Merge "Add a test for setUidCleartextPolicy." am: 28e4da0438 am: 93659ba0f0 am: e21faf9bf0

am: b959b299ad

Change-Id: Ib7f20e08b89f27e7cf6bd048bb6d4b1166d69fe1

1 files changed, 28 insertions, 0 deletions

diff --git a/server/StrictControllerTest.cpp b/server/StrictControllerTest.cpp
index c0c8839a..3783c303 100644
--- a/server/StrictControllerTest.cpp
+++ b/server/StrictControllerTest.cpp
@@ -122,3 +122,31 @@ TEST_F(StrictControllerTest, TestDisableStrict) {
         "COMMIT\n";
     expectIptablesRestoreCommands({ expected });
 }
+
+TEST_F(StrictControllerTest, TestSetUidCleartextPenalty) {
+    std::vector<std::string> acceptCommands = {
+        "-D st_OUTPUT -m owner --uid-owner 12345 -j st_clear_detect",
+        "-D st_clear_caught -m owner --uid-owner 12345 -j st_penalty_log",
+        "-D st_clear_caught -m owner --uid-owner 12345 -j st_penalty_reject",
+    };
+    std::vector<std::string> logCommands = {
+        "-I st_OUTPUT -m owner --uid-owner 12345 -j st_clear_detect",
+        "-I st_clear_caught -m owner --uid-owner 12345 -j st_penalty_log",
+    };
+    std::vector<std::string> rejectCommands = {
+        "-I st_OUTPUT -m owner --uid-owner 12345 -j st_clear_detect",
+        "-I st_clear_caught -m owner --uid-owner 12345 -j st_penalty_reject",
+    };
+
+    mStrictCtrl.setUidCleartextPenalty(12345, LOG);
+    expectIptablesCommands(logCommands);
+
+    mStrictCtrl.setUidCleartextPenalty(12345, ACCEPT);
+    expectIptablesCommands(acceptCommands);
+
+    mStrictCtrl.setUidCleartextPenalty(12345, REJECT);
+    expectIptablesCommands(rejectCommands);
+
+    mStrictCtrl.setUidCleartextPenalty(12345, ACCEPT);
+    expectIptablesCommands(acceptCommands);
+}