From 3e4e37a38b508ded0a6e025b7bc615d297e0f556 Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Wed, 6 Dec 2017 21:56:35 -0800 Subject: [PATCH] [ipsec-doze] Add fchown to IpSecService to support doze Encap sockets are currently created as the system server, and should be fchown'd to the user for whom it was created on behalf of. Bug: 62994731 Test: New tests added and run to IpSecService Change-Id: Icc49e709ae588981e69765fdb77537d7ffbac5fe --- .../com/android/server/IpSecServiceTest.java | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tests/net/java/com/android/server/IpSecServiceTest.java b/tests/net/java/com/android/server/IpSecServiceTest.java index f38a9a346f..5d1e10eab5 100644 --- a/tests/net/java/com/android/server/IpSecServiceTest.java +++ b/tests/net/java/com/android/server/IpSecServiceTest.java @@ -475,4 +475,26 @@ public class IpSecServiceTest { testIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId); udpEncapResp.fileDescriptor.close(); } + + @Test + public void testOpenUdpEncapsulationSocketCallsSetEncapSocketOwner() throws Exception { + IpSecUdpEncapResponse udpEncapResp = + mIpSecService.openUdpEncapsulationSocket(0, new Binder()); + + FileDescriptor sockFd = udpEncapResp.fileDescriptor.getFileDescriptor(); + ArgumentMatcher fdMatcher = (arg) -> { + try { + StructStat sockStat = Os.fstat(sockFd); + StructStat argStat = Os.fstat(arg); + + return sockStat.st_ino == argStat.st_ino + && sockStat.st_dev == argStat.st_dev; + } catch (ErrnoException e) { + return false; + } + }; + + verify(mMockNetd).ipSecSetEncapSocketOwner(argThat(fdMatcher), eq(Os.getuid())); + mIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId); + } }