1 /*
2  * Copyright (C) 2011 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless requied by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  *
16  */
17 
18 /*
19  * This socket tagging test is to ensure that the
20  * netfilter/xt_qtaguid kernel module somewhat behaves as expected
21  * with respect to tagging sockets.
22  */
23 #include <assert.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <inttypes.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <gtest/gtest.h>
30 #include <sys/socket.h>
31 #include <sys/types.h>
32 #include <string>
33 
34 #define LOG_TAG "socketTagTest"
35 #include <utils/Log.h>
36 #include <testUtil.h>
37 
38 namespace android {
39 
40 class SockInfo {
41 public:
SockInfo()42     SockInfo() : fd(-1), addr(NULL) {};
43     int setup(uint64_t tag);
44     bool checkTag(uint64_t tag, uid_t uid);
45     int fd;
46     void *addr;
47 };
48 
49 
openCtrl()50 int openCtrl() {
51     int ctrl;
52     ctrl = open("/proc/net/xt_qtaguid/ctrl", O_RDWR);
53     if (!ctrl) {
54        testPrintE("qtaguid ctrl open failed: %s", strerror(errno));
55     }
56     return ctrl;
57 }
58 
59 int doCtrlCommand(const char *fmt, ...)
60     __attribute__((__format__(__printf__, 1, 2)));
61 
doCtrlCommand(const char * fmt,...)62 int doCtrlCommand(const char *fmt, ...) {
63     char *buff;
64     int ctrl;
65     int res;
66     va_list argp;
67 
68     va_start(argp, fmt);
69     ctrl = openCtrl();
70     vasprintf(&buff, fmt, argp);
71     errno = 0;
72     res = write(ctrl, buff, strlen(buff));
73     testPrintI("cmd: '%s' res=%d %d/%s", buff, res, errno, strerror(errno));
74     close(ctrl);
75     free(buff);
76     va_end(argp);
77     return res;
78 }
79 
80 
writeModuleParam(const char * param,const char * data)81 int writeModuleParam(const char *param, const char *data) {
82     int param_fd;
83     int res;
84     std::string filename("/sys/module/xt_qtaguid/parameters/");
85 
86     filename += param;
87     param_fd = open(filename.c_str(), O_WRONLY);
88     if (param_fd < 0) {
89         testPrintE("qtaguid param open failed: %s", strerror(errno));
90         return -1;
91     }
92     res = write(param_fd, data, strlen(data));
93     if (res < 0) {
94         testPrintE("qtaguid param write failed: %s", strerror(errno));
95     }
96     close(param_fd);
97     return res;
98 }
99 
100 /*----------------------------------------------------------------*/
setup(uint64_t tag)101 int SockInfo::setup(uint64_t tag) {
102     fd = socket(AF_INET, SOCK_STREAM, 0);
103     if (fd < 0) {
104         testPrintE("socket creation failed: %s", strerror(errno));
105         return -1;
106     }
107     if (doCtrlCommand("t %d %" PRIu64, fd, tag) < 0) {
108         testPrintE("socket setup: failed to tag");
109         close(fd);
110         return -1;
111     }
112     if (!checkTag(tag, getuid())) {
113         testPrintE("socket setup: Unexpected results: tag not found");
114         close(fd);
115         return -1;
116     }
117     if (doCtrlCommand("u %d", fd) < 0) {
118         testPrintE("socket setup: Unexpected results");
119         close(fd);
120         return -1;
121     }
122     return 0;
123 }
124 
125 /* checkTag() also tries to lookup the socket address in the kernel and
126  * return it when *addr  == NULL.
127  * This allows for better look ups when another process is also setting the same
128  * tag + uid. But it is not fool proof.
129  * Without the kernel reporting more info on who setup the socket tag, it is
130  * not easily verifiable from user-space.
131  * Returns: true if tag found.
132  */
checkTag(uint64_t acct_tag,uid_t uid)133 bool SockInfo::checkTag(uint64_t acct_tag, uid_t uid) {
134     int ctrl_fd;
135     ctrl_fd = openCtrl();
136     char ctrl_data[1024];
137     ssize_t read_size;
138     char *buff;
139     char *pos;
140     int res;
141     char *match_template;
142     uint64_t k_tag;
143     uint32_t k_uid;
144     uint64_t full_tag;
145     long dummy_count;
146     pid_t dummy_pid;
147 
148     read_size = read(ctrl_fd, ctrl_data, sizeof(ctrl_data));
149     if (read_size < 0) {
150        testPrintE("Unable to read active tags from ctrl %d/%s",
151                   errno, strerror(errno));
152     }
153     ctrl_data[read_size] = '\0';
154     testPrintI("<ctrl_raw_data>\n%s</ctrl_raw_data>", ctrl_data);
155 
156     if (addr) {
157         assert(sizeof(void*) == sizeof(long int));  // Why does %p use 0x? grrr. %lx.
158         asprintf(&match_template, "sock=%" PRIxPTR " %s", (uintptr_t)addr, "tag=0x%" PRIx64" (uid=%u)");
159     }
160     else {
161         /* Allocate for symmetry */
162         asprintf(&match_template, "%s", " tag=0x%" PRIx64 " (uid=%u)");
163     }
164 
165     full_tag = acct_tag | uid;
166 
167     asprintf(&buff, match_template, full_tag | uid, uid);
168     testPrintI("looking for '%s'", buff);
169     pos = strstr(ctrl_data, buff);
170 
171     if (pos && !addr) {
172         assert(sizeof(void*) == sizeof(long int));  // Why does %p use 0x? grrr. %lx.
173         res = sscanf(pos - strlen("sock=1234abcd"),
174                      "sock=%" SCNxPTR " tag=0x%" SCNx64 " (uid=%" SCNu32 ") pid=%u f_count=%lu",
175                      (uintptr_t *)&addr, &k_tag, &k_uid, &dummy_pid, &dummy_count );
176         if (!(res == 5 && k_tag == full_tag && k_uid == uid)) {
177             testPrintE("Unable to read sock addr res=%d", res);
178            addr = 0;
179         }
180         else {
181             testPrintI("Got sock_addr %lx", addr);
182         }
183     }
184     free(buff);
185     free(match_template);
186     close(ctrl_fd);
187     return pos != NULL;
188 }
189 
190 
191 class SocketTaggingTest : public ::testing::Test {
192 protected:
SetUp()193     virtual void SetUp() {
194         ctrl_fd = -1;
195         dev_fd = -1;
196         my_uid = getuid();
197         my_pid = getpid();
198         srand48(my_pid * my_uid);
199         // Adjust fake UIDs and tags so that multiple instances can run in parallel.
200         fake_uid = testRand();
201         fake_uid2 = testRand();
202         valid_tag1 = ((uint64_t)my_pid << 48) | ((uint64_t)testRand() << 32);
203         valid_tag2 = ((uint64_t)my_pid << 48) | ((uint64_t)testRand() << 32);
204         valid_tag2 &= 0xffffff00ffffffffllu;  // Leave some room to make counts visible.
205         testPrintI("* start: pid=%lu uid=%lu uid1=0x%lx/%lu uid2=0x%lx/%lu"
206                    " tag1=0x%" PRIx64 "/%" PRIu64 " tag2=0x%" PRIx64 "/% " PRIu64,
207                    (unsigned long)my_pid, (unsigned long)my_uid,
208                    (unsigned long)fake_uid, (unsigned long)fake_uid,
209                    (unsigned long)fake_uid2, (unsigned long)fake_uid2,
210                    valid_tag1, valid_tag1, valid_tag2, valid_tag2);
211         max_uint_tag = 0xffffffff00000000llu;
212         max_uint_tag = 1llu << 63 | (((uint64_t)my_pid << 48) ^ max_uint_tag);
213 
214         testPrintI("kernel has qtaguid");
215         ctrl_fd = openCtrl();
216         ASSERT_GE(ctrl_fd, 0) << "qtaguid ctrl open failed";
217         close(ctrl_fd);
218         dev_fd = open("/dev/xt_qtaguid", O_RDONLY);
219         EXPECT_GE(dev_fd, 0) << "qtaguid dev open failed";
220 
221         // We want to clean up any previous faulty test runs.
222         testPrintI("delete command does not fail");
223         EXPECT_GE(doCtrlCommand("d 0 %u", fake_uid), 0) << "Failed to delete fake_uid";
224         EXPECT_GE(doCtrlCommand("d 0 %u", fake_uid2), 0) << "Failed to delete fake_uid2";
225         EXPECT_GE(doCtrlCommand("d 0 %u", my_uid), 0) << "Failed to delete my_uid";
226 
227         testPrintI("setup sock0 and addr via tag");
228         ASSERT_FALSE(sock0.setup(valid_tag1))  << "socket0 setup failed";
229         testPrintI("setup sock1 and addr via tag");
230         ASSERT_FALSE(sock1.setup(valid_tag1))  << "socket1 setup failed";
231     }
232 
TearDown()233    virtual void TearDown() {
234        if (dev_fd >= 0) {
235            close(dev_fd);
236        }
237        if (ctrl_fd >= 0) {
238            close(ctrl_fd);
239        }
240    }
241 
242    SockInfo sock0;
243    SockInfo sock1;
244    int ctrl_fd;
245    int dev_fd;
246    uid_t fake_uid;
247    uid_t fake_uid2;
248    uid_t my_uid;
249    pid_t my_pid;
250    uint64_t valid_tag1;
251    uint64_t valid_tag2;
252    uint64_t max_uint_tag;
253    static const uint64_t invalid_tag1 = 0x0000000100000001llu;
254    static const int max_tags = 5;
255 };
256 
TEST_F(SocketTaggingTest,TagData)257 TEST_F(SocketTaggingTest, TagData) {
258     max_uint_tag = 0xffffffff00000000llu;
259     char *max_tags_str;
260 
261     testPrintI("setup tag limit");
262     asprintf(&max_tags_str, "%d", max_tags);
263     ASSERT_GE(writeModuleParam("max_sock_tags", max_tags_str), 0) << "Failed to setup tag limit";
264 
265     testPrintI("tag quota reach limit");
266     for (int cnt = 0; cnt < max_tags; cnt++ ) {
267         uint64_t tag = valid_tag2 + ((uint64_t)cnt << 32);
268         EXPECT_GE(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, tag , fake_uid2), 0)
269             << "Tagging within limit failed";
270         EXPECT_TRUE(sock0.checkTag(tag, fake_uid2))<<  "Unexpected results: tag not found";
271     }
272 
273     testPrintI("tag quota go over limit");
274     uint64_t new_tag = valid_tag2 + ((uint64_t)max_tags << 32);
275     EXPECT_LT(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, new_tag, fake_uid2), 0);
276     EXPECT_TRUE(sock0.checkTag(valid_tag2 + (((uint64_t)max_tags - 1) << 32),
277                                fake_uid2)) << "Unexpected results: tag not found";
278 
279     testPrintI("valid untag");
280     EXPECT_GE(doCtrlCommand("u %d", sock0.fd), 0);
281     EXPECT_FALSE(sock0.checkTag(valid_tag2 + (((uint64_t)max_tags - 1) << 32), fake_uid2))
282         << "Untagged tag should not be there";
283 
284     testPrintI("tag after untag should not free up max tags");
285     uint64_t new_tag2 = valid_tag2 + ((uint64_t)max_tags << 32);
286     EXPECT_LT(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, new_tag2 , fake_uid2), 0);
287     EXPECT_FALSE(sock0.checkTag(valid_tag2 + ((uint64_t)max_tags << 32), fake_uid2))
288         << "Tag should not be there";
289 
290     testPrintI("delete one tag");
291     uint64_t new_tag3 = valid_tag2 + (((uint64_t)max_tags / 2) << 32);
292     EXPECT_GE(doCtrlCommand("d %" PRIu64 " %u", new_tag3, fake_uid2), 0);
293 
294     testPrintI("2 tags after 1 delete pass/fail");
295     uint64_t new_tag4;
296     new_tag4 = valid_tag2 + (((uint64_t)max_tags + 1 ) << 32);
297     EXPECT_GE(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, new_tag4 , fake_uid2), 0);
298     EXPECT_TRUE(sock0.checkTag(valid_tag2 + (((uint64_t)max_tags + 1) << 32), fake_uid2))
299         << "Tag not found";
300     new_tag4 = valid_tag2 + (((uint64_t)max_tags + 2 ) << 32);
301     EXPECT_LT(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, new_tag4 , fake_uid2), 0);
302     EXPECT_FALSE(sock0.checkTag(valid_tag2 + (((uint64_t)max_tags + 2) << 32), fake_uid2))
303         << "Tag should not be there";
304 
305     /* TODO(jpa): test tagging two different sockets with same tags and
306      * check refcounts  the tag_node should be +2
307      */
308 }
309 
TEST_F(SocketTaggingTest,InsufficientArgsFails)310 TEST_F(SocketTaggingTest, InsufficientArgsFails) {
311     // Insufficient args. Expected failure
312     EXPECT_LE(doCtrlCommand("t"), 0) << "Insufficient args, should fail.";
313 }
314 
TEST_F(SocketTaggingTest,BadCommandFails)315 TEST_F(SocketTaggingTest, BadCommandFails) {
316     // Bad command. Expected failure";
317     EXPECT_LE(doCtrlCommand("?"), 0) << "Bad command, should fail";
318 }
319 
TEST_F(SocketTaggingTest,NoTagNoUid)320 TEST_F(SocketTaggingTest, NoTagNoUid) {
321     // no tag, no uid
322     EXPECT_GE(doCtrlCommand("t %d", sock0.fd), 0);
323     ASSERT_TRUE(sock0.checkTag(0, my_uid))  << "Tag not found";
324 }
325 
TEST_F(SocketTaggingTest,InvalidTagFail)326 TEST_F(SocketTaggingTest, InvalidTagFail) {
327     // Invalid tag. Expected failure
328     EXPECT_LE(doCtrlCommand("t %d %" PRIu64, sock0.fd, invalid_tag1), 0);
329     ASSERT_FALSE(sock0.checkTag(invalid_tag1, my_uid)) << "Tag should not be there";
330 }
331 
TEST_F(SocketTaggingTest,ValidTagWithNoUid)332 TEST_F(SocketTaggingTest, ValidTagWithNoUid) {
333     // Valid tag with no uid
334     EXPECT_GE(doCtrlCommand("t %d %" PRIu64, sock0.fd, valid_tag1), 0);
335     EXPECT_TRUE(sock0.checkTag(valid_tag1, my_uid)) << "Tag not found";
336 }
337 
TEST_F(SocketTaggingTest,ValidUntag)338 TEST_F(SocketTaggingTest, ValidUntag) {
339     // Valid untag
340     EXPECT_GE(doCtrlCommand("t %d %" PRIu64, sock0.fd, valid_tag1), 0);
341     EXPECT_TRUE(sock0.checkTag(valid_tag1, my_uid)) << "Tag not found";
342     EXPECT_GE(doCtrlCommand("u %d", sock0.fd), 0);
343     EXPECT_FALSE(sock0.checkTag(valid_tag1, my_uid)) << "Tag should be removed";
344 }
345 
TEST_F(SocketTaggingTest,ValidFirsttag)346 TEST_F(SocketTaggingTest, ValidFirsttag) {
347     // Valid 1st tag
348     EXPECT_GE(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, valid_tag2, fake_uid), 0);
349     EXPECT_TRUE(sock0.checkTag(valid_tag2, fake_uid)) << "Tag not found.";
350 }
351 
TEST_F(SocketTaggingTest,ValidReTag)352 TEST_F(SocketTaggingTest, ValidReTag) {
353     // Valid re-tag
354     EXPECT_GE(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, valid_tag2, fake_uid), 0);
355     EXPECT_GE(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, valid_tag2, fake_uid), 0);
356     EXPECT_TRUE(sock0.checkTag(valid_tag2, fake_uid)) << "Tag not found.";
357 }
358 
TEST_F(SocketTaggingTest,ValidReTagWithAcctTagChange)359 TEST_F(SocketTaggingTest, ValidReTagWithAcctTagChange) {
360     // Valid re-tag with acct_tag change
361     EXPECT_GE(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, valid_tag2, fake_uid), 0);
362     EXPECT_GE(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, valid_tag1, fake_uid), 0);
363     EXPECT_TRUE(sock0.checkTag(valid_tag1, fake_uid)) << "Tag not found.";
364 }
365 
TEST_F(SocketTaggingTest,ReTagWithUidChange)366 TEST_F(SocketTaggingTest, ReTagWithUidChange) {
367     // Re-tag with uid change
368     EXPECT_GE(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, valid_tag1, fake_uid), 0);
369     EXPECT_GE(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, valid_tag2, fake_uid2), 0);
370 }
371 
TEST_F(SocketTaggingTest,Valid64BitAcctTag)372 TEST_F(SocketTaggingTest, Valid64BitAcctTag) {
373     // Valid 64bit acct tag
374     EXPECT_GE(doCtrlCommand("t %d %" PRIu64, sock0.fd, max_uint_tag), 0);
375     EXPECT_TRUE(sock0.checkTag(max_uint_tag, my_uid)) << "Tag not found.";
376 }
377 
TEST_F(SocketTaggingTest,TagAnotherSocket)378 TEST_F(SocketTaggingTest, TagAnotherSocket) {
379     testPrintI("Tag two sockets");
380     EXPECT_GE(doCtrlCommand("t %d %" PRIu64, sock0.fd, max_uint_tag), 0);
381     EXPECT_GE(doCtrlCommand("t %d %" PRIu64 " %u", sock1.fd, valid_tag1, fake_uid2), 0);
382     EXPECT_TRUE(sock1.checkTag(valid_tag1, fake_uid2)) << "Tag not found.";
383     testPrintI("Untag socket0 of them only.");
384     EXPECT_GE(doCtrlCommand("u %d", sock0.fd), 0);
385     EXPECT_FALSE(sock0.checkTag(max_uint_tag, fake_uid)) << "Tag should not be there";
386     EXPECT_TRUE(sock1.checkTag(valid_tag1, fake_uid2)) << "Tag not found";
387     testPrintI("Now untag socket1 as well.");
388     EXPECT_GE(doCtrlCommand("u %d", sock1.fd), 0);
389     EXPECT_FALSE(sock1.checkTag(valid_tag1, fake_uid2)) << "Tag should not be there";
390 }
391 
TEST_F(SocketTaggingTest,TagInvalidSocketFail)392 TEST_F(SocketTaggingTest, TagInvalidSocketFail) {
393     // Invalid tag. Expected failure
394     close(sock0.fd);
395     EXPECT_LE(doCtrlCommand("t %d %" PRIu64 " %u", sock0.fd, valid_tag1, my_uid), 0);
396     EXPECT_FALSE(sock0.checkTag(valid_tag1, my_uid)) << "Tag should not be there";
397 }
398 
TEST_F(SocketTaggingTest,UntagInvalidSocketFail)399 TEST_F(SocketTaggingTest, UntagInvalidSocketFail) {
400     // Invalid untag. Expected failure";
401     close(sock1.fd);
402     EXPECT_LE(doCtrlCommand("u %d", sock1.fd), 0);
403 }
404 
405 }  // namespace android
406