Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4a6276d0 authored by Aaron Huang's avatar Aaron Huang
Browse files

Remove ParcelFileDescriptor hidden API usage from IpSecService 

IpSec service is going to be a part of Connectivity mainline module
and ParcelFileDescriptor(FileDescriptor) is a hidden API that cannot
be used by mainline module.

Therefore, use ParcelFileDescriptor.dup(FileDescriptor) to get a
ParcelFileDescriptor instead.

Bug: 204153604
Test: FrameworksNetTests
Change-Id: I0ccabdfc5060f4b635e9a7009a67fbd5d32002fd
parent 692533e3

packages/ConnectivityT/service/src/com/android/server/IpSecService.java

+26 −10
Original line number Diff line number Diff line
@@ -1236,37 +1236,53 @@ public class IpSecService extends IIpSecService.Stub { 
        int callingUid = Binder.getCallingUid();

        UserRecord userRecord = mUserResourceTracker.getUserRecord(callingUid);

        final int resourceId = mNextResourceId++;

        FileDescriptor sockFd = null;



        ParcelFileDescriptor pFd = null;

        try {

            if (!userRecord.mSocketQuotaTracker.isAvailable()) {

                return new IpSecUdpEncapResponse(IpSecManager.Status.RESOURCE_UNAVAILABLE);

            }



            FileDescriptor sockFd = null;

            try {

                sockFd = Os.socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);

            mUidFdTagger.tag(sockFd, callingUid);

                pFd = ParcelFileDescriptor.dup(sockFd);

            } finally {

                IoUtils.closeQuietly(sockFd);

            }



            mUidFdTagger.tag(pFd.getFileDescriptor(), callingUid);

            // This code is common to both the unspecified and specified port cases

            Os.setsockoptInt(

                    sockFd,

                    pFd.getFileDescriptor(),

                    OsConstants.IPPROTO_UDP,

                    OsConstants.UDP_ENCAP,

                    OsConstants.UDP_ENCAP_ESPINUDP);



            mNetd.ipSecSetEncapSocketOwner(new ParcelFileDescriptor(sockFd), callingUid);

            mNetd.ipSecSetEncapSocketOwner(pFd, callingUid);

            if (port != 0) {

                Log.v(TAG, "Binding to port " + port);

                Os.bind(sockFd, INADDR_ANY, port);

                Os.bind(pFd.getFileDescriptor(), INADDR_ANY, port);

            } else {

                port = bindToRandomPort(sockFd);

                port = bindToRandomPort(pFd.getFileDescriptor());

            }



            userRecord.mEncapSocketRecords.put(

                    resourceId,

                    new RefcountedResource<EncapSocketRecord>(

                            new EncapSocketRecord(resourceId, sockFd, port), binder));

            return new IpSecUdpEncapResponse(IpSecManager.Status.OK, resourceId, port, sockFd);

                            new EncapSocketRecord(resourceId, pFd.getFileDescriptor(), port),

                            binder));

            return new IpSecUdpEncapResponse(IpSecManager.Status.OK, resourceId, port,

                    pFd.getFileDescriptor());

        } catch (IOException | ErrnoException e) {

            IoUtils.closeQuietly(sockFd);

            try {

                if (pFd != null) {

                    pFd.close();

                }

            } catch (IOException ex) {

                // Nothing can be done at this point

                Log.e(TAG, "Failed to close pFd.");

            }

        }

        // If we make it to here, then something has gone wrong and we couldn't open a socket.

        // The only reasonable condition that would cause that is resource unavailable.