diff options
author | Lorenzo Colitti <lorenzo@google.com> | 2017-07-18 12:02:47 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-07-18 12:02:47 +0000 |
commit | b0a825f7bf75c4ff614a7f60fcc7e63eebe05812 (patch) | |
tree | b7b2d32c93a8533defad84ebb26e092c239ae13d | |
parent | 3537fc22a62742dbc85fc577f99fb56bc7a7483c (diff) | |
parent | b959b299ad025b56647424197ac3fe4ef3b3b16d (diff) | |
download | netd-b0a825f7bf75c4ff614a7f60fcc7e63eebe05812.tar.gz |
Merge "Add a test for setUidCleartextPolicy." am: 28e4da0438 am: 93659ba0f0 am: e21faf9bf0
am: b959b299ad
Change-Id: Ib7f20e08b89f27e7cf6bd048bb6d4b1166d69fe1
-rw-r--r-- | server/StrictControllerTest.cpp | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/server/StrictControllerTest.cpp b/server/StrictControllerTest.cpp index c0c8839a..3783c303 100644 --- a/server/StrictControllerTest.cpp +++ b/server/StrictControllerTest.cpp @@ -122,3 +122,31 @@ TEST_F(StrictControllerTest, TestDisableStrict) { "COMMIT\n"; expectIptablesRestoreCommands({ expected }); } + +TEST_F(StrictControllerTest, TestSetUidCleartextPenalty) { + std::vector<std::string> acceptCommands = { + "-D st_OUTPUT -m owner --uid-owner 12345 -j st_clear_detect", + "-D st_clear_caught -m owner --uid-owner 12345 -j st_penalty_log", + "-D st_clear_caught -m owner --uid-owner 12345 -j st_penalty_reject", + }; + std::vector<std::string> logCommands = { + "-I st_OUTPUT -m owner --uid-owner 12345 -j st_clear_detect", + "-I st_clear_caught -m owner --uid-owner 12345 -j st_penalty_log", + }; + std::vector<std::string> rejectCommands = { + "-I st_OUTPUT -m owner --uid-owner 12345 -j st_clear_detect", + "-I st_clear_caught -m owner --uid-owner 12345 -j st_penalty_reject", + }; + + mStrictCtrl.setUidCleartextPenalty(12345, LOG); + expectIptablesCommands(logCommands); + + mStrictCtrl.setUidCleartextPenalty(12345, ACCEPT); + expectIptablesCommands(acceptCommands); + + mStrictCtrl.setUidCleartextPenalty(12345, REJECT); + expectIptablesCommands(rejectCommands); + + mStrictCtrl.setUidCleartextPenalty(12345, ACCEPT); + expectIptablesCommands(acceptCommands); +} |