Snap for 4670666 from b3029a4f72d884bc1931e372a0851a5fdfadf251 to pi-release
Change-Id: I38b91fc0587445a0fc1526b6fceacf159de94a4a
This commit is contained in:
android-build-team Robot
@@ -16,6 +16,7 @@
|
|||||||
|
|
||||||
package android.net;
|
package android.net;
|
||||||
|
|
||||||
|
import android.net.LinkAddress;
|
||||||
import android.net.Network;
|
import android.net.Network;
|
||||||
import android.net.IpSecConfig;
|
import android.net.IpSecConfig;
|
||||||
import android.net.IpSecUdpEncapResponse;
|
import android.net.IpSecUdpEncapResponse;
|
||||||
@@ -48,11 +49,11 @@ interface IIpSecService
|
|||||||
|
|
||||||
void addAddressToTunnelInterface(
|
void addAddressToTunnelInterface(
|
||||||
int tunnelResourceId,
|
int tunnelResourceId,
|
||||||
String localAddr);
|
in LinkAddress localAddr);
|
||||||
|
|
||||||
void removeAddressFromTunnelInterface(
|
void removeAddressFromTunnelInterface(
|
||||||
int tunnelResourceId,
|
int tunnelResourceId,
|
||||||
String localAddr);
|
in LinkAddress localAddr);
|
||||||
|
|
||||||
void deleteTunnelInterface(int resourceId);
|
void deleteTunnelInterface(int resourceId);
|
||||||
|
|
||||||
|
|||||||
@@ -37,6 +37,13 @@ import java.util.Arrays;
|
|||||||
public final class IpSecAlgorithm implements Parcelable {
|
public final class IpSecAlgorithm implements Parcelable {
|
||||||
private static final String TAG = "IpSecAlgorithm";
|
private static final String TAG = "IpSecAlgorithm";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Null cipher.
|
||||||
|
*
|
||||||
|
* @hide
|
||||||
|
*/
|
||||||
|
public static final String CRYPT_NULL = "ecb(cipher_null)";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* AES-CBC Encryption/Ciphering Algorithm.
|
* AES-CBC Encryption/Ciphering Algorithm.
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -656,10 +656,15 @@ public final class IpSecManager {
|
|||||||
* tunneled traffic.
|
* tunneled traffic.
|
||||||
*
|
*
|
||||||
* @param address the local address for traffic inside the tunnel
|
* @param address the local address for traffic inside the tunnel
|
||||||
* @throws IOException if the address could not be added
|
|
||||||
* @hide
|
* @hide
|
||||||
*/
|
*/
|
||||||
|
@SystemApi
|
||||||
public void addAddress(LinkAddress address) throws IOException {
|
public void addAddress(LinkAddress address) throws IOException {
|
||||||
|
try {
|
||||||
|
mService.addAddressToTunnelInterface(mResourceId, address);
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
throw e.rethrowFromSystemServer();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -668,10 +673,15 @@ public final class IpSecManager {
|
|||||||
* <p>Remove an address which was previously added to the IpSecTunnelInterface
|
* <p>Remove an address which was previously added to the IpSecTunnelInterface
|
||||||
*
|
*
|
||||||
* @param address to be removed
|
* @param address to be removed
|
||||||
* @throws IOException if the address could not be removed
|
|
||||||
* @hide
|
* @hide
|
||||||
*/
|
*/
|
||||||
|
@SystemApi
|
||||||
public void removeAddress(LinkAddress address) throws IOException {
|
public void removeAddress(LinkAddress address) throws IOException {
|
||||||
|
try {
|
||||||
|
mService.removeAddressFromTunnelInterface(mResourceId, address);
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
throw e.rethrowFromSystemServer();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private IpSecTunnelInterface(@NonNull IIpSecService service,
|
private IpSecTunnelInterface(@NonNull IIpSecService service,
|
||||||
|
|||||||
@@ -36,6 +36,7 @@ import android.net.IpSecTransform;
|
|||||||
import android.net.IpSecTransformResponse;
|
import android.net.IpSecTransformResponse;
|
||||||
import android.net.IpSecTunnelInterfaceResponse;
|
import android.net.IpSecTunnelInterfaceResponse;
|
||||||
import android.net.IpSecUdpEncapResponse;
|
import android.net.IpSecUdpEncapResponse;
|
||||||
|
import android.net.LinkAddress;
|
||||||
import android.net.Network;
|
import android.net.Network;
|
||||||
import android.net.NetworkUtils;
|
import android.net.NetworkUtils;
|
||||||
import android.net.TrafficStats;
|
import android.net.TrafficStats;
|
||||||
@@ -618,10 +619,8 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
spi,
|
spi,
|
||||||
mConfig.getMarkValue(),
|
mConfig.getMarkValue(),
|
||||||
mConfig.getMarkMask());
|
mConfig.getMarkMask());
|
||||||
} catch (ServiceSpecificException e) {
|
} catch (RemoteException | ServiceSpecificException e) {
|
||||||
// FIXME: get the error code and throw is at an IOException from Errno Exception
|
Log.e(TAG, "Failed to delete SA with ID: " + mResourceId, e);
|
||||||
} catch (RemoteException e) {
|
|
||||||
Log.e(TAG, "Failed to delete SA with ID: " + mResourceId);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
getResourceTracker().give();
|
getResourceTracker().give();
|
||||||
@@ -677,14 +676,14 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
@Override
|
@Override
|
||||||
public void freeUnderlyingResources() {
|
public void freeUnderlyingResources() {
|
||||||
try {
|
try {
|
||||||
mSrvConfig
|
if (!mOwnedByTransform) {
|
||||||
.getNetdInstance()
|
mSrvConfig
|
||||||
.ipSecDeleteSecurityAssociation(
|
.getNetdInstance()
|
||||||
mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0);
|
.ipSecDeleteSecurityAssociation(
|
||||||
} catch (ServiceSpecificException e) {
|
mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0);
|
||||||
// FIXME: get the error code and throw is at an IOException from Errno Exception
|
}
|
||||||
} catch (RemoteException e) {
|
} catch (ServiceSpecificException | RemoteException e) {
|
||||||
Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId);
|
Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId, e);
|
||||||
}
|
}
|
||||||
|
|
||||||
mSpi = IpSecManager.INVALID_SECURITY_PARAMETER_INDEX;
|
mSpi = IpSecManager.INVALID_SECURITY_PARAMETER_INDEX;
|
||||||
@@ -829,15 +828,13 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff);
|
0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (ServiceSpecificException e) {
|
} catch (ServiceSpecificException | RemoteException e) {
|
||||||
// FIXME: get the error code and throw is at an IOException from Errno Exception
|
|
||||||
} catch (RemoteException e) {
|
|
||||||
Log.e(
|
Log.e(
|
||||||
TAG,
|
TAG,
|
||||||
"Failed to delete VTI with interface name: "
|
"Failed to delete VTI with interface name: "
|
||||||
+ mInterfaceName
|
+ mInterfaceName
|
||||||
+ " and id: "
|
+ " and id: "
|
||||||
+ mResourceId);
|
+ mResourceId, e);
|
||||||
}
|
}
|
||||||
|
|
||||||
getResourceTracker().give();
|
getResourceTracker().give();
|
||||||
@@ -1319,7 +1316,9 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
* from multiple local IP addresses over the same tunnel.
|
* from multiple local IP addresses over the same tunnel.
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public synchronized void addAddressToTunnelInterface(int tunnelResourceId, String localAddr) {
|
public synchronized void addAddressToTunnelInterface(
|
||||||
|
int tunnelResourceId, LinkAddress localAddr) {
|
||||||
|
enforceNetworkStackPermission();
|
||||||
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
|
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
|
||||||
|
|
||||||
// Get tunnelInterface record; if no such interface is found, will throw
|
// Get tunnelInterface record; if no such interface is found, will throw
|
||||||
@@ -1327,8 +1326,21 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
TunnelInterfaceRecord tunnelInterfaceInfo =
|
TunnelInterfaceRecord tunnelInterfaceInfo =
|
||||||
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
|
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
|
||||||
|
|
||||||
// TODO: Add calls to netd:
|
try {
|
||||||
// Add address to TunnelInterface
|
// We can assume general validity of the IP address, since we get them as a
|
||||||
|
// LinkAddress, which does some validation.
|
||||||
|
mSrvConfig
|
||||||
|
.getNetdInstance()
|
||||||
|
.interfaceAddAddress(
|
||||||
|
tunnelInterfaceInfo.mInterfaceName,
|
||||||
|
localAddr.getAddress().getHostAddress(),
|
||||||
|
localAddr.getPrefixLength());
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
throw e.rethrowFromSystemServer();
|
||||||
|
} catch (ServiceSpecificException e) {
|
||||||
|
// If we get here, one of the arguments provided was invalid. Wrap the SSE, and throw.
|
||||||
|
throw new IllegalArgumentException(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -1337,7 +1349,8 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public synchronized void removeAddressFromTunnelInterface(
|
public synchronized void removeAddressFromTunnelInterface(
|
||||||
int tunnelResourceId, String localAddr) {
|
int tunnelResourceId, LinkAddress localAddr) {
|
||||||
|
enforceNetworkStackPermission();
|
||||||
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
|
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
|
||||||
|
|
||||||
// Get tunnelInterface record; if no such interface is found, will throw
|
// Get tunnelInterface record; if no such interface is found, will throw
|
||||||
@@ -1345,8 +1358,21 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
TunnelInterfaceRecord tunnelInterfaceInfo =
|
TunnelInterfaceRecord tunnelInterfaceInfo =
|
||||||
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
|
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
|
||||||
|
|
||||||
// TODO: Add calls to netd:
|
try {
|
||||||
// Remove address from TunnelInterface
|
// We can assume general validity of the IP address, since we get them as a
|
||||||
|
// LinkAddress, which does some validation.
|
||||||
|
mSrvConfig
|
||||||
|
.getNetdInstance()
|
||||||
|
.interfaceDelAddress(
|
||||||
|
tunnelInterfaceInfo.mInterfaceName,
|
||||||
|
localAddr.getAddress().getHostAddress(),
|
||||||
|
localAddr.getPrefixLength());
|
||||||
|
} catch (RemoteException e) {
|
||||||
|
throw e.rethrowFromSystemServer();
|
||||||
|
} catch (ServiceSpecificException e) {
|
||||||
|
// If we get here, one of the arguments provided was invalid. Wrap the SSE, and throw.
|
||||||
|
throw new IllegalArgumentException(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -1467,6 +1493,13 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
IpSecAlgorithm crypt = c.getEncryption();
|
IpSecAlgorithm crypt = c.getEncryption();
|
||||||
IpSecAlgorithm authCrypt = c.getAuthenticatedEncryption();
|
IpSecAlgorithm authCrypt = c.getAuthenticatedEncryption();
|
||||||
|
|
||||||
|
String cryptName;
|
||||||
|
if (crypt == null) {
|
||||||
|
cryptName = (authCrypt == null) ? IpSecAlgorithm.CRYPT_NULL : "";
|
||||||
|
} else {
|
||||||
|
cryptName = crypt.getName();
|
||||||
|
}
|
||||||
|
|
||||||
mSrvConfig
|
mSrvConfig
|
||||||
.getNetdInstance()
|
.getNetdInstance()
|
||||||
.ipSecAddSecurityAssociation(
|
.ipSecAddSecurityAssociation(
|
||||||
@@ -1481,7 +1514,7 @@ public class IpSecService extends IIpSecService.Stub {
|
|||||||
(auth != null) ? auth.getName() : "",
|
(auth != null) ? auth.getName() : "",
|
||||||
(auth != null) ? auth.getKey() : new byte[] {},
|
(auth != null) ? auth.getKey() : new byte[] {},
|
||||||
(auth != null) ? auth.getTruncationLengthBits() : 0,
|
(auth != null) ? auth.getTruncationLengthBits() : 0,
|
||||||
(crypt != null) ? crypt.getName() : "",
|
cryptName,
|
||||||
(crypt != null) ? crypt.getKey() : new byte[] {},
|
(crypt != null) ? crypt.getKey() : new byte[] {},
|
||||||
(crypt != null) ? crypt.getTruncationLengthBits() : 0,
|
(crypt != null) ? crypt.getTruncationLengthBits() : 0,
|
||||||
(authCrypt != null) ? authCrypt.getName() : "",
|
(authCrypt != null) ? authCrypt.getName() : "",
|
||||||
|
|||||||
Reference in New Issue
Block a user