Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / b8087363143050d214d48e5620a330776ca95a69 / . / tests / binder_test.cpp
blob: 94cc535ad7abf8c4c23ffe89e4a8ae345afc3d36 [file] [log] [blame]
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]1/*
2 * Copyright 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * binder_test.cpp - unit tests for netd binder RPCs.
17 */
18
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame^]19#include <cerrno>
20#include <cinttypes>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]21#include <cstdint>
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]22#include <cstdio>
23#include <cstdlib>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]24#include <vector>
25
26#include <android-base/stringprintf.h>
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]27#include <android-base/strings.h>
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame^]28#include <cutils/multiuser.h>
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]29#include <gtest/gtest.h>
30#include <logwrap/logwrap.h>
31
32#include "NetdConstants.h"
33#include "android/net/INetd.h"
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame^]34#include "android/net/UidRange.h"
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]35#include "binder/IServiceManager.h"
36
37using namespace android;
38using namespace android::base;
39using namespace android::binder;
40using android::net::INetd;
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame^]41using android::net::UidRange;
42
43static const char* IP_RULE_V4 = "-4";
44static const char* IP_RULE_V6 = "-6";
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]45
46class BinderTest : public ::testing::Test {
47
48public:
49 BinderTest() {
50 sp<IServiceManager> sm = defaultServiceManager();
51 sp<IBinder> binder = sm->getService(String16("netd"));
52 if (binder != nullptr) {
53 mNetd = interface_cast<INetd>(binder);
54 }
55 }
56
57 void SetUp() {
58 ASSERT_NE(nullptr, mNetd.get());
59 }
60
61protected:
62 sp<INetd> mNetd;
63};
64
65
Lorenzo Colitti699aa992016-04-15 10:22:37 +0900[diff] [blame]66class TimedOperation : public Stopwatch {
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]67public:
Lorenzo Colitti699aa992016-04-15 10:22:37 +0900[diff] [blame]68 TimedOperation(std::string name): mName(name) {}
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]69 virtual ~TimedOperation() {
Lorenzo Colitti699aa992016-04-15 10:22:37 +0900[diff] [blame]70 fprintf(stderr, " %s: %6.1f ms\n", mName.c_str(), timeTaken());
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]71 }
72
73private:
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]74 std::string mName;
75};
76
77TEST_F(BinderTest, TestIsAlive) {
78 TimedOperation t("isAlive RPC");
79 bool isAlive = false;
80 mNetd->isAlive(&isAlive);
81 ASSERT_TRUE(isAlive);
82}
83
84static int randomUid() {
85 return 100000 * arc4random_uniform(7) + 10000 + arc4random_uniform(5000);
86}
87
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame^]88static std::vector<std::string> runCommand(const std::string& command) {
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]89 std::vector<std::string> lines;
90 FILE *f;
91
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]92 if ((f = popen(command.c_str(), "r")) == nullptr) {
93 perror("popen");
94 return lines;
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]95 }
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]96
97 char *line = nullptr;
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame^]98 size_t bufsize = 0;
99 ssize_t linelen = 0;
100 while ((linelen = getline(&line, &bufsize, f)) >= 0) {
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]101 lines.push_back(std::string(line, linelen));
102 free(line);
103 line = nullptr;
104 }
105
106 pclose(f);
107 return lines;
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]108}
109
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame^]110static std::vector<std::string> listIpRules(const char *ipVersion) {
111 std::string command = StringPrintf("%s %s rule list", IP_PATH, ipVersion);
112 return runCommand(command);
113}
114
115static std::vector<std::string> listIptablesRule(const char *binary, const char *chainName) {
116 std::string command = StringPrintf("%s -n -L %s", binary, chainName);
117 return runCommand(command);
118}
119
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]120static int iptablesRuleLineLength(const char *binary, const char *chainName) {
121 return listIptablesRule(binary, chainName).size();
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]122}
123
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]124TEST_F(BinderTest, TestFirewallReplaceUidChain) {
125 std::string chainName = StringPrintf("netd_binder_test_%u", arc4random_uniform(10000));
126 const int kNumUids = 500;
127 std::vector<int32_t> noUids(0);
128 std::vector<int32_t> uids(kNumUids);
129 for (int i = 0; i < kNumUids; i++) {
130 uids[i] = randomUid();
131 }
132
133 bool ret;
134 {
135 TimedOperation op(StringPrintf("Programming %d-UID whitelist chain", kNumUids));
136 mNetd->firewallReplaceUidChain(String16(chainName.c_str()), true, uids, &ret);
137 }
138 EXPECT_EQ(true, ret);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]139 EXPECT_EQ((int) uids.size() + 4, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str()));
140 EXPECT_EQ((int) uids.size() + 4, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str()));
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]141 {
142 TimedOperation op("Clearing whitelist chain");
143 mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, noUids, &ret);
144 }
145 EXPECT_EQ(true, ret);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]146 EXPECT_EQ(2, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str()));
147 EXPECT_EQ(2, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str()));
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]148
149 {
150 TimedOperation op(StringPrintf("Programming %d-UID blacklist chain", kNumUids));
151 mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, uids, &ret);
152 }
153 EXPECT_EQ(true, ret);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]154 EXPECT_EQ((int) uids.size() + 3, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str()));
155 EXPECT_EQ((int) uids.size() + 3, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str()));
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]156
157 {
158 TimedOperation op("Clearing blacklist chain");
159 mNetd->firewallReplaceUidChain(String16(chainName.c_str()), false, noUids, &ret);
160 }
161 EXPECT_EQ(true, ret);
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]162 EXPECT_EQ(2, iptablesRuleLineLength(IPTABLES_PATH, chainName.c_str()));
163 EXPECT_EQ(2, iptablesRuleLineLength(IP6TABLES_PATH, chainName.c_str()));
Lorenzo Colitti89faa342016-02-26 11:38:47 +0900[diff] [blame]164
165 // Check that the call fails if iptables returns an error.
166 std::string veryLongStringName = "netd_binder_test_UnacceptablyLongIptablesChainName";
167 mNetd->firewallReplaceUidChain(String16(veryLongStringName.c_str()), true, noUids, &ret);
168 EXPECT_EQ(false, ret);
169}
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]170
171static int bandwidthDataSaverEnabled(const char *binary) {
Lorenzo Colitti464eabe2016-03-25 13:38:19 +0900[diff] [blame]172 std::vector<std::string> lines = listIptablesRule(binary, "bw_data_saver");
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]173
174 // Output looks like this:
175 //
Lorenzo Colitti464eabe2016-03-25 13:38:19 +0900[diff] [blame]176 // Chain bw_data_saver (1 references)
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]177 // target prot opt source destination
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]178 // RETURN all -- 0.0.0.0/0 0.0.0.0/0
Lorenzo Colitti464eabe2016-03-25 13:38:19 +0900[diff] [blame]179 EXPECT_EQ(3U, lines.size());
180 if (lines.size() != 3) return -1;
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]181
Lorenzo Colitti464eabe2016-03-25 13:38:19 +0900[diff] [blame]182 EXPECT_TRUE(android::base::StartsWith(lines[2], "RETURN ") ||
183 android::base::StartsWith(lines[2], "REJECT "));
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]184
Lorenzo Colitti464eabe2016-03-25 13:38:19 +0900[diff] [blame]185 return android::base::StartsWith(lines[2], "REJECT");
Lorenzo Colittidedd2712016-03-22 12:36:29 +0900[diff] [blame]186}
187
188bool enableDataSaver(sp<INetd>& netd, bool enable) {
189 TimedOperation op(enable ? " Enabling data saver" : "Disabling data saver");
190 bool ret;
191 netd->bandwidthEnableDataSaver(enable, &ret);
192 return ret;
193}
194
195int getDataSaverState() {
196 const int enabled4 = bandwidthDataSaverEnabled(IPTABLES_PATH);
197 const int enabled6 = bandwidthDataSaverEnabled(IP6TABLES_PATH);
198 EXPECT_EQ(enabled4, enabled6);
199 EXPECT_NE(-1, enabled4);
200 EXPECT_NE(-1, enabled6);
201 if (enabled4 != enabled6 || (enabled6 != 0 && enabled6 != 1)) {
202 return -1;
203 }
204 return enabled6;
205}
206
207TEST_F(BinderTest, TestBandwidthEnableDataSaver) {
208 const int wasEnabled = getDataSaverState();
209 ASSERT_NE(-1, wasEnabled);
210
211 if (wasEnabled) {
212 ASSERT_TRUE(enableDataSaver(mNetd, false));
213 EXPECT_EQ(0, getDataSaverState());
214 }
215
216 ASSERT_TRUE(enableDataSaver(mNetd, false));
217 EXPECT_EQ(0, getDataSaverState());
218
219 ASSERT_TRUE(enableDataSaver(mNetd, true));
220 EXPECT_EQ(1, getDataSaverState());
221
222 ASSERT_TRUE(enableDataSaver(mNetd, true));
223 EXPECT_EQ(1, getDataSaverState());
224
225 if (!wasEnabled) {
226 ASSERT_TRUE(enableDataSaver(mNetd, false));
227 EXPECT_EQ(0, getDataSaverState());
228 }
229}
Robin Leeb8087362016-03-30 18:43:08 +0100[diff] [blame^]230
231static bool ipRuleExistsForRange(const uint32_t priority, const UidRange& range,
232 const std::string& action, const char* ipVersion) {
233 // Output looks like this:
234 // "11500:\tfrom all fwmark 0x0/0x20000 iif lo uidrange 1000-2000 prohibit"
235 std::vector<std::string> rules = listIpRules(ipVersion);
236
237 std::string prefix = StringPrintf("%" PRIu32 ":", priority);
238 std::string suffix = StringPrintf(" iif lo uidrange %d-%d %s\n",
239 range.getStart(), range.getStop(), action.c_str());
240 for (std::string line : rules) {
241 if (android::base::StartsWith(line, prefix.c_str())
242 && android::base::EndsWith(line, suffix.c_str())) {
243 return true;
244 }
245 }
246 return false;
247}
248
249static bool ipRuleExistsForRange(const uint32_t priority, const UidRange& range,
250 const std::string& action) {
251 bool existsIp4 = ipRuleExistsForRange(priority, range, action, IP_RULE_V4);
252 bool existsIp6 = ipRuleExistsForRange(priority, range, action, IP_RULE_V6);
253 EXPECT_EQ(existsIp4, existsIp6);
254 return existsIp4;
255}
256
257TEST_F(BinderTest, TestNetworkRejectNonSecureVpn) {
258 constexpr uint32_t RULE_PRIORITY = 11500;
259
260 constexpr int baseUid = MULTIUSER_APP_PER_USER_RANGE * 5;
261 std::vector<UidRange> uidRanges = {
262 {baseUid + 150, baseUid + 224},
263 {baseUid + 226, baseUid + 300}
264 };
265
266 const std::vector<std::string> initialRulesV4 = listIpRules(IP_RULE_V4);
267 const std::vector<std::string> initialRulesV6 = listIpRules(IP_RULE_V6);
268
269 // Create two valid rules.
270 ASSERT_TRUE(mNetd->networkRejectNonSecureVpn(true, uidRanges).isOk());
271 EXPECT_EQ(initialRulesV4.size() + 2, listIpRules(IP_RULE_V4).size());
272 EXPECT_EQ(initialRulesV6.size() + 2, listIpRules(IP_RULE_V6).size());
273 for (auto const& range : uidRanges) {
274 EXPECT_TRUE(ipRuleExistsForRange(RULE_PRIORITY, range, "prohibit"));
275 }
276
277 // Remove the rules.
278 ASSERT_TRUE(mNetd->networkRejectNonSecureVpn(false, uidRanges).isOk());
279 EXPECT_EQ(initialRulesV4.size(), listIpRules(IP_RULE_V4).size());
280 EXPECT_EQ(initialRulesV6.size(), listIpRules(IP_RULE_V6).size());
281 for (auto const& range : uidRanges) {
282 EXPECT_FALSE(ipRuleExistsForRange(RULE_PRIORITY, range, "prohibit"));
283 }
284
285 // Fail to remove the rules a second time after they are already deleted.
286 binder::Status status = mNetd->networkRejectNonSecureVpn(false, uidRanges);
287 ASSERT_EQ(binder::Status::EX_SERVICE_SPECIFIC, status.exceptionCode());
288 EXPECT_EQ(ENOENT, status.serviceSpecificErrorCode());
289
290 // All rules should be the same as before.
291 EXPECT_EQ(initialRulesV4, listIpRules(IP_RULE_V4));
292 EXPECT_EQ(initialRulesV6, listIpRules(IP_RULE_V6));
293}