Change reserveSecurityParameterIndex() to take a remoteAddress

To make the SPI reservation more semantically consistent with the
transform creation API, and to ensure that we always create SPI
reservations relative to a well-known remote, we should take the
SPI request relative to a remote (rather than to a destination).
This necessitates that we now consider direction separately, which
is used for keying the SA-Id.

Bug: 36073210
Test: compilation
Change-Id: I81e955c20128c1f8e04fd68eb26669561f827a78
(cherry picked from commit c4f879925b58b1b5ca9a3cfdc898c20cbf56355a)

5 files changed, 16 insertions, 20 deletions

diff --git a/api/current.txt b/api/current.txt
index 580cb247f760..e0c9cf4ac5be 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -25556,7 +25556,7 @@ package android.net {
     method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;
     method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);
     method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);
-    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
+    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
     field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0
   }
 
diff --git a/api/system-current.txt b/api/system-current.txt
index ed87cb339042..0dd38a9de65b 100644
--- a/api/system-current.txt
+++ b/api/system-current.txt
@@ -27724,7 +27724,7 @@ package android.net {
     method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);
     method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);
     method public void removeTunnelModeTransform(android.net.Network, android.net.IpSecTransform);
-    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
+    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
     field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0
   }
 
diff --git a/api/test-current.txt b/api/test-current.txt
index c7f2a9f8df41..0b499419ed56 100644
--- a/api/test-current.txt
+++ b/api/test-current.txt
@@ -25669,7 +25669,7 @@ package android.net {
     method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;
     method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);
     method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);
-    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
+    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;
     field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0
   }
 
diff --git a/core/java/android/net/IpSecManager.java b/core/java/android/net/IpSecManager.java
index 93a76dfbb4f5..83f4cc97b8fa 100644
--- a/core/java/android/net/IpSecManager.java
+++ b/core/java/android/net/IpSecManager.java
@@ -81,7 +81,7 @@ public final class IpSecManager {
 
     public static final class SecurityParameterIndex implements AutoCloseable {
         private final IIpSecService mService;
-        private final InetAddress mDestinationAddress;
+        private final InetAddress mRemoteAddress;
         private final CloseGuard mCloseGuard = CloseGuard.get();
         private int mSpi;
 
@@ -91,10 +91,10 @@ public final class IpSecManager {
         }
 
         private SecurityParameterIndex(
-                IIpSecService service, InetAddress destinationAddress, int spi)
+                IIpSecService service, int direction, InetAddress remoteAddress, int spi)
                 throws ResourceUnavailableException, SpiUnavailableException {
             mService = service;
-            mDestinationAddress = destinationAddress;
+            mRemoteAddress = remoteAddress;
             mSpi = spi;
             mCloseGuard.open("open");
         }
@@ -102,13 +102,9 @@ public final class IpSecManager {
         /**
          * Release an SPI that was previously reserved.
          *
-         * <p>Release an SPI for use by other users in the system. This will fail if the SPI is
-         * currently in use by an IpSecTransform.
-         *
-         * @param destinationAddress SPIs must be unique for each combination of SPI and destination
-         *     address. Thus, the destinationAddress to which the SPI will communicate must be
-         *     supplied.
-         * @param spi the previously reserved SPI to be freed.
+         * <p>Release an SPI for use by other users in the system. If a SecurityParameterIndex is
+         * applied to an IpSecTransform, it will become unusable for future transforms but should
+         * still be closed to ensure system resources are released.
          */
         @Override
         public void close() {
@@ -134,13 +130,13 @@ public final class IpSecManager {
     public static final int INVALID_SECURITY_PARAMETER_INDEX = 0;
 
     /**
-     * Reserve an SPI for traffic bound towards the specified destination address.
+     * Reserve an SPI for traffic bound towards the specified remote address.
      *
      * <p>If successful, this SPI is guaranteed available until released by a call to {@link
      * SecurityParameterIndex#close()}.
      *
-     * @param destinationAddress SPIs must be unique for each combination of SPI and destination
-     *     address.
+     * @param direction {@link IpSecTransform#DIRECTION_IN} or {@link IpSecTransform#DIRECTION_OUT}
+     * @param remoteAddress address of the remote. SPIs must be unique for each remoteAddress.
      * @param requestedSpi the requested SPI, or '0' to allocate a random SPI.
      * @return the reserved SecurityParameterIndex
      * @throws ResourceUnavailableException indicating that too many SPIs are currently allocated
@@ -148,9 +144,9 @@ public final class IpSecManager {
      * @throws SpiUnavailableException indicating that a particular SPI cannot be reserved
      */
     public SecurityParameterIndex reserveSecurityParameterIndex(
-            InetAddress destinationAddress, int requestedSpi)
+            int direction, InetAddress remoteAddress, int requestedSpi)
             throws SpiUnavailableException, ResourceUnavailableException {
-        return new SecurityParameterIndex(mService, destinationAddress, requestedSpi);
+        return new SecurityParameterIndex(mService, direction, remoteAddress, requestedSpi);
     }
 
     /**
diff --git a/core/java/android/net/IpSecTransform.java b/core/java/android/net/IpSecTransform.java
index d6dd28bec390..5c0bbe6a1437 100644
--- a/core/java/android/net/IpSecTransform.java
+++ b/core/java/android/net/IpSecTransform.java
@@ -307,7 +307,7 @@ public final class IpSecTransform implements AutoCloseable {
          * <p>Care should be chosen when selecting an SPI to ensure that is is as unique as
          * possible. Random number generation is a reasonable approach to selecting an SPI. For
          * outbound SPIs, they must be reserved by calling {@link
-         * IpSecManager#reserveSecurityParameterIndex(InetAddress, int)}. Otherwise, Transforms will
+         * IpSecManager#reserveSecurityParameterIndex(int, InetAddress, int)}. Otherwise, Transforms will
          * fail to build.
          *
          * <p>Unless an SPI is set for a given direction, traffic in that direction will be
@@ -329,7 +329,7 @@ public final class IpSecTransform implements AutoCloseable {
          * <p>Care should be chosen when selecting an SPI to ensure that is is as unique as
          * possible. Random number generation is a reasonable approach to selecting an SPI. For
          * outbound SPIs, they must be reserved by calling {@link
-         * IpSecManager#reserveSecurityParameterIndex(InetAddress, int)}. Otherwise, Transforms will
+         * IpSecManager#reserveSecurityParameterIndex(int, InetAddress, int)}. Otherwise, Transforms will
          * fail to activate.
          *
          * <p>Unless an SPI is set for a given direction, traffic in that direction will be