Refactor IpSecServiceConfiguration to Dependencies
IpSecService is going to be moved into ConnectivityService module,
so the hidden API usage should be removed.
NetdService.getNetdInstance is a hidden API, therefore the alternative
is to get the instance by Context.getSystemService.
Bug: 204153604
Test: FrameworksNetTests
Change-Id: I1bd8efc03c37654d12a8eadd3e78ed45e10b5691
diff --git a/service-t/src/com/android/server/IpSecService.java b/service-t/src/com/android/server/IpSecService.java
index dfc57c1..f251b86 100644
--- a/service-t/src/com/android/server/IpSecService.java
+++ b/service-t/src/com/android/server/IpSecService.java
@@ -119,6 +119,7 @@
/* Binder context for this service */
private final Context mContext;
+ private final Dependencies mDeps;
/**
* The next non-repeating global ID for tracking resources between users, this service, and
@@ -129,23 +130,24 @@
@GuardedBy("IpSecService.this")
private int mNextResourceId = 1;
- interface IpSecServiceConfiguration {
- INetd getNetdInstance() throws RemoteException;
-
- IpSecServiceConfiguration GETSRVINSTANCE =
- new IpSecServiceConfiguration() {
- @Override
- public INetd getNetdInstance() throws RemoteException {
- final INetd netd = NetdService.getInstance();
- if (netd == null) {
- throw new RemoteException("Failed to Get Netd Instance");
- }
- return netd;
- }
- };
+ /**
+ * Dependencies of IpSecService, for injection in tests.
+ */
+ @VisibleForTesting
+ public static class Dependencies {
+ /**
+ * Get a reference to INetd.
+ */
+ public INetd getNetdInstance(Context context) throws RemoteException {
+ final INetd netd = INetd.Stub.asInterface((IBinder)
+ context.getSystemService(Context.NETD_SERVICE));
+ if (netd == null) {
+ throw new RemoteException("Failed to Get Netd Instance");
+ }
+ return netd;
+ }
}
- private final IpSecServiceConfiguration mSrvConfig;
final UidFdTagger mUidFdTagger;
/**
@@ -625,8 +627,8 @@
public void freeUnderlyingResources() {
int spi = mSpi.getSpi();
try {
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecDeleteSecurityAssociation(
mUid,
mConfig.getSourceAddress(),
@@ -678,11 +680,14 @@
private final String mSourceAddress;
private final String mDestinationAddress;
private int mSpi;
+ private final Context mContext;
private boolean mOwnedByTransform = false;
- SpiRecord(int resourceId, String sourceAddress, String destinationAddress, int spi) {
+ SpiRecord(Context context, int resourceId, String sourceAddress,
+ String destinationAddress, int spi) {
super(resourceId);
+ mContext = context;
mSourceAddress = sourceAddress;
mDestinationAddress = destinationAddress;
mSpi = spi;
@@ -693,8 +698,8 @@
public void freeUnderlyingResources() {
try {
if (!mOwnedByTransform) {
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecDeleteSecurityAssociation(
mUid, mSourceAddress, mDestinationAddress, mSpi, 0 /* mark */,
0 /* mask */, 0 /* if_id */);
@@ -816,8 +821,10 @@
private final int mIfId;
private Network mUnderlyingNetwork;
+ private final Context mContext;
TunnelInterfaceRecord(
+ Context context,
int resourceId,
String interfaceName,
Network underlyingNetwork,
@@ -828,6 +835,7 @@
int intfId) {
super(resourceId);
+ mContext = context;
mInterfaceName = interfaceName;
mUnderlyingNetwork = underlyingNetwork;
mLocalAddress = localAddr;
@@ -844,7 +852,7 @@
// Teardown VTI
// Delete global policies
try {
- final INetd netd = mSrvConfig.getNetdInstance();
+ final INetd netd = mDeps.getNetdInstance(mContext);
netd.ipSecRemoveTunnelInterface(mInterfaceName);
for (int selAddrFamily : ADDRESS_FAMILIES) {
@@ -1012,7 +1020,7 @@
* @param context Binder context for this service
*/
private IpSecService(Context context) {
- this(context, IpSecServiceConfiguration.GETSRVINSTANCE);
+ this(context, new Dependencies());
}
static IpSecService create(Context context)
@@ -1031,10 +1039,10 @@
/** @hide */
@VisibleForTesting
- public IpSecService(Context context, IpSecServiceConfiguration config) {
+ public IpSecService(Context context, Dependencies deps) {
this(
context,
- config,
+ deps,
(fd, uid) -> {
try {
TrafficStats.setThreadStatsUid(uid);
@@ -1047,10 +1055,9 @@
/** @hide */
@VisibleForTesting
- public IpSecService(Context context, IpSecServiceConfiguration config,
- UidFdTagger uidFdTagger) {
+ public IpSecService(Context context, Dependencies deps, UidFdTagger uidFdTagger) {
mContext = context;
- mSrvConfig = config;
+ mDeps = deps;
mUidFdTagger = uidFdTagger;
}
@@ -1077,7 +1084,7 @@
synchronized boolean isNetdAlive() {
try {
- final INetd netd = mSrvConfig.getNetdInstance();
+ final INetd netd = mDeps.getNetdInstance(mContext);
if (netd == null) {
return false;
}
@@ -1143,14 +1150,15 @@
}
spi =
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecAllocateSpi(callingUid, "", destinationAddress, requestedSpi);
Log.d(TAG, "Allocated SPI " + spi);
userRecord.mSpiRecords.put(
resourceId,
new RefcountedResource<SpiRecord>(
- new SpiRecord(resourceId, "", destinationAddress, spi), binder));
+ new SpiRecord(mContext, resourceId, "",
+ destinationAddress, spi), binder));
} catch (ServiceSpecificException e) {
if (e.errorCode == OsConstants.ENOENT) {
return new IpSecSpiResponse(
@@ -1267,7 +1275,7 @@
OsConstants.UDP_ENCAP,
OsConstants.UDP_ENCAP_ESPINUDP);
- mSrvConfig.getNetdInstance().ipSecSetEncapSocketOwner(
+ mDeps.getNetdInstance(mContext).ipSecSetEncapSocketOwner(
new ParcelFileDescriptor(sockFd), callingUid);
if (port != 0) {
Log.v(TAG, "Binding to port " + port);
@@ -1330,7 +1338,7 @@
// Create VTI
// Add inbound/outbound global policies
// (use reqid = 0)
- final INetd netd = mSrvConfig.getNetdInstance();
+ final INetd netd = mDeps.getNetdInstance(mContext);
netd.ipSecAddTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey, resourceId);
BinderUtils.withCleanCallingIdentity(() -> {
@@ -1385,6 +1393,7 @@
resourceId,
new RefcountedResource<TunnelInterfaceRecord>(
new TunnelInterfaceRecord(
+ mContext,
resourceId,
intfName,
underlyingNetwork,
@@ -1426,8 +1435,8 @@
try {
// We can assume general validity of the IP address, since we get them as a
// LinkAddress, which does some validation.
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.interfaceAddAddress(
tunnelInterfaceInfo.mInterfaceName,
localAddr.getAddress().getHostAddress(),
@@ -1455,8 +1464,8 @@
try {
// We can assume general validity of the IP address, since we get them as a
// LinkAddress, which does some validation.
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.interfaceDelAddress(
tunnelInterfaceInfo.mInterfaceName,
localAddr.getAddress().getHostAddress(),
@@ -1670,8 +1679,8 @@
cryptName = crypt.getName();
}
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecAddSecurityAssociation(
Binder.getCallingUid(),
c.getMode(),
@@ -1782,8 +1791,8 @@
c.getMode() == IpSecTransform.MODE_TRANSPORT,
"Transform mode was not Transport mode; cannot be applied to a socket");
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecApplyTransportModeTransform(
socket,
callingUid,
@@ -1802,8 +1811,8 @@
@Override
public synchronized void removeTransportModeTransforms(ParcelFileDescriptor socket)
throws RemoteException {
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecRemoveTransportModeTransform(socket);
}
@@ -1879,8 +1888,8 @@
// Always update the policy with the relevant XFRM_IF_ID
for (int selAddrFamily : ADDRESS_FAMILIES) {
- mSrvConfig
- .getNetdInstance()
+ mDeps
+ .getNetdInstance(mContext)
.ipSecUpdateSecurityPolicy(
callingUid,
selAddrFamily,