LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Use UID as requestID" am: 583f3632e5

Browse Source 
am: 0372703a46

Change-Id: I0d9fb770482e72f3b017702ffb7ec144a64462e0
This commit is contained in:
Benedict Wong
2018-09-12 15:22:39 -07:00
committed by android-build-merger
parent 92b4c652df 0372703a46
commit 52bdf5bad9
1 changed files with 19 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
services/core/java/com/android/server/IpSecService.java
View File

@@ -612,7 +612,7 @@ public class IpSecService extends IIpSecService.Stub {
mSrvConfig mSrvConfig
.getNetdInstance() .getNetdInstance()
.ipSecDeleteSecurityAssociation( .ipSecDeleteSecurityAssociation(
mResourceId, uid,
mConfig.getSourceAddress(), mConfig.getSourceAddress(),
mConfig.getDestinationAddress(), mConfig.getDestinationAddress(),
spi, spi,
@@ -679,7 +679,7 @@ public class IpSecService extends IIpSecService.Stub {
mSrvConfig mSrvConfig
.getNetdInstance() .getNetdInstance()
.ipSecDeleteSecurityAssociation( .ipSecDeleteSecurityAssociation(
mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0); uid, mSourceAddress, mDestinationAddress, mSpi, 0, 0);
} }
} catch (ServiceSpecificException | RemoteException e) { } catch (ServiceSpecificException | RemoteException e) {
Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId, e); Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId, e);
@@ -821,13 +821,13 @@ public class IpSecService extends IIpSecService.Stub {
for (int selAddrFamily : ADDRESS_FAMILIES) { for (int selAddrFamily : ADDRESS_FAMILIES) {
netd.ipSecDeleteSecurityPolicy( netd.ipSecDeleteSecurityPolicy(
0, uid,
selAddrFamily, selAddrFamily,
IpSecManager.DIRECTION_OUT, IpSecManager.DIRECTION_OUT,
mOkey, mOkey,
0xffffffff); 0xffffffff);
netd.ipSecDeleteSecurityPolicy( netd.ipSecDeleteSecurityPolicy(
0, uid,
selAddrFamily, selAddrFamily,
IpSecManager.DIRECTION_IN, IpSecManager.DIRECTION_IN,
mIkey, mIkey,
@@ -1083,7 +1083,8 @@ public class IpSecService extends IIpSecService.Stub {
} }
checkNotNull(binder, "Null Binder passed to allocateSecurityParameterIndex"); checkNotNull(binder, "Null Binder passed to allocateSecurityParameterIndex");
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid()); int callingUid = Binder.getCallingUid();
UserRecord userRecord = mUserResourceTracker.getUserRecord(callingUid);
final int resourceId = mNextResourceId++; final int resourceId = mNextResourceId++;
int spi = IpSecManager.INVALID_SECURITY_PARAMETER_INDEX; int spi = IpSecManager.INVALID_SECURITY_PARAMETER_INDEX;
@@ -1096,7 +1097,7 @@ public class IpSecService extends IIpSecService.Stub {
spi = spi =
mSrvConfig mSrvConfig
.getNetdInstance() .getNetdInstance()
.ipSecAllocateSpi(resourceId, "", destinationAddress, requestedSpi); .ipSecAllocateSpi(callingUid, "", destinationAddress, requestedSpi);
Log.d(TAG, "Allocated SPI " + spi); Log.d(TAG, "Allocated SPI " + spi);
userRecord.mSpiRecords.put( userRecord.mSpiRecords.put(
resourceId, resourceId,
@@ -1264,7 +1265,8 @@ public class IpSecService extends IIpSecService.Stub {
// TODO: Check that underlying network exists, and IP addresses not assigned to a different // TODO: Check that underlying network exists, and IP addresses not assigned to a different
// network (b/72316676). // network (b/72316676).
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid()); int callerUid = Binder.getCallingUid();
UserRecord userRecord = mUserResourceTracker.getUserRecord(callerUid);
if (!userRecord.mTunnelQuotaTracker.isAvailable()) { if (!userRecord.mTunnelQuotaTracker.isAvailable()) {
return new IpSecTunnelInterfaceResponse(IpSecManager.Status.RESOURCE_UNAVAILABLE); return new IpSecTunnelInterfaceResponse(IpSecManager.Status.RESOURCE_UNAVAILABLE);
} }
@@ -1285,7 +1287,7 @@ public class IpSecService extends IIpSecService.Stub {
for (int selAddrFamily : ADDRESS_FAMILIES) { for (int selAddrFamily : ADDRESS_FAMILIES) {
// Always send down correct local/remote addresses for template. // Always send down correct local/remote addresses for template.
netd.ipSecAddSecurityPolicy( netd.ipSecAddSecurityPolicy(
0, // Use 0 for reqId callerUid,
selAddrFamily, selAddrFamily,
IpSecManager.DIRECTION_OUT, IpSecManager.DIRECTION_OUT,
localAddr, localAddr,
@@ -1294,7 +1296,7 @@ public class IpSecService extends IIpSecService.Stub {
okey, okey,
0xffffffff); 0xffffffff);
netd.ipSecAddSecurityPolicy( netd.ipSecAddSecurityPolicy(
0, // Use 0 for reqId callerUid,
selAddrFamily, selAddrFamily,
IpSecManager.DIRECTION_IN, IpSecManager.DIRECTION_IN,
remoteAddr, remoteAddr,
@@ -1532,7 +1534,7 @@ public class IpSecService extends IIpSecService.Stub {
mSrvConfig mSrvConfig
.getNetdInstance() .getNetdInstance()
.ipSecAddSecurityAssociation( .ipSecAddSecurityAssociation(
resourceId, Binder.getCallingUid(),
c.getMode(), c.getMode(),
c.getSourceAddress(), c.getSourceAddress(),
c.getDestinationAddress(), c.getDestinationAddress(),
@@ -1623,13 +1625,14 @@ public class IpSecService extends IIpSecService.Stub {
@Override @Override
public synchronized void applyTransportModeTransform( public synchronized void applyTransportModeTransform(
ParcelFileDescriptor socket, int direction, int resourceId) throws RemoteException { ParcelFileDescriptor socket, int direction, int resourceId) throws RemoteException {
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid()); int callingUid = Binder.getCallingUid();
UserRecord userRecord = mUserResourceTracker.getUserRecord(callingUid);
checkDirection(direction); checkDirection(direction);
// Get transform record; if no transform is found, will throw IllegalArgumentException // Get transform record; if no transform is found, will throw IllegalArgumentException
TransformRecord info = userRecord.mTransformRecords.getResourceOrThrow(resourceId); TransformRecord info = userRecord.mTransformRecords.getResourceOrThrow(resourceId);
// TODO: make this a function. // TODO: make this a function.
if (info.pid != getCallingPid() || info.uid != getCallingUid()) { if (info.pid != getCallingPid() || info.uid != callingUid) {
throw new SecurityException("Only the owner of an IpSec Transform may apply it!"); throw new SecurityException("Only the owner of an IpSec Transform may apply it!");
} }
@@ -1643,7 +1646,7 @@ public class IpSecService extends IIpSecService.Stub {
.getNetdInstance() .getNetdInstance()
.ipSecApplyTransportModeTransform( .ipSecApplyTransportModeTransform(
socket.getFileDescriptor(), socket.getFileDescriptor(),
resourceId, callingUid,
direction, direction,
c.getSourceAddress(), c.getSourceAddress(),
c.getDestinationAddress(), c.getDestinationAddress(),
@@ -1675,7 +1678,8 @@ public class IpSecService extends IIpSecService.Stub {
enforceTunnelPermissions(callingPackage); enforceTunnelPermissions(callingPackage);
checkDirection(direction); checkDirection(direction);
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid()); int callingUid = Binder.getCallingUid();
UserRecord userRecord = mUserResourceTracker.getUserRecord(callingUid);
// Get transform record; if no transform is found, will throw IllegalArgumentException // Get transform record; if no transform is found, will throw IllegalArgumentException
TransformRecord transformInfo = TransformRecord transformInfo =
@@ -1717,7 +1721,7 @@ public class IpSecService extends IIpSecService.Stub {
mSrvConfig mSrvConfig
.getNetdInstance() .getNetdInstance()
.ipSecUpdateSecurityPolicy( .ipSecUpdateSecurityPolicy(
0, // Use 0 for reqId callingUid,
selAddrFamily, selAddrFamily,
direction, direction,
tunnelInterfaceInfo.getLocalAddress(), tunnelInterfaceInfo.getLocalAddress(),