Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 344bd62a31d844781f0b73267dbf4a9b2a0b7341 / . / tests / net / java / com / android / server / IpSecServiceParameterizedTest.java
blob: 20a48971dd1fb0ec8566a0682555ef6713a4783e [file] [log] [blame]
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server;
18
19import static org.junit.Assert.assertEquals;
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]20import static org.junit.Assert.fail;
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]21import static org.mockito.Matchers.anyInt;
22import static org.mockito.Matchers.anyLong;
23import static org.mockito.Matchers.anyString;
24import static org.mockito.Matchers.eq;
25import static org.mockito.Mockito.mock;
26import static org.mockito.Mockito.verify;
27import static org.mockito.Mockito.when;
28
29import android.content.Context;
30import android.net.INetd;
31import android.net.IpSecAlgorithm;
32import android.net.IpSecConfig;
33import android.net.IpSecManager;
34import android.net.IpSecSpiResponse;
35import android.net.IpSecTransform;
36import android.net.IpSecTransformResponse;
37import android.net.NetworkUtils;
38import android.os.Binder;
39import android.os.ParcelFileDescriptor;
40import android.support.test.filters.SmallTest;
Benedict Wong344bd622017-11-16 15:27:22 -0800[diff] [blame^]41import android.system.Os;
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]42
43import java.net.Socket;
44import java.util.Arrays;
45import java.util.Collection;
46
47import org.junit.Before;
48import org.junit.Test;
49import org.junit.runner.RunWith;
50import org.junit.runners.Parameterized;
51
52/** Unit tests for {@link IpSecService}. */
53@SmallTest
54@RunWith(Parameterized.class)
55public class IpSecServiceParameterizedTest {
56
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]57 private static final int TEST_SPI_OUT = 0xD1201D;
58 private static final int TEST_SPI_IN = TEST_SPI_OUT + 1;
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]59
60 private final String mRemoteAddr;
61
62 @Parameterized.Parameters
63 public static Collection ipSecConfigs() {
64 return Arrays.asList(new Object[][] {{"8.8.4.4"}, {"2601::10"}});
65 }
66
Benedict Wong4ebc2c52017-11-01 17:14:25 -0700[diff] [blame]67 private static final byte[] AEAD_KEY = {
68 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
69 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
70 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
71 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
72 0x73, 0x61, 0x6C, 0x74
73 };
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]74 private static final byte[] CRYPT_KEY = {
75 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
76 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
77 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
78 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
79 };
80 private static final byte[] AUTH_KEY = {
81 0x7A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
82 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F,
83 0x7A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
84 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7F
85 };
86
87 Context mMockContext;
88 INetd mMockNetd;
89 IpSecService.IpSecServiceConfiguration mMockIpSecSrvConfig;
90 IpSecService mIpSecService;
91
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]92 private static final IpSecAlgorithm AUTH_ALGO =
93 new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_SHA256, AUTH_KEY, AUTH_KEY.length * 4);
94 private static final IpSecAlgorithm CRYPT_ALGO =
95 new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
96 private static final IpSecAlgorithm AEAD_ALGO =
Benedict Wong4ebc2c52017-11-01 17:14:25 -0700[diff] [blame]97 new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128);
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]98
99 private static final int[] DIRECTIONS =
100 new int[] {IpSecTransform.DIRECTION_IN, IpSecTransform.DIRECTION_OUT};
101
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]102 public IpSecServiceParameterizedTest(String remoteAddr) {
103 mRemoteAddr = remoteAddr;
104 }
105
106 @Before
107 public void setUp() throws Exception {
108 mMockContext = mock(Context.class);
109 mMockNetd = mock(INetd.class);
110 mMockIpSecSrvConfig = mock(IpSecService.IpSecServiceConfiguration.class);
111 mIpSecService = new IpSecService(mMockContext, mMockIpSecSrvConfig);
112
113 // Injecting mock netd
114 when(mMockIpSecSrvConfig.getNetdInstance()).thenReturn(mMockNetd);
115 }
116
117 @Test
118 public void testIpSecServiceReserveSpi() throws Exception {
119 when(mMockNetd.ipSecAllocateSpi(
120 anyInt(),
121 eq(IpSecTransform.DIRECTION_OUT),
122 anyString(),
123 eq(mRemoteAddr),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]124 eq(TEST_SPI_OUT)))
125 .thenReturn(TEST_SPI_OUT);
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]126
127 IpSecSpiResponse spiResp =
128 mIpSecService.reserveSecurityParameterIndex(
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]129 IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder());
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]130 assertEquals(IpSecManager.Status.OK, spiResp.status);
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]131 assertEquals(TEST_SPI_OUT, spiResp.spi);
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]132 }
133
134 @Test
135 public void testReleaseSecurityParameterIndex() throws Exception {
136 when(mMockNetd.ipSecAllocateSpi(
137 anyInt(),
138 eq(IpSecTransform.DIRECTION_OUT),
139 anyString(),
140 eq(mRemoteAddr),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]141 eq(TEST_SPI_OUT)))
142 .thenReturn(TEST_SPI_OUT);
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]143
144 IpSecSpiResponse spiResp =
145 mIpSecService.reserveSecurityParameterIndex(
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]146 IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder());
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]147
148 mIpSecService.releaseSecurityParameterIndex(spiResp.resourceId);
149
150 verify(mMockNetd)
151 .ipSecDeleteSecurityAssociation(
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]152 eq(spiResp.resourceId),
153 anyInt(),
154 anyString(),
155 anyString(),
156 eq(TEST_SPI_OUT));
Benedict Wong344bd622017-11-16 15:27:22 -0800[diff] [blame^]157
158 // Verify quota and RefcountedResource objects cleaned up
159 IpSecService.UserRecord userRecord =
160 mIpSecService.mUserResourceTracker.getUserRecord(Os.getuid());
161 assertEquals(0, userRecord.mSpiQuotaTracker.mCurrent);
162 try {
163 userRecord.mSpiRecords.getRefcountedResourceOrThrow(spiResp.resourceId);
164 fail("Expected IllegalArgumentException on attempt to access deleted resource");
165 } catch (IllegalArgumentException expected) {
166
167 }
168 }
169
170 @Test
171 public void testSecurityParameterIndexBinderDeath() throws Exception {
172 when(mMockNetd.ipSecAllocateSpi(
173 anyInt(),
174 eq(IpSecTransform.DIRECTION_OUT),
175 anyString(),
176 eq(mRemoteAddr),
177 eq(TEST_SPI_OUT)))
178 .thenReturn(TEST_SPI_OUT);
179
180 IpSecSpiResponse spiResp =
181 mIpSecService.reserveSecurityParameterIndex(
182 IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder());
183
184 IpSecService.UserRecord userRecord =
185 mIpSecService.mUserResourceTracker.getUserRecord(Os.getuid());
186 IpSecService.RefcountedResource refcountedRecord =
187 userRecord.mSpiRecords.getRefcountedResourceOrThrow(spiResp.resourceId);
188
189 refcountedRecord.binderDied();
190
191 verify(mMockNetd)
192 .ipSecDeleteSecurityAssociation(
193 eq(spiResp.resourceId),
194 anyInt(),
195 anyString(),
196 anyString(),
197 eq(TEST_SPI_OUT));
198
199 // Verify quota and RefcountedResource objects cleaned up
200 assertEquals(0, userRecord.mSpiQuotaTracker.mCurrent);
201 try {
202 userRecord.mSpiRecords.getRefcountedResourceOrThrow(spiResp.resourceId);
203 fail("Expected IllegalArgumentException on attempt to access deleted resource");
204 } catch (IllegalArgumentException expected) {
205
206 }
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]207 }
208
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]209 private int getNewSpiResourceId(int direction, String remoteAddress, int returnSpi)
210 throws Exception {
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]211 when(mMockNetd.ipSecAllocateSpi(anyInt(), anyInt(), anyString(), anyString(), anyInt()))
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]212 .thenReturn(returnSpi);
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]213
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]214 IpSecSpiResponse spi =
215 mIpSecService.reserveSecurityParameterIndex(
216 direction,
217 NetworkUtils.numericToInetAddress(remoteAddress).getHostAddress(),
218 IpSecManager.INVALID_SECURITY_PARAMETER_INDEX,
219 new Binder());
220 return spi.resourceId;
221 }
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]222
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]223 private void addDefaultSpisAndRemoteAddrToIpSecConfig(IpSecConfig config) throws Exception {
224 config.setSpiResourceId(
225 IpSecTransform.DIRECTION_OUT,
226 getNewSpiResourceId(IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT));
227 config.setSpiResourceId(
228 IpSecTransform.DIRECTION_IN,
229 getNewSpiResourceId(IpSecTransform.DIRECTION_IN, mRemoteAddr, TEST_SPI_IN));
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]230 config.setRemoteAddress(mRemoteAddr);
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]231 }
232
233 private void addAuthAndCryptToIpSecConfig(IpSecConfig config) throws Exception {
234 for (int direction : DIRECTIONS) {
235 config.setEncryption(direction, CRYPT_ALGO);
236 config.setAuthentication(direction, AUTH_ALGO);
237 }
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]238 }
239
240 @Test
241 public void testCreateTransportModeTransform() throws Exception {
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]242 IpSecConfig ipSecConfig = new IpSecConfig();
243 addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
244 addAuthAndCryptToIpSecConfig(ipSecConfig);
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]245
246 IpSecTransformResponse createTransformResp =
247 mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
248 assertEquals(IpSecManager.Status.OK, createTransformResp.status);
249
250 verify(mMockNetd)
251 .ipSecAddSecurityAssociation(
252 eq(createTransformResp.resourceId),
253 anyInt(),
254 eq(IpSecTransform.DIRECTION_OUT),
255 anyString(),
256 anyString(),
257 anyLong(),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]258 eq(TEST_SPI_OUT),
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]259 eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
260 eq(AUTH_KEY),
261 anyInt(),
262 eq(IpSecAlgorithm.CRYPT_AES_CBC),
263 eq(CRYPT_KEY),
264 anyInt(),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]265 eq(""),
Manoj Boopathi Rajfffa8112017-10-26 11:49:02 -0700[diff] [blame]266 eq(new byte[] {}),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]267 eq(0),
268 anyInt(),
269 anyInt(),
270 anyInt());
271 verify(mMockNetd)
272 .ipSecAddSecurityAssociation(
273 eq(createTransformResp.resourceId),
274 anyInt(),
275 eq(IpSecTransform.DIRECTION_IN),
276 anyString(),
277 anyString(),
278 anyLong(),
279 eq(TEST_SPI_IN),
280 eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
281 eq(AUTH_KEY),
282 anyInt(),
283 eq(IpSecAlgorithm.CRYPT_AES_CBC),
284 eq(CRYPT_KEY),
285 anyInt(),
286 eq(""),
Manoj Boopathi Rajfffa8112017-10-26 11:49:02 -0700[diff] [blame]287 eq(new byte[] {}),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]288 eq(0),
289 anyInt(),
290 anyInt(),
291 anyInt());
292 }
293
294 @Test
295 public void testCreateTransportModeTransformAead() throws Exception {
296 IpSecConfig ipSecConfig = new IpSecConfig();
297 addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
298
299 ipSecConfig.setAuthenticatedEncryption(IpSecTransform.DIRECTION_OUT, AEAD_ALGO);
300 ipSecConfig.setAuthenticatedEncryption(IpSecTransform.DIRECTION_IN, AEAD_ALGO);
301
302 IpSecTransformResponse createTransformResp =
303 mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
304 assertEquals(IpSecManager.Status.OK, createTransformResp.status);
305
306 verify(mMockNetd)
307 .ipSecAddSecurityAssociation(
308 eq(createTransformResp.resourceId),
309 anyInt(),
310 eq(IpSecTransform.DIRECTION_OUT),
311 anyString(),
312 anyString(),
313 anyLong(),
314 eq(TEST_SPI_OUT),
315 eq(""),
Manoj Boopathi Rajfffa8112017-10-26 11:49:02 -0700[diff] [blame]316 eq(new byte[] {}),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]317 eq(0),
318 eq(""),
Manoj Boopathi Rajfffa8112017-10-26 11:49:02 -0700[diff] [blame]319 eq(new byte[] {}),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]320 eq(0),
321 eq(IpSecAlgorithm.AUTH_CRYPT_AES_GCM),
Benedict Wong4ebc2c52017-11-01 17:14:25 -0700[diff] [blame]322 eq(AEAD_KEY),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]323 anyInt(),
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]324 anyInt(),
325 anyInt(),
326 anyInt());
327 verify(mMockNetd)
328 .ipSecAddSecurityAssociation(
329 eq(createTransformResp.resourceId),
330 anyInt(),
331 eq(IpSecTransform.DIRECTION_IN),
332 anyString(),
333 anyString(),
334 anyLong(),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]335 eq(TEST_SPI_IN),
336 eq(""),
Manoj Boopathi Rajfffa8112017-10-26 11:49:02 -0700[diff] [blame]337 eq(new byte[] {}),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]338 eq(0),
339 eq(""),
Manoj Boopathi Rajfffa8112017-10-26 11:49:02 -0700[diff] [blame]340 eq(new byte[] {}),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]341 eq(0),
342 eq(IpSecAlgorithm.AUTH_CRYPT_AES_GCM),
Benedict Wong4ebc2c52017-11-01 17:14:25 -0700[diff] [blame]343 eq(AEAD_KEY),
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]344 anyInt(),
345 anyInt(),
346 anyInt(),
347 anyInt());
348 }
349
350 @Test
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]351 public void testCreateInvalidConfigAeadWithAuth() throws Exception {
352 IpSecConfig ipSecConfig = new IpSecConfig();
353 addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
354
355 for (int direction : DIRECTIONS) {
356 ipSecConfig.setAuthentication(direction, AUTH_ALGO);
357 ipSecConfig.setAuthenticatedEncryption(direction, AEAD_ALGO);
358 }
359
360 try {
361 mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
362 fail(
363 "IpSecService should have thrown an error on authentication being"
364 + " enabled with authenticated encryption");
365 } catch (IllegalArgumentException expected) {
366 }
367 }
368
369 @Test
370 public void testCreateInvalidConfigAeadWithCrypt() throws Exception {
371 IpSecConfig ipSecConfig = new IpSecConfig();
372 addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
373
374 for (int direction : DIRECTIONS) {
375 ipSecConfig.setEncryption(direction, CRYPT_ALGO);
376 ipSecConfig.setAuthenticatedEncryption(direction, AEAD_ALGO);
377 }
378
379 try {
380 mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
381 fail(
382 "IpSecService should have thrown an error on encryption being"
383 + " enabled with authenticated encryption");
384 } catch (IllegalArgumentException expected) {
385 }
386 }
387
388 @Test
389 public void testCreateInvalidConfigAeadWithAuthAndCrypt() throws Exception {
390 IpSecConfig ipSecConfig = new IpSecConfig();
391 addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
392
393 for (int direction : DIRECTIONS) {
394 ipSecConfig.setAuthentication(direction, AUTH_ALGO);
395 ipSecConfig.setEncryption(direction, CRYPT_ALGO);
396 ipSecConfig.setAuthenticatedEncryption(direction, AEAD_ALGO);
397 }
398
399 try {
400 mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
401 fail(
402 "IpSecService should have thrown an error on authentication and encryption being"
403 + " enabled with authenticated encryption");
404 } catch (IllegalArgumentException expected) {
405 }
406 }
407
408 @Test
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]409 public void testDeleteTransportModeTransform() throws Exception {
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]410 IpSecConfig ipSecConfig = new IpSecConfig();
411 addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
412 addAuthAndCryptToIpSecConfig(ipSecConfig);
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]413
414 IpSecTransformResponse createTransformResp =
415 mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
416 mIpSecService.deleteTransportModeTransform(createTransformResp.resourceId);
417
418 verify(mMockNetd)
419 .ipSecDeleteSecurityAssociation(
420 eq(createTransformResp.resourceId),
421 eq(IpSecTransform.DIRECTION_OUT),
422 anyString(),
423 anyString(),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]424 eq(TEST_SPI_OUT));
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]425 verify(mMockNetd)
426 .ipSecDeleteSecurityAssociation(
427 eq(createTransformResp.resourceId),
428 eq(IpSecTransform.DIRECTION_IN),
429 anyString(),
430 anyString(),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]431 eq(TEST_SPI_IN));
Benedict Wong344bd622017-11-16 15:27:22 -0800[diff] [blame^]432
433 // Verify quota and RefcountedResource objects cleaned up
434 IpSecService.UserRecord userRecord =
435 mIpSecService.mUserResourceTracker.getUserRecord(Os.getuid());
436 assertEquals(0, userRecord.mTransformQuotaTracker.mCurrent);
437 try {
438 userRecord.mTransformRecords.getRefcountedResourceOrThrow(
439 createTransformResp.resourceId);
440 fail("Expected IllegalArgumentException on attempt to access deleted resource");
441 } catch (IllegalArgumentException expected) {
442
443 }
444 }
445
446 @Test
447 public void testTransportModeTransformBinderDeath() throws Exception {
448 IpSecConfig ipSecConfig = new IpSecConfig();
449 addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
450 addAuthAndCryptToIpSecConfig(ipSecConfig);
451
452 IpSecTransformResponse createTransformResp =
453 mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
454
455 IpSecService.UserRecord userRecord =
456 mIpSecService.mUserResourceTracker.getUserRecord(Os.getuid());
457 IpSecService.RefcountedResource refcountedRecord =
458 userRecord.mTransformRecords.getRefcountedResourceOrThrow(
459 createTransformResp.resourceId);
460
461 refcountedRecord.binderDied();
462
463 verify(mMockNetd)
464 .ipSecDeleteSecurityAssociation(
465 eq(createTransformResp.resourceId),
466 eq(IpSecTransform.DIRECTION_OUT),
467 anyString(),
468 anyString(),
469 eq(TEST_SPI_OUT));
470 verify(mMockNetd)
471 .ipSecDeleteSecurityAssociation(
472 eq(createTransformResp.resourceId),
473 eq(IpSecTransform.DIRECTION_IN),
474 anyString(),
475 anyString(),
476 eq(TEST_SPI_IN));
477
478 // Verify quota and RefcountedResource objects cleaned up
479 assertEquals(0, userRecord.mTransformQuotaTracker.mCurrent);
480 try {
481 userRecord.mTransformRecords.getRefcountedResourceOrThrow(
482 createTransformResp.resourceId);
483 fail("Expected IllegalArgumentException on attempt to access deleted resource");
484 } catch (IllegalArgumentException expected) {
485
486 }
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]487 }
488
489 @Test
490 public void testApplyTransportModeTransform() throws Exception {
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]491 IpSecConfig ipSecConfig = new IpSecConfig();
492 addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
493 addAuthAndCryptToIpSecConfig(ipSecConfig);
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]494
495 IpSecTransformResponse createTransformResp =
496 mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
497 ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
498
499 int resourceId = createTransformResp.resourceId;
500 mIpSecService.applyTransportModeTransform(pfd, resourceId);
501
502 verify(mMockNetd)
503 .ipSecApplyTransportModeTransform(
504 eq(pfd.getFileDescriptor()),
505 eq(resourceId),
506 eq(IpSecTransform.DIRECTION_OUT),
507 anyString(),
508 anyString(),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]509 eq(TEST_SPI_OUT));
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]510 verify(mMockNetd)
511 .ipSecApplyTransportModeTransform(
512 eq(pfd.getFileDescriptor()),
513 eq(resourceId),
514 eq(IpSecTransform.DIRECTION_IN),
515 anyString(),
516 anyString(),
Benedict Wong0febe5e2017-08-22 21:42:33 -0700[diff] [blame]517 eq(TEST_SPI_IN));
Nathan Harold2e9a5202017-09-26 11:44:23 -0700[diff] [blame]518 }
519
520 @Test
521 public void testRemoveTransportModeTransform() throws Exception {
522 ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
523 mIpSecService.removeTransportModeTransform(pfd, 1);
524
525 verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor());
526 }
527}