Merge "logd: test: check sepolicy background rate before testing" am: 5a40c42877

am: 1961eab662 Change-Id: I7ce24090e02b9902c615c2263cfaba3134c2526e
2017-05-11 23:38:51 +00:00 · 2017-05-11 23:38:51 +00:00 · 5698594d8a
commit 5698594d8a
parent d819380f50 1961eab662
1 changed files with 81 additions and 59 deletions
--- a/logd/tests/logd_test.cpp
+++ b/logd/tests/logd_test.cpp
@ -32,8 +32,8 @@
 #include <android-base/stringprintf.h>
 #include <cutils/sockets.h>
 #include <gtest/gtest.h>
 #include <log/log.h>
 #include <private/android_filesystem_config.h>
 #include <private/android_logger.h>
 #ifdef __ANDROID__
 #include <selinux/selinux.h>
 #endif
@ -1061,8 +1061,8 @@ static pid_t sepolicy_rate(unsigned rate, unsigned num) {
    if (pid) {
        siginfo_t info = {};
-        if (TEMP_FAILURE_RETRY(waitid(P_PID, pid, &info, WEXITED))) return 0;
+        if (TEMP_FAILURE_RETRY(waitid(P_PID, pid, &info, WEXITED))) return -1;
-        if (info.si_status) return 0;
+        if (info.si_status) return -1;
        return pid;
    }
@ -1077,7 +1077,7 @@ static pid_t sepolicy_rate(unsigned rate, unsigned num) {
            freecon(context);
            _exit(-1);
            // NOTREACHED
-            return 0;
+            return -1;
        }
    }
@ -1106,25 +1106,39 @@ static pid_t sepolicy_rate(unsigned rate, unsigned num) {
        if (access(android::base::StringPrintf(file, num).c_str(), F_OK) == 0) {
            _exit(-1);
            // NOTREACHED
-            return 0;
+            return -1;
        }
        usleep(usec);
        --num;
    }
    _exit(0);
    // NOTREACHED
-    return 0;
+    return -1;
 }
 static constexpr int background_period = 10;
 static int count_avc(pid_t pid) {
    int count = 0;
-    if (pid == 0) return count;
+    // pid=-1 skip as pid is in error
    if (pid == (pid_t)-1) return count;
-    struct logger_list* logger_list;
+    // pid=0 means we want to report the background count of avc: activities
-    if (!(logger_list = android_logger_list_open(
+    struct logger_list* logger_list =
-              LOG_ID_EVENTS, ANDROID_LOG_RDONLY | ANDROID_LOG_NONBLOCK, 0, pid)))
+        pid ? android_logger_list_alloc(
                  ANDROID_LOG_RDONLY | ANDROID_LOG_NONBLOCK, 0, pid)
            : android_logger_list_alloc_time(
                  ANDROID_LOG_RDONLY | ANDROID_LOG_NONBLOCK,
                  log_time(android_log_clockid()) -
                      log_time(background_period, 0),
                  0);
    if (!logger_list) return count;
    struct logger* logger = android_logger_open(logger_list, LOG_ID_EVENTS);
    if (!logger) {
        android_logger_list_close(logger_list);
        return count;
    }
    for (;;) {
        log_msg log_msg;
@ -1156,56 +1170,64 @@ static int count_avc(pid_t pid) {
 }
 #endif
-TEST(logd, sepolicy_rate_limiter_maximum) {
+TEST(logd, sepolicy_rate_limiter) {
 #ifdef __ANDROID__
-    static const int rate = AUDIT_RATE_LIMIT_MAX;
+    int background_selinux_activity_too_high = count_avc(0);
-    static const int duration = 2;
+    if (background_selinux_activity_too_high > 2) {
-    // Two seconds of a liveable sustained rate
+        GTEST_LOG_(ERROR) << "Too much background selinux activity "
-    EXPECT_EQ(rate * duration, count_avc(sepolicy_rate(rate, rate * duration)));
+                          << background_selinux_activity_too_high * 60 /
-#else
+                                 background_period
-    GTEST_LOG_(INFO) << "This test does nothing.\n";
+                          << "/minute on the device, this test\n"
-#endif
+                          << "can not measure the functionality of the "
-}
+                          << "sepolicy rate limiter.  Expect test to\n"
-
+                          << "fail as this device is in a bad state, "
-TEST(logd, sepolicy_rate_limiter_sub_burst) {
+                          << "but is not strictly a unit test failure.";
-#ifdef __ANDROID__
+    }
-    // maximum period below half way between sustainable and burst rate.
+    // sepolicy_rate_limiter_maximum
-    static const int threshold =
+    {  // maximum precharch test block.
-        ((AUDIT_RATE_LIMIT_BURST_DURATION *
+        static constexpr int rate = AUDIT_RATE_LIMIT_MAX;
-          (AUDIT_RATE_LIMIT_DEFAULT + AUDIT_RATE_LIMIT_MAX)) +
+        static constexpr int duration = 2;
-         1) /
+        // Two seconds of a liveable sustained rate
-        2;
+        EXPECT_EQ(rate * duration,
-    static const int rate = (threshold / AUDIT_RATE_LIMIT_BURST_DURATION) - 1;
+                  count_avc(sepolicy_rate(rate, rate * duration)));
-    static const int duration = AUDIT_RATE_LIMIT_BURST_DURATION;
+    }
-    EXPECT_EQ(rate * duration, count_avc(sepolicy_rate(rate, rate * duration)));
+    // sepolicy_rate_limiter_sub_burst
-#else
+    {  // maximum period below half way between sustainable and burst rate
-    GTEST_LOG_(INFO) << "This test does nothing.\n";
+        static constexpr int threshold =
-#endif
+            ((AUDIT_RATE_LIMIT_BURST_DURATION *
-}
+              (AUDIT_RATE_LIMIT_DEFAULT + AUDIT_RATE_LIMIT_MAX)) +
-
+             1) /
-TEST(logd, sepolicy_rate_limiter_spam) {
+            2;
-#ifdef __ANDROID__
+        static constexpr int rate =
-    // maximum period of double the maximum burst rate
+            (threshold / AUDIT_RATE_LIMIT_BURST_DURATION) - 1;
-    static const int threshold =
+        static constexpr int duration = AUDIT_RATE_LIMIT_BURST_DURATION;
-        ((AUDIT_RATE_LIMIT_BURST_DURATION *
+        EXPECT_EQ(rate * duration,
-          (AUDIT_RATE_LIMIT_DEFAULT + AUDIT_RATE_LIMIT_MAX)) +
+                  count_avc(sepolicy_rate(rate, rate * duration)));
-         1) /
+    }
-        2;
+    // sepolicy_rate_limiter_spam
-    static const int rate = AUDIT_RATE_LIMIT_DEFAULT * 2;
+    {  // hit avc: hard beyond reason block.
-    static const int duration = threshold / AUDIT_RATE_LIMIT_DEFAULT;
+        // maximum period of double the maximum burst rate
-    EXPECT_GE(
+        static constexpr int threshold =
-        ((AUDIT_RATE_LIMIT_DEFAULT * duration) * 115) / 100,  // +15% margin
+            ((AUDIT_RATE_LIMIT_BURST_DURATION *
-        count_avc(sepolicy_rate(rate, rate * duration)));
+              (AUDIT_RATE_LIMIT_DEFAULT + AUDIT_RATE_LIMIT_MAX)) +
-    // give logd another 3 seconds to react to the burst before checking
+             1) /
-    sepolicy_rate(rate, rate * 3);
+            2;
-    // maximum period at double the maximum burst rate (spam filter kicked in)
+        static constexpr int rate = AUDIT_RATE_LIMIT_DEFAULT * 2;
-    EXPECT_GE(
+        static constexpr int duration = threshold / AUDIT_RATE_LIMIT_DEFAULT;
-        threshold * 2,
+        EXPECT_GE(
-        count_avc(sepolicy_rate(rate, rate * AUDIT_RATE_LIMIT_BURST_DURATION)));
+            ((AUDIT_RATE_LIMIT_DEFAULT * duration) * 115) / 100,  // +15% margin
-    // cool down, and check unspammy rate still works
+            count_avc(sepolicy_rate(rate, rate * duration)));
-    sleep(2);
+        // give logd another 3 seconds to react to the burst before checking
-    EXPECT_LE(AUDIT_RATE_LIMIT_BURST_DURATION - 1,  // allow _one_ to be lost
+        sepolicy_rate(rate, rate * 3);
-              count_avc(sepolicy_rate(1, AUDIT_RATE_LIMIT_BURST_DURATION)));
+        // maximum period at double maximum burst rate (spam filter kicked in)
        EXPECT_GE(threshold * 2,
                  count_avc(sepolicy_rate(
                      rate, rate * AUDIT_RATE_LIMIT_BURST_DURATION)));
        // cool down, and check unspammy rate still works
        sleep(2);
        EXPECT_LE(AUDIT_RATE_LIMIT_BURST_DURATION - 1,  // allow _one_ lost
                  count_avc(sepolicy_rate(1, AUDIT_RATE_LIMIT_BURST_DURATION)));
    }
 #else
    GTEST_LOG_(INFO) << "This test does nothing.\n";
 #endif