LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge changes from topic 'ipsec-api-tweaks' am: fddf677b8b am: 176bfb58c6

Browse Source 
am: a237a34085

Change-Id: Ie868985d20535f35b869730a4ddaa00dc88a352d
This commit is contained in:
nharold
2017-04-12 20:53:17 +00:00
committed by android-build-merger
parent 480aa304dd 0072e19c8e
commit acdb1a217c
1 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
core/java/android/net/IpSecManager.java
View File

@@ -277,6 +277,23 @@ public final class IpSecManager {
}
}
/**
* Apply an active Transport Mode IPsec Transform to a stream socket to perform IPsec
* encapsulation of the traffic flowing between the socket and the remote InetAddress of that
* transform. For security reasons, attempts to send traffic to any IP address other than the
* address associated with that transform will throw an IOException. In addition, if the
* IpSecTransform is later deactivated, the socket will throw an IOException on any calls to
* send() or receive() until the transform is removed from the socket by calling {@link
* #removeTransportModeTransform(Socket, IpSecTransform)};
*
* @param socket a socket file descriptor
* @param transform an {@link IpSecTransform}, which must be an active Transport Mode transform.
*/
public void applyTransportModeTransform(FileDescriptor socket, IpSecTransform transform)
throws IOException {
applyTransportModeTransform(new ParcelFileDescriptor(socket), transform);
}
/**
* Apply an active Tunnel Mode IPsec Transform to a network, which will tunnel all traffic to
* and from that network's interface with IPsec (applies an outer IP header and IPsec Header to
@@ -318,6 +335,20 @@ public final class IpSecManager {
removeTransportModeTransform(ParcelFileDescriptor.fromDatagramSocket(socket), transform);
}
/**
* Remove a transform from a given stream socket. Once removed, traffic on the socket will not
* be encypted. This allows sockets that have been used for IPsec to be reclaimed for
* communication in the clear in the event socket reuse is desired. This operation will succeed
* regardless of the underlying state of a transform. If a transform is removed, communication
* on all sockets to which that transform was applied will fail until this method is called.
*
* @param socket a socket file descriptor that previously had a transform applied to it.
* @param transform the IPsec Transform that was previously applied to the given socket
*/
public void removeTransportModeTransform(FileDescriptor socket, IpSecTransform transform) {
removeTransportModeTransform(new ParcelFileDescriptor(socket), transform);
}
/* Call down to activate a transform */
private void removeTransportModeTransform(ParcelFileDescriptor pfd, IpSecTransform transform) {
try {