Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 2bd804a5e9f770333a51a44ce4627c8136277af6^! / . / server / IptablesRestoreControllerTest.cpp
commit2bd804a5e9f770333a51a44ce4627c8136277af6[log] [tgz]
authorLorenzo Colitti <lorenzo@google.com>Fri Mar 10 12:19:08 2017 +0900
committerLorenzo Colitti <lorenzo@google.com>Wed Mar 22 11:20:08 2017 +0900
tree120a8bcf0a9a7ad9d781daf42f25f90ac9c453af
parent35fb85042e214e050e7798f6194a4746a9cd9bdd [diff] [blame]
Update test code to match new iptables behaviour.

iptables is changing the locking code from binding to an abstract
UNIX socket to calling flock() on a real file. Update test code
that acquires the iptables lock.

Also, make said code more robust by retrying up to 10 times if
the lock is held. This should make the test less flaky.

Bug: 36108349
Test: IptablesRestoreControllerTest passes with new iptables
Change-Id: I1d1d454d78382e76d178c4ef43f2c40a46f81f62

diff --git a/server/IptablesRestoreControllerTest.cpp b/server/IptablesRestoreControllerTest.cpp
index a5d8a7b..96394c1 100644
--- a/server/IptablesRestoreControllerTest.cpp
+++ b/server/IptablesRestoreControllerTest.cpp

@@ -16,6 +16,7 @@
 
 #include <string>
 #include <fcntl.h>
+#include <sys/file.h>
 #include <sys/socket.h>
 #include <sys/un.h>
 
@@ -29,7 +30,9 @@
 #include "IptablesRestoreController.h"
 #include "NetdConstants.h"
 
-#define XTABLES_LOCK "@xtables"
+#define XT_LOCK_NAME "/system/etc/xtables.lock"
+#define XT_LOCK_ATTEMPTS 10
+#define XT_LOCK_POLL_INTERVAL_MS 100
 
 using android::base::Join;
 using android::base::StringPrintf;
@@ -110,19 +113,19 @@
   }
 
   int acquireIptablesLock() {
-    mIptablesLock = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (mIptablesLock == -1) {
-      return -errno;
+    mIptablesLock = open(XT_LOCK_NAME, O_CREAT, 0600);
+    if (mIptablesLock == -1) return mIptablesLock;
+    int attempts;
+    for (attempts = 0; attempts < XT_LOCK_ATTEMPTS; attempts++) {
+      if (flock(mIptablesLock, LOCK_EX | LOCK_NB) == 0) {
+        return 0;
+      }
+      usleep(XT_LOCK_POLL_INTERVAL_MS * 1000);
     }
-    sockaddr_un sun = { AF_UNIX, XTABLES_LOCK };
-    sun.sun_path[0] = '\0';
-    size_t len = offsetof(struct sockaddr_un, sun_path) + sizeof(XTABLES_LOCK) - 1;
-    if (int ret = bind(mIptablesLock, reinterpret_cast<sockaddr *>(&sun), len) == -1) {
-      ret = -errno;
-      close(mIptablesLock);
-      return ret;
-    }
-    return 0;
+    EXPECT_LT(attempts, XT_LOCK_ATTEMPTS) <<
+        "Could not acquire iptables lock after " << XT_LOCK_ATTEMPTS << " attempts " <<
+        XT_LOCK_POLL_INTERVAL_MS << "ms apart";
+    return -1;
   }
 
   void releaseIptablesLock() {