LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix minor bugs with tunnel mode implementation

Browse Source 
This change makes sure tunnel mode transforms are properly activated
upon construction, and corrects bugs with how policy selectors were being
generated for tunnel mode policies. Specifically, the source/destination could
not be empty strings, even for cases where an empty selector was desired.

Bug: 72457770
Test: GTS tests run
Change-Id: I9a9f64c34b07883a02a5c996614f958486d214fc
This commit is contained in:
Benedict Wong
2018-01-24 15:31:39 -08:00
parent b559164017
commit 7660370a83
2 changed files with 35 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
core/java/android/net/IpSecTransform.java
View File

@@ -462,7 +462,7 @@ public final class IpSecTransform implements AutoCloseable {
mConfig.setMode(MODE_TUNNEL);
mConfig.setSourceAddress(sourceAddress.getHostAddress());
mConfig.setSpiResourceId(spi.getResourceId());
return new IpSecTransform(mContext, mConfig);
return new IpSecTransform(mContext, mConfig).activate();
}
/**

21
services/core/java/com/android/server/IpSecService.java
View File

@@ -87,6 +87,7 @@ public class IpSecService extends IIpSecService.Stub {
private static final String NETD_SERVICE_NAME = "netd";
private static final int[] DIRECTIONS =
new int[] {IpSecManager.DIRECTION_OUT, IpSecManager.DIRECTION_IN};
private static final String[] WILDCARD_ADDRESSES = new String[]{"0.0.0.0", "::"};
private static final int NETD_FETCH_TIMEOUT_MS = 5000; // ms
private static final int MAX_PORT_BIND_ATTEMPTS = 10;
@@ -413,12 +414,16 @@ public class IpSecService extends IIpSecService.Stub {
.append(mTransformQuotaTracker)
.append(", mSocketQuotaTracker=")
.append(mSocketQuotaTracker)
.append(", mTunnelQuotaTracker=")
.append(mTunnelQuotaTracker)
.append(", mSpiRecords=")
.append(mSpiRecords)
.append(", mTransformRecords=")
.append(mTransformRecords)
.append(", mEncapSocketRecords=")
.append(mEncapSocketRecords)
.append(", mTunnelInterfaceRecords=")
.append(mTunnelInterfaceRecords)
.append("}")
.toString();
}
@@ -815,12 +820,14 @@ public class IpSecService extends IIpSecService.Stub {
try {
mSrvConfig.getNetdInstance().removeVirtualTunnelInterface(mInterfaceName);
for(String wildcardAddr : WILDCARD_ADDRESSES) {
for (int direction : DIRECTIONS) {
int mark = (direction == IpSecManager.DIRECTION_IN) ? mIkey : mOkey;
mSrvConfig
.getNetdInstance()
.ipSecDeleteSecurityPolicy(
0, direction, mLocalAddress, mRemoteAddress, mark, 0xffffffff);
0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff);
}
}
} catch (ServiceSpecificException e) {
// FIXME: get the error code and throw is at an IOException from Errno Exception
@@ -1261,6 +1268,7 @@ public class IpSecService extends IIpSecService.Stub {
.getNetdInstance()
.addVirtualTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey);
for(String wildcardAddr : WILDCARD_ADDRESSES) {
for (int direction : DIRECTIONS) {
int mark = (direction == IpSecManager.DIRECTION_OUT) ? okey : ikey;
@@ -1269,12 +1277,13 @@ public class IpSecService extends IIpSecService.Stub {
.ipSecAddSecurityPolicy(
0, // Use 0 for reqId
direction,
"",
"",
wildcardAddr,
wildcardAddr,
0,
mark,
0xffffffff);
}
}
userRecord.mTunnelInterfaceRecords.put(
resourceId,
@@ -1646,17 +1655,19 @@ public class IpSecService extends IIpSecService.Stub {
c.setNetwork(tunnelInterfaceInfo.getUnderlyingNetwork());
// If outbound, also add SPI to the policy.
for(String wildcardAddr : WILDCARD_ADDRESSES) {
mSrvConfig
.getNetdInstance()
.ipSecUpdateSecurityPolicy(
0, // Use 0 for reqId
direction,
"",
"",
wildcardAddr,
wildcardAddr,
transformInfo.getSpiRecord().getSpi(),
mark,
0xffffffff);
}
}
// Update SA with tunnel mark (ikey or okey based on direction)
createOrUpdateTransform(c, transformResourceId, spiRecord, socketRecord);