diff options
Diffstat (limited to 'server/TrafficControllerTest.cpp')
-rw-r--r-- | server/TrafficControllerTest.cpp | 275 |
1 files changed, 101 insertions, 174 deletions
diff --git a/server/TrafficControllerTest.cpp b/server/TrafficControllerTest.cpp index 3cde9be8..159fb086 100644 --- a/server/TrafficControllerTest.cpp +++ b/server/TrafficControllerTest.cpp @@ -16,6 +16,7 @@ * TrafficControllerTest.cpp - unit tests for TrafficController.cpp */ +#include <cstdint> #include <string> #include <vector> @@ -74,7 +75,6 @@ class TrafficControllerTest : public ::testing::Test { void SetUp() { std::lock_guard guard(mTc.mMutex); - SKIP_IF_BPF_NOT_SUPPORTED; ASSERT_EQ(0, setrlimitForTest()); mFakeCookieTagMap.reset(createMap(BPF_MAP_TYPE_HASH, sizeof(uint64_t), sizeof(UidTagValue), @@ -165,30 +165,30 @@ class TrafficControllerTest : public ::testing::Test { void checkUidOwnerRuleForChain(ChildChain chain, UidOwnerMatchType match) { uint32_t uid = TEST_UID; - EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, DENY, BLACKLIST)); + EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, DENY, DENYLIST)); Result<UidOwnerValue> value = mFakeUidOwnerMap.readValue(uid); EXPECT_RESULT_OK(value); EXPECT_TRUE(value.value().rule & match); uid = TEST_UID2; - EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, ALLOW, WHITELIST)); + EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, ALLOW, ALLOWLIST)); value = mFakeUidOwnerMap.readValue(uid); EXPECT_RESULT_OK(value); EXPECT_TRUE(value.value().rule & match); - EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, DENY, WHITELIST)); + EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, DENY, ALLOWLIST)); value = mFakeUidOwnerMap.readValue(uid); EXPECT_FALSE(value.ok()); EXPECT_EQ(ENOENT, value.error().code()); uid = TEST_UID; - EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, ALLOW, BLACKLIST)); + EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, ALLOW, DENYLIST)); value = mFakeUidOwnerMap.readValue(uid); EXPECT_FALSE(value.ok()); EXPECT_EQ(ENOENT, value.error().code()); uid = TEST_UID3; - EXPECT_EQ(-ENOENT, mTc.changeUidOwnerRule(chain, uid, ALLOW, BLACKLIST)); + EXPECT_EQ(-ENOENT, mTc.changeUidOwnerRule(chain, uid, ALLOW, DENYLIST)); value = mFakeUidOwnerMap.readValue(uid); EXPECT_FALSE(value.ok()); EXPECT_EQ(ENOENT, value.error().code()); @@ -211,18 +211,18 @@ class TrafficControllerTest : public ::testing::Test { void checkUidMapReplace(const std::string& name, const std::vector<int32_t>& uids, UidOwnerMatchType match) { - bool isWhitelist = true; - EXPECT_EQ(0, mTc.replaceUidOwnerMap(name, isWhitelist, uids)); + bool isAllowlist = true; + EXPECT_EQ(0, mTc.replaceUidOwnerMap(name, isAllowlist, uids)); checkEachUidValue(uids, match); - isWhitelist = false; - EXPECT_EQ(0, mTc.replaceUidOwnerMap(name, isWhitelist, uids)); + isAllowlist = false; + EXPECT_EQ(0, mTc.replaceUidOwnerMap(name, isAllowlist, uids)); checkEachUidValue(uids, match); } - void expectUidOwnerMapValues(const std::vector<std::string>& appStrUids, uint8_t expectedRule, + + void expectUidOwnerMapValues(const std::vector<uint32_t>& appUids, uint8_t expectedRule, uint32_t expectedIif) { - for (const std::string& strUid : appStrUids) { - uint32_t uid = stoi(strUid); + for (uint32_t uid : appUids) { Result<UidOwnerValue> value = mFakeUidOwnerMap.readValue(uid); EXPECT_RESULT_OK(value); EXPECT_EQ(expectedRule, value.value().rule) @@ -315,8 +315,6 @@ class TrafficControllerTest : public ::testing::Test { }; TEST_F(TrafficControllerTest, TestTagSocketV4) { - SKIP_IF_BPF_NOT_SUPPORTED; - uint64_t sockCookie; int v4socket = setUpSocketAndTag(AF_INET, &sockCookie, TEST_TAG, TEST_UID, TEST_UID); expectUidTag(sockCookie, TEST_UID, TEST_TAG); @@ -326,8 +324,6 @@ TEST_F(TrafficControllerTest, TestTagSocketV4) { } TEST_F(TrafficControllerTest, TestReTagSocket) { - SKIP_IF_BPF_NOT_SUPPORTED; - uint64_t sockCookie; int v4socket = setUpSocketAndTag(AF_INET, &sockCookie, TEST_TAG, TEST_UID, TEST_UID); expectUidTag(sockCookie, TEST_UID, TEST_TAG); @@ -336,8 +332,6 @@ TEST_F(TrafficControllerTest, TestReTagSocket) { } TEST_F(TrafficControllerTest, TestTagTwoSockets) { - SKIP_IF_BPF_NOT_SUPPORTED; - uint64_t sockCookie1; uint64_t sockCookie2; int v4socket1 = setUpSocketAndTag(AF_INET, &sockCookie1, TEST_TAG, TEST_UID, TEST_UID); @@ -351,8 +345,6 @@ TEST_F(TrafficControllerTest, TestTagTwoSockets) { } TEST_F(TrafficControllerTest, TestTagSocketV6) { - SKIP_IF_BPF_NOT_SUPPORTED; - uint64_t sockCookie; int v6socket = setUpSocketAndTag(AF_INET6, &sockCookie, TEST_TAG, TEST_UID, TEST_UID); expectUidTag(sockCookie, TEST_UID, TEST_TAG); @@ -362,16 +354,12 @@ TEST_F(TrafficControllerTest, TestTagSocketV6) { } TEST_F(TrafficControllerTest, TestTagInvalidSocket) { - SKIP_IF_BPF_NOT_SUPPORTED; - int invalidSocket = -1; ASSERT_GT(0, mTc.tagSocket(invalidSocket, TEST_TAG, TEST_UID, TEST_UID)); expectMapEmpty(mFakeCookieTagMap); } TEST_F(TrafficControllerTest, TestTagSocketWithoutPermission) { - SKIP_IF_BPF_NOT_SUPPORTED; - int sock = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0); ASSERT_NE(-1, sock); ASSERT_EQ(-EPERM, mTc.tagSocket(sock, TEST_TAG, TEST_UID, TEST_UID2)); @@ -379,8 +367,6 @@ TEST_F(TrafficControllerTest, TestTagSocketWithoutPermission) { } TEST_F(TrafficControllerTest, TestTagSocketWithPermission) { - SKIP_IF_BPF_NOT_SUPPORTED; - // Grant permission to calling uid. std::vector<uid_t> callingUid = {TEST_UID2}; mTc.setPermissionForUids(INetd::PERMISSION_UPDATE_DEVICE_STATS, callingUid); @@ -399,8 +385,6 @@ TEST_F(TrafficControllerTest, TestTagSocketWithPermission) { } TEST_F(TrafficControllerTest, TestUntagInvalidSocket) { - SKIP_IF_BPF_NOT_SUPPORTED; - int invalidSocket = -1; ASSERT_GT(0, mTc.untagSocket(invalidSocket)); int v4socket = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); @@ -409,8 +393,6 @@ TEST_F(TrafficControllerTest, TestUntagInvalidSocket) { } TEST_F(TrafficControllerTest, TestTagSocketReachLimitFail) { - SKIP_IF_BPF_NOT_SUPPORTED; - uid_t uid = TEST_UID; StatsKey tagStatsMapKey[4]; for (int i = 0; i < 3; i++) { @@ -422,8 +404,6 @@ TEST_F(TrafficControllerTest, TestTagSocketReachLimitFail) { } TEST_F(TrafficControllerTest, TestTagSocketReachTotalLimitFail) { - SKIP_IF_BPF_NOT_SUPPORTED; - StatsKey tagStatsMapKey[4]; for (int i = 0; i < 4; i++) { uint64_t cookie = TEST_COOKIE + i; @@ -435,8 +415,6 @@ TEST_F(TrafficControllerTest, TestTagSocketReachTotalLimitFail) { } TEST_F(TrafficControllerTest, TestSetCounterSet) { - SKIP_IF_BPF_NOT_SUPPORTED; - uid_t callingUid = TEST_UID2; addPrivilegedUid(callingUid); ASSERT_EQ(0, mTc.setCounterSet(TEST_COUNTERSET, TEST_UID, callingUid)); @@ -450,8 +428,6 @@ TEST_F(TrafficControllerTest, TestSetCounterSet) { } TEST_F(TrafficControllerTest, TestSetCounterSetWithoutPermission) { - SKIP_IF_BPF_NOT_SUPPORTED; - ASSERT_EQ(-EPERM, mTc.setCounterSet(TEST_COUNTERSET, TEST_UID, TEST_UID2)); uid_t uid = TEST_UID; ASSERT_FALSE(mFakeUidCounterSetMap.readValue(uid).ok()); @@ -459,8 +435,6 @@ TEST_F(TrafficControllerTest, TestSetCounterSetWithoutPermission) { } TEST_F(TrafficControllerTest, TestSetInvalidCounterSet) { - SKIP_IF_BPF_NOT_SUPPORTED; - uid_t callingUid = TEST_UID2; addPrivilegedUid(callingUid); ASSERT_GT(0, mTc.setCounterSet(OVERFLOW_COUNTERSET, TEST_UID, callingUid)); @@ -470,8 +444,6 @@ TEST_F(TrafficControllerTest, TestSetInvalidCounterSet) { } TEST_F(TrafficControllerTest, TestDeleteTagDataWithoutPermission) { - SKIP_IF_BPF_NOT_SUPPORTED; - uint64_t cookie = 1; uid_t uid = TEST_UID; uint32_t tag = TEST_TAG; @@ -483,8 +455,6 @@ TEST_F(TrafficControllerTest, TestDeleteTagDataWithoutPermission) { } TEST_F(TrafficControllerTest, TestDeleteTagData) { - SKIP_IF_BPF_NOT_SUPPORTED; - uid_t callingUid = TEST_UID2; addPrivilegedUid(callingUid); uint64_t cookie = 1; @@ -510,8 +480,6 @@ TEST_F(TrafficControllerTest, TestDeleteTagData) { } TEST_F(TrafficControllerTest, TestDeleteAllUidData) { - SKIP_IF_BPF_NOT_SUPPORTED; - uid_t callingUid = TEST_UID2; addPrivilegedUid(callingUid); uint64_t cookie = 1; @@ -529,8 +497,6 @@ TEST_F(TrafficControllerTest, TestDeleteAllUidData) { } TEST_F(TrafficControllerTest, TestDeleteDataWithTwoTags) { - SKIP_IF_BPF_NOT_SUPPORTED; - uid_t callingUid = TEST_UID2; addPrivilegedUid(callingUid); uint64_t cookie1 = 1; @@ -559,8 +525,6 @@ TEST_F(TrafficControllerTest, TestDeleteDataWithTwoTags) { } TEST_F(TrafficControllerTest, TestDeleteDataWithTwoUids) { - SKIP_IF_BPF_NOT_SUPPORTED; - uid_t callingUid = TEST_UID2; addPrivilegedUid(callingUid); uint64_t cookie1 = 1; @@ -602,174 +566,156 @@ TEST_F(TrafficControllerTest, TestDeleteDataWithTwoUids) { } TEST_F(TrafficControllerTest, TestUpdateOwnerMapEntry) { - SKIP_IF_BPF_NOT_SUPPORTED; - uint32_t uid = TEST_UID; - ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(STANDBY_MATCH, uid, DENY, BLACKLIST))); + ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(STANDBY_MATCH, uid, DENY, DENYLIST))); Result<UidOwnerValue> value = mFakeUidOwnerMap.readValue(uid); ASSERT_RESULT_OK(value); ASSERT_TRUE(value.value().rule & STANDBY_MATCH); - ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(DOZABLE_MATCH, uid, ALLOW, WHITELIST))); + ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(DOZABLE_MATCH, uid, ALLOW, ALLOWLIST))); value = mFakeUidOwnerMap.readValue(uid); ASSERT_RESULT_OK(value); ASSERT_TRUE(value.value().rule & DOZABLE_MATCH); - ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(DOZABLE_MATCH, uid, DENY, WHITELIST))); + ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(DOZABLE_MATCH, uid, DENY, ALLOWLIST))); value = mFakeUidOwnerMap.readValue(uid); ASSERT_RESULT_OK(value); ASSERT_FALSE(value.value().rule & DOZABLE_MATCH); - ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(STANDBY_MATCH, uid, ALLOW, BLACKLIST))); + ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(STANDBY_MATCH, uid, ALLOW, DENYLIST))); ASSERT_FALSE(mFakeUidOwnerMap.readValue(uid).ok()); uid = TEST_UID2; - ASSERT_FALSE(isOk(mTc.updateOwnerMapEntry(STANDBY_MATCH, uid, ALLOW, BLACKLIST))); + ASSERT_FALSE(isOk(mTc.updateOwnerMapEntry(STANDBY_MATCH, uid, ALLOW, DENYLIST))); ASSERT_FALSE(mFakeUidOwnerMap.readValue(uid).ok()); } TEST_F(TrafficControllerTest, TestChangeUidOwnerRule) { - SKIP_IF_BPF_NOT_SUPPORTED; - checkUidOwnerRuleForChain(DOZABLE, DOZABLE_MATCH); checkUidOwnerRuleForChain(STANDBY, STANDBY_MATCH); checkUidOwnerRuleForChain(POWERSAVE, POWERSAVE_MATCH); - ASSERT_EQ(-EINVAL, mTc.changeUidOwnerRule(NONE, TEST_UID, ALLOW, WHITELIST)); - ASSERT_EQ(-EINVAL, mTc.changeUidOwnerRule(INVALID_CHAIN, TEST_UID, ALLOW, WHITELIST)); + checkUidOwnerRuleForChain(RESTRICTED, RESTRICTED_MATCH); + ASSERT_EQ(-EINVAL, mTc.changeUidOwnerRule(NONE, TEST_UID, ALLOW, ALLOWLIST)); + ASSERT_EQ(-EINVAL, mTc.changeUidOwnerRule(INVALID_CHAIN, TEST_UID, ALLOW, ALLOWLIST)); } TEST_F(TrafficControllerTest, TestReplaceUidOwnerMap) { - SKIP_IF_BPF_NOT_SUPPORTED; - std::vector<int32_t> uids = {TEST_UID, TEST_UID2, TEST_UID3}; checkUidMapReplace("fw_dozable", uids, DOZABLE_MATCH); checkUidMapReplace("fw_standby", uids, STANDBY_MATCH); checkUidMapReplace("fw_powersave", uids, POWERSAVE_MATCH); + checkUidMapReplace("fw_restricted", uids, RESTRICTED_MATCH); ASSERT_EQ(-EINVAL, mTc.replaceUidOwnerMap("unknow", true, uids)); } TEST_F(TrafficControllerTest, TestReplaceSameChain) { - SKIP_IF_BPF_NOT_SUPPORTED; - std::vector<int32_t> uids = {TEST_UID, TEST_UID2, TEST_UID3}; checkUidMapReplace("fw_dozable", uids, DOZABLE_MATCH); std::vector<int32_t> newUids = {TEST_UID2, TEST_UID3}; checkUidMapReplace("fw_dozable", newUids, DOZABLE_MATCH); } -TEST_F(TrafficControllerTest, TestBlacklistUidMatch) { - SKIP_IF_BPF_NOT_SUPPORTED; - - std::vector<std::string> appStrUids = {"1000", "1001", "10012"}; - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReject, - BandwidthController::IptOpInsert))); - expectUidOwnerMapValues(appStrUids, PENALTY_BOX_MATCH, 0); - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReject, - BandwidthController::IptOpDelete))); +TEST_F(TrafficControllerTest, TestDenylistUidMatch) { + std::vector<uint32_t> appUids = {1000, 1001, 10012}; + ASSERT_TRUE(isOk( + mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH, BandwidthController::IptOpInsert))); + expectUidOwnerMapValues(appUids, PENALTY_BOX_MATCH, 0); + ASSERT_TRUE(isOk( + mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH, BandwidthController::IptOpDelete))); expectMapEmpty(mFakeUidOwnerMap); } -TEST_F(TrafficControllerTest, TestWhitelistUidMatch) { - SKIP_IF_BPF_NOT_SUPPORTED; - - std::vector<std::string> appStrUids = {"1000", "1001", "10012"}; - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn, - BandwidthController::IptOpInsert))); - expectUidOwnerMapValues(appStrUids, HAPPY_BOX_MATCH, 0); - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn, - BandwidthController::IptOpDelete))); +TEST_F(TrafficControllerTest, TestAllowlistUidMatch) { + std::vector<uint32_t> appUids = {1000, 1001, 10012}; + ASSERT_TRUE(isOk( + mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH, BandwidthController::IptOpInsert))); + expectUidOwnerMapValues(appUids, HAPPY_BOX_MATCH, 0); + ASSERT_TRUE(isOk( + mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH, BandwidthController::IptOpDelete))); expectMapEmpty(mFakeUidOwnerMap); } TEST_F(TrafficControllerTest, TestReplaceMatchUid) { - SKIP_IF_BPF_NOT_SUPPORTED; + std::vector<uint32_t> appUids = {1000, 1001, 10012}; + // Add appUids to the denylist and expect that their values are all PENALTY_BOX_MATCH. + ASSERT_TRUE(isOk( + mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH, BandwidthController::IptOpInsert))); + expectUidOwnerMapValues(appUids, PENALTY_BOX_MATCH, 0); - std::vector<std::string> appStrUids = {"1000", "1001", "10012"}; - // Add appStrUids to the blacklist and expect that their values are all PENALTY_BOX_MATCH. - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReject, - BandwidthController::IptOpInsert))); - expectUidOwnerMapValues(appStrUids, PENALTY_BOX_MATCH, 0); - - // Add the same UIDs to the whitelist and expect that we get PENALTY_BOX_MATCH | + // Add the same UIDs to the allowlist and expect that we get PENALTY_BOX_MATCH | // HAPPY_BOX_MATCH. - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn, - BandwidthController::IptOpInsert))); - expectUidOwnerMapValues(appStrUids, HAPPY_BOX_MATCH | PENALTY_BOX_MATCH, 0); - - // Remove the same UIDs from the whitelist and check the PENALTY_BOX_MATCH is still there. - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn, - BandwidthController::IptOpDelete))); - expectUidOwnerMapValues(appStrUids, PENALTY_BOX_MATCH, 0); - - // Remove the same UIDs from the blacklist and check the map is empty. - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReject, - BandwidthController::IptOpDelete))); + ASSERT_TRUE(isOk( + mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH, BandwidthController::IptOpInsert))); + expectUidOwnerMapValues(appUids, HAPPY_BOX_MATCH | PENALTY_BOX_MATCH, 0); + + // Remove the same UIDs from the allowlist and check the PENALTY_BOX_MATCH is still there. + ASSERT_TRUE(isOk( + mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH, BandwidthController::IptOpDelete))); + expectUidOwnerMapValues(appUids, PENALTY_BOX_MATCH, 0); + + // Remove the same UIDs from the denylist and check the map is empty. + ASSERT_TRUE(isOk( + mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH, BandwidthController::IptOpDelete))); ASSERT_FALSE(mFakeUidOwnerMap.getFirstKey().ok()); } TEST_F(TrafficControllerTest, TestDeleteWrongMatchSilentlyFails) { - SKIP_IF_BPF_NOT_SUPPORTED; - - std::vector<std::string> appStrUids = {"1000", "1001", "10012"}; + std::vector<uint32_t> appUids = {1000, 1001, 10012}; // If the uid does not exist in the map, trying to delete a rule about it will fail. - ASSERT_FALSE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn, - BandwidthController::IptOpDelete))); + ASSERT_FALSE(isOk( + mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH, BandwidthController::IptOpDelete))); expectMapEmpty(mFakeUidOwnerMap); - // Add blacklist rules for appStrUids. - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn, - BandwidthController::IptOpInsert))); - expectUidOwnerMapValues(appStrUids, HAPPY_BOX_MATCH, 0); + // Add denylist rules for appUids. + ASSERT_TRUE(isOk( + mTc.updateUidOwnerMap(appUids, HAPPY_BOX_MATCH, BandwidthController::IptOpInsert))); + expectUidOwnerMapValues(appUids, HAPPY_BOX_MATCH, 0); - // Delete (non-existent) blacklist rules for appStrUids, and check that this silently does - // nothing if the uid is in the map but does not have blacklist match. This is required because - // NetworkManagementService will try to remove a uid from blacklist after adding it to the - // whitelist and if the remove fails it will not update the uid status. - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReject, - BandwidthController::IptOpDelete))); - expectUidOwnerMapValues(appStrUids, HAPPY_BOX_MATCH, 0); + // Delete (non-existent) denylist rules for appUids, and check that this silently does + // nothing if the uid is in the map but does not have denylist match. This is required because + // NetworkManagementService will try to remove a uid from denylist after adding it to the + // allowlist and if the remove fails it will not update the uid status. + ASSERT_TRUE(isOk( + mTc.updateUidOwnerMap(appUids, PENALTY_BOX_MATCH, BandwidthController::IptOpDelete))); + expectUidOwnerMapValues(appUids, HAPPY_BOX_MATCH, 0); } TEST_F(TrafficControllerTest, TestAddUidInterfaceFilteringRules) { - SKIP_IF_BPF_NOT_SUPPORTED; - int iif0 = 15; ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif0, {1000, 1001}))); - expectUidOwnerMapValues({"1000", "1001"}, IIF_MATCH, iif0); + expectUidOwnerMapValues({1000, 1001}, IIF_MATCH, iif0); // Add some non-overlapping new uids. They should coexist with existing rules int iif1 = 16; ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif1, {2000, 2001}))); - expectUidOwnerMapValues({"1000", "1001"}, IIF_MATCH, iif0); - expectUidOwnerMapValues({"2000", "2001"}, IIF_MATCH, iif1); + expectUidOwnerMapValues({1000, 1001}, IIF_MATCH, iif0); + expectUidOwnerMapValues({2000, 2001}, IIF_MATCH, iif1); // Overwrite some existing uids int iif2 = 17; ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif2, {1000, 2000}))); - expectUidOwnerMapValues({"1001"}, IIF_MATCH, iif0); - expectUidOwnerMapValues({"2001"}, IIF_MATCH, iif1); - expectUidOwnerMapValues({"1000", "2000"}, IIF_MATCH, iif2); + expectUidOwnerMapValues({1001}, IIF_MATCH, iif0); + expectUidOwnerMapValues({2001}, IIF_MATCH, iif1); + expectUidOwnerMapValues({1000, 2000}, IIF_MATCH, iif2); } TEST_F(TrafficControllerTest, TestRemoveUidInterfaceFilteringRules) { - SKIP_IF_BPF_NOT_SUPPORTED; - int iif0 = 15; int iif1 = 16; ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif0, {1000, 1001}))); ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif1, {2000, 2001}))); - expectUidOwnerMapValues({"1000", "1001"}, IIF_MATCH, iif0); - expectUidOwnerMapValues({"2000", "2001"}, IIF_MATCH, iif1); + expectUidOwnerMapValues({1000, 1001}, IIF_MATCH, iif0); + expectUidOwnerMapValues({2000, 2001}, IIF_MATCH, iif1); // Rmove some uids ASSERT_TRUE(isOk(mTc.removeUidInterfaceRules({1001, 2001}))); - expectUidOwnerMapValues({"1000"}, IIF_MATCH, iif0); - expectUidOwnerMapValues({"2000"}, IIF_MATCH, iif1); + expectUidOwnerMapValues({1000}, IIF_MATCH, iif0); + expectUidOwnerMapValues({2000}, IIF_MATCH, iif1); checkEachUidValue({1000, 2000}, IIF_MATCH); // Make sure there are only two uids remaining // Remove non-existent uids shouldn't fail ASSERT_TRUE(isOk(mTc.removeUidInterfaceRules({2000, 3000}))); - expectUidOwnerMapValues({"1000"}, IIF_MATCH, iif0); + expectUidOwnerMapValues({1000}, IIF_MATCH, iif0); checkEachUidValue({1000}, IIF_MATCH); // Make sure there are only one uid remaining // Remove everything @@ -778,72 +724,65 @@ TEST_F(TrafficControllerTest, TestRemoveUidInterfaceFilteringRules) { } TEST_F(TrafficControllerTest, TestUidInterfaceFilteringRulesCoexistWithExistingMatches) { - SKIP_IF_BPF_NOT_SUPPORTED; - // Set up existing PENALTY_BOX_MATCH rules - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap({"1000", "1001", "10012"}, - BandwidthController::IptJumpReject, + ASSERT_TRUE(isOk(mTc.updateUidOwnerMap({1000, 1001, 10012}, PENALTY_BOX_MATCH, BandwidthController::IptOpInsert))); - expectUidOwnerMapValues({"1000", "1001", "10012"}, PENALTY_BOX_MATCH, 0); + expectUidOwnerMapValues({1000, 1001, 10012}, PENALTY_BOX_MATCH, 0); // Add some partially-overlapping uid owner rules and check result int iif1 = 32; ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif1, {10012, 10013, 10014}))); - expectUidOwnerMapValues({"1000", "1001"}, PENALTY_BOX_MATCH, 0); - expectUidOwnerMapValues({"10012"}, PENALTY_BOX_MATCH | IIF_MATCH, iif1); - expectUidOwnerMapValues({"10013", "10014"}, IIF_MATCH, iif1); + expectUidOwnerMapValues({1000, 1001}, PENALTY_BOX_MATCH, 0); + expectUidOwnerMapValues({10012}, PENALTY_BOX_MATCH | IIF_MATCH, iif1); + expectUidOwnerMapValues({10013, 10014}, IIF_MATCH, iif1); // Removing some PENALTY_BOX_MATCH rules should not change uid interface rule - ASSERT_TRUE(isOk(mTc.updateUidOwnerMap({"1001", "10012"}, BandwidthController::IptJumpReject, + ASSERT_TRUE(isOk(mTc.updateUidOwnerMap({1001, 10012}, PENALTY_BOX_MATCH, BandwidthController::IptOpDelete))); - expectUidOwnerMapValues({"1000"}, PENALTY_BOX_MATCH, 0); - expectUidOwnerMapValues({"10012", "10013", "10014"}, IIF_MATCH, iif1); + expectUidOwnerMapValues({1000}, PENALTY_BOX_MATCH, 0); + expectUidOwnerMapValues({10012, 10013, 10014}, IIF_MATCH, iif1); // Remove all uid interface rules ASSERT_TRUE(isOk(mTc.removeUidInterfaceRules({10012, 10013, 10014}))); - expectUidOwnerMapValues({"1000"}, PENALTY_BOX_MATCH, 0); + expectUidOwnerMapValues({1000}, PENALTY_BOX_MATCH, 0); // Make sure these are the only uids left checkEachUidValue({1000}, PENALTY_BOX_MATCH); } TEST_F(TrafficControllerTest, TestUidInterfaceFilteringRulesCoexistWithNewMatches) { - SKIP_IF_BPF_NOT_SUPPORTED; - int iif1 = 56; // Set up existing uid interface rules ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif1, {10001, 10002}))); - expectUidOwnerMapValues({"10001", "10002"}, IIF_MATCH, iif1); + expectUidOwnerMapValues({10001, 10002}, IIF_MATCH, iif1); // Add some partially-overlapping doze rules EXPECT_EQ(0, mTc.replaceUidOwnerMap("fw_dozable", true, {10002, 10003})); - expectUidOwnerMapValues({"10001"}, IIF_MATCH, iif1); - expectUidOwnerMapValues({"10002"}, DOZABLE_MATCH | IIF_MATCH, iif1); - expectUidOwnerMapValues({"10003"}, DOZABLE_MATCH, 0); + expectUidOwnerMapValues({10001}, IIF_MATCH, iif1); + expectUidOwnerMapValues({10002}, DOZABLE_MATCH | IIF_MATCH, iif1); + expectUidOwnerMapValues({10003}, DOZABLE_MATCH, 0); // Introduce a third rule type (powersave) on various existing UIDs EXPECT_EQ(0, mTc.replaceUidOwnerMap("fw_powersave", true, {10000, 10001, 10002, 10003})); - expectUidOwnerMapValues({"10000"}, POWERSAVE_MATCH, 0); - expectUidOwnerMapValues({"10001"}, POWERSAVE_MATCH | IIF_MATCH, iif1); - expectUidOwnerMapValues({"10002"}, POWERSAVE_MATCH | DOZABLE_MATCH | IIF_MATCH, iif1); - expectUidOwnerMapValues({"10003"}, POWERSAVE_MATCH | DOZABLE_MATCH, 0); + expectUidOwnerMapValues({10000}, POWERSAVE_MATCH, 0); + expectUidOwnerMapValues({10001}, POWERSAVE_MATCH | IIF_MATCH, iif1); + expectUidOwnerMapValues({10002}, POWERSAVE_MATCH | DOZABLE_MATCH | IIF_MATCH, iif1); + expectUidOwnerMapValues({10003}, POWERSAVE_MATCH | DOZABLE_MATCH, 0); // Remove all doze rules EXPECT_EQ(0, mTc.replaceUidOwnerMap("fw_dozable", true, {})); - expectUidOwnerMapValues({"10000"}, POWERSAVE_MATCH, 0); - expectUidOwnerMapValues({"10001"}, POWERSAVE_MATCH | IIF_MATCH, iif1); - expectUidOwnerMapValues({"10002"}, POWERSAVE_MATCH | IIF_MATCH, iif1); - expectUidOwnerMapValues({"10003"}, POWERSAVE_MATCH, 0); + expectUidOwnerMapValues({10000}, POWERSAVE_MATCH, 0); + expectUidOwnerMapValues({10001}, POWERSAVE_MATCH | IIF_MATCH, iif1); + expectUidOwnerMapValues({10002}, POWERSAVE_MATCH | IIF_MATCH, iif1); + expectUidOwnerMapValues({10003}, POWERSAVE_MATCH, 0); // Remove all powersave rules, expect ownerMap to only have uid interface rules left EXPECT_EQ(0, mTc.replaceUidOwnerMap("fw_powersave", true, {})); - expectUidOwnerMapValues({"10001", "10002"}, IIF_MATCH, iif1); + expectUidOwnerMapValues({10001, 10002}, IIF_MATCH, iif1); // Make sure these are the only uids left checkEachUidValue({10001, 10002}, IIF_MATCH); } TEST_F(TrafficControllerTest, TestGrantInternetPermission) { - SKIP_IF_BPF_NOT_SUPPORTED; - std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3}; mTc.setPermissionForUids(INetd::PERMISSION_INTERNET, appUids); @@ -852,8 +791,6 @@ TEST_F(TrafficControllerTest, TestGrantInternetPermission) { } TEST_F(TrafficControllerTest, TestRevokeInternetPermission) { - SKIP_IF_BPF_NOT_SUPPORTED; - std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3}; mTc.setPermissionForUids(INetd::PERMISSION_NONE, appUids); @@ -861,8 +798,6 @@ TEST_F(TrafficControllerTest, TestRevokeInternetPermission) { } TEST_F(TrafficControllerTest, TestPermissionUninstalled) { - SKIP_IF_BPF_NOT_SUPPORTED; - std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3}; mTc.setPermissionForUids(INetd::PERMISSION_UPDATE_DEVICE_STATS, appUids); @@ -882,8 +817,6 @@ TEST_F(TrafficControllerTest, TestPermissionUninstalled) { } TEST_F(TrafficControllerTest, TestGrantUpdateStatsPermission) { - SKIP_IF_BPF_NOT_SUPPORTED; - std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3}; mTc.setPermissionForUids(INetd::PERMISSION_UPDATE_DEVICE_STATS, appUids); @@ -896,8 +829,6 @@ TEST_F(TrafficControllerTest, TestGrantUpdateStatsPermission) { } TEST_F(TrafficControllerTest, TestRevokeUpdateStatsPermission) { - SKIP_IF_BPF_NOT_SUPPORTED; - std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3}; mTc.setPermissionForUids(INetd::PERMISSION_UPDATE_DEVICE_STATS, appUids); @@ -914,8 +845,6 @@ TEST_F(TrafficControllerTest, TestRevokeUpdateStatsPermission) { } TEST_F(TrafficControllerTest, TestGrantWrongPermission) { - SKIP_IF_BPF_NOT_SUPPORTED; - std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3}; mTc.setPermissionForUids(INetd::PERMISSION_NONE, appUids); @@ -924,8 +853,6 @@ TEST_F(TrafficControllerTest, TestGrantWrongPermission) { } TEST_F(TrafficControllerTest, TestGrantDuplicatePermissionSlientlyFail) { - SKIP_IF_BPF_NOT_SUPPORTED; - std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3}; mTc.setPermissionForUids(INetd::PERMISSION_INTERNET, appUids); |