/* * Copyright (C) 2017 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server; import static android.system.OsConstants.AF_INET; import static android.system.OsConstants.EADDRINUSE; import static android.system.OsConstants.IPPROTO_UDP; import static android.system.OsConstants.SOCK_DGRAM; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import android.content.Context; import android.net.INetd; import android.net.IpSecManager; import android.net.IpSecSpiResponse; import android.net.IpSecTransform; import android.net.IpSecUdpEncapResponse; import android.os.Binder; import android.os.ParcelFileDescriptor; import android.support.test.filters.SmallTest; import android.system.ErrnoException; import android.system.Os; import java.io.FileDescriptor; import java.net.InetAddress; import java.net.ServerSocket; import java.net.Socket; import java.net.UnknownHostException; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; /** Unit tests for {@link IpSecService}. */ @SmallTest @RunWith(JUnit4.class) public class IpSecServiceTest { private static final int DROID_SPI = 0xD1201D; private static final int TEST_UDP_ENCAP_INVALID_PORT = 100; private static final int TEST_UDP_ENCAP_PORT_OUT_RANGE = 100000; private static final InetAddress INADDR_ANY; static { try { INADDR_ANY = InetAddress.getByAddress(new byte[] {0, 0, 0, 0}); } catch (UnknownHostException e) { throw new RuntimeException(e); } } Context mMockContext; INetd mMockNetd; IpSecService.IpSecServiceConfiguration mMockIpSecSrvConfig; IpSecService mIpSecService; @Before public void setUp() throws Exception { mMockContext = mock(Context.class); mMockNetd = mock(INetd.class); mMockIpSecSrvConfig = mock(IpSecService.IpSecServiceConfiguration.class); mIpSecService = new IpSecService(mMockContext, mMockIpSecSrvConfig); // Injecting mock netd when(mMockIpSecSrvConfig.getNetdInstance()).thenReturn(mMockNetd); } @Test public void testIpSecServiceCreate() throws InterruptedException { IpSecService ipSecSrv = IpSecService.create(mMockContext); assertNotNull(ipSecSrv); } @Test public void testReleaseInvalidSecurityParameterIndex() throws Exception { try { mIpSecService.releaseSecurityParameterIndex(1); fail("IllegalArgumentException not thrown"); } catch (IllegalArgumentException e) { } } /** This function finds an available port */ int findUnusedPort() throws Exception { // Get an available port. ServerSocket s = new ServerSocket(0); int port = s.getLocalPort(); s.close(); return port; } @Test public void testOpenAndCloseUdpEncapsulationSocket() throws Exception { int localport = findUnusedPort(); IpSecUdpEncapResponse udpEncapResp = mIpSecService.openUdpEncapsulationSocket(localport, new Binder()); assertNotNull(udpEncapResp); assertEquals(IpSecManager.Status.OK, udpEncapResp.status); assertEquals(localport, udpEncapResp.port); mIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId); udpEncapResp.fileDescriptor.close(); // TODO: Added check for the resource tracker } @Test public void testOpenUdpEncapsulationSocketAfterClose() throws Exception { int localport = findUnusedPort(); IpSecUdpEncapResponse udpEncapResp = mIpSecService.openUdpEncapsulationSocket(localport, new Binder()); assertNotNull(udpEncapResp); assertEquals(IpSecManager.Status.OK, udpEncapResp.status); assertEquals(localport, udpEncapResp.port); mIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId); udpEncapResp.fileDescriptor.close(); /** Check if localport is available. */ FileDescriptor newSocket = Os.socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); Os.bind(newSocket, INADDR_ANY, localport); Os.close(newSocket); } /** * This function checks if the IpSecService holds the reserved port. If * closeUdpEncapsulationSocket is not called, the socket cleanup should not be complete. */ @Test public void testUdpEncapPortNotReleased() throws Exception { int localport = findUnusedPort(); IpSecUdpEncapResponse udpEncapResp = mIpSecService.openUdpEncapsulationSocket(localport, new Binder()); assertNotNull(udpEncapResp); assertEquals(IpSecManager.Status.OK, udpEncapResp.status); assertEquals(localport, udpEncapResp.port); udpEncapResp.fileDescriptor.close(); FileDescriptor newSocket = Os.socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); try { Os.bind(newSocket, INADDR_ANY, localport); fail("ErrnoException not thrown"); } catch (ErrnoException e) { assertEquals(EADDRINUSE, e.errno); } mIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId); } @Test public void testOpenUdpEncapsulationSocketOnRandomPort() throws Exception { IpSecUdpEncapResponse udpEncapResp = mIpSecService.openUdpEncapsulationSocket(0, new Binder()); assertNotNull(udpEncapResp); assertEquals(IpSecManager.Status.OK, udpEncapResp.status); mIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId); udpEncapResp.fileDescriptor.close(); } @Test public void testOpenUdpEncapsulationSocketPortRange() throws Exception { try { mIpSecService.openUdpEncapsulationSocket(TEST_UDP_ENCAP_INVALID_PORT, new Binder()); fail("IllegalArgumentException not thrown"); } catch (IllegalArgumentException e) { } try { mIpSecService.openUdpEncapsulationSocket(TEST_UDP_ENCAP_PORT_OUT_RANGE, new Binder()); fail("IllegalArgumentException not thrown"); } catch (IllegalArgumentException e) { } } @Test public void testOpenUdpEncapsulationSocketTwice() throws Exception { int localport = findUnusedPort(); IpSecUdpEncapResponse udpEncapResp = mIpSecService.openUdpEncapsulationSocket(localport, new Binder()); assertNotNull(udpEncapResp); assertEquals(IpSecManager.Status.OK, udpEncapResp.status); assertEquals(localport, udpEncapResp.port); mIpSecService.openUdpEncapsulationSocket(localport, new Binder()); IpSecUdpEncapResponse testUdpEncapResp = mIpSecService.openUdpEncapsulationSocket(localport, new Binder()); assertEquals(IpSecManager.Status.RESOURCE_UNAVAILABLE, testUdpEncapResp.status); mIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId); udpEncapResp.fileDescriptor.close(); } @Test public void testCloseInvalidUdpEncapsulationSocket() throws Exception { try { mIpSecService.closeUdpEncapsulationSocket(1); fail("IllegalArgumentException not thrown"); } catch (IllegalArgumentException e) { } } @Test public void testDeleteInvalidTransportModeTransform() throws Exception { try { mIpSecService.deleteTransportModeTransform(1); fail("IllegalArgumentException not thrown"); } catch (IllegalArgumentException e) { } } @Test public void testRemoveTransportModeTransform() throws Exception { ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(new Socket()); mIpSecService.removeTransportModeTransform(pfd, 1); verify(mMockNetd).ipSecRemoveTransportModeTransform(pfd.getFileDescriptor()); } @Test public void testValidateIpAddresses() throws Exception { String[] invalidAddresses = new String[] {"www.google.com", "::", "2001::/64", "0.0.0.0", ""}; for (String address : invalidAddresses) { try { IpSecSpiResponse spiResp = mIpSecService.reserveSecurityParameterIndex( IpSecTransform.DIRECTION_OUT, address, DROID_SPI, new Binder()); fail("Invalid address was passed through IpSecService validation: " + address); } catch (IllegalArgumentException e) { } catch (Exception e) { fail( "Invalid InetAddress was not caught in validation: " + address + ", Exception: " + e); } } } }