LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make Transforms Unidirectional

Browse Source 
am: 3865a008e7

Change-Id: I7e80c75b3b227fdd16479120d8b7203cc5f28d1c
This commit is contained in:
Nathan Harold
2018-01-17 09:37:57 +00:00
committed by android-build-merger
parent 3fbfac269b 3865a008e7
commit 41fe8097ed
4 changed files with 49 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
tests/net/java/android/net/IpSecConfigTest.java
View File

@@ -36,19 +36,16 @@ public class IpSecConfigTest {
public void testDefaults() throws Exception { public void testDefaults() throws Exception {
IpSecConfig c = new IpSecConfig(); IpSecConfig c = new IpSecConfig();
assertEquals(IpSecTransform.MODE_TRANSPORT, c.getMode()); assertEquals(IpSecTransform.MODE_TRANSPORT, c.getMode());
assertEquals("", c.getLocalAddress()); assertEquals("", c.getSourceAddress());
assertEquals("", c.getRemoteAddress()); assertEquals("", c.getDestinationAddress());
assertNull(c.getNetwork()); assertNull(c.getNetwork());
assertEquals(IpSecTransform.ENCAP_NONE, c.getEncapType()); assertEquals(IpSecTransform.ENCAP_NONE, c.getEncapType());
assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getEncapSocketResourceId()); assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getEncapSocketResourceId());
assertEquals(0, c.getEncapRemotePort()); assertEquals(0, c.getEncapRemotePort());
assertEquals(0, c.getNattKeepaliveInterval()); assertEquals(0, c.getNattKeepaliveInterval());
for (int direction : assertNull(c.getEncryption());
new int[] {IpSecTransform.DIRECTION_OUT, IpSecTransform.DIRECTION_IN}) { assertNull(c.getAuthentication());
assertNull(c.getEncryption(direction)); assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getSpiResourceId());
assertNull(c.getAuthentication(direction));
assertEquals(IpSecManager.INVALID_RESOURCE_ID, c.getSpiResourceId(direction));
}
} }
@Test @Test
@@ -57,34 +54,21 @@ public class IpSecConfigTest {
IpSecConfig c = new IpSecConfig(); IpSecConfig c = new IpSecConfig();
c.setMode(IpSecTransform.MODE_TUNNEL); c.setMode(IpSecTransform.MODE_TUNNEL);
c.setLocalAddress("0.0.0.0"); c.setSourceAddress("0.0.0.0");
c.setRemoteAddress("1.2.3.4"); c.setDestinationAddress("1.2.3.4");
c.setEncapType(android.system.OsConstants.UDP_ENCAP_ESPINUDP); c.setEncapType(android.system.OsConstants.UDP_ENCAP_ESPINUDP);
c.setEncapSocketResourceId(7); c.setEncapSocketResourceId(7);
c.setEncapRemotePort(22); c.setEncapRemotePort(22);
c.setNattKeepaliveInterval(42); c.setNattKeepaliveInterval(42);
c.setEncryption( c.setEncryption(
IpSecTransform.DIRECTION_OUT,
new IpSecAlgorithm( new IpSecAlgorithm(
IpSecAlgorithm.CRYPT_AES_CBC, IpSecAlgorithm.CRYPT_AES_CBC,
new byte[] {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF})); new byte[] {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF}));
c.setAuthentication( c.setAuthentication(
IpSecTransform.DIRECTION_OUT,
new IpSecAlgorithm( new IpSecAlgorithm(
IpSecAlgorithm.AUTH_HMAC_MD5, IpSecAlgorithm.AUTH_HMAC_MD5,
new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0})); new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 0}));
c.setSpiResourceId(IpSecTransform.DIRECTION_OUT, 1984); c.setSpiResourceId(1984);
c.setEncryption(
IpSecTransform.DIRECTION_IN,
new IpSecAlgorithm(
IpSecAlgorithm.CRYPT_AES_CBC,
new byte[] {2, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF}));
c.setAuthentication(
IpSecTransform.DIRECTION_IN,
new IpSecAlgorithm(
IpSecAlgorithm.AUTH_HMAC_MD5,
new byte[] {1, 2, 3, 4, 5, 6, 7, 8, 9, 0xA, 0xB, 0xC, 0xD, 0xE, 0xF, 1}));
c.setSpiResourceId(IpSecTransform.DIRECTION_IN, 99);
assertParcelingIsLossless(c); assertParcelingIsLossless(c);
} }

25
tests/net/java/android/net/IpSecManagerTest.java
View File

@@ -81,15 +81,13 @@ public class IpSecManagerTest {
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI); new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI);
when(mMockIpSecService.allocateSecurityParameterIndex( when(mMockIpSecService.allocateSecurityParameterIndex(
eq(IpSecTransform.DIRECTION_IN),
eq(GOOGLE_DNS_4.getHostAddress()), eq(GOOGLE_DNS_4.getHostAddress()),
eq(DROID_SPI), eq(DROID_SPI),
anyObject())) anyObject()))
.thenReturn(spiResp); .thenReturn(spiResp);
IpSecManager.SecurityParameterIndex droidSpi = IpSecManager.SecurityParameterIndex droidSpi =
mIpSecManager.allocateSecurityParameterIndex( mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4, DROID_SPI);
IpSecTransform.DIRECTION_IN, GOOGLE_DNS_4, DROID_SPI);
assertEquals(DROID_SPI, droidSpi.getSpi()); assertEquals(DROID_SPI, droidSpi.getSpi());
droidSpi.close(); droidSpi.close();
@@ -103,15 +101,13 @@ public class IpSecManagerTest {
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI); new IpSecSpiResponse(IpSecManager.Status.OK, resourceId, DROID_SPI);
when(mMockIpSecService.allocateSecurityParameterIndex( when(mMockIpSecService.allocateSecurityParameterIndex(
eq(IpSecTransform.DIRECTION_OUT),
eq(GOOGLE_DNS_4.getHostAddress()), eq(GOOGLE_DNS_4.getHostAddress()),
eq(IpSecManager.INVALID_SECURITY_PARAMETER_INDEX), eq(IpSecManager.INVALID_SECURITY_PARAMETER_INDEX),
anyObject())) anyObject()))
.thenReturn(spiResp); .thenReturn(spiResp);
IpSecManager.SecurityParameterIndex randomSpi = IpSecManager.SecurityParameterIndex randomSpi =
mIpSecManager.allocateSecurityParameterIndex( mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4);
IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4);
assertEquals(DROID_SPI, randomSpi.getSpi()); assertEquals(DROID_SPI, randomSpi.getSpi());
@@ -124,16 +120,15 @@ public class IpSecManagerTest {
* Throws resource unavailable exception * Throws resource unavailable exception
*/ */
@Test @Test
public void testAllocSpiResUnavaiableExeption() throws Exception { public void testAllocSpiResUnavailableException() throws Exception {
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
new IpSecSpiResponse(IpSecManager.Status.RESOURCE_UNAVAILABLE, 0, 0); new IpSecSpiResponse(IpSecManager.Status.RESOURCE_UNAVAILABLE, 0, 0);
when(mMockIpSecService.allocateSecurityParameterIndex( when(mMockIpSecService.allocateSecurityParameterIndex(
anyInt(), anyString(), anyInt(), anyObject())) anyString(), anyInt(), anyObject()))
.thenReturn(spiResp); .thenReturn(spiResp);
try { try {
mIpSecManager.allocateSecurityParameterIndex( mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4);
IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4);
fail("ResourceUnavailableException was not thrown"); fail("ResourceUnavailableException was not thrown");
} catch (IpSecManager.ResourceUnavailableException e) { } catch (IpSecManager.ResourceUnavailableException e) {
} }
@@ -143,15 +138,14 @@ public class IpSecManagerTest {
* Throws spi unavailable exception * Throws spi unavailable exception
*/ */
@Test @Test
public void testAllocSpiSpiUnavaiableExeption() throws Exception { public void testAllocSpiSpiUnavailableException() throws Exception {
IpSecSpiResponse spiResp = new IpSecSpiResponse(IpSecManager.Status.SPI_UNAVAILABLE, 0, 0); IpSecSpiResponse spiResp = new IpSecSpiResponse(IpSecManager.Status.SPI_UNAVAILABLE, 0, 0);
when(mMockIpSecService.allocateSecurityParameterIndex( when(mMockIpSecService.allocateSecurityParameterIndex(
anyInt(), anyString(), anyInt(), anyObject())) anyString(), anyInt(), anyObject()))
.thenReturn(spiResp); .thenReturn(spiResp);
try { try {
mIpSecManager.allocateSecurityParameterIndex( mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4);
IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4);
fail("ResourceUnavailableException was not thrown"); fail("ResourceUnavailableException was not thrown");
} catch (IpSecManager.ResourceUnavailableException e) { } catch (IpSecManager.ResourceUnavailableException e) {
} }
@@ -163,8 +157,7 @@ public class IpSecManagerTest {
@Test @Test
public void testRequestAllocInvalidSpi() throws Exception { public void testRequestAllocInvalidSpi() throws Exception {
try { try {
mIpSecManager.allocateSecurityParameterIndex( mIpSecManager.allocateSecurityParameterIndex(GOOGLE_DNS_4, 0);
IpSecTransform.DIRECTION_OUT, GOOGLE_DNS_4, 0);
fail("Able to allocate invalid spi"); fail("Able to allocate invalid spi");
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
} }

172
tests/net/java/com/android/server/IpSecServiceParameterizedTest.java
View File

@@ -32,7 +32,6 @@ import android.net.IpSecAlgorithm;
import android.net.IpSecConfig; import android.net.IpSecConfig;
import android.net.IpSecManager; import android.net.IpSecManager;
import android.net.IpSecSpiResponse; import android.net.IpSecSpiResponse;
import android.net.IpSecTransform;
import android.net.IpSecTransformResponse; import android.net.IpSecTransformResponse;
import android.net.NetworkUtils; import android.net.NetworkUtils;
import android.os.Binder; import android.os.Binder;
@@ -54,10 +53,9 @@ import org.junit.runners.Parameterized;
@RunWith(Parameterized.class) @RunWith(Parameterized.class)
public class IpSecServiceParameterizedTest { public class IpSecServiceParameterizedTest {
private static final int TEST_SPI_OUT = 0xD1201D; private static final int TEST_SPI = 0xD1201D;
private static final int TEST_SPI_IN = TEST_SPI_OUT + 1;
private final String mRemoteAddr; private final String mDestinationAddr;
@Parameterized.Parameters @Parameterized.Parameters
public static Collection ipSecConfigs() { public static Collection ipSecConfigs() {
@@ -96,11 +94,8 @@ public class IpSecServiceParameterizedTest {
private static final IpSecAlgorithm AEAD_ALGO = private static final IpSecAlgorithm AEAD_ALGO =
new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128); new IpSecAlgorithm(IpSecAlgorithm.AUTH_CRYPT_AES_GCM, AEAD_KEY, 128);
private static final int[] DIRECTIONS =
new int[] {IpSecTransform.DIRECTION_IN, IpSecTransform.DIRECTION_OUT};
public IpSecServiceParameterizedTest(String remoteAddr) { public IpSecServiceParameterizedTest(String remoteAddr) {
mRemoteAddr = remoteAddr; mDestinationAddr = remoteAddr;
} }
@Before @Before
@@ -116,44 +111,30 @@ public class IpSecServiceParameterizedTest {
@Test @Test
public void testIpSecServiceReserveSpi() throws Exception { public void testIpSecServiceReserveSpi() throws Exception {
when(mMockNetd.ipSecAllocateSpi( when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), eq(mDestinationAddr), eq(TEST_SPI)))
anyInt(), .thenReturn(TEST_SPI);
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
eq(mRemoteAddr),
eq(TEST_SPI_OUT)))
.thenReturn(TEST_SPI_OUT);
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder()); mDestinationAddr, TEST_SPI, new Binder());
assertEquals(IpSecManager.Status.OK, spiResp.status); assertEquals(IpSecManager.Status.OK, spiResp.status);
assertEquals(TEST_SPI_OUT, spiResp.spi); assertEquals(TEST_SPI, spiResp.spi);
} }
@Test @Test
public void testReleaseSecurityParameterIndex() throws Exception { public void testReleaseSecurityParameterIndex() throws Exception {
when(mMockNetd.ipSecAllocateSpi( when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), eq(mDestinationAddr), eq(TEST_SPI)))
anyInt(), .thenReturn(TEST_SPI);
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
eq(mRemoteAddr),
eq(TEST_SPI_OUT)))
.thenReturn(TEST_SPI_OUT);
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder()); mDestinationAddr, TEST_SPI, new Binder());
mIpSecService.releaseSecurityParameterIndex(spiResp.resourceId); mIpSecService.releaseSecurityParameterIndex(spiResp.resourceId);
verify(mMockNetd) verify(mMockNetd)
.ipSecDeleteSecurityAssociation( .ipSecDeleteSecurityAssociation(
eq(spiResp.resourceId), eq(spiResp.resourceId), anyString(), anyString(), eq(TEST_SPI));
anyInt(),
anyString(),
anyString(),
eq(TEST_SPI_OUT));
// Verify quota and RefcountedResource objects cleaned up // Verify quota and RefcountedResource objects cleaned up
IpSecService.UserRecord userRecord = IpSecService.UserRecord userRecord =
@@ -169,17 +150,12 @@ public class IpSecServiceParameterizedTest {
@Test @Test
public void testSecurityParameterIndexBinderDeath() throws Exception { public void testSecurityParameterIndexBinderDeath() throws Exception {
when(mMockNetd.ipSecAllocateSpi( when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), eq(mDestinationAddr), eq(TEST_SPI)))
anyInt(), .thenReturn(TEST_SPI);
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
eq(mRemoteAddr),
eq(TEST_SPI_OUT)))
.thenReturn(TEST_SPI_OUT);
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT, new Binder()); mDestinationAddr, TEST_SPI, new Binder());
IpSecService.UserRecord userRecord = IpSecService.UserRecord userRecord =
mIpSecService.mUserResourceTracker.getUserRecord(Os.getuid()); mIpSecService.mUserResourceTracker.getUserRecord(Os.getuid());
@@ -190,11 +166,7 @@ public class IpSecServiceParameterizedTest {
verify(mMockNetd) verify(mMockNetd)
.ipSecDeleteSecurityAssociation( .ipSecDeleteSecurityAssociation(
eq(spiResp.resourceId), eq(spiResp.resourceId), anyString(), anyString(), eq(TEST_SPI));
anyInt(),
anyString(),
anyString(),
eq(TEST_SPI_OUT));
// Verify quota and RefcountedResource objects cleaned up // Verify quota and RefcountedResource objects cleaned up
assertEquals(0, userRecord.mSpiQuotaTracker.mCurrent); assertEquals(0, userRecord.mSpiQuotaTracker.mCurrent);
@@ -206,14 +178,12 @@ public class IpSecServiceParameterizedTest {
} }
} }
private int getNewSpiResourceId(int direction, String remoteAddress, int returnSpi) private int getNewSpiResourceId(String remoteAddress, int returnSpi) throws Exception {
throws Exception { when(mMockNetd.ipSecAllocateSpi(anyInt(), anyString(), anyString(), anyInt()))
when(mMockNetd.ipSecAllocateSpi(anyInt(), anyInt(), anyString(), anyString(), anyInt()))
.thenReturn(returnSpi); .thenReturn(returnSpi);
IpSecSpiResponse spi = IpSecSpiResponse spi =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
direction,
NetworkUtils.numericToInetAddress(remoteAddress).getHostAddress(), NetworkUtils.numericToInetAddress(remoteAddress).getHostAddress(),
IpSecManager.INVALID_SECURITY_PARAMETER_INDEX, IpSecManager.INVALID_SECURITY_PARAMETER_INDEX,
new Binder()); new Binder());
@@ -221,20 +191,13 @@ public class IpSecServiceParameterizedTest {
} }
private void addDefaultSpisAndRemoteAddrToIpSecConfig(IpSecConfig config) throws Exception { private void addDefaultSpisAndRemoteAddrToIpSecConfig(IpSecConfig config) throws Exception {
config.setSpiResourceId( config.setSpiResourceId(getNewSpiResourceId(mDestinationAddr, TEST_SPI));
IpSecTransform.DIRECTION_OUT, config.setDestinationAddress(mDestinationAddr);
getNewSpiResourceId(IpSecTransform.DIRECTION_OUT, mRemoteAddr, TEST_SPI_OUT));
config.setSpiResourceId(
IpSecTransform.DIRECTION_IN,
getNewSpiResourceId(IpSecTransform.DIRECTION_IN, mRemoteAddr, TEST_SPI_IN));
config.setRemoteAddress(mRemoteAddr);
} }
private void addAuthAndCryptToIpSecConfig(IpSecConfig config) throws Exception { private void addAuthAndCryptToIpSecConfig(IpSecConfig config) throws Exception {
for (int direction : DIRECTIONS) { config.setEncryption(CRYPT_ALGO);
config.setEncryption(direction, CRYPT_ALGO); config.setAuthentication(AUTH_ALGO);
config.setAuthentication(direction, AUTH_ALGO);
}
} }
@Test @Test
@@ -251,32 +214,10 @@ public class IpSecServiceParameterizedTest {
.ipSecAddSecurityAssociation( .ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId), eq(createTransformResp.resourceId),
anyInt(), anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(), anyString(),
anyString(), anyString(),
anyLong(), anyLong(),
eq(TEST_SPI_OUT), eq(TEST_SPI),
eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
eq(AUTH_KEY),
anyInt(),
eq(IpSecAlgorithm.CRYPT_AES_CBC),
eq(CRYPT_KEY),
anyInt(),
eq(""),
eq(new byte[] {}),
eq(0),
anyInt(),
anyInt(),
anyInt());
verify(mMockNetd)
.ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId),
anyInt(),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
anyLong(),
eq(TEST_SPI_IN),
eq(IpSecAlgorithm.AUTH_HMAC_SHA256), eq(IpSecAlgorithm.AUTH_HMAC_SHA256),
eq(AUTH_KEY), eq(AUTH_KEY),
anyInt(), anyInt(),
@@ -296,8 +237,7 @@ public class IpSecServiceParameterizedTest {
IpSecConfig ipSecConfig = new IpSecConfig(); IpSecConfig ipSecConfig = new IpSecConfig();
addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig); addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
ipSecConfig.setAuthenticatedEncryption(IpSecTransform.DIRECTION_OUT, AEAD_ALGO); ipSecConfig.setAuthenticatedEncryption(AEAD_ALGO);
ipSecConfig.setAuthenticatedEncryption(IpSecTransform.DIRECTION_IN, AEAD_ALGO);
IpSecTransformResponse createTransformResp = IpSecTransformResponse createTransformResp =
mIpSecService.createTransportModeTransform(ipSecConfig, new Binder()); mIpSecService.createTransportModeTransform(ipSecConfig, new Binder());
@@ -307,32 +247,10 @@ public class IpSecServiceParameterizedTest {
.ipSecAddSecurityAssociation( .ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId), eq(createTransformResp.resourceId),
anyInt(), anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(), anyString(),
anyString(), anyString(),
anyLong(), anyLong(),
eq(TEST_SPI_OUT), eq(TEST_SPI),
eq(""),
eq(new byte[] {}),
eq(0),
eq(""),
eq(new byte[] {}),
eq(0),
eq(IpSecAlgorithm.AUTH_CRYPT_AES_GCM),
eq(AEAD_KEY),
anyInt(),
anyInt(),
anyInt(),
anyInt());
verify(mMockNetd)
.ipSecAddSecurityAssociation(
eq(createTransformResp.resourceId),
anyInt(),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
anyLong(),
eq(TEST_SPI_IN),
eq(""), eq(""),
eq(new byte[] {}), eq(new byte[] {}),
eq(0), eq(0),
@@ -359,18 +277,7 @@ public class IpSecServiceParameterizedTest {
verify(mMockNetd) verify(mMockNetd)
.ipSecDeleteSecurityAssociation( .ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId), eq(createTransformResp.resourceId), anyString(), anyString(), eq(TEST_SPI));
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
anyString(),
eq(TEST_SPI_OUT));
verify(mMockNetd)
.ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
eq(TEST_SPI_IN));
// Verify quota and RefcountedResource objects cleaned up // Verify quota and RefcountedResource objects cleaned up
IpSecService.UserRecord userRecord = IpSecService.UserRecord userRecord =
@@ -404,18 +311,7 @@ public class IpSecServiceParameterizedTest {
verify(mMockNetd) verify(mMockNetd)
.ipSecDeleteSecurityAssociation( .ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId), eq(createTransformResp.resourceId), anyString(), anyString(), eq(TEST_SPI));
eq(IpSecTransform.DIRECTION_OUT),
anyString(),
anyString(),
eq(TEST_SPI_OUT));
verify(mMockNetd)
.ipSecDeleteSecurityAssociation(
eq(createTransformResp.resourceId),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
eq(TEST_SPI_IN));
// Verify quota and RefcountedResource objects cleaned up // Verify quota and RefcountedResource objects cleaned up
assertEquals(0, userRecord.mTransformQuotaTracker.mCurrent); assertEquals(0, userRecord.mTransformQuotaTracker.mCurrent);
@@ -439,30 +335,22 @@ public class IpSecServiceParameterizedTest {
ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket()); ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
int resourceId = createTransformResp.resourceId; int resourceId = createTransformResp.resourceId;
mIpSecService.applyTransportModeTransform(pfd, resourceId); mIpSecService.applyTransportModeTransform(pfd, IpSecManager.DIRECTION_OUT, resourceId);
verify(mMockNetd) verify(mMockNetd)
.ipSecApplyTransportModeTransform( .ipSecApplyTransportModeTransform(
eq(pfd.getFileDescriptor()), eq(pfd.getFileDescriptor()),
eq(resourceId), eq(resourceId),
eq(IpSecTransform.DIRECTION_OUT), eq(IpSecManager.DIRECTION_OUT),
anyString(), anyString(),
anyString(), anyString(),
eq(TEST_SPI_OUT)); eq(TEST_SPI));
verify(mMockNetd)
.ipSecApplyTransportModeTransform(
eq(pfd.getFileDescriptor()),
eq(resourceId),
eq(IpSecTransform.DIRECTION_IN),
anyString(),
anyString(),
eq(TEST_SPI_IN));
} }
@Test @Test
public void testRemoveTransportModeTransform() throws Exception { public void testRemoveTransportModeTransform() throws Exception {
ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket()); ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
mIpSecService.removeTransportModeTransform(pfd, 1); mIpSecService.removeTransportModeTransforms(pfd, 1);
verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor()); verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor());
} }

8
tests/net/java/com/android/server/IpSecServiceTest.java
View File

@@ -434,7 +434,7 @@ public class IpSecServiceTest {
@Test @Test
public void testRemoveTransportModeTransform() throws Exception { public void testRemoveTransportModeTransform() throws Exception {
ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket()); ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket());
mIpSecService.removeTransportModeTransform(pfd, 1); mIpSecService.removeTransportModeTransforms(pfd, 1);
verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor()); verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor());
} }
@@ -447,7 +447,7 @@ public class IpSecServiceTest {
try { try {
IpSecSpiResponse spiResp = IpSecSpiResponse spiResp =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
IpSecTransform.DIRECTION_OUT, address, DROID_SPI, new Binder()); address, DROID_SPI, new Binder());
fail("Invalid address was passed through IpSecService validation: " + address); fail("Invalid address was passed through IpSecService validation: " + address);
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
} catch (Exception e) { } catch (Exception e) {
@@ -519,7 +519,6 @@ public class IpSecServiceTest {
// tracks the resource ID. // tracks the resource ID.
when(mMockNetd.ipSecAllocateSpi( when(mMockNetd.ipSecAllocateSpi(
anyInt(), anyInt(),
eq(IpSecTransform.DIRECTION_OUT),
anyString(), anyString(),
eq(InetAddress.getLoopbackAddress().getHostAddress()), eq(InetAddress.getLoopbackAddress().getHostAddress()),
anyInt())) anyInt()))
@@ -528,7 +527,6 @@ public class IpSecServiceTest {
for (int i = 0; i < MAX_NUM_SPIS; i++) { for (int i = 0; i < MAX_NUM_SPIS; i++) {
IpSecSpiResponse newSpi = IpSecSpiResponse newSpi =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
0x1,
InetAddress.getLoopbackAddress().getHostAddress(), InetAddress.getLoopbackAddress().getHostAddress(),
DROID_SPI + i, DROID_SPI + i,
new Binder()); new Binder());
@@ -544,7 +542,6 @@ public class IpSecServiceTest {
// Try to reserve one more SPI, and should fail. // Try to reserve one more SPI, and should fail.
IpSecSpiResponse extraSpi = IpSecSpiResponse extraSpi =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
0x1,
InetAddress.getLoopbackAddress().getHostAddress(), InetAddress.getLoopbackAddress().getHostAddress(),
DROID_SPI + MAX_NUM_SPIS, DROID_SPI + MAX_NUM_SPIS,
new Binder()); new Binder());
@@ -558,7 +555,6 @@ public class IpSecServiceTest {
// Should successfully reserve one more spi. // Should successfully reserve one more spi.
extraSpi = extraSpi =
mIpSecService.allocateSecurityParameterIndex( mIpSecService.allocateSecurityParameterIndex(
0x1,
InetAddress.getLoopbackAddress().getHostAddress(), InetAddress.getLoopbackAddress().getHostAddress(),
DROID_SPI + MAX_NUM_SPIS, DROID_SPI + MAX_NUM_SPIS,
new Binder()); new Binder());