• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2018 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <string>
18 
19 #include <fcntl.h>
20 #include <inttypes.h>
21 #include <limits.h>
22 #include <linux/inet_diag.h>
23 #include <linux/sock_diag.h>
24 #include <net/if.h>
25 #include <sys/socket.h>
26 #include <sys/types.h>
27 #include <unistd.h>
28 
29 #include <gtest/gtest.h>
30 
31 #include <cutils/qtaguid.h>
32 #include <processgroup/processgroup.h>
33 
34 #include <android-base/stringprintf.h>
35 #include <android-base/strings.h>
36 
37 #include "bpf/BpfMap.h"
38 #include "bpf/BpfUtils.h"
39 #include "bpf_shared.h"
40 
41 using android::base::Result;
42 
43 namespace android {
44 namespace bpf {
45 
46 // Use the upper limit of uid to avoid conflict with real app uids. We can't use UID_MAX because
47 // it's -1, which is INVALID_UID.
48 constexpr uid_t TEST_UID = UID_MAX - 1;
49 constexpr uint32_t TEST_TAG = 42;
50 
51 class BpfBasicTest : public testing::Test {
52   protected:
BpfBasicTest()53     BpfBasicTest() {}
54 };
55 
TEST_F(BpfBasicTest,TestCgroupMounted)56 TEST_F(BpfBasicTest, TestCgroupMounted) {
57     std::string cg2_path;
58     ASSERT_EQ(true, CgroupGetControllerPath(CGROUPV2_CONTROLLER_NAME, &cg2_path));
59     ASSERT_EQ(0, access(cg2_path.c_str(), R_OK));
60     ASSERT_EQ(0, access((cg2_path + "/cgroup.controllers").c_str(), R_OK));
61 }
62 
TEST_F(BpfBasicTest,TestTrafficControllerSetUp)63 TEST_F(BpfBasicTest, TestTrafficControllerSetUp) {
64     ASSERT_EQ(0, access(BPF_EGRESS_PROG_PATH, R_OK));
65     ASSERT_EQ(0, access(BPF_INGRESS_PROG_PATH, R_OK));
66     ASSERT_EQ(0, access(XT_BPF_INGRESS_PROG_PATH, R_OK));
67     ASSERT_EQ(0, access(XT_BPF_EGRESS_PROG_PATH, R_OK));
68     ASSERT_EQ(0, access(COOKIE_TAG_MAP_PATH, R_OK));
69     ASSERT_EQ(0, access(UID_COUNTERSET_MAP_PATH, R_OK));
70     ASSERT_EQ(0, access(STATS_MAP_A_PATH, R_OK));
71     ASSERT_EQ(0, access(STATS_MAP_B_PATH, R_OK));
72     ASSERT_EQ(0, access(IFACE_INDEX_NAME_MAP_PATH, R_OK));
73     ASSERT_EQ(0, access(IFACE_STATS_MAP_PATH, R_OK));
74     ASSERT_EQ(0, access(CONFIGURATION_MAP_PATH, R_OK));
75     ASSERT_EQ(0, access(UID_OWNER_MAP_PATH, R_OK));
76 }
77 
TEST_F(BpfBasicTest,TestSocketFilterSetUp)78 TEST_F(BpfBasicTest, TestSocketFilterSetUp) {
79     SKIP_IF_EXTENDED_BPF_NOT_SUPPORTED;
80 
81     ASSERT_EQ(0, access(CGROUP_SOCKET_PROG_PATH, R_OK));
82     ASSERT_EQ(0, access(UID_PERMISSION_MAP_PATH, R_OK));
83 }
84 
TEST_F(BpfBasicTest,TestTagSocket)85 TEST_F(BpfBasicTest, TestTagSocket) {
86     BpfMap<uint64_t, UidTagValue> cookieTagMap(COOKIE_TAG_MAP_PATH);
87     ASSERT_LE(0, cookieTagMap.getMap());
88     int sock = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
89     ASSERT_LE(0, sock);
90     uint64_t cookie = getSocketCookie(sock);
91     ASSERT_NE(NONEXISTENT_COOKIE, cookie);
92     ASSERT_EQ(0, qtaguid_tagSocket(sock, TEST_TAG, TEST_UID));
93     Result<UidTagValue> tagResult = cookieTagMap.readValue(cookie);
94     ASSERT_RESULT_OK(tagResult);
95     ASSERT_EQ(TEST_UID, tagResult.value().uid);
96     ASSERT_EQ(TEST_TAG, tagResult.value().tag);
97     ASSERT_EQ(0, qtaguid_untagSocket(sock));
98     tagResult = cookieTagMap.readValue(cookie);
99     ASSERT_FALSE(tagResult.ok());
100     ASSERT_EQ(ENOENT, tagResult.error().code());
101 }
102 
TEST_F(BpfBasicTest,TestCloseSocketWithoutUntag)103 TEST_F(BpfBasicTest, TestCloseSocketWithoutUntag) {
104     BpfMap<uint64_t, UidTagValue> cookieTagMap(COOKIE_TAG_MAP_PATH);
105     ASSERT_LE(0, cookieTagMap.getMap());
106     int sock = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
107     ASSERT_LE(0, sock);
108     uint64_t cookie = getSocketCookie(sock);
109     ASSERT_NE(NONEXISTENT_COOKIE, cookie);
110     ASSERT_EQ(0, qtaguid_tagSocket(sock, TEST_TAG, TEST_UID));
111     Result<UidTagValue> tagResult = cookieTagMap.readValue(cookie);
112     ASSERT_RESULT_OK(tagResult);
113     ASSERT_EQ(TEST_UID, tagResult.value().uid);
114     ASSERT_EQ(TEST_TAG, tagResult.value().tag);
115     ASSERT_EQ(0, close(sock));
116     // Check map periodically until sk destroy handler have done its job.
117     for (int i = 0; i < 10; i++) {
118         usleep(5000);  // 5ms
119         tagResult = cookieTagMap.readValue(cookie);
120         if (!tagResult.ok()) {
121             ASSERT_EQ(ENOENT, tagResult.error().code());
122             return;
123         }
124     }
125     FAIL() << "socket tag still exist after 50ms";
126 }
127 
128 }
129 }
130