From 458bdc8532474678b6e696f788efa2be868f7113 Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Mon, 12 Mar 2018 18:56:43 -0700 Subject: [PATCH] Add tests for IPsec SPI expiration timer changes This change adds tests to ensure that SPI expiration timers are set to a high value, greater than 1 hour (3600s). Bug: 72316671 Test: Ran this, and MultiNetworkSysCtlTest. Merged-In: Ib4776322bd5df772a3700b6e7ed1b5e7ed6b4637 Change-Id: Ib4776322bd5df772a3700b6e7ed1b5e7ed6b4637 (cherry picked from commit 45bc61034edee35d4ea5ab1753e15411d4c9d15c) --- .../src/android/net/cts/IpSecSysctlTest.java | 45 ++++++++++++ .../net/cts/MultinetworkSysctlTest.java | 36 ++-------- .../src/android/net/cts/SysctlBaseTest.java | 70 +++++++++++++++++++ 3 files changed, 120 insertions(+), 31 deletions(-) create mode 100644 tests/cts/net/src/android/net/cts/IpSecSysctlTest.java create mode 100644 tests/cts/net/src/android/net/cts/SysctlBaseTest.java diff --git a/tests/cts/net/src/android/net/cts/IpSecSysctlTest.java b/tests/cts/net/src/android/net/cts/IpSecSysctlTest.java new file mode 100644 index 0000000000..b362282c89 --- /dev/null +++ b/tests/cts/net/src/android/net/cts/IpSecSysctlTest.java @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.net.cts; + +import android.system.ErrnoException; +import android.system.Os; +import android.system.OsConstants; +import android.system.StructStat; +import android.test.AndroidTestCase; + +import java.io.File; +import java.io.FileDescriptor; +import java.io.IOException; + +/** + * Tests for multinetwork sysctl functionality. + */ +public class IpSecSysctlTest extends SysctlBaseTest { + + // SPI expiration sysctls. Must be present and set greater than 1h. + private static final String SPI_TIMEOUT_SYSCTL = "/proc/sys/net/core/xfrm_acq_expires"; + private static final int MIN_ACQ_EXPIRES = 3600; + + /** + * Checks that SPI default timeouts are overridden, and set to a reasonable length of time + */ + public void testProcFiles() throws ErrnoException, IOException, NumberFormatException { + int value = getIntValue(SPI_TIMEOUT_SYSCTL); + assertAtLeast(SPI_TIMEOUT_SYSCTL, value, MIN_ACQ_EXPIRES); + } +} diff --git a/tests/cts/net/src/android/net/cts/MultinetworkSysctlTest.java b/tests/cts/net/src/android/net/cts/MultinetworkSysctlTest.java index c091a1340c..1d0c111fd6 100644 --- a/tests/cts/net/src/android/net/cts/MultinetworkSysctlTest.java +++ b/tests/cts/net/src/android/net/cts/MultinetworkSysctlTest.java @@ -29,7 +29,7 @@ import java.io.IOException; /** * Tests for multinetwork sysctl functionality. */ -public class MultinetworkSysctlTest extends AndroidTestCase { +public class MultinetworkSysctlTest extends SysctlBaseTest { // Global sysctls. Must be present and set to 1. private static final String[] GLOBAL_SYSCTLS = { @@ -42,30 +42,6 @@ public class MultinetworkSysctlTest extends AndroidTestCase { private static final String IPV6_SYSCTL_DIR = "/proc/sys/net/ipv6/conf"; private static final String AUTOCONF_SYSCTL = "accept_ra_rt_table"; - // Expected mode, UID, and GID of sysctl files. - private static final int SYSCTL_MODE = 0100644; - private static final int SYSCTL_UID = 0; - private static final int SYSCTL_GID = 0; - - private void checkSysctlPermissions(String fileName) throws ErrnoException { - StructStat stat = Os.stat(fileName); - assertEquals("mode of " + fileName + ":", SYSCTL_MODE, stat.st_mode); - assertEquals("UID of " + fileName + ":", SYSCTL_UID, stat.st_uid); - assertEquals("GID of " + fileName + ":", SYSCTL_GID, stat.st_gid); - } - - private void assertLess(String what, int a, int b) { - assertTrue(what + " expected < " + b + " but was: " + a, a < b); - } - - private String readFile(String fileName) throws ErrnoException, IOException { - byte[] buf = new byte[1024]; - FileDescriptor fd = Os.open(fileName, 0, OsConstants.O_RDONLY); - int bytesRead = Os.read(fd, buf, 0, buf.length); - assertLess("length of " + fileName + ":", bytesRead, buf.length); - return new String(buf); - } - /** * Checks that the sysctls for multinetwork kernel features are present and * enabled. The necessary kernel commits are: @@ -80,9 +56,8 @@ public class MultinetworkSysctlTest extends AndroidTestCase { */ public void testProcFiles() throws ErrnoException, IOException, NumberFormatException { for (String sysctl : GLOBAL_SYSCTLS) { - checkSysctlPermissions(sysctl); - int value = Integer.parseInt(readFile(sysctl).trim()); - assertEquals("value of " + sysctl + ":", 1, value); + int value = getIntValue(sysctl); + assertEquals(sysctl, 1, value); } File[] interfaceDirs = new File(IPV6_SYSCTL_DIR).listFiles(); @@ -91,9 +66,8 @@ public class MultinetworkSysctlTest extends AndroidTestCase { continue; } String sysctl = new File(interfaceDir, AUTOCONF_SYSCTL).getAbsolutePath(); - checkSysctlPermissions(sysctl); - int value = Integer.parseInt(readFile(sysctl).trim()); - assertLess("value of " + sysctl + ":", value, 0); + int value = getIntValue(sysctl); + assertLess(sysctl, value, 0); } } } diff --git a/tests/cts/net/src/android/net/cts/SysctlBaseTest.java b/tests/cts/net/src/android/net/cts/SysctlBaseTest.java new file mode 100644 index 0000000000..a5966d48d3 --- /dev/null +++ b/tests/cts/net/src/android/net/cts/SysctlBaseTest.java @@ -0,0 +1,70 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.net.cts; + +import android.system.ErrnoException; +import android.system.Os; +import android.system.OsConstants; +import android.system.StructStat; +import android.test.AndroidTestCase; + +import java.io.File; +import java.io.FileDescriptor; +import java.io.IOException; + +/** + * Tests for multinetwork sysctl functionality. + */ +public class SysctlBaseTest extends AndroidTestCase { + + // Expected mode, UID, and GID of sysctl files. + private static final int SYSCTL_MODE = 0100644; + private static final int SYSCTL_UID = 0; + private static final int SYSCTL_GID = 0; + + private void checkSysctlPermissions(String fileName) throws ErrnoException { + StructStat stat = Os.stat(fileName); + assertEquals("mode of " + fileName + ":", SYSCTL_MODE, stat.st_mode); + assertEquals("UID of " + fileName + ":", SYSCTL_UID, stat.st_uid); + assertEquals("GID of " + fileName + ":", SYSCTL_GID, stat.st_gid); + } + + protected void assertLess(String sysctl, int a, int b) { + assertTrue("value of " + sysctl + ": expected < " + b + " but was: " + a, a < b); + } + + protected void assertAtLeast(String sysctl, int a, int b) { + assertTrue("value of " + sysctl + ": expected >= " + b + " but was: " + a, a >= b); + } + + private String readFile(String fileName) throws ErrnoException, IOException { + byte[] buf = new byte[1024]; + FileDescriptor fd = Os.open(fileName, 0, OsConstants.O_RDONLY); + int bytesRead = Os.read(fd, buf, 0, buf.length); + assertLess("length of " + fileName + ":", bytesRead, buf.length); + return new String(buf); + } + + /* + * Checks permissions and retrieves the sysctl's value. Retrieval of value should always use + * this method + */ + protected int getIntValue(String filename) throws ErrnoException, IOException { + checkSysctlPermissions(filename); + return Integer.parseInt(readFile(filename).trim()); + } +}