From 42e3fa137de84a13443b6c3e8bb37de541410c88 Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Wed, 6 Dec 2017 21:56:35 -0800 Subject: [PATCH] [ipsec-doze] Add fchown to IpSecService to support doze Encap sockets are currently created as the system server, and should be fchown'd to the user for whom it was created on behalf of. Bug: 62994731 Test: New tests added and run to IpSecService Change-Id: Icc49e709ae588981e69765fdb77537d7ffbac5fe --- .../com/android/server/IpSecServiceTest.java | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tests/net/java/com/android/server/IpSecServiceTest.java b/tests/net/java/com/android/server/IpSecServiceTest.java index f38a9a346f..5d1e10eab5 100644 --- a/tests/net/java/com/android/server/IpSecServiceTest.java +++ b/tests/net/java/com/android/server/IpSecServiceTest.java @@ -475,4 +475,26 @@ public class IpSecServiceTest { testIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId); udpEncapResp.fileDescriptor.close(); } + + @Test + public void testOpenUdpEncapsulationSocketCallsSetEncapSocketOwner() throws Exception { + IpSecUdpEncapResponse udpEncapResp = + mIpSecService.openUdpEncapsulationSocket(0, new Binder()); + + FileDescriptor sockFd = udpEncapResp.fileDescriptor.getFileDescriptor(); + ArgumentMatcher fdMatcher = (arg) -> { + try { + StructStat sockStat = Os.fstat(sockFd); + StructStat argStat = Os.fstat(arg); + + return sockStat.st_ino == argStat.st_ino + && sockStat.st_dev == argStat.st_dev; + } catch (ErrnoException e) { + return false; + } + }; + + verify(mMockNetd).ipSecSetEncapSocketOwner(argThat(fdMatcher), eq(Os.getuid())); + mIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId); + } }