Merge "Expose APIs to migrate IpSecTransform"

2023-01-11 18:52:59 +00:00
parent 519bc968f0 81c2160a63
commit 19aa23db7e
3 changed files with 15 additions and 10 deletions
--- a/framework-t/src/android/net/IpSecManager.java
+++ b/framework-t/src/android/net/IpSecManager.java
@@ -823,16 +823,18 @@ public class IpSecManager {
         * Update the underlying network for this IpSecTunnelInterface.
         *
         * <p>This new underlying network will be used for all transforms applied AFTER this call is
-         * complete. Before new {@link IpSecTransform}(s) with matching addresses are applied to
-         * this tunnel interface, traffic will still use the old SA, and be routed on the old
+         * complete. Before {@link IpSecTransform}(s) with matching addresses are applied to this
+         * tunnel interface, traffic will still use the old transform, and be routed on the old
         * underlying network.
         *
         * <p>To migrate IPsec tunnel mode traffic, a caller should:
         *
         * <ol>
         *   <li>Update the IpSecTunnelInterface’s underlying network.
-         *   <li>Apply {@link IpSecTransform}(s) with matching addresses to this
-         *       IpSecTunnelInterface.
+         *   <li>Apply the new {@link IpSecTransform}(s) to this IpSecTunnelInterface. These can be
+         *       new {@link IpSecTransform}(s) with matching addresses, or {@link IpSecTransform}(s)
+         *       that have started migration (see {@link
+         *       IpSecManager#startTunnelModeTransformMigration}).
         * </ol>
         *
         * @param underlyingNetwork the new {@link Network} that will carry traffic for this tunnel.
@@ -841,7 +843,6 @@ public class IpSecManager {
         *     method will throw an {@link IllegalArgumentException}. If the IpSecTunnelInterface is
         *     later added to this network, all outbound traffic will be blackholed.
         */
-        // TODO: b/169171001 Update the documentation when transform migration is supported.
        // The purpose of making updating network and applying transforms separate is to leave open
        // the possibility to support lossless migration procedures. To do that, Android platform
        // will need to support multiple inbound tunnel mode transforms, just like it can support
@@ -1033,9 +1034,10 @@ public class IpSecManager {
     * @param newDestinationAddress the new destination address
     * @hide
     */
+    @SystemApi
    @RequiresFeature(FEATURE_IPSEC_TUNNEL_MIGRATION)
    @RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS)
-    public void startMigration(
+    public void startTunnelModeTransformMigration(
            @NonNull IpSecTransform transform,
            @NonNull InetAddress newSourceAddress,
            @NonNull InetAddress newDestinationAddress) {