LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Require NETWORK_STACK Permission for IpSec Tunnel Mode" am: 43699e90f3

Browse Source 
am: e736f83caf

Change-Id: If7330b4fdf5d2ccbddb590ab81a4b19c1f612b66
This commit is contained in:
nharold
2018-02-10 01:57:50 +00:00
committed by android-build-merger
parent f4c6c808a2 025aae1fc9
commit 34c6697356
3 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
core/java/android/net/IpSecManager.java
View File

@@ -19,6 +19,7 @@ import static com.android.internal.util.Preconditions.checkNotNull;
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.RequiresPermission;
import android.annotation.SystemApi;
import android.annotation.SystemService;
import android.annotation.TestApi;
@@ -761,6 +762,7 @@ public final class IpSecManager {
* @hide
*/
@SystemApi
@RequiresPermission(android.Manifest.permission.NETWORK_STACK)
public IpSecTunnelInterface createIpSecTunnelInterface(@NonNull InetAddress localAddress,
@NonNull InetAddress remoteAddress, @NonNull Network underlyingNetwork)
throws ResourceUnavailableException, IOException {
@@ -780,6 +782,7 @@ public final class IpSecManager {
* @hide
*/
@SystemApi
@RequiresPermission(android.Manifest.permission.NETWORK_STACK)
public void applyTunnelModeTransform(IpSecTunnelInterface tunnel, int direction,
IpSecTransform transform) throws IOException {
try {

10
core/java/android/net/IpSecTransform.java
View File

@@ -21,6 +21,7 @@ import static com.android.internal.util.Preconditions.checkNotNull;
import android.annotation.IntDef;
import android.annotation.NonNull;
import android.annotation.RequiresPermission;
import android.annotation.SystemApi;
import android.content.Context;
import android.os.Binder;
@@ -266,6 +267,10 @@ public final class IpSecTransform implements AutoCloseable {
* @hide
*/
@SystemApi
@RequiresPermission(anyOf = {
android.Manifest.permission.NETWORK_STACK,
android.Manifest.permission.PACKET_KEEPALIVE_OFFLOAD
})
public void startNattKeepalive(@NonNull NattKeepaliveCallback userCallback,
int intervalSeconds, @NonNull Handler handler) throws IOException {
checkNotNull(userCallback);
@@ -305,6 +310,10 @@ public final class IpSecTransform implements AutoCloseable {
* @hide
*/
@SystemApi
@RequiresPermission(anyOf = {
android.Manifest.permission.NETWORK_STACK,
android.Manifest.permission.PACKET_KEEPALIVE_OFFLOAD
})
public void stopNattKeepalive() {
synchronized (mKeepaliveCallback) {
if (mKeepalive == null) {
@@ -449,6 +458,7 @@ public final class IpSecTransform implements AutoCloseable {
* @hide
*/
@SystemApi
@RequiresPermission(android.Manifest.permission.NETWORK_STACK)
public IpSecTransform buildTunnelModeTransform(
@NonNull InetAddress sourceAddress,
@NonNull IpSecManager.SecurityParameterIndex spi)

8
services/core/java/com/android/server/IpSecService.java
View File

@@ -1438,7 +1438,9 @@ public class IpSecService extends IIpSecService.Stub {
switch (config.getMode()) {
case IpSecTransform.MODE_TRANSPORT:
break;
case IpSecTransform.MODE_TUNNEL:
enforceNetworkStackPermission();
break;
default:
throw new IllegalArgumentException(
@@ -1446,6 +1448,11 @@ public class IpSecService extends IIpSecService.Stub {
}
}
private void enforceNetworkStackPermission() {
mContext.enforceCallingOrSelfPermission(android.Manifest.permission.NETWORK_STACK,
"IpSecService");
}
private void createOrUpdateTransform(
IpSecConfig c, int resourceId, SpiRecord spiRecord, EncapSocketRecord socketRecord)
throws RemoteException {
@@ -1615,6 +1622,7 @@ public class IpSecService extends IIpSecService.Stub {
@Override
public synchronized void applyTunnelModeTransform(
int tunnelResourceId, int direction, int transformResourceId) throws RemoteException {
enforceNetworkStackPermission();
checkDirection(direction);
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());