Run unit tests on Brillo.
Looks like IPv6 is working correctly, so re-enable that too.
Bug: 26911013
Change-Id: Iad0390e3a41a429460794b7c243ebca59cf64146
diff --git a/Android.mk b/Android.mk
index 61269ce..193b552 100644
--- a/Android.mk
+++ b/Android.mk
@@ -67,6 +67,9 @@
# === unittest ===
include $(CLEAR_VARS)
LOCAL_MODULE := firewalld_unittest
+ifdef BRILLO
+ LOCAL_MODULE_TAGS := debug
+endif
LOCAL_SRC_FILES := \
iptables_unittest.cc \
mock_iptables.cc \
diff --git a/iptables.cc b/iptables.cc
index 6276024..55756a1 100644
--- a/iptables.cc
+++ b/iptables.cc
@@ -75,9 +75,6 @@
namespace firewalld {
IpTables::IpTables() {
-#if defined(__ANDROID__)
- ip6_enabled_ = false;
-#endif // __ANDROID__
}
IpTables::~IpTables() {
@@ -137,7 +134,7 @@
<< " on interface '" << interface << "'";
if (!AddAcceptRules(protocol, port, interface)) {
// If the 'iptables' command fails, this method fails.
- LOG(ERROR) << "Adding ACCEPT rules failed";
+ LOG(ERROR) << "Adding ACCEPT rules failed.";
return false;
}
@@ -170,7 +167,7 @@
<< " on interface '" << interface << "'";
if (!DeleteAcceptRules(protocol, port, interface)) {
// If the 'iptables' command fails, this method fails.
- LOG(ERROR) << "Deleting ACCEPT rules failed";
+ LOG(ERROR) << "Deleting ACCEPT rules failed.";
return false;
}
@@ -214,13 +211,13 @@
} else if (ip6_enabled_) {
// It's supposed to work, fail.
LOG(ERROR) << "Could not add ACCEPT rule using '" << kIp6TablesPath
- << "', aborting operation";
+ << "', aborting operation.";
DeleteAcceptRule(kIpTablesPath, protocol, port, interface);
return false;
} else {
// It never worked, just ignore it.
LOG(WARNING) << "Could not add ACCEPT rule using '" << kIp6TablesPath
- << "', ignoring";
+ << "', ignoring.";
}
return true;
@@ -333,7 +330,7 @@
if (!ApplyRuleForUserTraffic(kIPv4, add)) {
LOG(ERROR) << (add ? "Adding" : "Removing")
- << " rule for IPv4 user traffic failed";
+ << " rule for IPv4 user traffic failed.";
if (add)
return false;
return_value = false;
@@ -341,7 +338,7 @@
if (!ApplyRuleForUserTraffic(kIPv6, add)) {
LOG(ERROR) << (add ? "Adding" : "Removing")
- << " rule for IPv6 user traffic failed";
+ << " rule for IPv6 user traffic failed.";
if (add) {
ApplyVpnSetup(added_usernames, interface, false);
return false;
diff --git a/iptables.h b/iptables.h
index 00c4c54..fcd7571 100644
--- a/iptables.h
+++ b/iptables.h
@@ -55,12 +55,12 @@
private:
friend class IpTablesTest;
- FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddSuccess);
- FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddFailureInUsername);
- FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddFailureInMasquerade);
- FRIEND_TEST(IpTablesTest, ApplyVpnSetupAddFailureInRuleForUserTraffic);
- FRIEND_TEST(IpTablesTest, ApplyVpnSetupRemoveSuccess);
- FRIEND_TEST(IpTablesTest, ApplyVpnSetupRemoveFailure);
+ FRIEND_TEST(IpTablesTest, ApplyVpnSetupAdd_Success);
+ FRIEND_TEST(IpTablesTest, ApplyVpnSetupAdd_FailureInUsername);
+ FRIEND_TEST(IpTablesTest, ApplyVpnSetupAdd_FailureInMasquerade);
+ FRIEND_TEST(IpTablesTest, ApplyVpnSetupAdd_FailureInRuleForUserTraffic);
+ FRIEND_TEST(IpTablesTest, ApplyVpnSetupRemove_Success);
+ FRIEND_TEST(IpTablesTest, ApplyVpnSetupRemove_Failure);
bool PunchHole(uint16_t port,
const std::string& interface,
diff --git a/iptables_unittest.cc b/iptables_unittest.cc
index ff81a21..7bd59fe 100644
--- a/iptables_unittest.cc
+++ b/iptables_unittest.cc
@@ -19,8 +19,13 @@
#include "mock_iptables.h"
namespace {
+#if defined(__ANDROID__)
+const char kIpTablesPath[] = "/system/bin/iptables";
+const char kIp6TablesPath[] = "/system/bin/ip6tables";
+#else
const char kIpTablesPath[] = "/sbin/iptables";
const char kIp6TablesPath[] = "/sbin/ip6tables";
+#endif // __ANDROID__
} // namespace
namespace firewalld {
@@ -168,21 +173,21 @@
TEST_F(IpTablesTest, PunchTcpHoleIpv6Fails) {
MockIpTables mock_iptables;
- SetMockExpectationsPerExecutable(&mock_iptables, true /* ip4_success */,
- false /* ip6_success */);
+ SetMockExpectationsPerExecutable(
+ &mock_iptables, true /* ip4_success */, false /* ip6_success */);
// Punch hole for TCP port 80, should fail because 'ip6tables' fails.
ASSERT_FALSE(mock_iptables.PunchTcpHole(80, "iface"));
}
TEST_F(IpTablesTest, PunchUdpHoleIpv6Fails) {
MockIpTables mock_iptables;
- SetMockExpectationsPerExecutable(&mock_iptables, true /* ip4_success */,
- false /* ip6_success */);
+ SetMockExpectationsPerExecutable(
+ &mock_iptables, true /* ip4_success */, false /* ip6_success */);
// Punch hole for UDP port 53, should fail because 'ip6tables' fails.
ASSERT_FALSE(mock_iptables.PunchUdpHole(53, "iface"));
}
-TEST_F(IpTablesTest, ApplyVpnSetupAddSuccess) {
+TEST_F(IpTablesTest, ApplyVpnSetupAdd_Success) {
const std::vector<std::string> usernames = {"testuser0", "testuser1"};
const std::string interface = "ifc0";
const bool add = true;
@@ -192,18 +197,21 @@
.WillOnce(Return(true));
EXPECT_CALL(mock_iptables, ApplyMasquerade(kIp6TablesPath, interface, add))
.WillOnce(Return(true));
+
EXPECT_CALL(mock_iptables,
ApplyMarkForUserTraffic(kIpTablesPath, usernames[0], add))
.WillOnce(Return(true));
EXPECT_CALL(mock_iptables,
ApplyMarkForUserTraffic(kIp6TablesPath, usernames[0], add))
.WillOnce(Return(true));
+
EXPECT_CALL(mock_iptables,
ApplyMarkForUserTraffic(kIpTablesPath, usernames[1], add))
.WillOnce(Return(true));
EXPECT_CALL(mock_iptables,
ApplyMarkForUserTraffic(kIp6TablesPath, usernames[1], add))
.WillOnce(Return(true));
+
EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(kIPv4, add))
.WillOnce(Return(true));
EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(kIPv6, add))
@@ -213,7 +221,7 @@
mock_iptables.ApplyVpnSetup(usernames, interface, add));
}
-TEST_F(IpTablesTest, ApplyVpnSetupAddFailureInUsername) {
+TEST_F(IpTablesTest, ApplyVpnSetupAdd_FailureInUsername) {
const std::vector<std::string> usernames = {"testuser0", "testuser1"};
const std::string interface = "ifc0";
const bool remove = false;
@@ -226,6 +234,7 @@
EXPECT_CALL(mock_iptables, ApplyMasquerade(kIp6TablesPath, interface, add))
.Times(1)
.WillOnce(Return(true));
+
EXPECT_CALL(mock_iptables,
ApplyMarkForUserTraffic(kIpTablesPath, usernames[0], add))
.Times(1)
@@ -238,6 +247,7 @@
ApplyMarkForUserTraffic(kIpTablesPath, usernames[1], add))
.Times(1)
.WillOnce(Return(false));
+
EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(kIPv4, add))
.Times(1)
.WillOnce(Return(true));
@@ -251,6 +261,7 @@
EXPECT_CALL(mock_iptables, ApplyMasquerade(kIp6TablesPath, interface, remove))
.Times(1)
.WillOnce(Return(true));
+
EXPECT_CALL(mock_iptables,
ApplyMarkForUserTraffic(kIpTablesPath, usernames[0], remove))
.Times(1)
@@ -262,6 +273,7 @@
EXPECT_CALL(mock_iptables,
ApplyMarkForUserTraffic(kIpTablesPath, usernames[1], remove))
.Times(0);
+
EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(kIPv4, remove))
.Times(1)
.WillOnce(Return(false));
@@ -273,7 +285,7 @@
mock_iptables.ApplyVpnSetup(usernames, interface, add));
}
-TEST_F(IpTablesTest, ApplyVpnSetupAddFailureInMasquerade) {
+TEST_F(IpTablesTest, ApplyVpnSetupAdd_FailureInMasquerade) {
const std::vector<std::string> usernames = {"testuser0", "testuser1"};
const std::string interface = "ifc0";
const bool remove = false;
@@ -283,7 +295,9 @@
EXPECT_CALL(mock_iptables, ApplyMasquerade(kIpTablesPath, interface, add))
.Times(1)
.WillOnce(Return(false));
+
EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, _, _)).Times(0);
+
EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(kIPv4, add))
.Times(1)
.WillOnce(Return(true));
@@ -297,6 +311,7 @@
EXPECT_CALL(mock_iptables, ApplyMasquerade(kIp6TablesPath, interface, remove))
.Times(1)
.WillOnce(Return(true));
+
EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(kIPv4, remove))
.Times(1)
.WillOnce(Return(true));
@@ -308,7 +323,7 @@
mock_iptables.ApplyVpnSetup(usernames, interface, add));
}
-TEST_F(IpTablesTest, ApplyVpnSetupAddFailureInRuleForUserTraffic) {
+TEST_F(IpTablesTest, ApplyVpnSetupAdd_FailureInRuleForUserTraffic) {
const std::vector<std::string> usernames = {"testuser0", "testuser1"};
const std::string interface = "ifc0";
const bool remove = false;
@@ -328,7 +343,7 @@
mock_iptables.ApplyVpnSetup(usernames, interface, add));
}
-TEST_F(IpTablesTest, ApplyVpnSetupRemoveSuccess) {
+TEST_F(IpTablesTest, ApplyVpnSetupRemove_Success) {
const std::vector<std::string> usernames = {"testuser0", "testuser1"};
const std::string interface = "ifc0";
const bool remove = false;
@@ -341,9 +356,11 @@
EXPECT_CALL(mock_iptables, ApplyMasquerade(kIp6TablesPath, interface, remove))
.Times(1)
.WillOnce(Return(true));
+
EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, _, remove))
.Times(4)
.WillRepeatedly(Return(true));
+
EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(kIPv4, remove))
.Times(1)
.WillOnce(Return(true));
@@ -353,6 +370,7 @@
EXPECT_CALL(mock_iptables, ApplyMasquerade(kIpTablesPath, interface, add))
.Times(0);
+
EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, _, add))
.Times(0);
EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(kIPv4, add)).Times(0);
@@ -361,7 +379,7 @@
mock_iptables.ApplyVpnSetup(usernames, interface, remove));
}
-TEST_F(IpTablesTest, ApplyVpnSetupRemoveFailure) {
+TEST_F(IpTablesTest, ApplyVpnSetupRemove_Failure) {
const std::vector<std::string> usernames = {"testuser0", "testuser1"};
const std::string interface = "ifc0";
const bool remove = false;
@@ -374,9 +392,11 @@
EXPECT_CALL(mock_iptables, ApplyMasquerade(kIp6TablesPath, interface, remove))
.Times(1)
.WillRepeatedly(Return(false));
+
EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, _, remove))
.Times(4)
.WillRepeatedly(Return(false));
+
EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(kIPv4, remove))
.Times(1)
.WillRepeatedly(Return(false));
@@ -386,6 +406,7 @@
EXPECT_CALL(mock_iptables, ApplyMasquerade(kIpTablesPath, interface, add))
.Times(0);
+
EXPECT_CALL(mock_iptables, ApplyMarkForUserTraffic(_, _, add))
.Times(0);
EXPECT_CALL(mock_iptables, ApplyRuleForUserTraffic(kIPv4, add)).Times(0);