1 /*
2 * Copyright 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 *
16 * sock_diag_test.cpp - unit tests for SockDiag.cpp
17 */
18
19 #include <sys/socket.h>
20 #include <netdb.h>
21 #include <arpa/inet.h>
22 #include <netinet/in.h>
23 #include <netinet/tcp.h>
24 #include <linux/inet_diag.h>
25
26 #include <gtest/gtest.h>
27 #include <netdutils/NetNativeTestBase.h>
28
29 #include "Fwmark.h"
30 #include "NetdConstants.h"
31 #include "SockDiag.h"
32 #include "UidRanges.h"
33
34 namespace android {
35 namespace net {
36
37 class SockDiagTest : public NetNativeTestBase {
38 protected:
isLoopbackSocket(const inet_diag_msg * msg)39 static bool isLoopbackSocket(const inet_diag_msg *msg) {
40 return SockDiag::isLoopbackSocket(msg);
41 };
42 };
43
bindAndListen(int s)44 uint16_t bindAndListen(int s) {
45 for (int i = 0; i < 10; i++) {
46 uint16_t port = 1024 + arc4random_uniform(0xffff - 1024);
47 sockaddr_in6 sin6 = { .sin6_family = AF_INET6, .sin6_port = htons(port) };
48 if (bind(s, (sockaddr *) &sin6, sizeof(sin6)) == 0) {
49 listen(s, 1);
50 return port;
51 }
52 }
53 close(s);
54 return 0;
55 }
56
tcpStateName(uint8_t state)57 const char *tcpStateName(uint8_t state) {
58 static const char *states[] = {
59 "???",
60 "TCP_ESTABLISHED",
61 "TCP_SYN_SENT",
62 "TCP_SYN_RECV",
63 "TCP_FIN_WAIT1",
64 "TCP_FIN_WAIT2",
65 "TCP_TIME_WAIT",
66 "TCP_CLOSE",
67 "TCP_CLOSE_WAIT",
68 "TCP_LAST_ACK",
69 "TCP_LISTEN",
70 "TCP_CLOSING",
71 "TCP_NEW_SYN_RECV",
72 };
73 return states[(state < ARRAY_SIZE(states)) ? state : 0];
74 }
75
TEST_F(SockDiagTest,TestDump)76 TEST_F(SockDiagTest, TestDump) {
77 int v4socket = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
78 ASSERT_NE(-1, v4socket) << "Failed to open IPv4 socket: " << strerror(errno);
79 int v6socket = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
80 ASSERT_NE(-1, v6socket) << "Failed to open IPv6 socket: " << strerror(errno);
81 int listensocket = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
82 ASSERT_NE(-1, listensocket) << "Failed to open listen socket: " << strerror(errno);
83
84 uint16_t port = bindAndListen(listensocket);
85 ASSERT_NE(0, port) << "Can't bind to server port";
86
87 // Connect to loopback.
88 sockaddr_in server4 = { .sin_family = AF_INET, .sin_port = htons(port) };
89 sockaddr_in6 server6 = { .sin6_family = AF_INET6, .sin6_port = htons(port) };
90 ASSERT_EQ(0, connect(v4socket, (sockaddr *) &server4, sizeof(server4)))
91 << "IPv4 connect failed: " << strerror(errno);
92 ASSERT_EQ(0, connect(v6socket, (sockaddr *) &server6, sizeof(server6)))
93 << "IPv6 connect failed: " << strerror(errno);
94
95 sockaddr_in6 client46, client6;
96 socklen_t clientlen = std::max(sizeof(client46), sizeof(client6));
97 int accepted4 = accept4(
98 listensocket, (sockaddr *) &client46, &clientlen, SOCK_CLOEXEC);
99 int accepted6 = accept4(
100 listensocket, (sockaddr *) &client6, &clientlen, SOCK_CLOEXEC);
101 ASSERT_NE(-1, accepted4);
102 ASSERT_NE(-1, accepted6);
103
104 int v4SocketsSeen = 0;
105 bool seenclient46 = false;
106 char src[INET6_ADDRSTRLEN], dst[INET6_ADDRSTRLEN];
107
108 fprintf(stderr, "Ports:\n server=%d. client46=%d, client6=%d\n",
109 port, ntohs(client46.sin6_port), ntohs(client6.sin6_port));
110
111 auto checkIPv4Dump = [&] (uint8_t /* proto */, const inet_diag_msg *msg) {
112 EXPECT_EQ(htonl(INADDR_LOOPBACK), msg->id.idiag_src[0]);
113 v4SocketsSeen++;
114 seenclient46 |= (msg->id.idiag_sport == client46.sin6_port);
115 inet_ntop(AF_INET, msg->id.idiag_src, src, sizeof(src));
116 inet_ntop(AF_INET, msg->id.idiag_src, dst, sizeof(dst));
117 fprintf(stderr, " v4 %s:%d -> %s:%d %s\n",
118 src, htons(msg->id.idiag_sport),
119 dst, htons(msg->id.idiag_dport),
120 tcpStateName(msg->idiag_state));
121 if (msg->idiag_state == TCP_ESTABLISHED) {
122 EXPECT_TRUE(isLoopbackSocket(msg));
123 }
124 return false;
125 };
126
127 int v6SocketsSeen = 0;
128 bool seenClient6 = false, seenServer46 = false, seenServer6 = false;
129
130 auto checkIPv6Dump = [&] (uint8_t /* proto */, const inet_diag_msg *msg) {
131 struct in6_addr *saddr = (struct in6_addr *) msg->id.idiag_src;
132 EXPECT_TRUE(
133 IN6_IS_ADDR_LOOPBACK(saddr) ||
134 (IN6_IS_ADDR_V4MAPPED(saddr) && saddr->s6_addr32[3] == htonl(INADDR_LOOPBACK)));
135 v6SocketsSeen++;
136 seenClient6 |= (msg->id.idiag_sport == client6.sin6_port);
137 seenServer46 |= (msg->id.idiag_sport == htons(port));
138 seenServer6 |= (msg->id.idiag_sport == htons(port));
139 inet_ntop(AF_INET6, msg->id.idiag_src, src, sizeof(src));
140 inet_ntop(AF_INET6, msg->id.idiag_src, dst, sizeof(dst));
141 fprintf(stderr, " v6 [%s]:%d -> [%s]:%d %s\n",
142 src, htons(msg->id.idiag_sport),
143 dst, htons(msg->id.idiag_dport),
144 tcpStateName(msg->idiag_state));
145 if (msg->idiag_state == TCP_ESTABLISHED) {
146 EXPECT_TRUE(isLoopbackSocket(msg));
147 }
148 return false;
149 };
150
151 SockDiag sd;
152 ASSERT_TRUE(sd.open()) << "Failed to open SOCK_DIAG socket";
153
154 int ret = sd.sendDumpRequest(IPPROTO_TCP, AF_INET, "127.0.0.1");
155 ASSERT_EQ(0, ret) << "Failed to send IPv4 dump request: " << strerror(-ret);
156 fprintf(stderr, "Sent IPv4 dump\n");
157 sd.readDiagMsg(IPPROTO_TCP, checkIPv4Dump);
158 EXPECT_GE(v4SocketsSeen, 1);
159 EXPECT_TRUE(seenclient46);
160 EXPECT_FALSE(seenServer46);
161
162 ret = sd.sendDumpRequest(IPPROTO_TCP, AF_INET6, "127.0.0.1");
163 ASSERT_EQ(0, ret) << "Failed to send mapped dump request: " << strerror(-ret);
164 fprintf(stderr, "Sent mapped dump\n");
165 sd.readDiagMsg(IPPROTO_TCP, checkIPv6Dump);
166 EXPECT_TRUE(seenServer46);
167
168 ret = sd.sendDumpRequest(IPPROTO_TCP, AF_INET6, "::1");
169 ASSERT_EQ(0, ret) << "Failed to send IPv6 dump request: " << strerror(-ret);
170 fprintf(stderr, "Sent IPv6 dump\n");
171
172 sd.readDiagMsg(IPPROTO_TCP, checkIPv6Dump);
173 EXPECT_GE(v6SocketsSeen, 1);
174 EXPECT_TRUE(seenClient6);
175 EXPECT_TRUE(seenServer6);
176
177 close(v4socket);
178 close(v6socket);
179 close(listensocket);
180 close(accepted4);
181 close(accepted6);
182 }
183
fillDiagAddr(__be32 addr[4],const sockaddr * sa)184 bool fillDiagAddr(__be32 addr[4], const sockaddr *sa) {
185 switch (sa->sa_family) {
186 case AF_INET: {
187 sockaddr_in *sin = (sockaddr_in *) sa;
188 memcpy(addr, &sin->sin_addr, sizeof(sin->sin_addr));
189 return true;
190 }
191 case AF_INET6: {
192 sockaddr_in6 *sin6 = (sockaddr_in6 *) sa;
193 memcpy(addr, &sin6->sin6_addr, sizeof(sin6->sin6_addr));
194 return true;
195 }
196 default:
197 return false;
198 }
199 }
200
makeDiagMessage(__u8 family,const sockaddr * src,const sockaddr * dst)201 inet_diag_msg makeDiagMessage(__u8 family, const sockaddr *src, const sockaddr *dst) {
202 inet_diag_msg msg = {
203 .idiag_family = family,
204 .idiag_state = TCP_ESTABLISHED,
205 .id =
206 {
207 .idiag_sport = 1234,
208 .idiag_dport = 4321,
209 },
210 .idiag_uid = AID_APP + 123,
211 .idiag_inode = 123456789,
212 };
213 EXPECT_TRUE(fillDiagAddr(msg.id.idiag_src, src));
214 EXPECT_TRUE(fillDiagAddr(msg.id.idiag_dst, dst));
215 return msg;
216 }
217
makeDiagMessage(const char * srcstr,const char * dststr)218 inet_diag_msg makeDiagMessage(const char* srcstr, const char* dststr) {
219 addrinfo hints = { .ai_flags = AI_NUMERICHOST }, *src, *dst;
220 EXPECT_EQ(0, getaddrinfo(srcstr, nullptr, &hints, &src));
221 EXPECT_EQ(0, getaddrinfo(dststr, nullptr, &hints, &dst));
222 EXPECT_EQ(src->ai_addr->sa_family, dst->ai_addr->sa_family);
223 inet_diag_msg msg = makeDiagMessage(src->ai_addr->sa_family, src->ai_addr, dst->ai_addr);
224 freeaddrinfo(src);
225 freeaddrinfo(dst);
226 return msg;
227 }
228
TEST_F(SockDiagTest,TestIsLoopbackSocket)229 TEST_F(SockDiagTest, TestIsLoopbackSocket) {
230 inet_diag_msg msg;
231
232 msg = makeDiagMessage("127.0.0.1", "127.0.0.1");
233 EXPECT_TRUE(isLoopbackSocket(&msg));
234
235 msg = makeDiagMessage("::1", "::1");
236 EXPECT_TRUE(isLoopbackSocket(&msg));
237
238 msg = makeDiagMessage("::1", "::ffff:127.0.0.1");
239 EXPECT_TRUE(isLoopbackSocket(&msg));
240
241 msg = makeDiagMessage("192.0.2.1", "192.0.2.1");
242 EXPECT_TRUE(isLoopbackSocket(&msg));
243
244 msg = makeDiagMessage("192.0.2.1", "8.8.8.8");
245 EXPECT_FALSE(isLoopbackSocket(&msg));
246
247 msg = makeDiagMessage("192.0.2.1", "127.0.0.1");
248 EXPECT_TRUE(isLoopbackSocket(&msg));
249
250 msg = makeDiagMessage("2001:db8::1", "2001:db8::1");
251 EXPECT_TRUE(isLoopbackSocket(&msg));
252
253 msg = makeDiagMessage("2001:db8::1", "2001:4860:4860::6464");
254 EXPECT_FALSE(isLoopbackSocket(&msg));
255
256 // While isLoopbackSocket returns true on these sockets, we usually don't want to close them
257 // because they aren't specific to any particular network and thus don't become unusable when
258 // an app's routing changes or its network access is removed.
259 //
260 // This isn't a problem, as anything that calls destroyLiveSockets will skip them because
261 // destroyLiveSockets only enumerates ESTABLISHED, SYN_SENT, and SYN_RECV sockets.
262 msg = makeDiagMessage("127.0.0.1", "0.0.0.0");
263 EXPECT_TRUE(isLoopbackSocket(&msg));
264
265 msg = makeDiagMessage("::1", "::");
266 EXPECT_TRUE(isLoopbackSocket(&msg));
267 }
268
269 enum MicroBenchmarkTestType {
270 ADDRESS,
271 UID,
272 UID_EXCLUDE_LOOPBACK,
273 UIDRANGE,
274 UIDRANGE_EXCLUDE_LOOPBACK,
275 PERMISSION,
276 };
277
testTypeName(MicroBenchmarkTestType mode)278 const char *testTypeName(MicroBenchmarkTestType mode) {
279 #define TO_STRING_TYPE(x) case ((x)): return #x;
280 switch((mode)) {
281 TO_STRING_TYPE(ADDRESS);
282 TO_STRING_TYPE(UID);
283 TO_STRING_TYPE(UID_EXCLUDE_LOOPBACK);
284 TO_STRING_TYPE(UIDRANGE);
285 TO_STRING_TYPE(UIDRANGE_EXCLUDE_LOOPBACK);
286 TO_STRING_TYPE(PERMISSION);
287 }
288 #undef TO_STRING_TYPE
289 }
290
291 static struct {
292 unsigned netId;
293 bool explicitlySelected;
294 Permission permission;
295 } permissionTestcases[] = {
296 { 42, false, PERMISSION_NONE, },
297 { 42, false, PERMISSION_NETWORK, },
298 { 42, false, PERMISSION_SYSTEM, },
299 { 42, true, PERMISSION_NONE, },
300 { 42, true, PERMISSION_NETWORK, },
301 { 42, true, PERMISSION_SYSTEM, },
302 { 43, false, PERMISSION_NONE, },
303 { 43, false, PERMISSION_NETWORK, },
304 { 43, false, PERMISSION_SYSTEM, },
305 { 43, true, PERMISSION_NONE, },
306 { 43, true, PERMISSION_NETWORK, },
307 { 43, true, PERMISSION_SYSTEM, },
308 };
309
310 class SockDiagMicroBenchmarkTest : public ::testing::TestWithParam<MicroBenchmarkTestType> {
311
312 public:
SetUp()313 void SetUp() {
314 ASSERT_TRUE(mSd.open()) << "Failed to open SOCK_DIAG socket";
315 }
316
317 protected:
318 SockDiag mSd;
319
320 constexpr static int MAX_SOCKETS = 500;
321 constexpr static int ADDRESS_SOCKETS = 500;
322 constexpr static int UID_SOCKETS = 50;
323 constexpr static int PERMISSION_SOCKETS = 16;
324
325 constexpr static uid_t START_UID = 8000; // START_UID + number of sockets must be <= 9999.
326 constexpr static int CLOSE_UID = START_UID + UID_SOCKETS - 42; // Close to the end
327 static_assert(START_UID + MAX_SOCKETS < 9999, "Too many sockets");
328
329 constexpr static int TEST_NETID = 42; // One of the OEM netIds.
330
331
howManySockets()332 int howManySockets() {
333 MicroBenchmarkTestType mode = GetParam();
334 switch (mode) {
335 case ADDRESS:
336 return ADDRESS_SOCKETS;
337 case UID:
338 case UID_EXCLUDE_LOOPBACK:
339 case UIDRANGE:
340 case UIDRANGE_EXCLUDE_LOOPBACK:
341 return UID_SOCKETS;
342 case PERMISSION:
343 return ARRAY_SIZE(permissionTestcases);
344 }
345 }
346
modifySocketForTest(int s,int i)347 int modifySocketForTest(int s, int i) {
348 MicroBenchmarkTestType mode = GetParam();
349 switch (mode) {
350 case UID:
351 case UID_EXCLUDE_LOOPBACK:
352 case UIDRANGE:
353 case UIDRANGE_EXCLUDE_LOOPBACK: {
354 uid_t uid = START_UID + i;
355 return fchown(s, uid, -1);
356 }
357 case PERMISSION: {
358 Fwmark fwmark;
359 fwmark.netId = permissionTestcases[i].netId;
360 fwmark.explicitlySelected = permissionTestcases[i].explicitlySelected;
361 fwmark.permission = permissionTestcases[i].permission;
362 return setsockopt(s, SOL_SOCKET, SO_MARK, &fwmark.intValue, sizeof(fwmark.intValue));
363 }
364 default:
365 return 0;
366 }
367 }
368
destroySockets()369 int destroySockets() {
370 MicroBenchmarkTestType mode = GetParam();
371 int ret;
372 switch (mode) {
373 case ADDRESS:
374 ret = mSd.destroySockets("::1", 0 /* ifindex */);
375 EXPECT_LE(0, ret) << ": Failed to destroy sockets on ::1: " << strerror(-ret);
376 break;
377 case UID:
378 case UID_EXCLUDE_LOOPBACK: {
379 bool excludeLoopback = (mode == UID_EXCLUDE_LOOPBACK);
380 ret = mSd.destroySockets(IPPROTO_TCP, CLOSE_UID, excludeLoopback);
381 EXPECT_LE(0, ret) << ": Failed to destroy sockets for UID " << CLOSE_UID << ": " <<
382 strerror(-ret);
383 break;
384 }
385 case UIDRANGE:
386 case UIDRANGE_EXCLUDE_LOOPBACK: {
387 bool excludeLoopback = (mode == UIDRANGE_EXCLUDE_LOOPBACK);
388 const char *uidRangeStrings[] = { "8005-8012", "8042", "8043", "8090-8099" };
389 std::set<uid_t> skipUids { 8007, 8043, 8098, 8099 };
390 UidRanges uidRanges;
391 uidRanges.parseFrom(ARRAY_SIZE(uidRangeStrings), (char **) uidRangeStrings);
392 ret = mSd.destroySockets(uidRanges, skipUids, excludeLoopback);
393 break;
394 }
395 case PERMISSION: {
396 ret = mSd.destroySocketsLackingPermission(TEST_NETID, PERMISSION_NETWORK, false);
397 break;
398 }
399 }
400 return ret;
401 }
402
shouldHaveClosedSocket(int i)403 bool shouldHaveClosedSocket(int i) {
404 MicroBenchmarkTestType mode = GetParam();
405 switch (mode) {
406 case ADDRESS:
407 return true;
408 case UID:
409 return i == CLOSE_UID - START_UID;
410 case UIDRANGE: {
411 uid_t uid = i + START_UID;
412 // Skip UIDs in skipUids.
413 if (uid == 8007 || uid == 8043 || uid == 8098 || uid == 8099) {
414 return false;
415 }
416 // Include UIDs in uidRanges.
417 if ((8005 <= uid && uid <= 8012) || uid == 8042 || (8090 <= uid && uid <= 8099)) {
418 return true;
419 }
420 return false;
421 }
422 case UID_EXCLUDE_LOOPBACK:
423 case UIDRANGE_EXCLUDE_LOOPBACK:
424 return false;
425 case PERMISSION:
426 if (permissionTestcases[i].netId != 42) return false;
427 if (permissionTestcases[i].explicitlySelected != 1) return true;
428 Permission permission = permissionTestcases[i].permission;
429 return permission != PERMISSION_NETWORK && permission != PERMISSION_SYSTEM;
430 }
431 }
432
checkSocketState(int i,int sock,const char * msg)433 bool checkSocketState(int i, int sock, const char *msg) {
434 const char data[] = "foo";
435 const int ret = send(sock, data, sizeof(data), 0);
436 const int err = errno;
437 if (!shouldHaveClosedSocket(i)) {
438 EXPECT_EQ((ssize_t) sizeof(data), ret) <<
439 "Write on open socket failed: " << strerror(err);
440 return false;
441 }
442
443 EXPECT_EQ(-1, ret) << msg << " " << i << " not closed";
444 if (ret != -1) {
445 return false;
446 }
447
448 // Since we're connected to ourselves, the error might be ECONNABORTED (if we destroyed the
449 // socket) or ECONNRESET (if the other end was destroyed and sent a RST).
450 EXPECT_TRUE(err == ECONNABORTED || err == ECONNRESET)
451 << msg << ": unexpected error: " << strerror(err);
452 return (err == ECONNABORTED); // Return true iff. SOCK_DESTROY closed this socket.
453 }
454 };
455
TEST_P(SockDiagMicroBenchmarkTest,TestMicroBenchmark)456 TEST_P(SockDiagMicroBenchmarkTest, TestMicroBenchmark) {
457 MicroBenchmarkTestType mode = GetParam();
458
459 int numSockets = howManySockets();
460
461 fprintf(stderr, "Benchmarking closing %d sockets based on %s\n",
462 numSockets, testTypeName(mode));
463
464 int listensocket = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
465 ASSERT_NE(-1, listensocket) << "Failed to open listen socket";
466
467 uint16_t port = bindAndListen(listensocket);
468 ASSERT_NE(0, port) << "Can't bind to server port";
469 sockaddr_in6 server = { .sin6_family = AF_INET6, .sin6_port = htons(port) };
470
471 using ms = std::chrono::duration<float, std::ratio<1, 1000>>;
472
473 int clientsockets[MAX_SOCKETS], serversockets[MAX_SOCKETS];
474 uint16_t clientports[MAX_SOCKETS];
475 sockaddr_in6 client;
476 socklen_t clientlen;
477
478 auto start = std::chrono::steady_clock::now();
479 for (int i = 0; i < numSockets; i++) {
480 int s = socket(AF_INET6, SOCK_STREAM | SOCK_CLOEXEC, 0);
481 clientlen = sizeof(client);
482 ASSERT_EQ(0, connect(s, (sockaddr *) &server, sizeof(server)))
483 << "Connecting socket " << i << " failed " << strerror(errno);
484 ASSERT_EQ(0, modifySocketForTest(s, i));
485 serversockets[i] = accept4(
486 listensocket, (sockaddr *) &client, &clientlen, SOCK_CLOEXEC);
487 ASSERT_NE(-1, serversockets[i])
488 << "Accepting socket " << i << " failed " << strerror(errno);
489 clientports[i] = client.sin6_port;
490 clientsockets[i] = s;
491 }
492 fprintf(stderr, " Connecting: %6.1f ms\n",
493 std::chrono::duration_cast<ms>(std::chrono::steady_clock::now() - start).count());
494
495 start = std::chrono::steady_clock::now();
496 destroySockets();
497 fprintf(stderr, " Destroying: %6.1f ms\n",
498 std::chrono::duration_cast<ms>(std::chrono::steady_clock::now() - start).count());
499
500 start = std::chrono::steady_clock::now();
501 int socketsClosed = 0;
502 for (int i = 0; i < numSockets; i++) {
503 socketsClosed += checkSocketState(i, clientsockets[i], "Client socket");
504 socketsClosed += checkSocketState(i, serversockets[i], "Server socket");
505 }
506 fprintf(stderr, " Verifying: %6.1f ms (%d sockets destroyed)\n",
507 std::chrono::duration_cast<ms>(std::chrono::steady_clock::now() - start).count(),
508 socketsClosed);
509 if (strstr(testTypeName(mode), "_EXCLUDE_LOOPBACK") == nullptr) {
510 EXPECT_GT(socketsClosed, 0); // Just in case there's a bug in the test.
511 }
512
513 start = std::chrono::steady_clock::now();
514 for (int i = 0; i < numSockets; i++) {
515 close(clientsockets[i]);
516 close(serversockets[i]);
517 }
518 fprintf(stderr, " Closing: %6.1f ms\n",
519 std::chrono::duration_cast<ms>(std::chrono::steady_clock::now() - start).count());
520
521 close(listensocket);
522 }
523
524 // "SockDiagTest.cpp:232: error: undefined reference to 'SockDiagMicroBenchmarkTest::CLOSE_UID'".
525 constexpr int SockDiagMicroBenchmarkTest::CLOSE_UID;
526
527 INSTANTIATE_TEST_CASE_P(Address, SockDiagMicroBenchmarkTest,
528 testing::Values(ADDRESS, UID, UIDRANGE,
529 UID_EXCLUDE_LOOPBACK, UIDRANGE_EXCLUDE_LOOPBACK,
530 PERMISSION));
531
532 } // namespace net
533 } // namespace android
534