[ipsec-doze] Add fchown capabilities, and fw rules
Add some firewall rules to allow doze mode packets to be sent/received
on ESP & no-socket packets. No-socket packets are no security risk
because they are either forwarded, going to be forwarded, or will be
dropped at routing tables (unless they are ESP).
Bug: 62994731
Test: New tests added, run
Change-Id: I2d8704498b564403d94123e4938091dee8fb98c1
diff --git a/libnetdutils/include/netdutils/MockSyscalls.h b/libnetdutils/include/netdutils/MockSyscalls.h
index 149ba59..06ca859 100644
--- a/libnetdutils/include/netdutils/MockSyscalls.h
+++ b/libnetdutils/include/netdutils/MockSyscalls.h
@@ -37,6 +37,8 @@
StatusOr<UniqueFd>(const std::string& pathname, int flags, mode_t mode));
MOCK_CONST_METHOD3(socket, StatusOr<UniqueFd>(int domain, int type, int protocol));
MOCK_CONST_METHOD3(getsockname, Status(Fd sock, sockaddr* addr, socklen_t* addrlen));
+ MOCK_CONST_METHOD5(getsockopt, Status(Fd sock, int level, int optname, void* optval,
+ socklen_t *optlen));
MOCK_CONST_METHOD5(setsockopt, Status(Fd sock, int level, int optname, const void* optval,
socklen_t optlen));
diff --git a/libnetdutils/include/netdutils/Syscalls.h b/libnetdutils/include/netdutils/Syscalls.h
index 0e336b6..4c9a004 100644
--- a/libnetdutils/include/netdutils/Syscalls.h
+++ b/libnetdutils/include/netdutils/Syscalls.h
@@ -47,6 +47,9 @@
virtual Status getsockname(Fd sock, sockaddr* addr, socklen_t* addrlen) const = 0;
+ virtual Status getsockopt(Fd sock, int level, int optname, void *optval,
+ socklen_t *optlen) const = 0;
+
virtual Status setsockopt(Fd sock, int level, int optname, const void* optval,
socklen_t optlen) const = 0;
@@ -115,6 +118,11 @@
}
template <typename SockoptT>
+ Status getsockopt(Fd sock, int level, int optname, void* optval, socklen_t* optlen) const {
+ return getsockopt(sock, level, optname, optval, optlen);
+ }
+
+ template <typename SockoptT>
Status setsockopt(Fd sock, int level, int optname, const SockoptT& opt) const {
return setsockopt(sock, level, optname, &opt, sizeof(opt));
}