add cts for unprivileged keepalive slots
Currently, unprivileged Nat-T keepalives are limited to 1 slot
per uid. Add CTS to verify that the keepalive slots are limited
as customized for unprivileged requests.
Bug: 129371366
Test: atest android.net.cts
.ConnectivityManagerTest#testSocketKeepaliveUnprivileged
--generate-new-metrics 10
Change-Id: I60b9e9ae9cf2b63490493ced9738cd2f402c3f9b
This commit is contained in:
junyulai
@@ -1184,6 +1184,16 @@ public class ConnectivityManagerTest extends AndroidTestCase {
|
|||||||
return s;
|
return s;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private int getSupportedKeepalivesFromRes() throws Exception {
|
||||||
|
final Network network = ensureWifiConnected();
|
||||||
|
final NetworkCapabilities nc = mCm.getNetworkCapabilities(network);
|
||||||
|
|
||||||
|
// Get number of supported concurrent keepalives for testing network.
|
||||||
|
final int[] keepalivesPerTransport = KeepaliveUtils.getSupportedKeepalives(mContext);
|
||||||
|
return KeepaliveUtils.getSupportedKeepalivesForNetworkCapabilities(
|
||||||
|
keepalivesPerTransport, nc);
|
||||||
|
}
|
||||||
|
|
||||||
private boolean isKeepaliveSupported() throws Exception {
|
private boolean isKeepaliveSupported() throws Exception {
|
||||||
final Network network = ensureWifiConnected();
|
final Network network = ensureWifiConnected();
|
||||||
final Executor executor = mContext.getMainExecutor();
|
final Executor executor = mContext.getMainExecutor();
|
||||||
@@ -1293,7 +1303,8 @@ public class ConnectivityManagerTest extends AndroidTestCase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private int createConcurrentSocketKeepalives(int nattCount, int tcpCount) throws Exception {
|
private int createConcurrentSocketKeepalives(int nattCount, int tcpCount) throws Exception {
|
||||||
if (!isKeepaliveSupported()) return 0;
|
// Use customization value in resource to prevent the need of privilege.
|
||||||
|
if (getSupportedKeepalivesFromRes() == 0) return 0;
|
||||||
|
|
||||||
final Network network = ensureWifiConnected();
|
final Network network = ensureWifiConnected();
|
||||||
|
|
||||||
@@ -1374,16 +1385,10 @@ public class ConnectivityManagerTest extends AndroidTestCase {
|
|||||||
public void testSocketKeepaliveLimit() throws Exception {
|
public void testSocketKeepaliveLimit() throws Exception {
|
||||||
adoptShellPermissionIdentity();
|
adoptShellPermissionIdentity();
|
||||||
|
|
||||||
final Network network = ensureWifiConnected();
|
final int supported = getSupportedKeepalivesFromRes();
|
||||||
final NetworkCapabilities nc = mCm.getNetworkCapabilities(network);
|
|
||||||
|
|
||||||
// Get number of supported concurrent keepalives for testing network.
|
|
||||||
final int[] keepalivesPerTransport = KeepaliveUtils.getSupportedKeepalives(mContext);
|
|
||||||
final int supported = KeepaliveUtils.getSupportedKeepalivesForNetworkCapabilities(
|
|
||||||
keepalivesPerTransport, nc);
|
|
||||||
|
|
||||||
// Sanity check.
|
|
||||||
if (!isKeepaliveSupported()) {
|
if (!isKeepaliveSupported()) {
|
||||||
|
// Sanity check.
|
||||||
assertEquals(0, supported);
|
assertEquals(0, supported);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -1408,6 +1413,34 @@ public class ConnectivityManagerTest extends AndroidTestCase {
|
|||||||
dropShellPermissionIdentity();
|
dropShellPermissionIdentity();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Verifies that the keepalive slots are limited as customized for unprivileged requests.
|
||||||
|
*/
|
||||||
|
public void testSocketKeepaliveUnprivileged() throws Exception {
|
||||||
|
final int supported = getSupportedKeepalivesFromRes();
|
||||||
|
|
||||||
|
adoptShellPermissionIdentity();
|
||||||
|
if (!isKeepaliveSupported()) {
|
||||||
|
// Sanity check.
|
||||||
|
assertEquals(0, supported);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
dropShellPermissionIdentity();
|
||||||
|
|
||||||
|
final int allowedUnprivilegedPerUid = mContext.getResources().getInteger(
|
||||||
|
R.integer.config_allowedUnprivilegedKeepalivePerUid);
|
||||||
|
final int reservedPrivilegedSlots = mContext.getResources().getInteger(
|
||||||
|
R.integer.config_reservedPrivilegedKeepaliveSlots);
|
||||||
|
// Verifies that unprivileged request per uid cannot exceed the limit customized in the
|
||||||
|
// resource. Currently, unprivileged keepalive slots are limited to Nat-T only, this test
|
||||||
|
// does not apply to TCP.
|
||||||
|
assertGreaterOrEqual(supported, reservedPrivilegedSlots);
|
||||||
|
assertGreaterOrEqual(supported, allowedUnprivilegedPerUid);
|
||||||
|
final int expectedUnprivileged =
|
||||||
|
Math.min(allowedUnprivilegedPerUid, supported - reservedPrivilegedSlots);
|
||||||
|
assertEquals(expectedUnprivileged, createConcurrentSocketKeepalives(supported + 1, 0));
|
||||||
|
}
|
||||||
|
|
||||||
private static void assertGreaterOrEqual(long greater, long lesser) {
|
private static void assertGreaterOrEqual(long greater, long lesser) {
|
||||||
assertTrue("" + greater + " expected to be greater than or equal to " + lesser,
|
assertTrue("" + greater + " expected to be greater than or equal to " + lesser,
|
||||||
greater >= lesser);
|
greater >= lesser);
|
||||||
|
|||||||
Reference in New Issue
Block a user