mirror of
https://github.com/dart-lang/sdk
synced 2024-09-20 23:41:18 +00:00
[dart:io] Remove socket level checks for domain policy.
This partially reverts https://dart-review.googlesource.com/c/sdk/+/154180. The main mechanism for setting domain policy is still useful as we will use this to avoid insecure connections for higher level protocols (such as HTTP and gRPC). We already knew Android does not enforce network policy at socket level but it turns out iOS does not as well: > ATS doesn’t apply to calls your app makes to lower-level networking > interfaces like the Network framework or CFNetwork. In these cases, > you take responsibility for ensuring the security of the connection. This also resolves the need to fix https://github.com/dart-lang/sdk/issues/43223 as we are no longer enforcing the policy at socket level. Change-Id: I3913da8ea39dac2c5a70fdabe442775b18cfd0c5 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/161581 Reviewed-by: Martin Kustermann <kustermann@google.com> Commit-Queue: Mehmet Fidanboylu <mehmetf@google.com>
This commit is contained in:
parent
e498ca00dc
commit
5c4bf35a2b
|
@ -801,10 +801,6 @@ abstract class Socket implements Stream<Uint8List>, IOSink {
|
|||
{sourceAddress, Duration? timeout}) {
|
||||
final IOOverrides? overrides = IOOverrides.current;
|
||||
if (overrides == null) {
|
||||
if (!isInsecureConnectionAllowed(host)) {
|
||||
throw new SocketException(
|
||||
"Insecure socket connections are disallowed by platform: $host");
|
||||
}
|
||||
return Socket._connect(host, port,
|
||||
sourceAddress: sourceAddress, timeout: timeout);
|
||||
}
|
||||
|
@ -819,10 +815,6 @@ abstract class Socket implements Stream<Uint8List>, IOSink {
|
|||
{sourceAddress}) {
|
||||
final IOOverrides? overrides = IOOverrides.current;
|
||||
if (overrides == null) {
|
||||
if (!isInsecureConnectionAllowed(host)) {
|
||||
throw new SocketException(
|
||||
"Insecure socket connections are disallowed by platform: $host");
|
||||
}
|
||||
return Socket._startConnect(host, port, sourceAddress: sourceAddress);
|
||||
}
|
||||
return overrides.socketStartConnect(host, port,
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
// Copyright (c) 2020, the Dart project authors. Please see the AUTHORS file
|
||||
// for details. All rights reserved. Use of this source code is governed by a
|
||||
// BSD-style license that can be found in the LICENSE file.
|
||||
|
||||
// Test whether localhost connection succeeds even when insecure connections
|
||||
// are banned by default.
|
||||
// SharedOptions=-Ddart.library.io.may_insecurely_connect_to_all_domains=false
|
||||
|
||||
import 'dart:async';
|
||||
import 'dart:io';
|
||||
|
||||
import "package:async_helper/async_helper.dart";
|
||||
|
||||
void testDisallowedConnectionByDefault() {
|
||||
asyncExpectThrows(
|
||||
() async => await Socket.connect("domain.invalid", 80),
|
||||
(e) =>
|
||||
e is SocketException &&
|
||||
e.message.contains(
|
||||
"Insecure socket connections are disallowed by platform"));
|
||||
}
|
||||
|
||||
Future<void> testLocalhostConnection() async {
|
||||
ServerSocket server =
|
||||
await ServerSocket.bind(InternetAddress.loopbackIPv4, 0);
|
||||
Socket? socket;
|
||||
try {
|
||||
server.listen((_) {});
|
||||
socket = await Socket.connect(InternetAddress.loopbackIPv4, server.port);
|
||||
} finally {
|
||||
server.close();
|
||||
if (socket != null) {
|
||||
socket.close();
|
||||
await socket.done;
|
||||
socket.destroy();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Future<void> test() async {
|
||||
testDisallowedConnectionByDefault();
|
||||
await testLocalhostConnection();
|
||||
}
|
||||
|
||||
void main() {
|
||||
asyncStart();
|
||||
test().whenComplete(() => asyncEnd());
|
||||
}
|
|
@ -1,34 +0,0 @@
|
|||
// Copyright (c) 2020, the Dart project authors. Please see the AUTHORS file
|
||||
// for details. All rights reserved. Use of this source code is governed by a
|
||||
// BSD-style license that can be found in the LICENSE file.
|
||||
|
||||
// SharedOptions=-Ddart.library.io.domain_network_policies=[["notallowed.domain.invalid",true,false]]
|
||||
|
||||
import 'dart:io';
|
||||
|
||||
import "package:async_helper/async_helper.dart";
|
||||
|
||||
void testDisallowedConnection() {
|
||||
asyncExpectThrows(
|
||||
() async => await Socket.connect("foo.notallowed.domain.invalid", 12345),
|
||||
(e) {
|
||||
print((e as SocketException).message);
|
||||
return e is SocketException &&
|
||||
e.message.startsWith(
|
||||
"Insecure socket connections are disallowed by platform");
|
||||
});
|
||||
}
|
||||
|
||||
void testAllowedConnection() {
|
||||
asyncExpectThrows(
|
||||
() async => await Socket.connect("allowed.domain.invalid", 12345),
|
||||
(e) =>
|
||||
e is SocketException &&
|
||||
!e.message.startsWith(
|
||||
"Insecure socket connections are disallowed by platform"));
|
||||
}
|
||||
|
||||
void main() {
|
||||
testDisallowedConnection();
|
||||
testAllowedConnection();
|
||||
}
|
|
@ -19,7 +19,6 @@ entrypoints_verification_test: Skip # Requires shared objects which the test scr
|
|||
io/network_policy_configuration_test: Skip # Can't pass -D params containing quotes to adb.
|
||||
io/network_policy_invalid_domain_test: Skip # Can't pass -D params containing quotes to adb.
|
||||
io/network_policy_tie_breaker_test: Skip # Can't pass -D params containing quotes to adb.
|
||||
io/socket_network_policy_test: Skip # Can't pass -D params containing quotes to adb.
|
||||
|
||||
[ $arch == ia32 && $builder_tag == optimization_counter_threshold ]
|
||||
io/file_lock_test: SkipSlow # Timeout
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
// Copyright (c) 2020, the Dart project authors. Please see the AUTHORS file
|
||||
// for details. All rights reserved. Use of this source code is governed by a
|
||||
// BSD-style license that can be found in the LICENSE file.
|
||||
|
||||
// Test whether localhost connection succeeds even when insecure connections
|
||||
// are banned by default.
|
||||
// SharedOptions=-Ddart.library.io.may_insecurely_connect_to_all_domains=false
|
||||
|
||||
import 'dart:async';
|
||||
import 'dart:io';
|
||||
|
||||
import "package:async_helper/async_helper.dart";
|
||||
|
||||
void testDisallowedConnectionByDefault() {
|
||||
asyncExpectThrows(
|
||||
() async => await Socket.connect("domain.invalid", 80),
|
||||
(e) =>
|
||||
e is SocketException &&
|
||||
e.message.contains(
|
||||
"Insecure socket connections are disallowed by platform"));
|
||||
}
|
||||
|
||||
Future<void> testLocalhostConnection() async {
|
||||
ServerSocket server =
|
||||
await ServerSocket.bind(InternetAddress.loopbackIPv4, 0);
|
||||
Socket socket;
|
||||
try {
|
||||
server.listen((_) {});
|
||||
socket = await Socket.connect(InternetAddress.loopbackIPv4, server.port);
|
||||
} finally {
|
||||
server.close();
|
||||
if (socket != null) {
|
||||
socket.close();
|
||||
await socket.done;
|
||||
socket.destroy();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Future<void> test() async {
|
||||
testDisallowedConnectionByDefault();
|
||||
await testLocalhostConnection();
|
||||
}
|
||||
|
||||
void main() {
|
||||
asyncStart();
|
||||
test().whenComplete(() => asyncEnd());
|
||||
}
|
|
@ -1,34 +0,0 @@
|
|||
// Copyright (c) 2020, the Dart project authors. Please see the AUTHORS file
|
||||
// for details. All rights reserved. Use of this source code is governed by a
|
||||
// BSD-style license that can be found in the LICENSE file.
|
||||
|
||||
// SharedOptions=-Ddart.library.io.domain_network_policies=[["notallowed.domain.invalid",true,false]]
|
||||
|
||||
import 'dart:io';
|
||||
|
||||
import "package:async_helper/async_helper.dart";
|
||||
|
||||
void testDisallowedConnection() {
|
||||
asyncExpectThrows(
|
||||
() async => await Socket.connect("foo.notallowed.domain.invalid", 12345),
|
||||
(e) {
|
||||
print((e as SocketException).message);
|
||||
return e is SocketException &&
|
||||
e.message.startsWith(
|
||||
"Insecure socket connections are disallowed by platform");
|
||||
});
|
||||
}
|
||||
|
||||
void testAllowedConnection() {
|
||||
asyncExpectThrows(
|
||||
() async => await Socket.connect("allowed.domain.invalid", 12345),
|
||||
(e) =>
|
||||
e is SocketException &&
|
||||
!e.message.startsWith(
|
||||
"Insecure socket connections are disallowed by platform"));
|
||||
}
|
||||
|
||||
void main() {
|
||||
testDisallowedConnection();
|
||||
testAllowedConnection();
|
||||
}
|
|
@ -19,7 +19,6 @@ entrypoints_verification_test: Skip # Requires shared objects which the test scr
|
|||
io/network_policy_configuration_test: Skip # Can't pass -D params containing quotes to adb.
|
||||
io/network_policy_invalid_domain_test: Skip # Can't pass -D params containing quotes to adb.
|
||||
io/network_policy_tie_breaker_test: Skip # Can't pass -D params containing quotes to adb.
|
||||
io/socket_network_policy_test: Skip # Can't pass -D params containing quotes to adb.
|
||||
|
||||
[ $arch == ia32 && $builder_tag == optimization_counter_threshold ]
|
||||
io/file_lock_test: SkipSlow # Timeout
|
||||
|
|
Loading…
Reference in a new issue