• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/python3
2#
3# Copyright 2016 The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17import errno
18from socket import *  # pylint: disable=wildcard-import
19import unittest
20
21import gzip
22import net_test
23
24
25class RemovedFeatureTest(net_test.NetworkTest):
26  KCONFIG = None
27
28  @classmethod
29  def loadKernelConfig(cls):
30    cls.KCONFIG = {}
31    with gzip.open("/proc/config.gz", mode="rt") as f:
32      for line in f:
33        line = line.strip()
34        parts = line.split("=")
35        if (len(parts) == 2):
36          # Lines of the form:
37          # CONFIG_FOO=y
38          cls.KCONFIG[parts[0]] = parts[1]
39
40  @classmethod
41  def setUpClass(cls):
42    cls.loadKernelConfig()
43
44  def assertFeatureEnabled(self, featureName):
45    return self.assertEqual("y", self.KCONFIG[featureName])
46
47  def assertFeatureAbsent(self, featureName):
48    return self.assertTrue(featureName not in self.KCONFIG)
49
50  def testNetfilterRejectWithSocketError(self):
51    """Verify that the CONFIG_IP{,6}_NF_TARGET_REJECT_SKERR option is gone.
52
53       The commits to be reverted include:
54
55           android-3.10: 6f489c42
56           angler: 6f489c42
57           bullhead: 6f489c42
58           shamu: 6f489c42
59           flounder: 6f489c42
60
61       See b/28424847 and b/28719525 for more context.
62    """
63    self.assertFeatureEnabled("CONFIG_IP_NF_FILTER")
64    self.assertFeatureEnabled("CONFIG_IP_NF_TARGET_REJECT")
65    self.assertFeatureAbsent("CONFIG_IP_NF_TARGET_REJECT_SKERR")
66
67    self.assertFeatureEnabled("CONFIG_IP6_NF_FILTER")
68    self.assertFeatureEnabled("CONFIG_IP6_NF_TARGET_REJECT")
69    self.assertFeatureAbsent("CONFIG_IP6_NF_TARGET_REJECT_SKERR")
70
71  def testRemovedAndroidParanoidNetwork(self):
72    """Verify that ANDROID_PARANOID_NETWORK is gone.
73
74       On a 4.14-q kernel you can achieve this by simply
75       changing the ANDROID_PARANOID_NETWORK default y to n
76       in your kernel source code in net/Kconfig:
77
78       @@ -94,3 +94,3 @@ endif # if INET
79        config ANDROID_PARANOID_NETWORK
80               bool "Only allow certain groups to create sockets"
81       -       default y
82       +       default n
83    """
84    AID_NET_RAW = 3004
85    with net_test.RunAsUidGid(12345, AID_NET_RAW):
86      self.assertRaisesErrno(errno.EPERM, socket, AF_PACKET, SOCK_RAW, 0)
87
88  def testRemovedQtaguid(self):
89    self.assertRaisesErrno(errno.ENOENT, open, "/proc/net/xt_qtaguid")
90
91  def testRemovedTcpMemSysctls(self):
92    self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_rmem_def")
93    self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_rmem_max")
94    self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_rmem_min")
95    self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_wmem_def")
96    self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_wmem_max")
97    self.assertRaisesErrno(errno.ENOENT, open, "/sys/kernel/ipv4/tcp_wmem_min")
98
99
100if __name__ == "__main__":
101  unittest.main()
102