commit b2daefb0fd5eb1e6ed4ff2149e13a09ee5748711
author Benedict Wong <benedictwong@google.com> Wed Dec 06 22:05:46 2017 -0800
committer Benedict Wong <benedictwong@google.com> Mon Dec 18 15:56:49 2017 -0800
tree e0eb183f036a0dff44be2ecc60db908dd2b0fd09
parent 164c8966c6bce401907c2f140e8c69452a89d227

[ipsec-doze] Add fchown capabilities, and fw rules

Add some firewall rules to allow doze mode packets to be sent/received
on ESP & no-socket packets. No-socket packets are no security risk
because they are either forwarded, going to be forwarded, or will be
dropped at routing tables (unless they are ESP).

Bug: 62994731
Test: New tests added, run
Change-Id: I2d8704498b564403d94123e4938091dee8fb98c1

libnetdutils/SyscallsTest.cpp

diff --git a/libnetdutils/SyscallsTest.cpp b/libnetdutils/SyscallsTest.cpp
index a754d1c..da93b76 100644
--- a/libnetdutils/SyscallsTest.cpp
+++ b/libnetdutils/SyscallsTest.cpp
@@ -108,6 +108,26 @@
     EXPECT_EQ(kError, sys.setsockopt(kFd, kLevel, kOptname, expected));
 }
 
+TEST_F(SyscallsTest, getsockopt) {
+    constexpr Fd kFd(40);
+    constexpr int kLevel = 50;
+    constexpr int kOptname = 70;
+    sockaddr_nl expected = {};
+    socklen_t optLen = 0;
+    auto& sys = sSyscalls.get();
+
+    // Success
+    EXPECT_CALL(mSyscalls, getsockopt(kFd, kLevel, kOptname, &expected, &optLen))
+        .WillOnce(Return(status::ok));
+    EXPECT_EQ(status::ok, sys.getsockopt(kFd, kLevel, kOptname, &expected, &optLen));
+
+    // Failure
+    const Status kError = statusFromErrno(EINVAL, "test");
+    EXPECT_CALL(mSyscalls, getsockopt(kFd, kLevel, kOptname, &expected, &optLen))
+        .WillOnce(Return(kError));
+    EXPECT_EQ(kError, sys.getsockopt(kFd, kLevel, kOptname, &expected, &optLen));
+}
+
 TEST_F(SyscallsTest, bind) {
     constexpr Fd kFd(40);
     sockaddr_nl expected = {};