1#!/usr/bin/python 2# 3# Copyright 2016 The Android Open Source Project 4# 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16 17import errno 18from socket import * # pylint: disable=wildcard-import 19import unittest 20 21import gzip 22import net_test 23 24 25class RemovedFeatureTest(net_test.NetworkTest): 26 KCONFIG = None 27 28 @classmethod 29 def loadKernelConfig(cls): 30 cls.KCONFIG = {} 31 with gzip.open('/proc/config.gz') as f: 32 for line in f: 33 line = line.strip() 34 parts = line.split("=") 35 if (len(parts) == 2): 36 # Lines of the form: 37 # CONFIG_FOO=y 38 cls.KCONFIG[parts[0]] = parts[1] 39 40 @classmethod 41 def setUpClass(cls): 42 cls.loadKernelConfig() 43 44 def assertFeatureEnabled(self, featureName): 45 return self.assertEqual("y", self.KCONFIG[featureName]) 46 47 def assertFeatureAbsent(self, featureName): 48 return self.assertTrue(featureName not in self.KCONFIG) 49 50 def testNetfilterRejectWithSocketError(self): 51 """Verify that the CONFIG_IP{,6}_NF_TARGET_REJECT_SKERR option is gone. 52 53 The commits to be reverted include: 54 55 android-3.10: 6f489c42 56 angler: 6f489c42 57 bullhead: 6f489c42 58 shamu: 6f489c42 59 flounder: 6f489c42 60 61 See b/28424847 and b/28719525 for more context. 62 """ 63 self.assertFeatureEnabled("CONFIG_IP_NF_FILTER") 64 self.assertFeatureEnabled("CONFIG_IP_NF_TARGET_REJECT") 65 self.assertFeatureAbsent("CONFIG_IP_NF_TARGET_REJECT_SKERR") 66 67 self.assertFeatureEnabled("CONFIG_IP6_NF_FILTER") 68 self.assertFeatureEnabled("CONFIG_IP6_NF_TARGET_REJECT") 69 self.assertFeatureAbsent("CONFIG_IP6_NF_TARGET_REJECT_SKERR") 70 71 @unittest.skipUnless(net_test.LINUX_VERSION >= (4, 19, 0), "removed in 4.14-r") 72 def testRemovedAndroidParanoidNetwork(self): 73 """Verify that ANDROID_PARANOID_NETWORK is gone.""" 74 75 AID_NET_RAW = 3004 76 with net_test.RunAsUidGid(12345, AID_NET_RAW): 77 self.assertRaisesErrno(errno.EPERM, socket, AF_PACKET, SOCK_RAW, 0) 78 79 @unittest.skipUnless(net_test.LINUX_VERSION >= (4, 19, 0), "exists in 4.14-P") 80 def testRemovedQtaguid(self): 81 self.assertRaisesErrno(errno.ENOENT, open, "/proc/net/xt_qtaguid") 82 83 @unittest.skipUnless(net_test.LINUX_VERSION >= (4, 19, 0), "exists in 4.14-P") 84 def testRemovedTcpMemSysctls(self): 85 self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_rmem_def") 86 self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_rmem_max") 87 self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_rmem_min") 88 self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_wmem_def") 89 self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_wmem_max") 90 self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_wmem_min") 91 92 93if __name__ == "__main__": 94 unittest.main() 95