IpSec Invalidate the Resource IDs on close()

To facilitate error checking we should invalidate the resource IDs of all objects when we close() them. Today, the resource ID is invalidated on the Transform object but not on the SPI or Encap Socket. This CL unifies the behavior. Bug: 70641274 Test: cts - IpSecManagerTest Change-Id: I28caec3e913902c748c6a50b4ef742ccef8b1b09
2017-12-13 18:51:35 -08:00
parent ac927fe532
commit 5e8544685d
3 changed files with 20 additions and 11 deletions
--- a/core/java/android/net/IpSecConfig.java
+++ b/core/java/android/net/IpSecConfig.java
@@ -102,17 +102,11 @@ public final class IpSecConfig implements Parcelable {

    /** Set the local IP address for Tunnel mode */
    public void setLocalAddress(String localAddress) {
-        if (localAddress == null) {
-            throw new IllegalArgumentException("localAddress may not be null!");
-        }
        mLocalAddress = localAddress;
    }

    /** Set the remote IP address for this IPsec transform */
    public void setRemoteAddress(String remoteAddress) {
-        if (remoteAddress == null) {
-            throw new IllegalArgumentException("remoteAddress may not be null!");
-        }
        mRemoteAddress = remoteAddress;
    }

--- a/core/java/android/net/IpSecManager.java
+++ b/core/java/android/net/IpSecManager.java
@@ -69,7 +69,7 @@ public final class IpSecManager {
    }

    /** @hide */
-    public static final int INVALID_RESOURCE_ID = 0;
+    public static final int INVALID_RESOURCE_ID = -1;

    /**
     * Thrown to indicate that a requested SPI is in use.
@@ -128,7 +128,7 @@ public final class IpSecManager {
        private final InetAddress mRemoteAddress;
        private final CloseGuard mCloseGuard = CloseGuard.get();
        private int mSpi = INVALID_SECURITY_PARAMETER_INDEX;
-        private int mResourceId;
+        private int mResourceId = INVALID_RESOURCE_ID;

        /** Get the underlying SPI held by this object. */
        public int getSpi() {
@@ -146,6 +146,7 @@ public final class IpSecManager {
        public void close() {
            try {
                mService.releaseSecurityParameterIndex(mResourceId);
+                mResourceId = INVALID_RESOURCE_ID;
            } catch (RemoteException e) {
                throw e.rethrowFromSystemServer();
            }
@@ -501,7 +502,7 @@ public final class IpSecManager {
    public static final class UdpEncapsulationSocket implements AutoCloseable {
        private final ParcelFileDescriptor mPfd;
        private final IIpSecService mService;
-        private final int mResourceId;
+        private int mResourceId = INVALID_RESOURCE_ID;
        private final int mPort;
        private final CloseGuard mCloseGuard = CloseGuard.get();

@@ -554,6 +555,7 @@ public final class IpSecManager {
        public void close() throws IOException {
            try {
                mService.closeUdpEncapsulationSocket(mResourceId);
+                mResourceId = INVALID_RESOURCE_ID;
            } catch (RemoteException e) {
                throw e.rethrowFromSystemServer();
            }
--- a/core/java/android/net/IpSecTransform.java
+++ b/core/java/android/net/IpSecTransform.java
@@ -347,6 +347,9 @@ public final class IpSecTransform implements AutoCloseable {
         */
        public IpSecTransform.Builder setSpi(
                @TransformDirection int direction, IpSecManager.SecurityParameterIndex spi) {
+            if (spi.getResourceId() == INVALID_RESOURCE_ID) {
+                throw new IllegalArgumentException("Invalid SecurityParameterIndex");
+            }
            mConfig.setSpiResourceId(direction, spi.getResourceId());
            return this;
        }
@@ -381,6 +384,9 @@ public final class IpSecTransform implements AutoCloseable {
        public IpSecTransform.Builder setIpv4Encapsulation(
                IpSecManager.UdpEncapsulationSocket localSocket, int remotePort) {
            mConfig.setEncapType(ENCAP_ESPINUDP);
+            if (localSocket.getResourceId() == INVALID_RESOURCE_ID) {
+                throw new IllegalArgumentException("Invalid UdpEncapsulationSocket");
+            }
            mConfig.setEncapSocketResourceId(localSocket.getResourceId());
            mConfig.setEncapRemotePort(remotePort);
            return this;
@@ -426,6 +432,9 @@ public final class IpSecTransform implements AutoCloseable {
        public IpSecTransform buildTransportModeTransform(InetAddress remoteAddress)
                throws IpSecManager.ResourceUnavailableException,
                        IpSecManager.SpiUnavailableException, IOException {
+            if (remoteAddress == null) {
+                throw new IllegalArgumentException("Remote address may not be null or empty!");
+            }
            mConfig.setMode(MODE_TRANSPORT);
            mConfig.setRemoteAddress(remoteAddress.getHostAddress());
            // FIXME: modifying a builder after calling build can change the built transform.
@@ -447,8 +456,12 @@ public final class IpSecTransform implements AutoCloseable {
         */
        public IpSecTransform buildTunnelModeTransform(
                InetAddress localAddress, InetAddress remoteAddress) {
-            // FIXME: argument validation here
-            // throw new IllegalArgumentException("Natt Keepalive requires UDP Encapsulation");
+            if (localAddress == null) {
+                throw new IllegalArgumentException("Local address may not be null or empty!");
+            }
+            if (remoteAddress == null) {
+                throw new IllegalArgumentException("Remote address may not be null or empty!");
+            }
            mConfig.setLocalAddress(localAddress.getHostAddress());
            mConfig.setRemoteAddress(remoteAddress.getHostAddress());
            mConfig.setMode(MODE_TUNNEL);