Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ba8d313e authored by Benedict Wong's avatar Benedict Wong
Browse files

[ipsec-doze] Add fchown to IpSecService to support doze 

Encap sockets are currently created as the system server, and should be
fchown'd to the user for whom it was created on behalf of.

Bug: 62994731
Test: New tests added and run to IpSecService
Change-Id: Icc49e709ae588981e69765fdb77537d7ffbac5fe
parent eb44ebbf

services/core/java/com/android/server/IpSecService.java

+8 −6
Original line number Diff line number Diff line
@@ -988,12 +988,6 @@ public class IpSecService extends IIpSecService.Stub { 
            sockFd = Os.socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);

            mUidFdTagger.tag(sockFd, callingUid);



            if (port != 0) {

                Log.v(TAG, "Binding to port " + port);

                Os.bind(sockFd, INADDR_ANY, port);

            } else {

                port = bindToRandomPort(sockFd);

            }

            // This code is common to both the unspecified and specified port cases

            Os.setsockoptInt(

                    sockFd,
@@ -1001,6 +995,14 @@ public class IpSecService extends IIpSecService.Stub { 
                    OsConstants.UDP_ENCAP,

                    OsConstants.UDP_ENCAP_ESPINUDP);



            mSrvConfig.getNetdInstance().ipSecSetEncapSocketOwner(sockFd, callingUid);

            if (port != 0) {

                Log.v(TAG, "Binding to port " + port);

                Os.bind(sockFd, INADDR_ANY, port);

            } else {

                port = bindToRandomPort(sockFd);

            }



            userRecord.mEncapSocketRecords.put(

                    resourceId,

                    new RefcountedResource<EncapSocketRecord>(

tests/net/java/com/android/server/IpSecServiceTest.java

+22 −0
Original line number Diff line number Diff line
@@ -475,4 +475,26 @@ public class IpSecServiceTest { 
        testIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId);

        udpEncapResp.fileDescriptor.close();

    }



    @Test

    public void testOpenUdpEncapsulationSocketCallsSetEncapSocketOwner() throws Exception {

        IpSecUdpEncapResponse udpEncapResp =

                mIpSecService.openUdpEncapsulationSocket(0, new Binder());



        FileDescriptor sockFd = udpEncapResp.fileDescriptor.getFileDescriptor();

        ArgumentMatcher<FileDescriptor> fdMatcher = (arg) -> {

                    try {

                        StructStat sockStat = Os.fstat(sockFd);

                        StructStat argStat = Os.fstat(arg);



                        return sockStat.st_ino == argStat.st_ino

                                && sockStat.st_dev == argStat.st_dev;

                    } catch (ErrnoException e) {

                        return false;

                    }

                };



        verify(mMockNetd).ipSecSetEncapSocketOwner(argThat(fdMatcher), eq(Os.getuid()));

        mIpSecService.closeUdpEncapsulationSocket(udpEncapResp.resourceId);

    }

}