LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Snap for 4670666 from b3029a4f72d884bc1931e372a0851a5fdfadf251 to pi-release

Browse Source 
Change-Id: I38b91fc0587445a0fc1526b6fceacf159de94a4a
This commit is contained in:
android-build-team Robot
2018-03-22 07:25:10 +00:00
parent c95fa12d4e 4f1703787d
commit b0b463ca59
4 changed files with 78 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/java/android/net/IIpSecService.aidl
View File

@@ -16,6 +16,7 @@
package android.net;
import android.net.LinkAddress;
import android.net.Network;
import android.net.IpSecConfig;
import android.net.IpSecUdpEncapResponse;
@@ -48,11 +49,11 @@ interface IIpSecService
void addAddressToTunnelInterface(
int tunnelResourceId,
String localAddr);
in LinkAddress localAddr);
void removeAddressFromTunnelInterface(
int tunnelResourceId,
String localAddr);
in LinkAddress localAddr);
void deleteTunnelInterface(int resourceId);

7
core/java/android/net/IpSecAlgorithm.java
View File

@@ -37,6 +37,13 @@ import java.util.Arrays;
public final class IpSecAlgorithm implements Parcelable {
private static final String TAG = "IpSecAlgorithm";
/**
* Null cipher.
*
* @hide
*/
public static final String CRYPT_NULL = "ecb(cipher_null)";
/**
* AES-CBC Encryption/Ciphering Algorithm.
*

14
core/java/android/net/IpSecManager.java
View File

@@ -656,10 +656,15 @@ public final class IpSecManager {
* tunneled traffic.
*
* @param address the local address for traffic inside the tunnel
* @throws IOException if the address could not be added
* @hide
*/
@SystemApi
public void addAddress(LinkAddress address) throws IOException {
try {
mService.addAddressToTunnelInterface(mResourceId, address);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
/**
@@ -668,10 +673,15 @@ public final class IpSecManager {
* <p>Remove an address which was previously added to the IpSecTunnelInterface
*
* @param address to be removed
* @throws IOException if the address could not be removed
* @hide
*/
@SystemApi
public void removeAddress(LinkAddress address) throws IOException {
try {
mService.removeAddressFromTunnelInterface(mResourceId, address);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
private IpSecTunnelInterface(@NonNull IIpSecService service,

71
services/core/java/com/android/server/IpSecService.java
View File

@@ -36,6 +36,7 @@ import android.net.IpSecTransform;
import android.net.IpSecTransformResponse;
import android.net.IpSecTunnelInterfaceResponse;
import android.net.IpSecUdpEncapResponse;
import android.net.LinkAddress;
import android.net.Network;
import android.net.NetworkUtils;
import android.net.TrafficStats;
@@ -618,10 +619,8 @@ public class IpSecService extends IIpSecService.Stub {
spi,
mConfig.getMarkValue(),
mConfig.getMarkMask());
} catch (ServiceSpecificException e) {
// FIXME: get the error code and throw is at an IOException from Errno Exception
} catch (RemoteException e) {
Log.e(TAG, "Failed to delete SA with ID: " + mResourceId);
} catch (RemoteException | ServiceSpecificException e) {
Log.e(TAG, "Failed to delete SA with ID: " + mResourceId, e);
}
getResourceTracker().give();
@@ -677,14 +676,14 @@ public class IpSecService extends IIpSecService.Stub {
@Override
public void freeUnderlyingResources() {
try {
if (!mOwnedByTransform) {
mSrvConfig
.getNetdInstance()
.ipSecDeleteSecurityAssociation(
mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0);
} catch (ServiceSpecificException e) {
// FIXME: get the error code and throw is at an IOException from Errno Exception
} catch (RemoteException e) {
Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId);
}
} catch (ServiceSpecificException | RemoteException e) {
Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId, e);
}
mSpi = IpSecManager.INVALID_SECURITY_PARAMETER_INDEX;
@@ -829,15 +828,13 @@ public class IpSecService extends IIpSecService.Stub {
0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff);
}
}
} catch (ServiceSpecificException e) {
// FIXME: get the error code and throw is at an IOException from Errno Exception
} catch (RemoteException e) {
} catch (ServiceSpecificException | RemoteException e) {
Log.e(
TAG,
"Failed to delete VTI with interface name: "
+ mInterfaceName
+ " and id: "
+ mResourceId);
+ mResourceId, e);
}
getResourceTracker().give();
@@ -1319,7 +1316,9 @@ public class IpSecService extends IIpSecService.Stub {
* from multiple local IP addresses over the same tunnel.
*/
@Override
public synchronized void addAddressToTunnelInterface(int tunnelResourceId, String localAddr) {
public synchronized void addAddressToTunnelInterface(
int tunnelResourceId, LinkAddress localAddr) {
enforceNetworkStackPermission();
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
// Get tunnelInterface record; if no such interface is found, will throw
@@ -1327,8 +1326,21 @@ public class IpSecService extends IIpSecService.Stub {
TunnelInterfaceRecord tunnelInterfaceInfo =
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
// TODO: Add calls to netd:
// Add address to TunnelInterface
try {
// We can assume general validity of the IP address, since we get them as a
// LinkAddress, which does some validation.
mSrvConfig
.getNetdInstance()
.interfaceAddAddress(
tunnelInterfaceInfo.mInterfaceName,
localAddr.getAddress().getHostAddress(),
localAddr.getPrefixLength());
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
} catch (ServiceSpecificException e) {
// If we get here, one of the arguments provided was invalid. Wrap the SSE, and throw.
throw new IllegalArgumentException(e);
}
}
/**
@@ -1337,7 +1349,8 @@ public class IpSecService extends IIpSecService.Stub {
*/
@Override
public synchronized void removeAddressFromTunnelInterface(
int tunnelResourceId, String localAddr) {
int tunnelResourceId, LinkAddress localAddr) {
enforceNetworkStackPermission();
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
// Get tunnelInterface record; if no such interface is found, will throw
@@ -1345,8 +1358,21 @@ public class IpSecService extends IIpSecService.Stub {
TunnelInterfaceRecord tunnelInterfaceInfo =
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
// TODO: Add calls to netd:
// Remove address from TunnelInterface
try {
// We can assume general validity of the IP address, since we get them as a
// LinkAddress, which does some validation.
mSrvConfig
.getNetdInstance()
.interfaceDelAddress(
tunnelInterfaceInfo.mInterfaceName,
localAddr.getAddress().getHostAddress(),
localAddr.getPrefixLength());
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
} catch (ServiceSpecificException e) {
// If we get here, one of the arguments provided was invalid. Wrap the SSE, and throw.
throw new IllegalArgumentException(e);
}
}
/**
@@ -1467,6 +1493,13 @@ public class IpSecService extends IIpSecService.Stub {
IpSecAlgorithm crypt = c.getEncryption();
IpSecAlgorithm authCrypt = c.getAuthenticatedEncryption();
String cryptName;
if (crypt == null) {
cryptName = (authCrypt == null) ? IpSecAlgorithm.CRYPT_NULL : "";
} else {
cryptName = crypt.getName();
}
mSrvConfig
.getNetdInstance()
.ipSecAddSecurityAssociation(
@@ -1481,7 +1514,7 @@ public class IpSecService extends IIpSecService.Stub {
(auth != null) ? auth.getName() : "",
(auth != null) ? auth.getKey() : new byte[] {},
(auth != null) ? auth.getTruncationLengthBits() : 0,
(crypt != null) ? crypt.getName() : "",
cryptName,
(crypt != null) ? crypt.getKey() : new byte[] {},
(crypt != null) ? crypt.getTruncationLengthBits() : 0,
(authCrypt != null) ? authCrypt.getName() : "",