| #!/usr/bin/python |
| # |
| # Copyright 2016 The Android Open Source Project |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| import errno |
| from socket import * # pylint: disable=wildcard-import |
| import unittest |
| |
| import gzip |
| import net_test |
| |
| |
| class RemovedFeatureTest(net_test.NetworkTest): |
| KCONFIG = None |
| |
| @classmethod |
| def loadKernelConfig(cls): |
| cls.KCONFIG = {} |
| with gzip.open('/proc/config.gz') as f: |
| for line in f: |
| line = line.strip() |
| parts = line.split("=") |
| if (len(parts) == 2): |
| # Lines of the form: |
| # CONFIG_FOO=y |
| cls.KCONFIG[parts[0]] = parts[1] |
| |
| @classmethod |
| def setUpClass(cls): |
| cls.loadKernelConfig() |
| |
| def assertFeatureEnabled(self, featureName): |
| return self.assertEqual("y", self.KCONFIG[featureName]) |
| |
| def assertFeatureAbsent(self, featureName): |
| return self.assertTrue(featureName not in self.KCONFIG) |
| |
| def testNetfilterRejectWithSocketError(self): |
| """Verify that the CONFIG_IP{,6}_NF_TARGET_REJECT_SKERR option is gone. |
| |
| The commits to be reverted include: |
| |
| android-3.10: 6f489c42 |
| angler: 6f489c42 |
| bullhead: 6f489c42 |
| shamu: 6f489c42 |
| flounder: 6f489c42 |
| |
| See b/28424847 and b/28719525 for more context. |
| """ |
| self.assertFeatureEnabled("CONFIG_IP_NF_FILTER") |
| self.assertFeatureEnabled("CONFIG_IP_NF_TARGET_REJECT") |
| self.assertFeatureAbsent("CONFIG_IP_NF_TARGET_REJECT_SKERR") |
| |
| self.assertFeatureEnabled("CONFIG_IP6_NF_FILTER") |
| self.assertFeatureEnabled("CONFIG_IP6_NF_TARGET_REJECT") |
| self.assertFeatureAbsent("CONFIG_IP6_NF_TARGET_REJECT_SKERR") |
| |
| @unittest.skipUnless(net_test.LINUX_VERSION >= (4, 19, 0), "removed in 4.14-r") |
| def testRemovedAndroidParanoidNetwork(self): |
| """Verify that ANDROID_PARANOID_NETWORK is gone.""" |
| |
| AID_NET_RAW = 3004 |
| with net_test.RunAsUidGid(12345, AID_NET_RAW): |
| self.assertRaisesErrno(errno.EPERM, socket, AF_PACKET, SOCK_RAW, 0) |
| |
| @unittest.skipUnless(net_test.LINUX_VERSION >= (4, 19, 0), "exists in 4.14-P") |
| def testRemovedQtaguid(self): |
| self.assertRaisesErrno(errno.ENOENT, open, "/proc/net/xt_qtaguid") |
| |
| @unittest.skipUnless(net_test.LINUX_VERSION >= (4, 19, 0), "exists in 4.14-P") |
| def testRemovedTcpMemSysctls(self): |
| self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_rmem_def") |
| self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_rmem_max") |
| self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_rmem_min") |
| self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_wmem_def") |
| self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_wmem_max") |
| self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_wmem_min") |
| |
| |
| if __name__ == "__main__": |
| unittest.main() |