diff options
Diffstat (limited to 'tests/binder_test.cpp')
-rw-r--r-- | tests/binder_test.cpp | 77 |
1 files changed, 57 insertions, 20 deletions
diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp index d4902bc8..135c13c7 100644 --- a/tests/binder_test.cpp +++ b/tests/binder_test.cpp @@ -121,6 +121,7 @@ using android::net::RULE_PRIORITY_BYPASSABLE_VPN_LOCAL_EXCLUSION; using android::net::RULE_PRIORITY_BYPASSABLE_VPN_NO_LOCAL_EXCLUSION; using android::net::RULE_PRIORITY_DEFAULT_NETWORK; using android::net::RULE_PRIORITY_EXPLICIT_NETWORK; +using android::net::RULE_PRIORITY_LOCAL_NETWORK; using android::net::RULE_PRIORITY_LOCAL_ROUTES; using android::net::RULE_PRIORITY_OUTPUT_INTERFACE; using android::net::RULE_PRIORITY_PROHIBIT_NON_VPN; @@ -178,6 +179,8 @@ static const in6_addr V6_ADDR = { {// 2001:db8:cafe::8888 .u6_addr8 = {0x20, 0x01, 0x0d, 0xb8, 0xca, 0xfe, 0, 0, 0, 0, 0, 0, 0, 0, 0x88, 0x88}}}; +typedef enum { ALL_EXIST, NONE_EXIST } ExistMode; + class NetdBinderTest : public NetNativeTestBase { public: NetdBinderTest() { @@ -734,6 +737,16 @@ TEST_F(NetdBinderTest, BandwidthEnableDataSaver) { } } +static bool ipRuleExists(const char* ipVersion, const std::string& ipRule) { + std::vector<std::string> rules = listIpRules(ipVersion); + for (const auto& rule : rules) { + if (rule.find(ipRule) != std::string::npos) { + return true; + } + } + return false; +} + static bool ipRuleExistsForRange(const uint32_t priority, const UidRangeParcel& range, const std::string& action, const char* ipVersion, const char* oif) { @@ -773,6 +786,26 @@ static bool ipRuleExistsForRange(const uint32_t priority, const UidRangeParcel& return ipRuleExistsForRange(priority, range, action, nullptr); } +static void expectRuleForV4AndV6(ExistMode mode, const std::string& rule) { + for (const auto& ipVersion : {IP_RULE_V4, IP_RULE_V6}) { + if (mode == ALL_EXIST) { + EXPECT_TRUE(ipRuleExists(ipVersion, rule)); + } else { + EXPECT_FALSE(ipRuleExists(ipVersion, rule)); + } + } +} + +static void expectLocalIpRuleExists(ExistMode mode, const std::string& ifName) { + std::string localIpRule = StringPrintf("%u:\tfrom all fwmark 0x0/0x10000 lookup %s", + RULE_PRIORITY_LOCAL_NETWORK, ifName.c_str()); + expectRuleForV4AndV6(mode, localIpRule); + + std::string dnsMasqRule = StringPrintf("%u:\tfrom all fwmark 0x10063/0x1ffff iif lo lookup %s", + RULE_PRIORITY_EXPLICIT_NETWORK, ifName.c_str()); + expectRuleForV4AndV6(mode, dnsMasqRule); +} + namespace { UidRangeParcel makeUidRangeParcel(int start, int stop) { @@ -849,6 +882,26 @@ TEST_F(NetdBinderTest, NetworkUidRules) { EXPECT_EQ(ENONET, mNetd->networkDestroy(TEST_NETID1).serviceSpecificErrorCode()); } +class LocalNetworkParameterizedTest : public NetdBinderTest, + public testing::WithParamInterface<bool> {}; + +// Exercise both local and non-local networks +INSTANTIATE_TEST_SUITE_P(LocalNetworkTests, LocalNetworkParameterizedTest, testing::Bool(), + [](const testing::TestParamInfo<bool>& info) { + return info.param ? "Local" : "NonLocal"; + }); + +TEST_P(LocalNetworkParameterizedTest, LocalNetworkUidRules) { + const bool local = GetParam(); + const auto type = local ? NativeNetworkType::PHYSICAL_LOCAL : NativeNetworkType::PHYSICAL; + auto config = makeNativeNetworkConfig(TEST_NETID1, type, INetd::PERMISSION_NONE, + false /* secure */, false /* excludeLocalRoutes */); + EXPECT_TRUE(mNetd->networkCreate(config).isOk()); + EXPECT_TRUE(mNetd->networkAddInterface(TEST_NETID1, sTun.name()).isOk()); + + expectLocalIpRuleExists(local ? ALL_EXIST : NONE_EXIST, sTun.name()); +} + TEST_F(NetdBinderTest, NetworkRejectNonSecureVpn) { std::vector<UidRangeParcel> uidRanges = {makeUidRangeParcel(BASE_UID + 150, BASE_UID + 224), makeUidRangeParcel(BASE_UID + 226, BASE_UID + 300)}; @@ -1566,16 +1619,6 @@ void expectStrictSetUidReject(const int uid) { } } -bool ipRuleExists(const char* ipVersion, const std::string& ipRule) { - std::vector<std::string> rules = listIpRules(ipVersion); - for (const auto& rule : rules) { - if (rule.find(ipRule) != std::string::npos) { - return true; - } - } - return false; -} - std::vector<std::string> ipRouteSubstrings(const std::string& ifName, const std::string& dst, const std::string& nextHop, const std::string& mtu) { std::vector<std::string> routeSubstrings; @@ -1637,18 +1680,14 @@ void expectNetworkDefaultIpRuleExists(const char* ifName) { StringPrintf("%u:\tfrom all fwmark 0x0/0xffff iif lo lookup %s", RULE_PRIORITY_DEFAULT_NETWORK, ifName); - for (const auto& ipVersion : {IP_RULE_V4, IP_RULE_V6}) { - EXPECT_TRUE(ipRuleExists(ipVersion, networkDefaultRule)); - } + expectRuleForV4AndV6(ALL_EXIST, networkDefaultRule); } void expectNetworkDefaultIpRuleDoesNotExist() { std::string networkDefaultRule = StringPrintf("%u:\tfrom all fwmark 0x0/0xffff iif lo", RULE_PRIORITY_DEFAULT_NETWORK); - for (const auto& ipVersion : {IP_RULE_V4, IP_RULE_V6}) { - EXPECT_FALSE(ipRuleExists(ipVersion, networkDefaultRule)); - } + expectRuleForV4AndV6(NONE_EXIST, networkDefaultRule); } void expectNetworkPermissionIpRuleExists(const char* ifName, int permission) { @@ -1671,9 +1710,7 @@ void expectNetworkPermissionIpRuleExists(const char* ifName, int permission) { break; } - for (const auto& ipVersion : {IP_RULE_V4, IP_RULE_V6}) { - EXPECT_TRUE(ipRuleExists(ipVersion, networkPermissionRule)); - } + expectRuleForV4AndV6(ALL_EXIST, networkPermissionRule); } // TODO: It is a duplicate function, need to remove it @@ -5516,4 +5553,4 @@ TEST_F(NetdBinderTest, PerProfileNetworkPermission) { EXPECT_EQ(0, setNetworkForProcess(ENTERPRISE_NETID_2)); EXPECT_EQ(0, setNetworkForProcess(ENTERPRISE_NETID_3)); } -}
\ No newline at end of file +} |