Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 11ec78bf845db48b388e86712d4693ff9e553697 / . / server / TrafficControllerTest.cpp
blob: 26dbe0c50da8b77a728f115948349c05b82e4383 [file] [log] [blame]
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]1/*
2 * Copyright 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * TrafficControllerTest.cpp - unit tests for TrafficController.cpp
17 */
18
19#include <string>
20#include <vector>
21
22#include <fcntl.h>
23#include <inttypes.h>
24#include <linux/inet_diag.h>
25#include <linux/sock_diag.h>
26#include <sys/socket.h>
27#include <sys/types.h>
28#include <unistd.h>
29
30#include <gtest/gtest.h>
31
32#include <android-base/stringprintf.h>
33#include <android-base/strings.h>
34
35#include <netdutils/MockSyscalls.h>
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]36#include "netdutils/StatusOr.h"
37
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]38#include "FirewallController.h"
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]39#include "TrafficController.h"
40#include "bpf/BpfUtils.h"
41
Bernie Innocenti7e25ec02018-07-02 19:32:17 +0900[diff] [blame]42using namespace android::bpf; // NOLINT(google-build-using-namespace): grandfathered
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]43
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]44namespace android {
45namespace net {
46
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]47using netdutils::isOk;
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]48using netdutils::StatusOr;
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]49
50constexpr int TEST_MAP_SIZE = 10;
Chenbo Feng82075e52019-04-12 19:21:47 -0700[diff] [blame]51constexpr int TEST_COOKIE = 1;
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]52constexpr uid_t TEST_UID = 10086;
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]53constexpr uid_t TEST_UID2 = 54321;
54constexpr uid_t TEST_UID3 = 98765;
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]55constexpr uint32_t TEST_TAG = 42;
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]56constexpr uint32_t TEST_COUNTERSET = 1;
57constexpr uint32_t DEFAULT_COUNTERSET = 0;
Chenbo Feng82075e52019-04-12 19:21:47 -0700[diff] [blame]58constexpr uint32_t TEST_PER_UID_STATS_ENTRIES_LIMIT = 3;
59constexpr uint32_t TEST_TOTAL_UID_STATS_ENTRIES_LIMIT = 7;
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]60
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]61#define ASSERT_VALID(x) ASSERT_TRUE((x).isValid())
62
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]63class TrafficControllerTest : public ::testing::Test {
64 protected:
Chenbo Feng82075e52019-04-12 19:21:47 -0700[diff] [blame]65 TrafficControllerTest()
66 : mTc(TEST_PER_UID_STATS_ENTRIES_LIMIT, TEST_TOTAL_UID_STATS_ENTRIES_LIMIT) {}
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]67 TrafficController mTc;
Maciej Żenczykowski11ec78b2019-12-30 06:39:32 -0800[diff] [blame^]68 BpfMap<uint64_t, UidTagValue> mFakeCookieTagMap;
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]69 BpfMap<uint32_t, uint8_t> mFakeUidCounterSetMap;
Chenbo Fengbc4a15f2018-05-11 19:15:15 -0700[diff] [blame]70 BpfMap<uint32_t, StatsValue> mFakeAppUidStatsMap;
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]71 BpfMap<StatsKey, StatsValue> mFakeStatsMapA;
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]72 BpfMap<uint32_t, uint8_t> mFakeConfigurationMap;
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]73 BpfMap<uint32_t, UidOwnerValue> mFakeUidOwnerMap;
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]74 BpfMap<uint32_t, uint8_t> mFakeUidPermissionMap;
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]75
76 void SetUp() {
Chenbo Feng84d9f9f2019-04-12 15:31:02 -0700[diff] [blame]77 std::lock_guard guard(mTc.mMutex);
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]78 SKIP_IF_BPF_NOT_SUPPORTED;
Chenbo Fengef01d8d2019-04-09 11:53:45 -0700[diff] [blame]79 ASSERT_EQ(0, setrlimitForTest());
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]80
Maciej Żenczykowski11ec78b2019-12-30 06:39:32 -0800[diff] [blame^]81 mFakeCookieTagMap.reset(createMap(BPF_MAP_TYPE_HASH, sizeof(uint64_t), sizeof(UidTagValue),
82 TEST_MAP_SIZE, 0));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]83 ASSERT_VALID(mFakeCookieTagMap);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]84
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]85 mFakeUidCounterSetMap.reset(
86 createMap(BPF_MAP_TYPE_HASH, sizeof(uint32_t), sizeof(uint8_t), TEST_MAP_SIZE, 0));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]87 ASSERT_VALID(mFakeUidCounterSetMap);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]88
Maciej Żenczykowski11ec78b2019-12-30 06:39:32 -0800[diff] [blame^]89 mFakeAppUidStatsMap.reset(createMap(BPF_MAP_TYPE_HASH, sizeof(uint32_t), sizeof(StatsValue),
90 TEST_MAP_SIZE, 0));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]91 ASSERT_VALID(mFakeAppUidStatsMap);
Chenbo Fengbc4a15f2018-05-11 19:15:15 -0700[diff] [blame]92
Maciej Żenczykowski11ec78b2019-12-30 06:39:32 -0800[diff] [blame^]93 mFakeStatsMapA.reset(createMap(BPF_MAP_TYPE_HASH, sizeof(StatsKey), sizeof(StatsValue),
94 TEST_MAP_SIZE, 0));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]95 ASSERT_VALID(mFakeStatsMapA);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]96
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]97 mFakeConfigurationMap.reset(
98 createMap(BPF_MAP_TYPE_HASH, sizeof(uint32_t), sizeof(uint8_t), 1, 0));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]99 ASSERT_VALID(mFakeConfigurationMap);
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]100
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]101 mFakeUidOwnerMap.reset(createMap(BPF_MAP_TYPE_HASH, sizeof(uint32_t), sizeof(UidOwnerValue),
102 TEST_MAP_SIZE, 0));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]103 ASSERT_VALID(mFakeUidOwnerMap);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]104 mFakeUidPermissionMap.reset(
105 createMap(BPF_MAP_TYPE_HASH, sizeof(uint32_t), sizeof(uint8_t), TEST_MAP_SIZE, 0));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]106 ASSERT_VALID(mFakeUidPermissionMap);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]107
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]108 mTc.mCookieTagMap.reset(dupFd(mFakeCookieTagMap.getMap()));
109 ASSERT_VALID(mTc.mCookieTagMap);
110 mTc.mUidCounterSetMap.reset(dupFd(mFakeUidCounterSetMap.getMap()));
111 ASSERT_VALID(mTc.mUidCounterSetMap);
112 mTc.mAppUidStatsMap.reset(dupFd(mFakeAppUidStatsMap.getMap()));
113 ASSERT_VALID(mTc.mAppUidStatsMap);
114 mTc.mStatsMapA.reset(dupFd(mFakeStatsMapA.getMap()));
115 ASSERT_VALID(mTc.mStatsMapA);
116 mTc.mConfigurationMap.reset(dupFd(mFakeConfigurationMap.getMap()));
117 ASSERT_VALID(mTc.mConfigurationMap);
118
119 // Always write to stats map A by default.
120 ASSERT_TRUE(isOk(mTc.mConfigurationMap.writeValue(CURRENT_STATS_MAP_CONFIGURATION_KEY,
Chenbo Fengb0495132019-04-10 12:54:41 -0700[diff] [blame]121 SELECT_MAP_A, BPF_ANY)));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]122 mTc.mUidOwnerMap.reset(dupFd(mFakeUidOwnerMap.getMap()));
123 ASSERT_VALID(mTc.mUidOwnerMap);
124 mTc.mUidPermissionMap.reset(dupFd(mFakeUidPermissionMap.getMap()));
125 ASSERT_VALID(mTc.mUidPermissionMap);
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]126 mTc.mPrivilegedUser.clear();
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]127 }
128
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]129 int dupFd(const android::base::unique_fd& mapFd) {
130 return fcntl(mapFd.get(), F_DUPFD_CLOEXEC, 0);
131 }
132
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]133 int setUpSocketAndTag(int protocol, uint64_t* cookie, uint32_t tag, uid_t uid,
134 uid_t callingUid) {
Bernie Innocenti15bb55c2018-06-03 16:19:51 +0900[diff] [blame]135 int sock = socket(protocol, SOCK_STREAM | SOCK_CLOEXEC, 0);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]136 EXPECT_LE(0, sock);
137 *cookie = getSocketCookie(sock);
Chenbo Fengef1cab32018-04-13 19:50:49 -0700[diff] [blame]138 EXPECT_NE(NONEXISTENT_COOKIE, *cookie);
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]139 EXPECT_EQ(0, mTc.tagSocket(sock, tag, uid, callingUid));
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]140 return sock;
141 }
142
143 void expectUidTag(uint64_t cookie, uid_t uid, uint32_t tag) {
Maciej Żenczykowski11ec78b2019-12-30 06:39:32 -0800[diff] [blame^]144 StatusOr<UidTagValue> tagResult = mFakeCookieTagMap.readValue(cookie);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]145 EXPECT_TRUE(isOk(tagResult));
146 EXPECT_EQ(uid, tagResult.value().uid);
147 EXPECT_EQ(tag, tagResult.value().tag);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]148 }
149
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]150 void expectNoTag(uint64_t cookie) { EXPECT_FALSE(isOk(mFakeCookieTagMap.readValue(cookie))); }
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]151
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]152 void populateFakeStats(uint64_t cookie, uint32_t uid, uint32_t tag, StatsKey* key) {
Maciej Żenczykowski11ec78b2019-12-30 06:39:32 -0800[diff] [blame^]153 UidTagValue cookieMapkey = {.uid = (uint32_t)uid, .tag = tag};
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]154 EXPECT_TRUE(isOk(mFakeCookieTagMap.writeValue(cookie, cookieMapkey, BPF_ANY)));
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]155 *key = {.uid = uid, .tag = tag, .counterSet = TEST_COUNTERSET, .ifaceIndex = 1};
Chenbo Fengeac6c472018-02-05 15:06:23 -0800[diff] [blame]156 StatsValue statsMapValue = {.rxPackets = 1, .rxBytes = 100};
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]157 uint8_t counterSet = TEST_COUNTERSET;
158 EXPECT_TRUE(isOk(mFakeUidCounterSetMap.writeValue(uid, counterSet, BPF_ANY)));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]159 EXPECT_TRUE(isOk(mFakeStatsMapA.writeValue(*key, statsMapValue, BPF_ANY)));
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]160 key->tag = 0;
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]161 EXPECT_TRUE(isOk(mFakeStatsMapA.writeValue(*key, statsMapValue, BPF_ANY)));
Chenbo Fengbc4a15f2018-05-11 19:15:15 -0700[diff] [blame]162 EXPECT_TRUE(isOk(mFakeAppUidStatsMap.writeValue(uid, statsMapValue, BPF_ANY)));
Chenbo Feng63ad5592018-01-22 23:14:12 -0800[diff] [blame]163 // put tag information back to statsKey
164 key->tag = tag;
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]165 }
166
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]167 void checkUidOwnerRuleForChain(ChildChain chain, UidOwnerMatchType match) {
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]168 uint32_t uid = TEST_UID;
169 EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, DENY, BLACKLIST));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]170 StatusOr<UidOwnerValue> value = mFakeUidOwnerMap.readValue(uid);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]171 EXPECT_TRUE(isOk(value));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]172 EXPECT_TRUE(value.value().rule & match);
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]173
174 uid = TEST_UID2;
175 EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, ALLOW, WHITELIST));
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]176 value = mFakeUidOwnerMap.readValue(uid);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]177 EXPECT_TRUE(isOk(value));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]178 EXPECT_TRUE(value.value().rule & match);
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]179
180 EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, DENY, WHITELIST));
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]181 value = mFakeUidOwnerMap.readValue(uid);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]182 EXPECT_FALSE(isOk(value));
183 EXPECT_EQ(ENOENT, value.status().code());
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]184
185 uid = TEST_UID;
186 EXPECT_EQ(0, mTc.changeUidOwnerRule(chain, uid, ALLOW, BLACKLIST));
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]187 value = mFakeUidOwnerMap.readValue(uid);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]188 EXPECT_FALSE(isOk(value));
189 EXPECT_EQ(ENOENT, value.status().code());
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]190
191 uid = TEST_UID3;
192 EXPECT_EQ(-ENOENT, mTc.changeUidOwnerRule(chain, uid, ALLOW, BLACKLIST));
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]193 value = mFakeUidOwnerMap.readValue(uid);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]194 EXPECT_FALSE(isOk(value));
195 EXPECT_EQ(ENOENT, value.status().code());
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]196 }
197
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]198 void checkEachUidValue(const std::vector<int32_t>& uids, UidOwnerMatchType match) {
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]199 for (uint32_t uid : uids) {
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]200 StatusOr<UidOwnerValue> value = mFakeUidOwnerMap.readValue(uid);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]201 EXPECT_TRUE(isOk(value));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]202 EXPECT_TRUE(value.value().rule & match);
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]203 }
204 std::set<uint32_t> uidSet(uids.begin(), uids.end());
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]205 const auto checkNoOtherUid = [&uidSet](const int32_t& key,
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]206 const BpfMap<uint32_t, UidOwnerValue>&) {
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]207 EXPECT_NE(uidSet.end(), uidSet.find(key));
208 return netdutils::status::ok;
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]209 };
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]210 EXPECT_TRUE(isOk(mFakeUidOwnerMap.iterate(checkNoOtherUid)));
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]211 }
212
213 void checkUidMapReplace(const std::string& name, const std::vector<int32_t>& uids,
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]214 UidOwnerMatchType match) {
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]215 bool isWhitelist = true;
216 EXPECT_EQ(0, mTc.replaceUidOwnerMap(name, isWhitelist, uids));
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]217 checkEachUidValue(uids, match);
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]218
219 isWhitelist = false;
220 EXPECT_EQ(0, mTc.replaceUidOwnerMap(name, isWhitelist, uids));
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]221 checkEachUidValue(uids, match);
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]222 }
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]223 void expectUidOwnerMapValues(const std::vector<std::string>& appStrUids, uint8_t expectedRule,
224 uint32_t expectedIif) {
Bernie Innocenti7e25ec02018-07-02 19:32:17 +0900[diff] [blame]225 for (const std::string& strUid : appStrUids) {
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]226 uint32_t uid = stoi(strUid);
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]227 StatusOr<UidOwnerValue> value = mFakeUidOwnerMap.readValue(uid);
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]228 EXPECT_TRUE(isOk(value));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]229 EXPECT_EQ(expectedRule, value.value().rule)
230 << "Expected rule for UID " << uid << " to be " << expectedRule << ", but was "
231 << value.value().rule;
232 EXPECT_EQ(expectedIif, value.value().iif)
233 << "Expected iif for UID " << uid << " to be " << expectedIif << ", but was "
234 << value.value().iif;
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]235 }
236 }
237
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]238 template <class Key, class Value>
239 void expectMapEmpty(BpfMap<Key, Value>& map) {
Chenbo Fengc16827b2018-06-08 15:58:11 -0700[diff] [blame]240 auto isEmpty = map.isEmpty();
241 EXPECT_TRUE(isOk(isEmpty));
242 EXPECT_TRUE(isEmpty.value());
243 }
244
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]245 void expectUidPermissionMapValues(const std::vector<uid_t>& appUids, uint8_t expectedValue) {
246 for (uid_t uid : appUids) {
247 StatusOr<uint8_t> value = mFakeUidPermissionMap.readValue(uid);
248 EXPECT_TRUE(isOk(value));
249 EXPECT_EQ(expectedValue, value.value())
250 << "Expected value for UID " << uid << " to be " << expectedValue
251 << ", but was " << value.value();
252 }
253 }
254
255 void expectPrivilegedUserSet(const std::vector<uid_t>& appUids) {
Chenbo Feng84d9f9f2019-04-12 15:31:02 -0700[diff] [blame]256 std::lock_guard guard(mTc.mMutex);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]257 EXPECT_EQ(appUids.size(), mTc.mPrivilegedUser.size());
258 for (uid_t uid : appUids) {
259 EXPECT_NE(mTc.mPrivilegedUser.end(), mTc.mPrivilegedUser.find(uid));
260 }
261 }
262
Chenbo Feng84d9f9f2019-04-12 15:31:02 -0700[diff] [blame]263 void expectPrivilegedUserSetEmpty() {
264 std::lock_guard guard(mTc.mMutex);
265 EXPECT_TRUE(mTc.mPrivilegedUser.empty());
266 }
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]267
268 void addPrivilegedUid(uid_t uid) {
269 std::vector privilegedUid = {uid};
270 mTc.setPermissionForUids(INetd::PERMISSION_UPDATE_DEVICE_STATS, privilegedUid);
271 }
272
273 void removePrivilegedUid(uid_t uid) {
274 std::vector privilegedUid = {uid};
Chenbo Feng84f48cd2019-04-22 15:34:40 -0700[diff] [blame]275 mTc.setPermissionForUids(INetd::PERMISSION_NONE, privilegedUid);
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]276 }
277
278 void expectFakeStatsUnchanged(uint64_t cookie, uint32_t tag, uint32_t uid,
279 StatsKey tagStatsMapKey) {
Maciej Żenczykowski11ec78b2019-12-30 06:39:32 -0800[diff] [blame^]280 StatusOr<UidTagValue> cookieMapResult = mFakeCookieTagMap.readValue(cookie);
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]281 EXPECT_TRUE(isOk(cookieMapResult));
282 EXPECT_EQ(uid, cookieMapResult.value().uid);
283 EXPECT_EQ(tag, cookieMapResult.value().tag);
284 StatusOr<uint8_t> counterSetResult = mFakeUidCounterSetMap.readValue(uid);
285 EXPECT_TRUE(isOk(counterSetResult));
286 EXPECT_EQ(TEST_COUNTERSET, counterSetResult.value());
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]287 StatusOr<StatsValue> statsMapResult = mFakeStatsMapA.readValue(tagStatsMapKey);
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]288 EXPECT_TRUE(isOk(statsMapResult));
289 EXPECT_EQ((uint64_t)1, statsMapResult.value().rxPackets);
290 EXPECT_EQ((uint64_t)100, statsMapResult.value().rxBytes);
291 tagStatsMapKey.tag = 0;
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]292 statsMapResult = mFakeStatsMapA.readValue(tagStatsMapKey);
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]293 EXPECT_TRUE(isOk(statsMapResult));
294 EXPECT_EQ((uint64_t)1, statsMapResult.value().rxPackets);
295 EXPECT_EQ((uint64_t)100, statsMapResult.value().rxBytes);
296 auto appStatsResult = mFakeAppUidStatsMap.readValue(uid);
297 EXPECT_TRUE(isOk(appStatsResult));
298 EXPECT_EQ((uint64_t)1, appStatsResult.value().rxPackets);
299 EXPECT_EQ((uint64_t)100, appStatsResult.value().rxBytes);
300 }
Chenbo Feng82075e52019-04-12 19:21:47 -0700[diff] [blame]301
302 void expectTagSocketReachLimit(uint32_t tag, uint32_t uid) {
303 int sock = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
304 EXPECT_LE(0, sock);
305 if (sock < 0) return;
306 uint64_t sockCookie = getSocketCookie(sock);
307 EXPECT_NE(NONEXISTENT_COOKIE, sockCookie);
308 EXPECT_EQ(-EMFILE, mTc.tagSocket(sock, tag, uid, uid));
309 expectNoTag(sockCookie);
310
311 // Delete stats entries then tag socket success
312 EXPECT_EQ(0, mTc.deleteTagData(0, uid, 0));
313 EXPECT_EQ(0, mTc.tagSocket(sock, tag, uid, uid));
314 expectUidTag(sockCookie, uid, tag);
315 }
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]316};
317
318TEST_F(TrafficControllerTest, TestTagSocketV4) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]319 SKIP_IF_BPF_NOT_SUPPORTED;
320
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]321 uint64_t sockCookie;
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]322 int v4socket = setUpSocketAndTag(AF_INET, &sockCookie, TEST_TAG, TEST_UID, TEST_UID);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]323 expectUidTag(sockCookie, TEST_UID, TEST_TAG);
324 ASSERT_EQ(0, mTc.untagSocket(v4socket));
325 expectNoTag(sockCookie);
Chenbo Fengc16827b2018-06-08 15:58:11 -0700[diff] [blame]326 expectMapEmpty(mFakeCookieTagMap);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]327}
328
329TEST_F(TrafficControllerTest, TestReTagSocket) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]330 SKIP_IF_BPF_NOT_SUPPORTED;
331
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]332 uint64_t sockCookie;
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]333 int v4socket = setUpSocketAndTag(AF_INET, &sockCookie, TEST_TAG, TEST_UID, TEST_UID);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]334 expectUidTag(sockCookie, TEST_UID, TEST_TAG);
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]335 ASSERT_EQ(0, mTc.tagSocket(v4socket, TEST_TAG + 1, TEST_UID + 1, TEST_UID + 1));
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]336 expectUidTag(sockCookie, TEST_UID + 1, TEST_TAG + 1);
337}
338
339TEST_F(TrafficControllerTest, TestTagTwoSockets) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]340 SKIP_IF_BPF_NOT_SUPPORTED;
341
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]342 uint64_t sockCookie1;
343 uint64_t sockCookie2;
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]344 int v4socket1 = setUpSocketAndTag(AF_INET, &sockCookie1, TEST_TAG, TEST_UID, TEST_UID);
345 setUpSocketAndTag(AF_INET, &sockCookie2, TEST_TAG, TEST_UID, TEST_UID);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]346 expectUidTag(sockCookie1, TEST_UID, TEST_TAG);
347 expectUidTag(sockCookie2, TEST_UID, TEST_TAG);
348 ASSERT_EQ(0, mTc.untagSocket(v4socket1));
349 expectNoTag(sockCookie1);
350 expectUidTag(sockCookie2, TEST_UID, TEST_TAG);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]351 ASSERT_FALSE(isOk(mFakeCookieTagMap.getNextKey(sockCookie2)));
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]352}
353
354TEST_F(TrafficControllerTest, TestTagSocketV6) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]355 SKIP_IF_BPF_NOT_SUPPORTED;
356
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]357 uint64_t sockCookie;
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]358 int v6socket = setUpSocketAndTag(AF_INET6, &sockCookie, TEST_TAG, TEST_UID, TEST_UID);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]359 expectUidTag(sockCookie, TEST_UID, TEST_TAG);
360 ASSERT_EQ(0, mTc.untagSocket(v6socket));
361 expectNoTag(sockCookie);
Chenbo Fengc16827b2018-06-08 15:58:11 -0700[diff] [blame]362 expectMapEmpty(mFakeCookieTagMap);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]363}
364
365TEST_F(TrafficControllerTest, TestTagInvalidSocket) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]366 SKIP_IF_BPF_NOT_SUPPORTED;
367
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]368 int invalidSocket = -1;
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]369 ASSERT_GT(0, mTc.tagSocket(invalidSocket, TEST_TAG, TEST_UID, TEST_UID));
Chenbo Fengc16827b2018-06-08 15:58:11 -0700[diff] [blame]370 expectMapEmpty(mFakeCookieTagMap);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]371}
372
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]373TEST_F(TrafficControllerTest, TestTagSocketWithoutPermission) {
374 SKIP_IF_BPF_NOT_SUPPORTED;
375
376 int sock = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
377 ASSERT_NE(-1, sock);
378 ASSERT_EQ(-EPERM, mTc.tagSocket(sock, TEST_TAG, TEST_UID, TEST_UID2));
379 expectMapEmpty(mFakeCookieTagMap);
380}
381
382TEST_F(TrafficControllerTest, TestTagSocketWithPermission) {
383 SKIP_IF_BPF_NOT_SUPPORTED;
384
385 // Grant permission to calling uid.
386 std::vector<uid_t> callingUid = {TEST_UID2};
387 mTc.setPermissionForUids(INetd::PERMISSION_UPDATE_DEVICE_STATS, callingUid);
388
389 // Tag a socket to a different uid other then callingUid.
390 uint64_t sockCookie;
391 int v6socket = setUpSocketAndTag(AF_INET6, &sockCookie, TEST_TAG, TEST_UID, TEST_UID2);
392 expectUidTag(sockCookie, TEST_UID, TEST_TAG);
393 EXPECT_EQ(0, mTc.untagSocket(v6socket));
394 expectNoTag(sockCookie);
395 expectMapEmpty(mFakeCookieTagMap);
396
397 // Clean up the permission
Chenbo Feng84f48cd2019-04-22 15:34:40 -0700[diff] [blame]398 mTc.setPermissionForUids(INetd::PERMISSION_NONE, callingUid);
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]399 expectPrivilegedUserSetEmpty();
400}
401
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]402TEST_F(TrafficControllerTest, TestUntagInvalidSocket) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]403 SKIP_IF_BPF_NOT_SUPPORTED;
404
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]405 int invalidSocket = -1;
406 ASSERT_GT(0, mTc.untagSocket(invalidSocket));
Bernie Innocenti15bb55c2018-06-03 16:19:51 +0900[diff] [blame]407 int v4socket = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]408 ASSERT_GT(0, mTc.untagSocket(v4socket));
Chenbo Fengc16827b2018-06-08 15:58:11 -0700[diff] [blame]409 expectMapEmpty(mFakeCookieTagMap);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]410}
411
Chenbo Feng82075e52019-04-12 19:21:47 -0700[diff] [blame]412TEST_F(TrafficControllerTest, TestTagSocketReachLimitFail) {
413 SKIP_IF_BPF_NOT_SUPPORTED;
414
415 uid_t uid = TEST_UID;
416 StatsKey tagStatsMapKey[4];
417 for (int i = 0; i < 3; i++) {
418 uint64_t cookie = TEST_COOKIE + i;
419 uint32_t tag = TEST_TAG + i;
420 populateFakeStats(cookie, uid, tag, &tagStatsMapKey[i]);
421 }
422 expectTagSocketReachLimit(TEST_TAG, TEST_UID);
423}
424
425TEST_F(TrafficControllerTest, TestTagSocketReachTotalLimitFail) {
426 SKIP_IF_BPF_NOT_SUPPORTED;
427
428 StatsKey tagStatsMapKey[4];
429 for (int i = 0; i < 4; i++) {
430 uint64_t cookie = TEST_COOKIE + i;
431 uint32_t tag = TEST_TAG + i;
432 uid_t uid = TEST_UID + i;
433 populateFakeStats(cookie, uid, tag, &tagStatsMapKey[i]);
434 }
435 expectTagSocketReachLimit(TEST_TAG, TEST_UID);
436}
437
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]438TEST_F(TrafficControllerTest, TestSetCounterSet) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]439 SKIP_IF_BPF_NOT_SUPPORTED;
440
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]441 uid_t callingUid = TEST_UID2;
442 addPrivilegedUid(callingUid);
443 ASSERT_EQ(0, mTc.setCounterSet(TEST_COUNTERSET, TEST_UID, callingUid));
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]444 uid_t uid = TEST_UID;
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]445 StatusOr<uint8_t> counterSetResult = mFakeUidCounterSetMap.readValue(uid);
446 ASSERT_TRUE(isOk(counterSetResult));
447 ASSERT_EQ(TEST_COUNTERSET, counterSetResult.value());
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]448 ASSERT_EQ(0, mTc.setCounterSet(DEFAULT_COUNTERSET, TEST_UID, callingUid));
449 ASSERT_FALSE(isOk(mFakeUidCounterSetMap.readValue(uid)));
450 expectMapEmpty(mFakeUidCounterSetMap);
451}
452
453TEST_F(TrafficControllerTest, TestSetCounterSetWithoutPermission) {
454 SKIP_IF_BPF_NOT_SUPPORTED;
455
456 ASSERT_EQ(-EPERM, mTc.setCounterSet(TEST_COUNTERSET, TEST_UID, TEST_UID2));
457 uid_t uid = TEST_UID;
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]458 ASSERT_FALSE(isOk(mFakeUidCounterSetMap.readValue(uid)));
Chenbo Fengc16827b2018-06-08 15:58:11 -0700[diff] [blame]459 expectMapEmpty(mFakeUidCounterSetMap);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]460}
461
462TEST_F(TrafficControllerTest, TestSetInvalidCounterSet) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]463 SKIP_IF_BPF_NOT_SUPPORTED;
464
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]465 uid_t callingUid = TEST_UID2;
466 addPrivilegedUid(callingUid);
467 ASSERT_GT(0, mTc.setCounterSet(OVERFLOW_COUNTERSET, TEST_UID, callingUid));
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]468 uid_t uid = TEST_UID;
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]469 ASSERT_FALSE(isOk(mFakeUidCounterSetMap.readValue(uid)));
Chenbo Fengc16827b2018-06-08 15:58:11 -0700[diff] [blame]470 expectMapEmpty(mFakeUidCounterSetMap);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]471}
472
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]473TEST_F(TrafficControllerTest, TestDeleteTagDataWithoutPermission) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]474 SKIP_IF_BPF_NOT_SUPPORTED;
475
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]476 uint64_t cookie = 1;
477 uid_t uid = TEST_UID;
478 uint32_t tag = TEST_TAG;
479 StatsKey tagStatsMapKey;
480 populateFakeStats(cookie, uid, tag, &tagStatsMapKey);
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]481 ASSERT_EQ(-EPERM, mTc.deleteTagData(0, TEST_UID, TEST_UID2));
482
483 expectFakeStatsUnchanged(cookie, tag, uid, tagStatsMapKey);
484}
485
486TEST_F(TrafficControllerTest, TestDeleteTagData) {
487 SKIP_IF_BPF_NOT_SUPPORTED;
488
489 uid_t callingUid = TEST_UID2;
490 addPrivilegedUid(callingUid);
491 uint64_t cookie = 1;
492 uid_t uid = TEST_UID;
493 uint32_t tag = TEST_TAG;
494 StatsKey tagStatsMapKey;
495 populateFakeStats(cookie, uid, tag, &tagStatsMapKey);
496 ASSERT_EQ(0, mTc.deleteTagData(TEST_TAG, TEST_UID, callingUid));
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]497 ASSERT_FALSE(isOk(mFakeCookieTagMap.readValue(cookie)));
498 StatusOr<uint8_t> counterSetResult = mFakeUidCounterSetMap.readValue(uid);
499 ASSERT_TRUE(isOk(counterSetResult));
500 ASSERT_EQ(TEST_COUNTERSET, counterSetResult.value());
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]501 ASSERT_FALSE(isOk(mFakeStatsMapA.readValue(tagStatsMapKey)));
Chenbo Feng63ad5592018-01-22 23:14:12 -0800[diff] [blame]502 tagStatsMapKey.tag = 0;
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]503 StatusOr<StatsValue> statsMapResult = mFakeStatsMapA.readValue(tagStatsMapKey);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]504 ASSERT_TRUE(isOk(statsMapResult));
505 ASSERT_EQ((uint64_t)1, statsMapResult.value().rxPackets);
506 ASSERT_EQ((uint64_t)100, statsMapResult.value().rxBytes);
Chenbo Fengbc4a15f2018-05-11 19:15:15 -0700[diff] [blame]507 auto appStatsResult = mFakeAppUidStatsMap.readValue(TEST_UID);
508 ASSERT_TRUE(isOk(appStatsResult));
509 ASSERT_EQ((uint64_t)1, appStatsResult.value().rxPackets);
510 ASSERT_EQ((uint64_t)100, appStatsResult.value().rxBytes);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]511}
512
513TEST_F(TrafficControllerTest, TestDeleteAllUidData) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]514 SKIP_IF_BPF_NOT_SUPPORTED;
515
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]516 uid_t callingUid = TEST_UID2;
517 addPrivilegedUid(callingUid);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]518 uint64_t cookie = 1;
519 uid_t uid = TEST_UID;
520 uint32_t tag = TEST_TAG;
521 StatsKey tagStatsMapKey;
522 populateFakeStats(cookie, uid, tag, &tagStatsMapKey);
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]523 ASSERT_EQ(0, mTc.deleteTagData(0, TEST_UID, callingUid));
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]524 ASSERT_FALSE(isOk(mFakeCookieTagMap.readValue(cookie)));
525 ASSERT_FALSE(isOk(mFakeUidCounterSetMap.readValue(uid)));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]526 ASSERT_FALSE(isOk(mFakeStatsMapA.readValue(tagStatsMapKey)));
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]527 tagStatsMapKey.tag = 0;
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]528 ASSERT_FALSE(isOk(mFakeStatsMapA.readValue(tagStatsMapKey)));
Chenbo Fengbc4a15f2018-05-11 19:15:15 -0700[diff] [blame]529 ASSERT_FALSE(isOk(mFakeAppUidStatsMap.readValue(TEST_UID)));
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]530}
531
532TEST_F(TrafficControllerTest, TestDeleteDataWithTwoTags) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]533 SKIP_IF_BPF_NOT_SUPPORTED;
534
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]535 uid_t callingUid = TEST_UID2;
536 addPrivilegedUid(callingUid);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]537 uint64_t cookie1 = 1;
538 uint64_t cookie2 = 2;
539 uid_t uid = TEST_UID;
540 uint32_t tag1 = TEST_TAG;
541 uint32_t tag2 = TEST_TAG + 1;
542 StatsKey tagStatsMapKey1;
543 StatsKey tagStatsMapKey2;
544 populateFakeStats(cookie1, uid, tag1, &tagStatsMapKey1);
545 populateFakeStats(cookie2, uid, tag2, &tagStatsMapKey2);
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]546 ASSERT_EQ(0, mTc.deleteTagData(TEST_TAG, TEST_UID, callingUid));
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]547 ASSERT_FALSE(isOk(mFakeCookieTagMap.readValue(cookie1)));
Maciej Żenczykowski11ec78b2019-12-30 06:39:32 -0800[diff] [blame^]548 StatusOr<UidTagValue> cookieMapResult = mFakeCookieTagMap.readValue(cookie2);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]549 ASSERT_TRUE(isOk(cookieMapResult));
550 ASSERT_EQ(TEST_UID, cookieMapResult.value().uid);
551 ASSERT_EQ(TEST_TAG + 1, cookieMapResult.value().tag);
552 StatusOr<uint8_t> counterSetResult = mFakeUidCounterSetMap.readValue(uid);
553 ASSERT_TRUE(isOk(counterSetResult));
554 ASSERT_EQ(TEST_COUNTERSET, counterSetResult.value());
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]555 ASSERT_FALSE(isOk(mFakeStatsMapA.readValue(tagStatsMapKey1)));
556 StatusOr<StatsValue> statsMapResult = mFakeStatsMapA.readValue(tagStatsMapKey2);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]557 ASSERT_TRUE(isOk(statsMapResult));
558 ASSERT_EQ((uint64_t)1, statsMapResult.value().rxPackets);
559 ASSERT_EQ((uint64_t)100, statsMapResult.value().rxBytes);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]560}
561
562TEST_F(TrafficControllerTest, TestDeleteDataWithTwoUids) {
Lorenzo Colitti23e5c7f2018-01-12 17:55:59 +0900[diff] [blame]563 SKIP_IF_BPF_NOT_SUPPORTED;
564
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]565 uid_t callingUid = TEST_UID2;
566 addPrivilegedUid(callingUid);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]567 uint64_t cookie1 = 1;
568 uint64_t cookie2 = 2;
569 uid_t uid1 = TEST_UID;
570 uid_t uid2 = TEST_UID + 1;
571 uint32_t tag = TEST_TAG;
572 StatsKey tagStatsMapKey1;
573 StatsKey tagStatsMapKey2;
574 populateFakeStats(cookie1, uid1, tag, &tagStatsMapKey1);
575 populateFakeStats(cookie2, uid2, tag, &tagStatsMapKey2);
576
577 // Delete the stats of one of the uid. Check if it is properly collected by
578 // removedStats.
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]579 ASSERT_EQ(0, mTc.deleteTagData(0, uid2, callingUid));
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]580 ASSERT_FALSE(isOk(mFakeCookieTagMap.readValue(cookie2)));
581 StatusOr<uint8_t> counterSetResult = mFakeUidCounterSetMap.readValue(uid1);
582 ASSERT_TRUE(isOk(counterSetResult));
583 ASSERT_EQ(TEST_COUNTERSET, counterSetResult.value());
584 ASSERT_FALSE(isOk(mFakeUidCounterSetMap.readValue(uid2)));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]585 ASSERT_FALSE(isOk(mFakeStatsMapA.readValue(tagStatsMapKey2)));
Chenbo Feng63ad5592018-01-22 23:14:12 -0800[diff] [blame]586 tagStatsMapKey2.tag = 0;
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]587 ASSERT_FALSE(isOk(mFakeStatsMapA.readValue(tagStatsMapKey2)));
Chenbo Fengbc4a15f2018-05-11 19:15:15 -0700[diff] [blame]588 ASSERT_FALSE(isOk(mFakeAppUidStatsMap.readValue(uid2)));
Chenbo Feng63ad5592018-01-22 23:14:12 -0800[diff] [blame]589 tagStatsMapKey1.tag = 0;
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]590 StatusOr<StatsValue> statsMapResult = mFakeStatsMapA.readValue(tagStatsMapKey1);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]591 ASSERT_TRUE(isOk(statsMapResult));
592 ASSERT_EQ((uint64_t)1, statsMapResult.value().rxPackets);
593 ASSERT_EQ((uint64_t)100, statsMapResult.value().rxBytes);
Chenbo Fengbc4a15f2018-05-11 19:15:15 -0700[diff] [blame]594 auto appStatsResult = mFakeAppUidStatsMap.readValue(uid1);
595 ASSERT_TRUE(isOk(appStatsResult));
596 ASSERT_EQ((uint64_t)1, appStatsResult.value().rxPackets);
597 ASSERT_EQ((uint64_t)100, appStatsResult.value().rxBytes);
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]598
Chenbo Fengef1cab32018-04-13 19:50:49 -0700[diff] [blame]599 // Delete the stats of the other uid.
Chenbo Fengb4a4fa12019-01-09 17:20:45 -0800[diff] [blame]600 ASSERT_EQ(0, mTc.deleteTagData(0, uid1, callingUid));
Chenbo Fengdfc75ef2019-04-15 15:10:27 -0700[diff] [blame]601 ASSERT_FALSE(isOk(mFakeStatsMapA.readValue(tagStatsMapKey1)));
Chenbo Fengbc4a15f2018-05-11 19:15:15 -0700[diff] [blame]602 ASSERT_FALSE(isOk(mFakeAppUidStatsMap.readValue(uid1)));
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]603}
604
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]605TEST_F(TrafficControllerTest, TestUpdateOwnerMapEntry) {
606 SKIP_IF_BPF_NOT_SUPPORTED;
607
608 uint32_t uid = TEST_UID;
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]609 ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(STANDBY_MATCH, uid, DENY, BLACKLIST)));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]610 StatusOr<UidOwnerValue> value = mFakeUidOwnerMap.readValue(uid);
Chenbo Feng4f6c2372018-04-26 10:37:55 -0700[diff] [blame]611 ASSERT_TRUE(isOk(value));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]612 ASSERT_TRUE(value.value().rule & STANDBY_MATCH);
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]613
614 ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(DOZABLE_MATCH, uid, ALLOW, WHITELIST)));
615 value = mFakeUidOwnerMap.readValue(uid);
616 ASSERT_TRUE(isOk(value));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]617 ASSERT_TRUE(value.value().rule & DOZABLE_MATCH);
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]618
619 ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(DOZABLE_MATCH, uid, DENY, WHITELIST)));
620 value = mFakeUidOwnerMap.readValue(uid);
621 ASSERT_TRUE(isOk(value));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]622 ASSERT_FALSE(value.value().rule & DOZABLE_MATCH);
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]623
624 ASSERT_TRUE(isOk(mTc.updateOwnerMapEntry(STANDBY_MATCH, uid, ALLOW, BLACKLIST)));
625 ASSERT_FALSE(isOk(mFakeUidOwnerMap.readValue(uid)));
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]626
627 uid = TEST_UID2;
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]628 ASSERT_FALSE(isOk(mTc.updateOwnerMapEntry(STANDBY_MATCH, uid, ALLOW, BLACKLIST)));
629 ASSERT_FALSE(isOk(mFakeUidOwnerMap.readValue(uid)));
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]630}
631
632TEST_F(TrafficControllerTest, TestChangeUidOwnerRule) {
633 SKIP_IF_BPF_NOT_SUPPORTED;
634
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]635 checkUidOwnerRuleForChain(DOZABLE, DOZABLE_MATCH);
636 checkUidOwnerRuleForChain(STANDBY, STANDBY_MATCH);
637 checkUidOwnerRuleForChain(POWERSAVE, POWERSAVE_MATCH);
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]638 ASSERT_EQ(-EINVAL, mTc.changeUidOwnerRule(NONE, TEST_UID, ALLOW, WHITELIST));
639 ASSERT_EQ(-EINVAL, mTc.changeUidOwnerRule(INVALID_CHAIN, TEST_UID, ALLOW, WHITELIST));
640}
641
642TEST_F(TrafficControllerTest, TestReplaceUidOwnerMap) {
643 SKIP_IF_BPF_NOT_SUPPORTED;
644
645 std::vector<int32_t> uids = {TEST_UID, TEST_UID2, TEST_UID3};
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]646 checkUidMapReplace("fw_dozable", uids, DOZABLE_MATCH);
647 checkUidMapReplace("fw_standby", uids, STANDBY_MATCH);
648 checkUidMapReplace("fw_powersave", uids, POWERSAVE_MATCH);
Chenbo Feng89c12f12018-03-21 10:29:18 -0700[diff] [blame]649 ASSERT_EQ(-EINVAL, mTc.replaceUidOwnerMap("unknow", true, uids));
650}
651
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]652TEST_F(TrafficControllerTest, TestReplaceSameChain) {
653 SKIP_IF_BPF_NOT_SUPPORTED;
654
655 std::vector<int32_t> uids = {TEST_UID, TEST_UID2, TEST_UID3};
656 checkUidMapReplace("fw_dozable", uids, DOZABLE_MATCH);
657 std::vector<int32_t> newUids = {TEST_UID2, TEST_UID3};
658 checkUidMapReplace("fw_dozable", newUids, DOZABLE_MATCH);
659}
660
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]661TEST_F(TrafficControllerTest, TestBlacklistUidMatch) {
662 SKIP_IF_BPF_NOT_SUPPORTED;
663
664 std::vector<std::string> appStrUids = {"1000", "1001", "10012"};
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]665 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReject,
666 BandwidthController::IptOpInsert)));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]667 expectUidOwnerMapValues(appStrUids, PENALTY_BOX_MATCH, 0);
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]668 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReject,
669 BandwidthController::IptOpDelete)));
670 expectMapEmpty(mFakeUidOwnerMap);
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]671}
672
673TEST_F(TrafficControllerTest, TestWhitelistUidMatch) {
674 SKIP_IF_BPF_NOT_SUPPORTED;
675
676 std::vector<std::string> appStrUids = {"1000", "1001", "10012"};
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]677 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn,
678 BandwidthController::IptOpInsert)));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]679 expectUidOwnerMapValues(appStrUids, HAPPY_BOX_MATCH, 0);
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]680 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn,
681 BandwidthController::IptOpDelete)));
682 expectMapEmpty(mFakeUidOwnerMap);
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]683}
684
685TEST_F(TrafficControllerTest, TestReplaceMatchUid) {
Bernie Innocenti093d6622018-07-09 20:52:48 +0900[diff] [blame]686 SKIP_IF_BPF_NOT_SUPPORTED;
687
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]688 std::vector<std::string> appStrUids = {"1000", "1001", "10012"};
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]689 // Add appStrUids to the blacklist and expect that their values are all PENALTY_BOX_MATCH.
690 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReject,
691 BandwidthController::IptOpInsert)));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]692 expectUidOwnerMapValues(appStrUids, PENALTY_BOX_MATCH, 0);
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]693
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]694 // Add the same UIDs to the whitelist and expect that we get PENALTY_BOX_MATCH |
695 // HAPPY_BOX_MATCH.
696 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn,
697 BandwidthController::IptOpInsert)));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]698 expectUidOwnerMapValues(appStrUids, HAPPY_BOX_MATCH | PENALTY_BOX_MATCH, 0);
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]699
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]700 // Remove the same UIDs from the whitelist and check the PENALTY_BOX_MATCH is still there.
701 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn,
702 BandwidthController::IptOpDelete)));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]703 expectUidOwnerMapValues(appStrUids, PENALTY_BOX_MATCH, 0);
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]704
705 // Remove the same UIDs from the blacklist and check the map is empty.
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]706 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReject,
707 BandwidthController::IptOpDelete)));
708 ASSERT_FALSE(isOk(mFakeUidOwnerMap.getFirstKey()));
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]709}
710
711TEST_F(TrafficControllerTest, TestDeleteWrongMatchSilentlyFails) {
Bernie Innocenti093d6622018-07-09 20:52:48 +0900[diff] [blame]712 SKIP_IF_BPF_NOT_SUPPORTED;
713
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]714 std::vector<std::string> appStrUids = {"1000", "1001", "10012"};
715 // If the uid does not exist in the map, trying to delete a rule about it will fail.
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]716 ASSERT_FALSE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn,
717 BandwidthController::IptOpDelete)));
718 expectMapEmpty(mFakeUidOwnerMap);
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]719
720 // Add blacklist rules for appStrUids.
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]721 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReturn,
722 BandwidthController::IptOpInsert)));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]723 expectUidOwnerMapValues(appStrUids, HAPPY_BOX_MATCH, 0);
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]724
725 // Delete (non-existent) blacklist rules for appStrUids, and check that this silently does
726 // nothing if the uid is in the map but does not have blacklist match. This is required because
727 // NetworkManagementService will try to remove a uid from blacklist after adding it to the
728 // whitelist and if the remove fails it will not update the uid status.
Chenbo Feng703798e2018-06-15 17:07:59 -0700[diff] [blame]729 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap(appStrUids, BandwidthController::IptJumpReject,
730 BandwidthController::IptOpDelete)));
Rubin Xuec27ff22019-01-08 21:33:03 +0000[diff] [blame]731 expectUidOwnerMapValues(appStrUids, HAPPY_BOX_MATCH, 0);
732}
733
734TEST_F(TrafficControllerTest, TestAddUidInterfaceFilteringRules) {
735 SKIP_IF_BPF_NOT_SUPPORTED;
736
737 int iif0 = 15;
738 ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif0, {1000, 1001})));
739 expectUidOwnerMapValues({"1000", "1001"}, IIF_MATCH, iif0);
740
741 // Add some non-overlapping new uids. They should coexist with existing rules
742 int iif1 = 16;
743 ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif1, {2000, 2001})));
744 expectUidOwnerMapValues({"1000", "1001"}, IIF_MATCH, iif0);
745 expectUidOwnerMapValues({"2000", "2001"}, IIF_MATCH, iif1);
746
747 // Overwrite some existing uids
748 int iif2 = 17;
749 ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif2, {1000, 2000})));
750 expectUidOwnerMapValues({"1001"}, IIF_MATCH, iif0);
751 expectUidOwnerMapValues({"2001"}, IIF_MATCH, iif1);
752 expectUidOwnerMapValues({"1000", "2000"}, IIF_MATCH, iif2);
753}
754
755TEST_F(TrafficControllerTest, TestRemoveUidInterfaceFilteringRules) {
756 SKIP_IF_BPF_NOT_SUPPORTED;
757
758 int iif0 = 15;
759 int iif1 = 16;
760 ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif0, {1000, 1001})));
761 ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif1, {2000, 2001})));
762 expectUidOwnerMapValues({"1000", "1001"}, IIF_MATCH, iif0);
763 expectUidOwnerMapValues({"2000", "2001"}, IIF_MATCH, iif1);
764
765 // Rmove some uids
766 ASSERT_TRUE(isOk(mTc.removeUidInterfaceRules({1001, 2001})));
767 expectUidOwnerMapValues({"1000"}, IIF_MATCH, iif0);
768 expectUidOwnerMapValues({"2000"}, IIF_MATCH, iif1);
769 checkEachUidValue({1000, 2000}, IIF_MATCH); // Make sure there are only two uids remaining
770
771 // Remove non-existent uids shouldn't fail
772 ASSERT_TRUE(isOk(mTc.removeUidInterfaceRules({2000, 3000})));
773 expectUidOwnerMapValues({"1000"}, IIF_MATCH, iif0);
774 checkEachUidValue({1000}, IIF_MATCH); // Make sure there are only one uid remaining
775
776 // Remove everything
777 ASSERT_TRUE(isOk(mTc.removeUidInterfaceRules({1000})));
778 expectMapEmpty(mFakeUidOwnerMap);
779}
780
781TEST_F(TrafficControllerTest, TestUidInterfaceFilteringRulesCoexistWithExistingMatches) {
782 SKIP_IF_BPF_NOT_SUPPORTED;
783
784 // Set up existing PENALTY_BOX_MATCH rules
785 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap({"1000", "1001", "10012"},
786 BandwidthController::IptJumpReject,
787 BandwidthController::IptOpInsert)));
788 expectUidOwnerMapValues({"1000", "1001", "10012"}, PENALTY_BOX_MATCH, 0);
789
790 // Add some partially-overlapping uid owner rules and check result
791 int iif1 = 32;
792 ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif1, {10012, 10013, 10014})));
793 expectUidOwnerMapValues({"1000", "1001"}, PENALTY_BOX_MATCH, 0);
794 expectUidOwnerMapValues({"10012"}, PENALTY_BOX_MATCH | IIF_MATCH, iif1);
795 expectUidOwnerMapValues({"10013", "10014"}, IIF_MATCH, iif1);
796
797 // Removing some PENALTY_BOX_MATCH rules should not change uid interface rule
798 ASSERT_TRUE(isOk(mTc.updateUidOwnerMap({"1001", "10012"}, BandwidthController::IptJumpReject,
799 BandwidthController::IptOpDelete)));
800 expectUidOwnerMapValues({"1000"}, PENALTY_BOX_MATCH, 0);
801 expectUidOwnerMapValues({"10012", "10013", "10014"}, IIF_MATCH, iif1);
802
803 // Remove all uid interface rules
804 ASSERT_TRUE(isOk(mTc.removeUidInterfaceRules({10012, 10013, 10014})));
805 expectUidOwnerMapValues({"1000"}, PENALTY_BOX_MATCH, 0);
806 // Make sure these are the only uids left
807 checkEachUidValue({1000}, PENALTY_BOX_MATCH);
808}
809
810TEST_F(TrafficControllerTest, TestUidInterfaceFilteringRulesCoexistWithNewMatches) {
811 SKIP_IF_BPF_NOT_SUPPORTED;
812
813 int iif1 = 56;
814 // Set up existing uid interface rules
815 ASSERT_TRUE(isOk(mTc.addUidInterfaceRules(iif1, {10001, 10002})));
816 expectUidOwnerMapValues({"10001", "10002"}, IIF_MATCH, iif1);
817
818 // Add some partially-overlapping doze rules
819 EXPECT_EQ(0, mTc.replaceUidOwnerMap("fw_dozable", true, {10002, 10003}));
820 expectUidOwnerMapValues({"10001"}, IIF_MATCH, iif1);
821 expectUidOwnerMapValues({"10002"}, DOZABLE_MATCH | IIF_MATCH, iif1);
822 expectUidOwnerMapValues({"10003"}, DOZABLE_MATCH, 0);
823
824 // Introduce a third rule type (powersave) on various existing UIDs
825 EXPECT_EQ(0, mTc.replaceUidOwnerMap("fw_powersave", true, {10000, 10001, 10002, 10003}));
826 expectUidOwnerMapValues({"10000"}, POWERSAVE_MATCH, 0);
827 expectUidOwnerMapValues({"10001"}, POWERSAVE_MATCH | IIF_MATCH, iif1);
828 expectUidOwnerMapValues({"10002"}, POWERSAVE_MATCH | DOZABLE_MATCH | IIF_MATCH, iif1);
829 expectUidOwnerMapValues({"10003"}, POWERSAVE_MATCH | DOZABLE_MATCH, 0);
830
831 // Remove all doze rules
832 EXPECT_EQ(0, mTc.replaceUidOwnerMap("fw_dozable", true, {}));
833 expectUidOwnerMapValues({"10000"}, POWERSAVE_MATCH, 0);
834 expectUidOwnerMapValues({"10001"}, POWERSAVE_MATCH | IIF_MATCH, iif1);
835 expectUidOwnerMapValues({"10002"}, POWERSAVE_MATCH | IIF_MATCH, iif1);
836 expectUidOwnerMapValues({"10003"}, POWERSAVE_MATCH, 0);
837
838 // Remove all powersave rules, expect ownerMap to only have uid interface rules left
839 EXPECT_EQ(0, mTc.replaceUidOwnerMap("fw_powersave", true, {}));
840 expectUidOwnerMapValues({"10001", "10002"}, IIF_MATCH, iif1);
841 // Make sure these are the only uids left
842 checkEachUidValue({10001, 10002}, IIF_MATCH);
Chenbo Feng95892f32018-06-07 14:52:02 -0700[diff] [blame]843}
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]844
845TEST_F(TrafficControllerTest, TestGrantInternetPermission) {
846 SKIP_IF_BPF_NOT_SUPPORTED;
847
848 std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3};
849
850 mTc.setPermissionForUids(INetd::PERMISSION_INTERNET, appUids);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]851 expectMapEmpty(mFakeUidPermissionMap);
Chenbo Fengbf660aa2019-02-26 16:12:27 -0800[diff] [blame]852 expectPrivilegedUserSetEmpty();
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]853}
854
855TEST_F(TrafficControllerTest, TestRevokeInternetPermission) {
856 SKIP_IF_BPF_NOT_SUPPORTED;
857
858 std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3};
859
Chenbo Feng84f48cd2019-04-22 15:34:40 -0700[diff] [blame]860 mTc.setPermissionForUids(INetd::PERMISSION_NONE, appUids);
861 expectUidPermissionMapValues(appUids, INetd::PERMISSION_NONE);
Chenbo Fengbf660aa2019-02-26 16:12:27 -0800[diff] [blame]862}
863
864TEST_F(TrafficControllerTest, TestPermissionUninstalled) {
865 SKIP_IF_BPF_NOT_SUPPORTED;
866
867 std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3};
868
869 mTc.setPermissionForUids(INetd::PERMISSION_UPDATE_DEVICE_STATS, appUids);
870 expectUidPermissionMapValues(appUids, INetd::PERMISSION_UPDATE_DEVICE_STATS);
871 expectPrivilegedUserSet(appUids);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]872
873 std::vector<uid_t> uidToRemove = {TEST_UID};
Chenbo Fengbf660aa2019-02-26 16:12:27 -0800[diff] [blame]874 mTc.setPermissionForUids(INetd::PERMISSION_UNINSTALLED, uidToRemove);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]875
876 std::vector<uid_t> uidRemain = {TEST_UID3, TEST_UID2};
Chenbo Fengbf660aa2019-02-26 16:12:27 -0800[diff] [blame]877 expectUidPermissionMapValues(uidRemain, INetd::PERMISSION_UPDATE_DEVICE_STATS);
878 expectPrivilegedUserSet(uidRemain);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]879
Chenbo Fengbf660aa2019-02-26 16:12:27 -0800[diff] [blame]880 mTc.setPermissionForUids(INetd::PERMISSION_UNINSTALLED, uidRemain);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]881 expectMapEmpty(mFakeUidPermissionMap);
Chenbo Fengbf660aa2019-02-26 16:12:27 -0800[diff] [blame]882 expectPrivilegedUserSetEmpty();
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]883}
884
885TEST_F(TrafficControllerTest, TestGrantUpdateStatsPermission) {
886 SKIP_IF_BPF_NOT_SUPPORTED;
887
888 std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3};
889
890 mTc.setPermissionForUids(INetd::PERMISSION_UPDATE_DEVICE_STATS, appUids);
Chenbo Fengbf660aa2019-02-26 16:12:27 -0800[diff] [blame]891 expectUidPermissionMapValues(appUids, INetd::PERMISSION_UPDATE_DEVICE_STATS);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]892 expectPrivilegedUserSet(appUids);
893
Chenbo Feng84f48cd2019-04-22 15:34:40 -0700[diff] [blame]894 mTc.setPermissionForUids(INetd::PERMISSION_NONE, appUids);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]895 expectPrivilegedUserSetEmpty();
Chenbo Feng84f48cd2019-04-22 15:34:40 -0700[diff] [blame]896 expectUidPermissionMapValues(appUids, INetd::PERMISSION_NONE);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]897}
898
899TEST_F(TrafficControllerTest, TestRevokeUpdateStatsPermission) {
900 SKIP_IF_BPF_NOT_SUPPORTED;
901
902 std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3};
903
904 mTc.setPermissionForUids(INetd::PERMISSION_UPDATE_DEVICE_STATS, appUids);
905 expectPrivilegedUserSet(appUids);
906
907 std::vector<uid_t> uidToRemove = {TEST_UID};
Chenbo Feng84f48cd2019-04-22 15:34:40 -0700[diff] [blame]908 mTc.setPermissionForUids(INetd::PERMISSION_NONE, uidToRemove);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]909
910 std::vector<uid_t> uidRemain = {TEST_UID3, TEST_UID2};
911 expectPrivilegedUserSet(uidRemain);
912
Chenbo Feng84f48cd2019-04-22 15:34:40 -0700[diff] [blame]913 mTc.setPermissionForUids(INetd::PERMISSION_NONE, uidRemain);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]914 expectPrivilegedUserSetEmpty();
915}
916
Chenbo Fengbf660aa2019-02-26 16:12:27 -0800[diff] [blame]917TEST_F(TrafficControllerTest, TestGrantWrongPermission) {
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]918 SKIP_IF_BPF_NOT_SUPPORTED;
919
920 std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3};
921
Chenbo Feng84f48cd2019-04-22 15:34:40 -0700[diff] [blame]922 mTc.setPermissionForUids(INetd::PERMISSION_NONE, appUids);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]923 expectPrivilegedUserSetEmpty();
Chenbo Feng84f48cd2019-04-22 15:34:40 -0700[diff] [blame]924 expectUidPermissionMapValues(appUids, INetd::PERMISSION_NONE);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]925}
926
927TEST_F(TrafficControllerTest, TestGrantDuplicatePermissionSlientlyFail) {
928 SKIP_IF_BPF_NOT_SUPPORTED;
929
930 std::vector<uid_t> appUids = {TEST_UID, TEST_UID2, TEST_UID3};
931
932 mTc.setPermissionForUids(INetd::PERMISSION_INTERNET, appUids);
Chenbo Fengbf660aa2019-02-26 16:12:27 -0800[diff] [blame]933 expectMapEmpty(mFakeUidPermissionMap);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]934
935 std::vector<uid_t> uidToAdd = {TEST_UID};
936 mTc.setPermissionForUids(INetd::PERMISSION_INTERNET, uidToAdd);
937
Chenbo Fengbf660aa2019-02-26 16:12:27 -0800[diff] [blame]938 expectPrivilegedUserSetEmpty();
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]939
Chenbo Feng84f48cd2019-04-22 15:34:40 -0700[diff] [blame]940 mTc.setPermissionForUids(INetd::PERMISSION_NONE, appUids);
941 expectUidPermissionMapValues(appUids, INetd::PERMISSION_NONE);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]942
943 mTc.setPermissionForUids(INetd::PERMISSION_UPDATE_DEVICE_STATS, appUids);
944 expectPrivilegedUserSet(appUids);
945
946 mTc.setPermissionForUids(INetd::PERMISSION_UPDATE_DEVICE_STATS, uidToAdd);
947 expectPrivilegedUserSet(appUids);
948
Chenbo Feng84f48cd2019-04-22 15:34:40 -0700[diff] [blame]949 mTc.setPermissionForUids(INetd::PERMISSION_NONE, appUids);
Chenbo Feng48eaed32018-12-26 17:40:21 -0800[diff] [blame]950 expectPrivilegedUserSetEmpty();
951}
952
Chenbo Fenged37fea2017-12-13 19:35:01 -0800[diff] [blame]953} // namespace net
954} // namespace android