Merge "Revert "Revert "Updates tests for untrusted app MAC address rest...""
diff --git a/tests/tests/selinux/common/src/android/security/SELinuxTargetSdkTestBase.java b/tests/tests/selinux/common/src/android/security/SELinuxTargetSdkTestBase.java
index 6ec352c..a7281fe 100644
--- a/tests/tests/selinux/common/src/android/security/SELinuxTargetSdkTestBase.java
+++ b/tests/tests/selinux/common/src/android/security/SELinuxTargetSdkTestBase.java
@@ -12,6 +12,7 @@
import java.util.Collections;
import java.util.regex.Pattern;
import java.util.regex.Matcher;
+import org.junit.Assert;
abstract class SELinuxTargetSdkTestBase extends AndroidTestCase
{
@@ -19,6 +20,8 @@
System.loadLibrary("ctsselinux_jni");
}
+ static final byte[] ANONYMIZED_HARDWARE_ADDRESS = { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00 };
+
protected static String getFile(String filename) throws IOException {
BufferedReader in = null;
try {
@@ -59,36 +62,20 @@
}
}
- protected static void checkNetlinkRouteGetlink(boolean expectAllowed) throws IOException {
- if (!expectAllowed) {
- assertEquals(
- "RTM_GETLINK is not allowed on a netlink route sockets. Verify that the"
- + " following patch has been applied to your kernel: "
- + "https://android-review.googlesource.com/q/I7b44ce60ad98f858c412722d41b9842f8577151f",
- 13,
- checkNetlinkRouteGetlink());
- } else {
- assertEquals(
- "RTM_GETLINK should be allowed netlink route sockets for apps with "
- + "targetSdkVersion <= Q",
- -1,
- checkNetlinkRouteGetlink());
- }
+ protected static void noNetlinkRouteGetlink() throws IOException {
+ assertEquals(
+ "RTM_GETLINK is not allowed on netlink route sockets. Verify that the"
+ + " following patch has been applied to your kernel: "
+ + "https://android-review.googlesource.com/q/I7b44ce60ad98f858c412722d41b9842f8577151f",
+ 13,
+ checkNetlinkRouteGetlink());
}
- protected static void checkNetlinkRouteBind(boolean expectAllowed) throws IOException {
- if (!expectAllowed) {
- assertEquals(
- "Bind() is not allowed on a netlink route sockets",
- 13,
- checkNetlinkRouteBind());
- } else {
- assertEquals(
- "Bind() should succeed for netlink route sockets for apps with "
- + "targetSdkVersion <= Q",
- -1,
- checkNetlinkRouteBind());
- }
+ protected static void noNetlinkRouteBind() throws IOException {
+ assertEquals(
+ "bind() is not allowed on netlink route sockets",
+ 13,
+ checkNetlinkRouteBind());
}
/**
@@ -169,16 +156,17 @@
}
/**
- * Verify that apps having targetSdkVersion <= 29 are able to see MAC
- * addresses of ethernet devices.
+ * Verify that apps having targetSdkVersion <= 29 get an anonymized MAC
+ * address (02:00:00:00:00:00) instead of a null MAC for ethernet interfaces.
* The counterpart of this test (testing for targetSdkVersion > 29) is
* {@link libcore.java.net.NetworkInterfaceTest#testGetHardwareAddress_returnsNull()}.
*/
- protected static void checkNetworkInterface_returnsHardwareAddresses() throws Exception {
+ protected static void checkNetworkInterface_returnsAnonymizedHardwareAddresses()
+ throws Exception {
assertNotNull(NetworkInterface.getNetworkInterfaces());
for (NetworkInterface nif : Collections.list(NetworkInterface.getNetworkInterfaces())) {
if (isEthernet(nif.getName())) {
- assertEquals(6, nif.getHardwareAddress().length);
+ Assert.assertArrayEquals(ANONYMIZED_HARDWARE_ADDRESS, nif.getHardwareAddress());
}
}
}
diff --git a/tests/tests/selinux/selinuxEphemeral/src/android/security/SELinuxTargetSdkTest.java b/tests/tests/selinux/selinuxEphemeral/src/android/security/SELinuxTargetSdkTest.java
index 1ed366e..9153b8a 100644
--- a/tests/tests/selinux/selinuxEphemeral/src/android/security/SELinuxTargetSdkTest.java
+++ b/tests/tests/selinux/selinuxEphemeral/src/android/security/SELinuxTargetSdkTest.java
@@ -79,10 +79,10 @@
}
public void testNoNetlinkRouteGetlink() throws IOException {
- checkNetlinkRouteGetlink(false);
+ noNetlinkRouteGetlink();
}
public void testNoNetlinkRouteBind() throws IOException {
- checkNetlinkRouteBind(false);
+ noNetlinkRouteBind();
}
}
diff --git a/tests/tests/selinux/selinuxTargetSdk27/src/android/security/SELinuxTargetSdkTest.java b/tests/tests/selinux/selinuxTargetSdk27/src/android/security/SELinuxTargetSdkTest.java
index a784464..5e2f75d 100644
--- a/tests/tests/selinux/selinuxTargetSdk27/src/android/security/SELinuxTargetSdkTest.java
+++ b/tests/tests/selinux/selinuxTargetSdk27/src/android/security/SELinuxTargetSdkTest.java
@@ -66,6 +66,6 @@
}
public void testNetworkInterface() throws Exception {
- checkNetworkInterface_returnsHardwareAddresses();
+ checkNetworkInterface_returnsAnonymizedHardwareAddresses();
}
}
diff --git a/tests/tests/selinux/selinuxTargetSdk28/src/android/security/SELinuxTargetSdkTest.java b/tests/tests/selinux/selinuxTargetSdk28/src/android/security/SELinuxTargetSdkTest.java
index 880ae1a..29b68db 100644
--- a/tests/tests/selinux/selinuxTargetSdk28/src/android/security/SELinuxTargetSdkTest.java
+++ b/tests/tests/selinux/selinuxTargetSdk28/src/android/security/SELinuxTargetSdkTest.java
@@ -66,6 +66,6 @@
}
public void testNetworkInterface() throws Exception {
- checkNetworkInterface_returnsHardwareAddresses();
+ checkNetworkInterface_returnsAnonymizedHardwareAddresses();
}
}
diff --git a/tests/tests/selinux/selinuxTargetSdk29/src/android/security/SELinuxTargetSdkTest.java b/tests/tests/selinux/selinuxTargetSdk29/src/android/security/SELinuxTargetSdkTest.java
index 1f1eaaa..76fc772 100644
--- a/tests/tests/selinux/selinuxTargetSdk29/src/android/security/SELinuxTargetSdkTest.java
+++ b/tests/tests/selinux/selinuxTargetSdk29/src/android/security/SELinuxTargetSdkTest.java
@@ -43,12 +43,12 @@
}
}
- public void testNetlinkRouteGetlinkSucceeds() throws IOException {
- checkNetlinkRouteGetlink(true);
+ public void testNoNetlinkRouteGetlink() throws IOException {
+ noNetlinkRouteGetlink();
}
- public void testNetlinkRouteBindSucceeds() throws IOException {
- checkNetlinkRouteBind(true);
+ public void testNoNetlinkRouteBind() throws IOException {
+ noNetlinkRouteBind();
}
public void testCanNotExecuteFromHomeDir() throws Exception {
@@ -86,6 +86,6 @@
}
public void testNetworkInterface() throws Exception {
- checkNetworkInterface_returnsHardwareAddresses();
+ checkNetworkInterface_returnsAnonymizedHardwareAddresses();
}
}
diff --git a/tests/tests/selinux/selinuxTargetSdkCurrent/src/android/security/SELinuxTargetSdkTest.java b/tests/tests/selinux/selinuxTargetSdkCurrent/src/android/security/SELinuxTargetSdkTest.java
index 05fad31..859864e 100644
--- a/tests/tests/selinux/selinuxTargetSdkCurrent/src/android/security/SELinuxTargetSdkTest.java
+++ b/tests/tests/selinux/selinuxTargetSdkCurrent/src/android/security/SELinuxTargetSdkTest.java
@@ -34,11 +34,11 @@
}
public void testNoNetlinkRouteGetlink() throws IOException {
- checkNetlinkRouteGetlink(false);
+ noNetlinkRouteGetlink();
}
public void testNoNetlinkRouteBind() throws IOException {
- checkNetlinkRouteBind(false);
+ noNetlinkRouteBind();
}
public void testCanNotExecuteFromHomeDir() throws Exception {