Merge "[MS03] Remove ServiceNotFoundException hidden API usage"
diff --git a/framework-t/Sources.bp b/framework-t/Sources.bp
index 9c07f39..931a55b 100644
--- a/framework-t/Sources.bp
+++ b/framework-t/Sources.bp
@@ -100,15 +100,40 @@
],
}
+// IpSec related libraries.
+
+filegroup {
+ name: "framework-connectivity-ipsec-sources",
+ srcs: [
+ "src/android/net/IIpSecService.aidl",
+ "src/android/net/IpSec*.*",
+ ],
+ path: "src",
+ visibility: [
+ "//visibility:private",
+ ],
+}
+
// Connectivity-T common libraries.
filegroup {
+ name: "framework-connectivity-tiramisu-internal-sources",
+ srcs: [
+ "src/android/net/ConnectivityFrameworkInitializerTiramisu.java",
+ ],
+ path: "src",
+ visibility: [
+ "//visibility:private",
+ ],
+}
+
+filegroup {
name: "framework-connectivity-tiramisu-sources",
srcs: [
+ ":framework-connectivity-ipsec-sources",
":framework-connectivity-netstats-sources",
":framework-connectivity-nsd-sources",
+ ":framework-connectivity-tiramisu-internal-sources",
],
- visibility: [
- "//frameworks/base",
- ],
-}
\ No newline at end of file
+ visibility: ["//frameworks/base"],
+}
diff --git a/framework-t/src/android/net/ConnectivityFrameworkInitializerTiramisu.java b/framework-t/src/android/net/ConnectivityFrameworkInitializerTiramisu.java
new file mode 100644
index 0000000..630f902
--- /dev/null
+++ b/framework-t/src/android/net/ConnectivityFrameworkInitializerTiramisu.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.net;
+
+import android.annotation.SystemApi;
+import android.app.SystemServiceRegistry;
+import android.content.Context;
+import android.net.nsd.INsdManager;
+import android.net.nsd.NsdManager;
+
+/**
+ * Class for performing registration for Connectivity services which are exposed via updatable APIs
+ * since Android T.
+ *
+ * @hide
+ */
+@SystemApi(client = SystemApi.Client.MODULE_LIBRARIES)
+public final class ConnectivityFrameworkInitializerTiramisu {
+ private ConnectivityFrameworkInitializerTiramisu() {}
+
+ /**
+ * Called by {@link SystemServiceRegistry}'s static initializer and registers nsd services to
+ * {@link Context}, so that {@link Context#getSystemService} can return them.
+ *
+ * @throws IllegalStateException if this is called anywhere besides
+ * {@link SystemServiceRegistry}.
+ */
+ public static void registerServiceWrappers() {
+ SystemServiceRegistry.registerContextAwareService(
+ Context.NSD_SERVICE,
+ NsdManager.class,
+ (context, serviceBinder) -> {
+ INsdManager service = INsdManager.Stub.asInterface(serviceBinder);
+ return new NsdManager(context, service);
+ }
+ );
+ }
+}
diff --git a/core/java/android/net/IIpSecService.aidl b/framework-t/src/android/net/IIpSecService.aidl
similarity index 100%
rename from core/java/android/net/IIpSecService.aidl
rename to framework-t/src/android/net/IIpSecService.aidl
diff --git a/core/java/android/net/IpSecAlgorithm.java b/framework-t/src/android/net/IpSecAlgorithm.java
similarity index 99%
rename from core/java/android/net/IpSecAlgorithm.java
rename to framework-t/src/android/net/IpSecAlgorithm.java
index 8605248..840af28 100644
--- a/core/java/android/net/IpSecAlgorithm.java
+++ b/framework-t/src/android/net/IpSecAlgorithm.java
@@ -297,7 +297,7 @@
return mTruncLenBits;
}
- /* Parcelable Implementation */
+ /** Parcelable Implementation */
public int describeContents() {
return 0;
}
diff --git a/core/java/android/net/IpSecConfig.aidl b/framework-t/src/android/net/IpSecConfig.aidl
similarity index 100%
rename from core/java/android/net/IpSecConfig.aidl
rename to framework-t/src/android/net/IpSecConfig.aidl
diff --git a/core/java/android/net/IpSecConfig.java b/framework-t/src/android/net/IpSecConfig.java
similarity index 100%
rename from core/java/android/net/IpSecConfig.java
rename to framework-t/src/android/net/IpSecConfig.java
diff --git a/core/java/android/net/IpSecManager.java b/framework-t/src/android/net/IpSecManager.java
similarity index 98%
rename from core/java/android/net/IpSecManager.java
rename to framework-t/src/android/net/IpSecManager.java
index c106807..8376299 100644
--- a/core/java/android/net/IpSecManager.java
+++ b/framework-t/src/android/net/IpSecManager.java
@@ -99,9 +99,9 @@
/** @hide */
public interface Status {
- public static final int OK = 0;
- public static final int RESOURCE_UNAVAILABLE = 1;
- public static final int SPI_UNAVAILABLE = 2;
+ int OK = 0;
+ int RESOURCE_UNAVAILABLE = 1;
+ int SPI_UNAVAILABLE = 2;
}
/** @hide */
@@ -276,7 +276,7 @@
* @param destinationAddress the destination address for traffic bearing the requested SPI.
* For inbound traffic, the destination should be an address currently assigned on-device.
* @return the reserved SecurityParameterIndex
- * @throws {@link #ResourceUnavailableException} indicating that too many SPIs are
+ * @throws ResourceUnavailableException indicating that too many SPIs are
* currently allocated for this user
*/
@NonNull
@@ -307,9 +307,9 @@
* @param requestedSpi the requested SPI. The range 1-255 is reserved and may not be used. See
* RFC 4303 Section 2.1.
* @return the reserved SecurityParameterIndex
- * @throws {@link #ResourceUnavailableException} indicating that too many SPIs are
+ * @throws ResourceUnavailableException indicating that too many SPIs are
* currently allocated for this user
- * @throws {@link #SpiUnavailableException} indicating that the requested SPI could not be
+ * @throws SpiUnavailableException indicating that the requested SPI could not be
* reserved
*/
@NonNull
diff --git a/core/java/android/net/IpSecSpiResponse.aidl b/framework-t/src/android/net/IpSecSpiResponse.aidl
similarity index 100%
rename from core/java/android/net/IpSecSpiResponse.aidl
rename to framework-t/src/android/net/IpSecSpiResponse.aidl
diff --git a/core/java/android/net/IpSecSpiResponse.java b/framework-t/src/android/net/IpSecSpiResponse.java
similarity index 100%
rename from core/java/android/net/IpSecSpiResponse.java
rename to framework-t/src/android/net/IpSecSpiResponse.java
diff --git a/core/java/android/net/IpSecTransform.java b/framework-t/src/android/net/IpSecTransform.java
similarity index 100%
rename from core/java/android/net/IpSecTransform.java
rename to framework-t/src/android/net/IpSecTransform.java
diff --git a/core/java/android/net/IpSecTransformResponse.aidl b/framework-t/src/android/net/IpSecTransformResponse.aidl
similarity index 100%
rename from core/java/android/net/IpSecTransformResponse.aidl
rename to framework-t/src/android/net/IpSecTransformResponse.aidl
diff --git a/core/java/android/net/IpSecTransformResponse.java b/framework-t/src/android/net/IpSecTransformResponse.java
similarity index 95%
rename from core/java/android/net/IpSecTransformResponse.java
rename to framework-t/src/android/net/IpSecTransformResponse.java
index a384889..363f316 100644
--- a/core/java/android/net/IpSecTransformResponse.java
+++ b/framework-t/src/android/net/IpSecTransformResponse.java
@@ -60,7 +60,8 @@
resourceId = in.readInt();
}
- public static final @android.annotation.NonNull Parcelable.Creator<IpSecTransformResponse> CREATOR =
+ @android.annotation.NonNull
+ public static final Parcelable.Creator<IpSecTransformResponse> CREATOR =
new Parcelable.Creator<IpSecTransformResponse>() {
public IpSecTransformResponse createFromParcel(Parcel in) {
return new IpSecTransformResponse(in);
diff --git a/core/java/android/net/IpSecTunnelInterfaceResponse.aidl b/framework-t/src/android/net/IpSecTunnelInterfaceResponse.aidl
similarity index 100%
rename from core/java/android/net/IpSecTunnelInterfaceResponse.aidl
rename to framework-t/src/android/net/IpSecTunnelInterfaceResponse.aidl
diff --git a/core/java/android/net/IpSecTunnelInterfaceResponse.java b/framework-t/src/android/net/IpSecTunnelInterfaceResponse.java
similarity index 95%
rename from core/java/android/net/IpSecTunnelInterfaceResponse.java
rename to framework-t/src/android/net/IpSecTunnelInterfaceResponse.java
index e3411e0..127e30a 100644
--- a/core/java/android/net/IpSecTunnelInterfaceResponse.java
+++ b/framework-t/src/android/net/IpSecTunnelInterfaceResponse.java
@@ -65,7 +65,8 @@
interfaceName = in.readString();
}
- public static final @android.annotation.NonNull Parcelable.Creator<IpSecTunnelInterfaceResponse> CREATOR =
+ @android.annotation.NonNull
+ public static final Parcelable.Creator<IpSecTunnelInterfaceResponse> CREATOR =
new Parcelable.Creator<IpSecTunnelInterfaceResponse>() {
public IpSecTunnelInterfaceResponse createFromParcel(Parcel in) {
return new IpSecTunnelInterfaceResponse(in);
diff --git a/core/java/android/net/IpSecUdpEncapResponse.aidl b/framework-t/src/android/net/IpSecUdpEncapResponse.aidl
similarity index 100%
rename from core/java/android/net/IpSecUdpEncapResponse.aidl
rename to framework-t/src/android/net/IpSecUdpEncapResponse.aidl
diff --git a/core/java/android/net/IpSecUdpEncapResponse.java b/framework-t/src/android/net/IpSecUdpEncapResponse.java
similarity index 96%
rename from core/java/android/net/IpSecUdpEncapResponse.java
rename to framework-t/src/android/net/IpSecUdpEncapResponse.java
index 4e7ba9b..732cf19 100644
--- a/core/java/android/net/IpSecUdpEncapResponse.java
+++ b/framework-t/src/android/net/IpSecUdpEncapResponse.java
@@ -18,6 +18,7 @@
import android.os.Parcel;
import android.os.ParcelFileDescriptor;
import android.os.Parcelable;
+
import java.io.FileDescriptor;
import java.io.IOException;
@@ -83,7 +84,8 @@
fileDescriptor = in.readParcelable(ParcelFileDescriptor.class.getClassLoader());
}
- public static final @android.annotation.NonNull Parcelable.Creator<IpSecUdpEncapResponse> CREATOR =
+ @android.annotation.NonNull
+ public static final Parcelable.Creator<IpSecUdpEncapResponse> CREATOR =
new Parcelable.Creator<IpSecUdpEncapResponse>() {
public IpSecUdpEncapResponse createFromParcel(Parcel in) {
return new IpSecUdpEncapResponse(in);
diff --git a/framework-t/src/android/net/nsd/NsdManager.java b/framework-t/src/android/net/nsd/NsdManager.java
index 6c597e2..0f21e55 100644
--- a/framework-t/src/android/net/nsd/NsdManager.java
+++ b/framework-t/src/android/net/nsd/NsdManager.java
@@ -16,10 +16,6 @@
package android.net.nsd;
-import static com.android.internal.util.Preconditions.checkArgument;
-import static com.android.internal.util.Preconditions.checkNotNull;
-import static com.android.internal.util.Preconditions.checkStringNotEmpty;
-
import android.annotation.SdkConstant;
import android.annotation.SdkConstant.SdkConstantType;
import android.annotation.SystemService;
@@ -32,11 +28,13 @@
import android.os.Looper;
import android.os.Message;
import android.os.RemoteException;
+import android.text.TextUtils;
import android.util.Log;
import android.util.SparseArray;
import com.android.internal.annotations.VisibleForTesting;
-import com.android.internal.util.Protocol;
+
+import java.util.Objects;
/**
* The Network Service Discovery Manager class provides the API to discover services
@@ -175,65 +173,63 @@
*/
public static final int NSD_STATE_ENABLED = 2;
- private static final int BASE = Protocol.BASE_NSD_MANAGER;
+ /** @hide */
+ public static final int DISCOVER_SERVICES = 1;
+ /** @hide */
+ public static final int DISCOVER_SERVICES_STARTED = 2;
+ /** @hide */
+ public static final int DISCOVER_SERVICES_FAILED = 3;
+ /** @hide */
+ public static final int SERVICE_FOUND = 4;
+ /** @hide */
+ public static final int SERVICE_LOST = 5;
/** @hide */
- public static final int DISCOVER_SERVICES = BASE + 1;
+ public static final int STOP_DISCOVERY = 6;
/** @hide */
- public static final int DISCOVER_SERVICES_STARTED = BASE + 2;
+ public static final int STOP_DISCOVERY_FAILED = 7;
/** @hide */
- public static final int DISCOVER_SERVICES_FAILED = BASE + 3;
- /** @hide */
- public static final int SERVICE_FOUND = BASE + 4;
- /** @hide */
- public static final int SERVICE_LOST = BASE + 5;
+ public static final int STOP_DISCOVERY_SUCCEEDED = 8;
/** @hide */
- public static final int STOP_DISCOVERY = BASE + 6;
+ public static final int REGISTER_SERVICE = 9;
/** @hide */
- public static final int STOP_DISCOVERY_FAILED = BASE + 7;
+ public static final int REGISTER_SERVICE_FAILED = 10;
/** @hide */
- public static final int STOP_DISCOVERY_SUCCEEDED = BASE + 8;
+ public static final int REGISTER_SERVICE_SUCCEEDED = 11;
/** @hide */
- public static final int REGISTER_SERVICE = BASE + 9;
+ public static final int UNREGISTER_SERVICE = 12;
/** @hide */
- public static final int REGISTER_SERVICE_FAILED = BASE + 10;
+ public static final int UNREGISTER_SERVICE_FAILED = 13;
/** @hide */
- public static final int REGISTER_SERVICE_SUCCEEDED = BASE + 11;
+ public static final int UNREGISTER_SERVICE_SUCCEEDED = 14;
/** @hide */
- public static final int UNREGISTER_SERVICE = BASE + 12;
+ public static final int RESOLVE_SERVICE = 15;
/** @hide */
- public static final int UNREGISTER_SERVICE_FAILED = BASE + 13;
+ public static final int RESOLVE_SERVICE_FAILED = 16;
/** @hide */
- public static final int UNREGISTER_SERVICE_SUCCEEDED = BASE + 14;
+ public static final int RESOLVE_SERVICE_SUCCEEDED = 17;
/** @hide */
- public static final int RESOLVE_SERVICE = BASE + 18;
- /** @hide */
- public static final int RESOLVE_SERVICE_FAILED = BASE + 19;
- /** @hide */
- public static final int RESOLVE_SERVICE_SUCCEEDED = BASE + 20;
+ public static final int DAEMON_CLEANUP = 18;
/** @hide */
- public static final int DAEMON_CLEANUP = BASE + 21;
+ public static final int DAEMON_STARTUP = 19;
/** @hide */
- public static final int DAEMON_STARTUP = BASE + 22;
+ public static final int ENABLE = 20;
+ /** @hide */
+ public static final int DISABLE = 21;
/** @hide */
- public static final int ENABLE = BASE + 24;
- /** @hide */
- public static final int DISABLE = BASE + 25;
+ public static final int NATIVE_DAEMON_EVENT = 22;
/** @hide */
- public static final int NATIVE_DAEMON_EVENT = BASE + 26;
-
+ public static final int REGISTER_CLIENT = 23;
/** @hide */
- public static final int REGISTER_CLIENT = BASE + 27;
- /** @hide */
- public static final int UNREGISTER_CLIENT = BASE + 28;
+ public static final int UNREGISTER_CLIENT = 24;
/** Dns based service discovery protocol */
public static final int PROTOCOL_DNS_SD = 0x0001;
@@ -550,7 +546,9 @@
final int key;
synchronized (mMapLock) {
int valueIndex = mListenerMap.indexOfValue(listener);
- checkArgument(valueIndex == -1, "listener already in use");
+ if (valueIndex != -1) {
+ throw new IllegalArgumentException("listener already in use");
+ }
key = nextListenerKey();
mListenerMap.put(key, listener);
mServiceMap.put(key, s);
@@ -569,7 +567,9 @@
checkListener(listener);
synchronized (mMapLock) {
int valueIndex = mListenerMap.indexOfValue(listener);
- checkArgument(valueIndex != -1, "listener not registered");
+ if (valueIndex == -1) {
+ throw new IllegalArgumentException("listener not registered");
+ }
return mListenerMap.keyAt(valueIndex);
}
}
@@ -598,7 +598,9 @@
*/
public void registerService(NsdServiceInfo serviceInfo, int protocolType,
RegistrationListener listener) {
- checkArgument(serviceInfo.getPort() > 0, "Invalid port number");
+ if (serviceInfo.getPort() <= 0) {
+ throw new IllegalArgumentException("Invalid port number");
+ }
checkServiceInfo(serviceInfo);
checkProtocol(protocolType);
int key = putListener(listener, serviceInfo);
@@ -660,7 +662,9 @@
* Cannot be null. Cannot be in use for an active service discovery.
*/
public void discoverServices(String serviceType, int protocolType, DiscoveryListener listener) {
- checkStringNotEmpty(serviceType, "Service type cannot be empty");
+ if (TextUtils.isEmpty(serviceType)) {
+ throw new IllegalArgumentException("Service type cannot be empty");
+ }
checkProtocol(protocolType);
NsdServiceInfo s = new NsdServiceInfo();
@@ -719,16 +723,22 @@
}
private static void checkListener(Object listener) {
- checkNotNull(listener, "listener cannot be null");
+ Objects.requireNonNull(listener, "listener cannot be null");
}
private static void checkProtocol(int protocolType) {
- checkArgument(protocolType == PROTOCOL_DNS_SD, "Unsupported protocol");
+ if (protocolType != PROTOCOL_DNS_SD) {
+ throw new IllegalArgumentException("Unsupported protocol");
+ }
}
private static void checkServiceInfo(NsdServiceInfo serviceInfo) {
- checkNotNull(serviceInfo, "NsdServiceInfo cannot be null");
- checkStringNotEmpty(serviceInfo.getServiceName(), "Service name cannot be empty");
- checkStringNotEmpty(serviceInfo.getServiceType(), "Service type cannot be empty");
+ Objects.requireNonNull(serviceInfo, "NsdServiceInfo cannot be null");
+ if (TextUtils.isEmpty(serviceInfo.getServiceName())) {
+ throw new IllegalArgumentException("Service name cannot be empty");
+ }
+ if (TextUtils.isEmpty(serviceInfo.getServiceType())) {
+ throw new IllegalArgumentException("Service type cannot be empty");
+ }
}
}
diff --git a/service-t/Sources.bp b/service-t/Sources.bp
index 6a64910..7b88176 100644
--- a/service-t/Sources.bp
+++ b/service-t/Sources.bp
@@ -48,16 +48,28 @@
],
}
+// IpSec related libraries.
+
+filegroup {
+ name: "services.connectivity-ipsec-sources",
+ srcs: [
+ "src/com/android/server/IpSecService.java",
+ ],
+ path: "src",
+ visibility: [
+ "//visibility:private",
+ ],
+}
+
// Connectivity-T common libraries.
filegroup {
name: "services.connectivity-tiramisu-sources",
srcs: [
+ ":services.connectivity-ipsec-sources",
":services.connectivity-netstats-sources",
":services.connectivity-nsd-sources",
],
path: "src",
- visibility: [
- "//frameworks/base/services/core",
- ],
-}
\ No newline at end of file
+ visibility: ["//frameworks/base/services/core"],
+}
diff --git a/services/core/java/com/android/server/IpSecService.java b/service-t/src/com/android/server/IpSecService.java
similarity index 95%
rename from services/core/java/com/android/server/IpSecService.java
rename to service-t/src/com/android/server/IpSecService.java
index aeb8143..f251b86 100644
--- a/services/core/java/com/android/server/IpSecService.java
+++ b/service-t/src/com/android/server/IpSecService.java
@@ -119,6 +119,7 @@
/* Binder context for this service */
private final Context mContext;
+ private final Dependencies mDeps;
/**
* The next non-repeating global ID for tracking resources between users, this service, and
@@ -129,23 +130,24 @@
@GuardedBy("IpSecService.this")
private int mNextResourceId = 1;
- interface IpSecServiceConfiguration {
- INetd getNetdInstance() throws RemoteException;
-
- static IpSecServiceConfiguration GETSRVINSTANCE =
- new IpSecServiceConfiguration() {
- @Override
- public INetd getNetdInstance() throws RemoteException {
- final INetd netd = NetdService.getInstance();
- if (netd == null) {
- throw new RemoteException("Failed to Get Netd Instance");
- }
- return netd;
- }
- };
+ /**
+ * Dependencies of IpSecService, for injection in tests.
+ */
+ @VisibleForTesting
+ public static class Dependencies {
+ /**
+ * Get a reference to INetd.
+ */
+ public INetd getNetdInstance(Context context) throws RemoteException {
+ final INetd netd = INetd.Stub.asInterface((IBinder)
+ context.getSystemService(Context.NETD_SERVICE));
+ if (netd == null) {
+ throw new RemoteException("Failed to Get Netd Instance");
+ }
+ return netd;
+ }
}
- private final IpSecServiceConfiguration mSrvConfig;
final UidFdTagger mUidFdTagger;
/**
@@ -491,8 +493,8 @@
* <p>This class associates kernel resources with the UID that owns and controls them.
*/
private abstract class OwnedResourceRecord implements IResource {
- final int pid;
- final int uid;
+ final int mPid;
+ final int mUid;
protected final int mResourceId;
OwnedResourceRecord(int resourceId) {
@@ -501,8 +503,8 @@
throw new IllegalArgumentException("Resource ID must not be INVALID_RESOURCE_ID");
}
mResourceId = resourceId;
- pid = Binder.getCallingPid();
- uid = Binder.getCallingUid();
+ mPid = Binder.getCallingPid();
+ mUid = Binder.getCallingUid();
getResourceTracker().take();
}
@@ -512,7 +514,7 @@
/** Convenience method; retrieves the user resource record for the stored UID. */
protected UserRecord getUserRecord() {
- return mUserResourceTracker.getUserRecord(uid);
+ return mUserResourceTracker.getUserRecord(mUid);
}
@Override
@@ -527,9 +529,9 @@
.append("{mResourceId=")
.append(mResourceId)
.append(", pid=")
- .append(pid)
+ .append(mPid)
.append(", uid=")
- .append(uid)
+ .append(mUid)
.append("}")
.toString();
}
@@ -545,7 +547,7 @@
SparseArray<RefcountedResource<T>> mArray = new SparseArray<>();
private final String mTypeName;
- public RefcountedResourceArray(String typeName) {
+ RefcountedResourceArray(String typeName) {
this.mTypeName = typeName;
}
@@ -625,10 +627,10 @@
public void freeUnderlyingResources() {
int spi = mSpi.getSpi();
try {
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecDeleteSecurityAssociation(
- uid,
+ mUid,
mConfig.getSourceAddress(),
mConfig.getDestinationAddress(),
spi,
@@ -678,11 +680,14 @@
private final String mSourceAddress;
private final String mDestinationAddress;
private int mSpi;
+ private final Context mContext;
private boolean mOwnedByTransform = false;
- SpiRecord(int resourceId, String sourceAddress, String destinationAddress, int spi) {
+ SpiRecord(Context context, int resourceId, String sourceAddress,
+ String destinationAddress, int spi) {
super(resourceId);
+ mContext = context;
mSourceAddress = sourceAddress;
mDestinationAddress = destinationAddress;
mSpi = spi;
@@ -693,10 +698,10 @@
public void freeUnderlyingResources() {
try {
if (!mOwnedByTransform) {
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecDeleteSecurityAssociation(
- uid, mSourceAddress, mDestinationAddress, mSpi, 0 /* mark */,
+ mUid, mSourceAddress, mDestinationAddress, mSpi, 0 /* mark */,
0 /* mask */, 0 /* if_id */);
}
} catch (ServiceSpecificException | RemoteException e) {
@@ -816,8 +821,10 @@
private final int mIfId;
private Network mUnderlyingNetwork;
+ private final Context mContext;
TunnelInterfaceRecord(
+ Context context,
int resourceId,
String interfaceName,
Network underlyingNetwork,
@@ -828,6 +835,7 @@
int intfId) {
super(resourceId);
+ mContext = context;
mInterfaceName = interfaceName;
mUnderlyingNetwork = underlyingNetwork;
mLocalAddress = localAddr;
@@ -844,19 +852,19 @@
// Teardown VTI
// Delete global policies
try {
- final INetd netd = mSrvConfig.getNetdInstance();
+ final INetd netd = mDeps.getNetdInstance(mContext);
netd.ipSecRemoveTunnelInterface(mInterfaceName);
for (int selAddrFamily : ADDRESS_FAMILIES) {
netd.ipSecDeleteSecurityPolicy(
- uid,
+ mUid,
selAddrFamily,
IpSecManager.DIRECTION_OUT,
mOkey,
0xffffffff,
mIfId);
netd.ipSecDeleteSecurityPolicy(
- uid,
+ mUid,
selAddrFamily,
IpSecManager.DIRECTION_IN,
mIkey,
@@ -1012,7 +1020,7 @@
* @param context Binder context for this service
*/
private IpSecService(Context context) {
- this(context, IpSecServiceConfiguration.GETSRVINSTANCE);
+ this(context, new Dependencies());
}
static IpSecService create(Context context)
@@ -1025,16 +1033,16 @@
@NonNull
private AppOpsManager getAppOpsManager() {
AppOpsManager appOps = (AppOpsManager) mContext.getSystemService(Context.APP_OPS_SERVICE);
- if(appOps == null) throw new RuntimeException("System Server couldn't get AppOps");
+ if (appOps == null) throw new RuntimeException("System Server couldn't get AppOps");
return appOps;
}
/** @hide */
@VisibleForTesting
- public IpSecService(Context context, IpSecServiceConfiguration config) {
+ public IpSecService(Context context, Dependencies deps) {
this(
context,
- config,
+ deps,
(fd, uid) -> {
try {
TrafficStats.setThreadStatsUid(uid);
@@ -1047,13 +1055,13 @@
/** @hide */
@VisibleForTesting
- public IpSecService(Context context, IpSecServiceConfiguration config,
- UidFdTagger uidFdTagger) {
+ public IpSecService(Context context, Dependencies deps, UidFdTagger uidFdTagger) {
mContext = context;
- mSrvConfig = config;
+ mDeps = deps;
mUidFdTagger = uidFdTagger;
}
+ /** Called by system server when system is ready. */
public void systemReady() {
if (isNetdAlive()) {
Log.d(TAG, "IpSecService is ready");
@@ -1076,7 +1084,7 @@
synchronized boolean isNetdAlive() {
try {
- final INetd netd = mSrvConfig.getNetdInstance();
+ final INetd netd = mDeps.getNetdInstance(mContext);
if (netd == null) {
return false;
}
@@ -1142,14 +1150,15 @@
}
spi =
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecAllocateSpi(callingUid, "", destinationAddress, requestedSpi);
Log.d(TAG, "Allocated SPI " + spi);
userRecord.mSpiRecords.put(
resourceId,
new RefcountedResource<SpiRecord>(
- new SpiRecord(resourceId, "", destinationAddress, spi), binder));
+ new SpiRecord(mContext, resourceId, "",
+ destinationAddress, spi), binder));
} catch (ServiceSpecificException e) {
if (e.errorCode == OsConstants.ENOENT) {
return new IpSecSpiResponse(
@@ -1229,7 +1238,7 @@
* <p>Since the socket is created on behalf of an unprivileged application, all traffic
* should be accounted to the UID of the unprivileged application.
*/
- public void tag(FileDescriptor fd, int uid) throws IOException;
+ void tag(FileDescriptor fd, int uid) throws IOException;
}
/**
@@ -1266,7 +1275,7 @@
OsConstants.UDP_ENCAP,
OsConstants.UDP_ENCAP_ESPINUDP);
- mSrvConfig.getNetdInstance().ipSecSetEncapSocketOwner(
+ mDeps.getNetdInstance(mContext).ipSecSetEncapSocketOwner(
new ParcelFileDescriptor(sockFd), callingUid);
if (port != 0) {
Log.v(TAG, "Binding to port " + port);
@@ -1329,7 +1338,7 @@
// Create VTI
// Add inbound/outbound global policies
// (use reqid = 0)
- final INetd netd = mSrvConfig.getNetdInstance();
+ final INetd netd = mDeps.getNetdInstance(mContext);
netd.ipSecAddTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey, resourceId);
BinderUtils.withCleanCallingIdentity(() -> {
@@ -1384,6 +1393,7 @@
resourceId,
new RefcountedResource<TunnelInterfaceRecord>(
new TunnelInterfaceRecord(
+ mContext,
resourceId,
intfName,
underlyingNetwork,
@@ -1425,8 +1435,8 @@
try {
// We can assume general validity of the IP address, since we get them as a
// LinkAddress, which does some validation.
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.interfaceAddAddress(
tunnelInterfaceInfo.mInterfaceName,
localAddr.getAddress().getHostAddress(),
@@ -1454,8 +1464,8 @@
try {
// We can assume general validity of the IP address, since we get them as a
// LinkAddress, which does some validation.
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.interfaceDelAddress(
tunnelInterfaceInfo.mInterfaceName,
localAddr.getAddress().getHostAddress(),
@@ -1669,8 +1679,8 @@
cryptName = crypt.getName();
}
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecAddSecurityAssociation(
Binder.getCallingUid(),
c.getMode(),
@@ -1771,7 +1781,7 @@
TransformRecord info = userRecord.mTransformRecords.getResourceOrThrow(resourceId);
// TODO: make this a function.
- if (info.pid != getCallingPid() || info.uid != callingUid) {
+ if (info.mPid != getCallingPid() || info.mUid != callingUid) {
throw new SecurityException("Only the owner of an IpSec Transform may apply it!");
}
@@ -1781,8 +1791,8 @@
c.getMode() == IpSecTransform.MODE_TRANSPORT,
"Transform mode was not Transport mode; cannot be applied to a socket");
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecApplyTransportModeTransform(
socket,
callingUid,
@@ -1801,8 +1811,8 @@
@Override
public synchronized void removeTransportModeTransforms(ParcelFileDescriptor socket)
throws RemoteException {
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecRemoveTransportModeTransform(socket);
}
@@ -1878,8 +1888,8 @@
// Always update the policy with the relevant XFRM_IF_ID
for (int selAddrFamily : ADDRESS_FAMILIES) {
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecUpdateSecurityPolicy(
callingUid,
selAddrFamily,