From 49cd8d72686cc007ee0a0c5088100e169c9aa310 Mon Sep 17 00:00:00 2001 From: Nathan Harold Date: Tue, 20 Mar 2018 12:26:10 -0700 Subject: [PATCH 1/2] Expose add/removeAddress for IpSecInterfaces When exposing the APIs, these were missed. The outer structure is exposed, so this exposes the addAddress and removeAddress methods. Bug: 75234273 Test: compilation Merged-In: I79911434f9baa660e4d8564cc59d80da4a710c42 Change-Id: I79911434f9baa660e4d8564cc59d80da4a710c42 (cherry picked from commit a83601a511c3f11470109d78d1a736acdb9c6bd8) --- core/java/android/net/IpSecManager.java | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/core/java/android/net/IpSecManager.java b/core/java/android/net/IpSecManager.java index 4e1f83430a..cb4299ef69 100644 --- a/core/java/android/net/IpSecManager.java +++ b/core/java/android/net/IpSecManager.java @@ -658,7 +658,8 @@ public final class IpSecManager { * @param address the local address for traffic inside the tunnel * @hide */ - public void addAddress(LinkAddress address) { + @SystemApi + public void addAddress(LinkAddress address) throws IOException { try { mService.addAddressToTunnelInterface(mResourceId, address); } catch (RemoteException e) { @@ -674,7 +675,8 @@ public final class IpSecManager { * @param address to be removed * @hide */ - public void removeAddress(LinkAddress address) { + @SystemApi + public void removeAddress(LinkAddress address) throws IOException { try { mService.removeAddressFromTunnelInterface(mResourceId, address); } catch (RemoteException e) { From fdde4d633f837c44b127f0c73d3954f4a7d8a226 Mon Sep 17 00:00:00 2001 From: Nathan Harold Date: Tue, 27 Feb 2018 19:19:40 -0800 Subject: [PATCH 2/2] Check mOwnedByTransform to avoid DELSA on SPI The owned by transform flag prevents the removal of an SPI from accidentally deleting an associated SA in the kernel. That flag wasn't actually being checked, so deleting an SPI would result in the transform being removed. The existing code already guarantees that the SA is deleted when the transform is deleted Bug: 73258845 Test: runtest frameworks-net Merged-In: I4c26aea7af817a5d9e54da5db1cdf4f943bcae06 Change-Id: I4c26aea7af817a5d9e54da5db1cdf4f943bcae06 (cherry picked from commit 22795302be4ec35449908cf566aa7c16945df836) --- .../core/java/com/android/server/IpSecService.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java index 45e9481c22..89f599b17f 100644 --- a/services/core/java/com/android/server/IpSecService.java +++ b/services/core/java/com/android/server/IpSecService.java @@ -676,10 +676,12 @@ public class IpSecService extends IIpSecService.Stub { @Override public void freeUnderlyingResources() { try { - mSrvConfig - .getNetdInstance() - .ipSecDeleteSecurityAssociation( - mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0); + if (!mOwnedByTransform) { + mSrvConfig + .getNetdInstance() + .ipSecDeleteSecurityAssociation( + mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0); + } } catch (ServiceSpecificException | RemoteException e) { Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId, e); }