Delete all remaining callers of iptables.

Also move to binder_test.cpp some string constants that are used
only there.

(cherry picked from commit 5c68b9c1e4b7d8cf05b6ce9f6d1458ffda225eac)

Bug: 28362720
Test: bullhead builds,boots
Test: netd_{unit,integration}_test pass
Change-Id: Icebaac93fc3a661902deced985119d2d1735732e
Merged-In: I3f72946de374a7deaeef88b1dd5589d9a20ccce7

8 files changed, 3 insertions, 185 deletions

diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp
index d875f007..903390bd 100644
--- a/server/BandwidthController.cpp
+++ b/server/BandwidthController.cpp
@@ -64,8 +64,6 @@ const char BandwidthController::LOCAL_OUTPUT[] = "bw_OUTPUT";
 const char BandwidthController::LOCAL_RAW_PREROUTING[] = "bw_raw_PREROUTING";
 const char BandwidthController::LOCAL_MANGLE_POSTROUTING[] = "bw_mangle_POSTROUTING";
 
-auto BandwidthController::execFunction = android_fork_execvp;
-auto BandwidthController::popenFunction = popen;
 auto BandwidthController::iptablesRestoreFunction = execIptablesRestoreWithOutput;
 
 using android::base::Join;
diff --git a/server/BandwidthControllerTest.cpp b/server/BandwidthControllerTest.cpp
index 066f9ebc..a0a57da7 100644
--- a/server/BandwidthControllerTest.cpp
+++ b/server/BandwidthControllerTest.cpp
@@ -51,8 +51,6 @@ using android::netdutils::UniqueFile;
 class BandwidthControllerTest : public IptablesBaseTest {
 protected:
     BandwidthControllerTest() {
-        BandwidthController::execFunction = fake_android_fork_exec;
-        BandwidthController::popenFunction = fake_popen;
         BandwidthController::iptablesRestoreFunction = fakeExecIptablesRestoreWithOutput;
     }
     BandwidthController mBw;
@@ -378,7 +376,6 @@ TEST_F(BandwidthControllerTest, TestGetTetherStats) {
     std::string expectedError = counters;
     EXPECT_EQ(expectedError, err);
 
-    // popen() failing is always an error.
     addIptablesRestoreOutput(kIPv4TetherCounters);
     ASSERT_EQ(-1, mBw.getTetherStats(&cli, filter, err));
     expectNoSocketClientResponse(socketPair[1]);
diff --git a/server/IptablesBaseTest.cpp b/server/IptablesBaseTest.cpp
index 57071b06..c9bf67b2 100644
--- a/server/IptablesBaseTest.cpp
+++ b/server/IptablesBaseTest.cpp
@@ -61,30 +61,6 @@ int IptablesBaseTest::fake_android_fork_exec(int argc, char* argv[], int *status
     return ret;
 }
 
-int IptablesBaseTest::fakeExecIptables(IptablesTarget target, ...) {
-    std::string cmd = " -w";
-    va_list args;
-    va_start(args, target);
-    const char *arg;
-    do {
-        arg = va_arg(args, const char *);
-        if (arg != nullptr) {
-            cmd += " ";
-            cmd += arg;
-        }
-    } while (arg);
-    va_end(args);
-
-    if (target == V4 || target == V4V6) {
-        sCmds.push_back(IPTABLES_PATH + cmd);
-    }
-    if (target == V6 || target == V4V6) {
-        sCmds.push_back(IP6TABLES_PATH + cmd);
-    }
-
-    return 0;
-}
-
 FILE *IptablesBaseTest::fake_popen(const char * /* cmd */, const char *type) {
     if (sPopenContents.empty() || strcmp(type, "r") != 0) {
         return NULL;
@@ -120,59 +96,6 @@ int IptablesBaseTest::fakeExecIptablesRestoreCommand(IptablesTarget target,
     return fakeExecIptablesRestoreWithOutput(target, fullCmd, output);
 }
 
-int IptablesBaseTest::expectIptablesCommand(IptablesTarget target, int pos,
-                                            const std::string& cmd) {
-
-    if ((unsigned) pos >= sCmds.size()) {
-        ADD_FAILURE() << "Expected too many iptables commands, want command "
-               << pos + 1 << "/" << sCmds.size();
-        return -1;
-    }
-
-    if (target == V4 || target == V4V6) {
-        EXPECT_EQ("/system/bin/iptables -w " + cmd, sCmds[pos++]);
-    }
-    if (target == V6 || target == V4V6) {
-        EXPECT_EQ("/system/bin/ip6tables -w " + cmd, sCmds[pos++]);
-    }
-
-    return target == V4V6 ? 2 : 1;
-}
-
-void IptablesBaseTest::expectIptablesCommands(const std::vector<std::string>& expectedCmds) {
-    ExpectedIptablesCommands expected;
-    for (const auto& cmd : expectedCmds) {
-        expected.push_back({ V4V6, cmd });
-    }
-    expectIptablesCommands(expected);
-}
-
-void IptablesBaseTest::expectIptablesCommands(const ExpectedIptablesCommands& expectedCmds) {
-    size_t pos = 0;
-    for (size_t i = 0; i < expectedCmds.size(); i ++) {
-        const auto& target = expectedCmds[i].first;
-        const auto& cmd = expectedCmds[i].second;
-        int numConsumed = expectIptablesCommand(target, pos, cmd);
-        if (numConsumed < 0) {
-            // Read past the end of the array.
-            break;
-        }
-        pos += numConsumed;
-    }
-
-    EXPECT_EQ(pos, sCmds.size());
-    sCmds.clear();
-}
-
-void IptablesBaseTest::expectIptablesCommands(
-        const std::vector<ExpectedIptablesCommands>& snippets) {
-    ExpectedIptablesCommands expected;
-    for (const auto& snippet: snippets) {
-        expected.insert(expected.end(), snippet.begin(), snippet.end());
-    }
-    expectIptablesCommands(expected);
-}
-
 void IptablesBaseTest::expectIptablesRestoreCommands(const std::vector<std::string>& expectedCmds) {
     ExpectedIptablesCommands expected;
     for (const auto& cmd : expectedCmds) {
diff --git a/server/IptablesBaseTest.h b/server/IptablesBaseTest.h
index a8a511f0..207a5ee8 100644
--- a/server/IptablesBaseTest.h
+++ b/server/IptablesBaseTest.h
@@ -28,16 +28,12 @@ public:
 
     static int fake_android_fork_exec(int argc, char* argv[], int *status, bool, bool);
     static int fake_android_fork_execvp(int argc, char* argv[], int *status, bool, bool);
-    static int fakeExecIptables(IptablesTarget target, ...);
     static int fakeExecIptablesRestore(IptablesTarget target, const std::string& commands);
     static int fakeExecIptablesRestoreWithOutput(IptablesTarget target, const std::string& commands,
                                                  std::string *output);
     static int fakeExecIptablesRestoreCommand(IptablesTarget target, const std::string& table,
                                               const std::string& commands, std::string *output);
     static FILE *fake_popen(const char *cmd, const char *type);
-    void expectIptablesCommands(const std::vector<std::string>& expectedCmds);
-    void expectIptablesCommands(const ExpectedIptablesCommands& expectedCmds);
-    void expectIptablesCommands(const std::vector<ExpectedIptablesCommands>& snippets);
     void expectIptablesRestoreCommands(const std::vector<std::string>& expectedCmds);
     void expectIptablesRestoreCommands(const ExpectedIptablesCommands& expectedCmds);
     void setReturnValues(const std::deque<int>& returnValues);
@@ -48,5 +44,4 @@ protected:
     static std::deque<int> sReturnValues;
     static std::deque<std::string> sPopenContents;
     static std::deque<std::string> sIptablesRestoreOutput;
-    int expectIptablesCommand(IptablesTarget target, int pos, const std::string& cmd);
 };
diff --git a/server/IptablesRestoreControllerTest.cpp b/server/IptablesRestoreControllerTest.cpp
index 43041ecf..20d46efe 100644
--- a/server/IptablesRestoreControllerTest.cpp
+++ b/server/IptablesRestoreControllerTest.cpp
@@ -258,15 +258,5 @@ TEST_F(IptablesRestoreControllerTest, TestUidRuleBenchmark) {
         float timeTaken = s.getTimeAndReset();
         fprintf(stderr, "    Add/del %d UID rules via restore: %.1fms (%.2fms per operation)\n",
                 iterations, timeTaken, timeTaken / 2 / iterations);
-
-        for (int i = 0; i < iterations; i++) {
-            EXPECT_EQ(0, execIptables(V4V6, "-I", "fw_powersave", "-m", "owner",
-                                      "--uid-owner", "2000000000", "-j", "RETURN", nullptr));
-            EXPECT_EQ(0, execIptables(V4V6, "-D", "fw_powersave", "-m", "owner",
-                                      "--uid-owner", "2000000000", "-j", "RETURN", nullptr));
-        }
-        timeTaken = s.getTimeAndReset();
-        fprintf(stderr, "    Add/del %d UID rules via iptables: %.1fms (%.2fms per operation)\n",
-                iterations, timeTaken, timeTaken / 2 / iterations);
     }
 }
diff --git a/server/NetdConstants.cpp b/server/NetdConstants.cpp
index 58b2f64b..5abdacd5 100644
--- a/server/NetdConstants.cpp
+++ b/server/NetdConstants.cpp
@@ -38,91 +38,9 @@
 const size_t SHA256_SIZE = EVP_MD_size(EVP_sha256());
 
 const char * const OEM_SCRIPT_PATH = "/system/bin/oem-iptables-init.sh";
-const char * const IPTABLES_PATH = "/system/bin/iptables";
-const char * const IP6TABLES_PATH = "/system/bin/ip6tables";
-const char * const TC_PATH = "/system/bin/tc";
-const char * const IP_PATH = "/system/bin/ip";
 const char * const ADD = "add";
 const char * const DEL = "del";
 
-static void logExecError(const char* argv[], int res, int status) {
-    const char** argp = argv;
-    std::string args = "";
-    while (*argp) {
-        args += *argp;
-        args += ' ';
-        argp++;
-    }
-    ALOGE("exec() res=%d, status=%d for %s", res, status, args.c_str());
-}
-
-static int execIptablesCommand(int argc, const char *argv[], bool silent) {
-    int res;
-    int status;
-
-    res = android_fork_execvp(argc, (char **)argv, &status, false,
-        !silent);
-    if (res || !WIFEXITED(status) || WEXITSTATUS(status)) {
-        if (!silent) {
-            logExecError(argv, res, status);
-        }
-        if (res)
-            return res;
-        if (!WIFEXITED(status))
-            return ECHILD;
-    }
-    return WEXITSTATUS(status);
-}
-
-static int execIptables(IptablesTarget target, bool silent, va_list args) {
-    /* Read arguments from incoming va_list; we expect the list to be NULL terminated. */
-    std::list<const char*> argsList;
-    argsList.push_back(NULL);
-    const char* arg;
-
-    // Wait to avoid failure due to another process holding the lock
-    argsList.push_back("-w");
-
-    do {
-        arg = va_arg(args, const char *);
-        argsList.push_back(arg);
-    } while (arg);
-
-    int i = 0;
-    const char* argv[argsList.size()];
-    std::list<const char*>::iterator it;
-    for (it = argsList.begin(); it != argsList.end(); it++, i++) {
-        argv[i] = *it;
-    }
-
-    int res = 0;
-    if (target == V4 || target == V4V6) {
-        argv[0] = IPTABLES_PATH;
-        res |= execIptablesCommand(argsList.size(), argv, silent);
-    }
-    if (target == V6 || target == V4V6) {
-        argv[0] = IP6TABLES_PATH;
-        res |= execIptablesCommand(argsList.size(), argv, silent);
-    }
-    return res;
-}
-
-int execIptables(IptablesTarget target, ...) {
-    va_list args;
-    va_start(args, target);
-    int res = execIptables(target, false, args);
-    va_end(args);
-    return res;
-}
-
-int execIptablesSilently(IptablesTarget target, ...) {
-    va_list args;
-    va_start(args, target);
-    int res = execIptables(target, true, args);
-    va_end(args);
-    return res;
-}
-
 int execIptablesRestoreWithOutput(IptablesTarget target, const std::string& commands,
                                   std::string *output) {
     return android::net::gCtls->iptablesRestoreCtrl.execute(target, commands, output);
diff --git a/server/NetdConstants.h b/server/NetdConstants.h
index 446a898c..b1117c43 100644
--- a/server/NetdConstants.h
+++ b/server/NetdConstants.h
@@ -34,18 +34,12 @@ const int MAX_SYSTEM_UID = AID_APP - 1;
 
 extern const size_t SHA256_SIZE;
 
-extern const char * const IPTABLES_PATH;
-extern const char * const IP6TABLES_PATH;
-extern const char * const IP_PATH;
-extern const char * const TC_PATH;
 extern const char * const OEM_SCRIPT_PATH;
 extern const char * const ADD;
 extern const char * const DEL;
 
 enum IptablesTarget { V4, V6, V4V6 };
 
-int execIptables(IptablesTarget target, ...);
-int execIptablesSilently(IptablesTarget target, ...);
 int execIptablesRestore(IptablesTarget target, const std::string& commands);
 int execIptablesRestoreWithOutput(IptablesTarget target, const std::string& commands,
                                   std::string *output);
diff --git a/tests/binder_test.cpp b/tests/binder_test.cpp
index 41fc8c33..b2f362ee 100644
--- a/tests/binder_test.cpp
+++ b/tests/binder_test.cpp
@@ -49,6 +49,9 @@
 #include "android/net/UidRange.h"
 #include "binder/IServiceManager.h"
 
+#define IP_PATH "/system/bin/ip"
+#define IP6TABLES_PATH "/system/bin/ip6tables"
+#define IPTABLES_PATH "/system/bin/iptables"
 #define TUN_DEV "/dev/tun"
 
 using namespace android;