147 lines
4.6 KiB
C++
147 lines
4.6 KiB
C++
/*
|
|
* Copyright (C) 2019 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#include <poll.h> /* poll */
|
|
#include <sys/socket.h>
|
|
|
|
#include <thread>
|
|
|
|
#include <android-base/parseint.h>
|
|
#include <android-base/unique_fd.h>
|
|
#include <gtest/gtest.h>
|
|
|
|
#include "NetdClient.h"
|
|
#include "netdclient_priv.h"
|
|
|
|
namespace {
|
|
|
|
// Keep in sync with FrameworkListener.cpp (500, "Command not recognized")
|
|
constexpr char NOT_SUPPORT_MSG[] = "500 Command not recognized";
|
|
|
|
int openDnsProxyFuncStub() {
|
|
return -1;
|
|
};
|
|
|
|
typedef int (*DnsOpenProxyType)();
|
|
typedef int (*SocketFunctionType)(int, int, int);
|
|
|
|
DnsOpenProxyType openDnsProxyFuncPtr = openDnsProxyFuncStub;
|
|
SocketFunctionType socketFuncPtr = socket;
|
|
|
|
void serverLoop(int dnsProxyFd) {
|
|
while (true) {
|
|
pollfd fds[1] = {{.fd = dnsProxyFd, .events = POLLIN}};
|
|
enum { SERVERFD = 0 };
|
|
|
|
int poll_result = TEMP_FAILURE_RETRY(poll(fds, std::size(fds), -1));
|
|
ASSERT_GT(poll_result, 0);
|
|
|
|
if (fds[SERVERFD].revents & POLLERR) return;
|
|
if (fds[SERVERFD].revents & POLLIN) {
|
|
char buf[4096];
|
|
TEMP_FAILURE_RETRY(read(fds[SERVERFD].fd, &buf, sizeof(buf)));
|
|
// TODO: verify command
|
|
TEMP_FAILURE_RETRY(write(fds[SERVERFD].fd, NOT_SUPPORT_MSG, sizeof(NOT_SUPPORT_MSG)));
|
|
}
|
|
}
|
|
}
|
|
|
|
void expectAllowNetworkingForProcess() {
|
|
// netdClientSocket
|
|
android::base::unique_fd ipv4(socketFuncPtr(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0)),
|
|
ipv6(socketFuncPtr(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0));
|
|
EXPECT_LE(3, ipv4);
|
|
EXPECT_LE(3, ipv6);
|
|
|
|
// dns_open_proxy
|
|
android::base::unique_fd dnsproxydSocket(openDnsProxyFuncPtr());
|
|
EXPECT_LE(3, dnsproxydSocket);
|
|
}
|
|
|
|
void expectNotAllowNetworkingForProcess() {
|
|
// netdClientSocket
|
|
android::base::unique_fd unixSocket(socketFuncPtr(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0));
|
|
EXPECT_LE(3, unixSocket);
|
|
android::base::unique_fd ipv4(socketFuncPtr(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0));
|
|
EXPECT_EQ(-1, ipv4);
|
|
EXPECT_EQ(errno, EPERM);
|
|
android::base::unique_fd ipv6(socketFuncPtr(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0));
|
|
EXPECT_EQ(-1, ipv6);
|
|
EXPECT_EQ(errno, EPERM);
|
|
|
|
// dns_open_proxy
|
|
android::base::unique_fd dnsproxydSocket(openDnsProxyFuncPtr());
|
|
EXPECT_EQ(-1, dnsproxydSocket);
|
|
EXPECT_EQ(errno, EPERM);
|
|
}
|
|
|
|
} // namespace
|
|
|
|
TEST(NetdClientTest, getNetworkForDnsInternal) {
|
|
// Test invalid fd
|
|
unsigned dnsNetId = 0;
|
|
const int invalidFd = -1;
|
|
EXPECT_EQ(-EBADF, getNetworkForDnsInternal(invalidFd, &dnsNetId));
|
|
|
|
// Test what the client does if the resolver does not support the "getdnsnetid" command.
|
|
android::base::unique_fd clientFd, serverFd;
|
|
ASSERT_TRUE(android::base::Socketpair(AF_UNIX, &clientFd, &serverFd));
|
|
|
|
std::thread serverThread = std::thread(serverLoop, serverFd.get());
|
|
|
|
EXPECT_EQ(-EOPNOTSUPP, getNetworkForDnsInternal(clientFd.get(), &dnsNetId));
|
|
|
|
clientFd.reset(); // Causes serverLoop() to exit
|
|
serverThread.join();
|
|
}
|
|
|
|
TEST(NetdClientTest, getNetworkForDns) {
|
|
// Test null input
|
|
unsigned* testNull = nullptr;
|
|
EXPECT_EQ(-EFAULT, getNetworkForDns(testNull));
|
|
}
|
|
|
|
TEST(NetdClientTest, protectFromVpnBadFd) {
|
|
EXPECT_EQ(-EBADF, protectFromVpn(-1));
|
|
}
|
|
|
|
TEST(NetdClientTest, protectFromVpnUnixStream) {
|
|
int s = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
|
|
ASSERT_GE(s, 3);
|
|
EXPECT_EQ(-EAFNOSUPPORT, protectFromVpn(s));
|
|
close(s);
|
|
}
|
|
|
|
TEST(NetdClientTest, protectFromVpnTcp6) {
|
|
int s = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
|
|
ASSERT_GE(s, 3);
|
|
EXPECT_EQ(0, protectFromVpn(s));
|
|
close(s);
|
|
}
|
|
|
|
TEST(NetdClientTest, setAllowNetworkingForProcess) {
|
|
netdClientInitDnsOpenProxy(&openDnsProxyFuncPtr);
|
|
netdClientInitSocket(&socketFuncPtr);
|
|
// At the beginning, we should be able to use socket since the default setting is allowing.
|
|
expectAllowNetworkingForProcess();
|
|
// Disable
|
|
setAllowNetworkingForProcess(false);
|
|
expectNotAllowNetworkingForProcess();
|
|
// Reset
|
|
setAllowNetworkingForProcess(true);
|
|
expectAllowNetworkingForProcess();
|
|
}
|