle_POSTROUTING"; -auto BandwidthController::execFunction = android_fork_execvp; -auto BandwidthController::popenFunction = popen; auto BandwidthController::iptablesRestoreFunction = execIptablesRestoreWithOutput; using android::base::Join; diff --git a/server/BandwidthControllerTest.cpp b/server/BandwidthControllerTest.cpp index 066f9ebc..a0a57da7 100644 --- a/server/BandwidthControllerTest.cpp +++ b/server/BandwidthControllerTest.cpp @@ -51,8 +51,6 @@ using android::netdutils::UniqueFile; class BandwidthControllerTest : public IptablesBaseTest { protected: BandwidthControllerTest() { - BandwidthController::execFunction = fake_android_fork_exec; - BandwidthController::popenFunction = fake_popen; BandwidthController::iptablesRestoreFunction = fakeExecIptablesRestoreWithOutput; } BandwidthController mBw; @@ -378,7 +376,6 @@ TEST_F(BandwidthControllerTest, TestGetTetherStats) { std::string expectedError = counters; EXPECT_EQ(expectedError, err); - // popen() failing is always an error. addIptablesRestoreOutput(kIPv4TetherCounters); ASSERT_EQ(-1, mBw.getTetherStats(&cli, filter, err)); expectNoSocketClientResponse(socketPair[1]); diff --git a/server/IptablesBaseTest.cpp b/server/IptablesBaseTest.cpp index 57071b06..c9bf67b2 100644 --- a/server/IptablesBaseTest.cpp +++ b/server/IptablesBaseTest.cpp @@ -61,30 +61,6 @@ int IptablesBaseTest::fake_android_fork_exec(int argc, char* argv[], int *status return ret; } -int IptablesBaseTest::fakeExecIptables(IptablesTarget target, ...) { - std::string cmd = " -w"; - va_list args; - va_start(args, target); - const char *arg; - do { - arg = va_arg(args, const char *); - if (arg != nullptr) { - cmd += " "; - cmd += arg; - } - } while (arg); - va_end(args); - - if (target == V4 || target == V4V6) { - sCmds.push_back(IPTABLES_PATH + cmd); - } - if (target == V6 || target == V4V6) { - sCmds.push_back(IP6TABLES_PATH + cmd); - } - - return 0; -} - FILE *IptablesBaseTest::fake_popen(const char * /* cmd */, const char *type) { if (sPopenContents.empty() || strcmp(type, "r") != 0) { return NULL; @@ -120,59 +96,6 @@ int IptablesBaseTest::fakeExecIptablesRestoreCommand(IptablesTarget target, return fakeExecIptablesRestoreWithOutput(target, fullCmd, output); } -int IptablesBaseTest::expectIptablesCommand(IptablesTarget target, int pos, - const std::string& cmd) { - - if ((unsigned) pos >= sCmds.size()) { - ADD_FAILURE() << "Expected too many iptables commands, want command " - << pos + 1 << "/" << sCmds.size(); - return -1; - } - - if (target == V4 || target == V4V6) { - EXPECT_EQ("/system/bin/iptables -w " + cmd, sCmds[pos++]); - } - if (target == V6 || target == V4V6) { - EXPECT_EQ("/system/bin/ip6tables -w " + cmd, sCmds[pos++]); - } - - return target == V4V6 ? 2 : 1; -} - -void IptablesBaseTest::expectIptablesCommands(const std::vector<std::string>& expectedCmds) { - ExpectedIptablesCommands expected; - for (const auto& cmd : expectedCmds) { - expected.push_back({ V4V6, cmd }); - } - expectIptablesCommands(expected); -} - -void IptablesBaseTest::expectIptablesCommands(const ExpectedIptablesCommands& expectedCmds) { - size_t pos = 0; - for (size_t i = 0; i < expectedCmds.size(); i ++) { - const auto& target = expectedCmds[i].first; - const auto& cmd = expectedCmds[i].second; - int numConsumed = expectIptablesCommand(target, pos, cmd); - if (numConsumed < 0) { - // Read past the end of the array. - break; - } - pos += numConsumed; - } - - EXPECT_EQ(pos, sCmds.size()); - sCmds.clear(); -} - -void IptablesBaseTest::expectIptablesCommands( - const std::vector<ExpectedIptablesCommands>& snippets) { - ExpectedIptablesCommands expected; - for (const auto& snippet: snippets) { - expected.insert(expected.end(), snippet.begin(), snippet.end()); - } - expectIptablesCommands(expected); -} - void IptablesBaseTest::expectIptablesRestoreCommands(const std::vector<std::string>& expectedCmds) { ExpectedIptablesCommands expected; for (const auto& cmd : expectedCmds) { diff --git a/server/IptablesBaseTest.h b/server/IptablesBaseTest.h index a8a511f0..207a5ee8 100644 --- a/server/IptablesBaseTest.h +++ b/server/IptablesBaseTest.h @@ -28,16 +28,12 @@ public: static int fake_android_fork_exec(int argc, char* argv[], int *status, bool, bool); static int fake_android_fork_execvp(int argc, char* argv[], int *status, bool, bool); - static int fakeExecIptables(IptablesTarget target, ...); static int fakeExecIptablesRestore(IptablesTarget target, const std::string& commands); static int fakeExecIptablesRestoreWithOutput(IptablesTarget target, const std::string& commands, std::string *output); static int fakeExecIptablesRestoreCommand(IptablesTarget target, const std::string& table, const std::string& commands, std::string *output); static FILE *fake_popen(const char *cmd, const char *type); - void expectIptablesCommands(const std::vector<std::string>& expectedCmds); - void expectIptablesCommands(const ExpectedIptablesCommands& expectedCmds); - void expectIptablesCommands(const std::vector<ExpectedIptablesCommands>& snippets); void expectIptablesRestoreCommands(const std::vector<std::string>& expectedCmds); void expectIptablesRestoreCommands(const ExpectedIptablesCommands& expectedCmds); void setReturnValues(const std::deque<int>& returnValues); @@ -48,5 +44,4 @@ protected: static std::deque<int> sReturnValues; static std::deque<std::string> sPopenContents; static std::deque<std::string> sIptablesRestoreOutput; - int expectIptablesCommand(IptablesTarget target, int pos, const std::string& cmd); }; diff --git a/server/IptablesRestoreControllerTest.cpp b/server/IptablesRestoreControllerTest.cpp index 43041ecf..20d46efe 100644 --- a/server/IptablesRestoreControllerTest.cpp +++ b/server/IptablesRestoreControllerTest.cpp @@ -258,15 +258,5 @@ TEST_F(IptablesRestoreControllerTest, TestUidRuleBenchmark) { float timeTaken = s.getTimeAndReset(); fprintf(stderr, " Add/del %d UID rules via restore: %.1fms (%.2fms per operation)\n", iterations, timeTaken, timeTaken / 2 / iterations); - - for (int i = 0; i < iterations; i++) { - EXPECT_EQ(0, execIptables(V4V6, "-I", "fw_powersave", "-m", "owner", - "--uid-owner", "2000000000", "-j", "RETURN", nullptr)); - EXPECT_EQ(0, execIptables(V4V6, "-D", "fw_powersave", "-m", "owner", - "--uid-owner", "2000000000", "-j", "RETURN", nullptr)); - } - timeTaken = s.getTimeAndReset(); - fprintf(stderr, " Add/del %d UID rules via iptables: %.1fms (%.2fms per operation)\n", - iterations, timeTaken, timeTaken / 2 / iterations); } } diff --git a/server/NetdConstants.cpp b/server/NetdConstants.cpp index 58b2f64b..5abdacd5 100644 --- a/server/NetdConstants.cpp +++ b/server/NetdConstants.cpp @@ -38,91 +38,9 @@ const size_t SHA256_SIZE = EVP_MD_size(EVP_sha256()); const char * const OEM_SCRIPT_PATH = "/system/bin/oem-iptables-init.sh"; -const char * const IPTABLES_PATH = "/system/bin/iptables"; -const char * const IP6TABLES_PATH = "/system/bin/ip6tables"; -const char * const TC_PATH = "/system/bin/tc"; -const char * const IP_PATH = "/system/bin/ip"; const char * const ADD = "add"; const char * const DEL = "del"; -static void logExecError(const char* argv[], int res, int status) { - const char** argp = argv; - std::string args = ""; - while (*argp) { - args += *argp; - args += ' '; - argp++; - } - ALOGE("exec() res=%d, status=%d for %s", res, status, args.c_str()); -} - -static int execIptablesCommand(int argc, const char *argv[], bool silent) { - int res; - int status; - - res = android_fork_execvp(argc, (char **)argv, &status, false, - !silent); - if (res || !WIFEXITED(status) || WEXITSTATUS(status)) { - if (!silent) { - logExecError(argv, res, status); - } - if (res) - return res; - if (!WIFEXITED(status)) - return ECHILD; - } - return WEXITSTATUS(status); -} - -static int execIptables(IptablesTarget target, bool silent, va_list args) { - /* Read arguments from incoming va_list; we expect the list to be NULL terminated. */ - std::list<const char*> argsList; - argsList.push_back(NULL); - const char* arg; - - // Wait to avoid failure due to another process holding the lock - argsList.push_back("-w"); - - do { - arg = va_arg(args, const char *); - argsList.push_back(arg); - } while (arg); - - int i = 0; - const char* argv[argsList.size()]; - std::list<const char*>::iterator it; - for (it = argsList.begin(); it != argsList.end(); it++, i++) { - argv[i] = *it; - } - - int res = 0; - if (target == V4 || target == V4V6) { - argv[0] = IPTABLES_PATH; - res |= execIptablesCommand(argsList.size(), argv, silent); - } - if (target == V6 || target == V4V6) { - argv[0] = IP6TABLES_PATH; - res |= execIptablesCommand(argsList.size(), argv, silent); - } - return res; -} - -int execIptables(IptablesTarget target, ...) { - va_list args; - va_start(args, target); - int res = execIptables(target, false, args); - va_end(args); - return res; -} - -int execIptablesSilently(IptablesTarget target, ...) { - va_list args; - va_start(args, target); - int res = execIptables(target, true, args); - va_end(args); - return res; -} - int execIptablesRestoreWithOutput(IptablesTarget target, const std::string& commands, std::string *output) { return android::net::gCtls->iptablesRestoreCtrl.execute(target, commands, output); diff --git a/server/NetdConstants.h b/server/NetdConstants.h index 446a898c..b1117c43 100644 --- a/server/NetdConstants.h +++ b/server/NetdConstants.h @@ -34,18 +34,12 @@ const int MAX_SYSTEM_UID = AID_APP - 1; extern const size_t SHA256_SIZE; -extern const char * const IPTABLES_PATH; -extern const char * const IP6TABLES_PATH; -extern const char * const IP_PATH; -extern const char * const TC_PATH; extern const char * const OEM_SCRIPT_PATH; extern const char * const ADD; extern const char * const DEL; enum IptablesTarget { V4, V6, V4V6 }; -int execIptables(IptablesTarget target, ...); -int execIptablesSilently(IptablesTarget target, ...); int execIptablesRestore(IptablesTarget target, const std::string& commands); int execIptablesRestoreWithOutput(IptablesTarget target, const std::string& commands, std::string *output); diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp index 41fc8c33..b2f362ee 100644 --- a/tests/binder_test.cpp +++ b/tests/binder_test.cpp @@ -49,6 +49,9 @@ #include "android/net/UidRange.h" #include "binder/IServiceManager.h" +#define IP_PATH "/system/bin/ip" +#define IP6TABLES_PATH "/system/bin/ip6tables" +#define IPTABLES_PATH "/system/bin/iptables" #define TUN_DEV "/dev/tun" using namespace android; |