LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add cts for unprivileged keepalive slots

Browse Source 
Currently, unprivileged Nat-T keepalives are limited to 1 slot
per uid. Add CTS to verify that the keepalive slots are limited
as customized for unprivileged requests.

Bug: 129371366
Test: atest android.net.cts
      .ConnectivityManagerTest#testSocketKeepaliveUnprivileged
      --generate-new-metrics 10

Change-Id: I60b9e9ae9cf2b63490493ced9738cd2f402c3f9b
This commit is contained in:
junyulai
2019-05-08 11:46:25 +08:00
parent b41bc72ea3
commit 80ec50b8ae
1 changed files with 42 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
View File

@@ -1184,6 +1184,16 @@ public class ConnectivityManagerTest extends AndroidTestCase {
return s;
}
private int getSupportedKeepalivesFromRes() throws Exception {
final Network network = ensureWifiConnected();
final NetworkCapabilities nc = mCm.getNetworkCapabilities(network);
// Get number of supported concurrent keepalives for testing network.
final int[] keepalivesPerTransport = KeepaliveUtils.getSupportedKeepalives(mContext);
return KeepaliveUtils.getSupportedKeepalivesForNetworkCapabilities(
keepalivesPerTransport, nc);
}
private boolean isKeepaliveSupported() throws Exception {
final Network network = ensureWifiConnected();
final Executor executor = mContext.getMainExecutor();
@@ -1293,7 +1303,8 @@ public class ConnectivityManagerTest extends AndroidTestCase {
}
private int createConcurrentSocketKeepalives(int nattCount, int tcpCount) throws Exception {
if (!isKeepaliveSupported()) return 0;
// Use customization value in resource to prevent the need of privilege.
if (getSupportedKeepalivesFromRes() == 0) return 0;
final Network network = ensureWifiConnected();
@@ -1374,16 +1385,10 @@ public class ConnectivityManagerTest extends AndroidTestCase {
public void testSocketKeepaliveLimit() throws Exception {
adoptShellPermissionIdentity();
final Network network = ensureWifiConnected();
final NetworkCapabilities nc = mCm.getNetworkCapabilities(network);
final int supported = getSupportedKeepalivesFromRes();
// Get number of supported concurrent keepalives for testing network.
final int[] keepalivesPerTransport = KeepaliveUtils.getSupportedKeepalives(mContext);
final int supported = KeepaliveUtils.getSupportedKeepalivesForNetworkCapabilities(
keepalivesPerTransport, nc);
// Sanity check.
if (!isKeepaliveSupported()) {
// Sanity check.
assertEquals(0, supported);
return;
}
@@ -1408,6 +1413,34 @@ public class ConnectivityManagerTest extends AndroidTestCase {
dropShellPermissionIdentity();
}
/**
* Verifies that the keepalive slots are limited as customized for unprivileged requests.
*/
public void testSocketKeepaliveUnprivileged() throws Exception {
final int supported = getSupportedKeepalivesFromRes();
adoptShellPermissionIdentity();
if (!isKeepaliveSupported()) {
// Sanity check.
assertEquals(0, supported);
return;
}
dropShellPermissionIdentity();
final int allowedUnprivilegedPerUid = mContext.getResources().getInteger(
R.integer.config_allowedUnprivilegedKeepalivePerUid);
final int reservedPrivilegedSlots = mContext.getResources().getInteger(
R.integer.config_reservedPrivilegedKeepaliveSlots);
// Verifies that unprivileged request per uid cannot exceed the limit customized in the
// resource. Currently, unprivileged keepalive slots are limited to Nat-T only, this test
// does not apply to TCP.
assertGreaterOrEqual(supported, reservedPrivilegedSlots);
assertGreaterOrEqual(supported, allowedUnprivilegedPerUid);
final int expectedUnprivileged =
Math.min(allowedUnprivilegedPerUid, supported - reservedPrivilegedSlots);
assertEquals(expectedUnprivileged, createConcurrentSocketKeepalives(supported + 1, 0));
}
private static void assertGreaterOrEqual(long greater, long lesser) {
assertTrue("" + greater + " expected to be greater than or equal to " + lesser,
greater >= lesser);