Throw IAE when Network's LinkProperties is null

Improve the setUnderlyingNetwork method by throwing IAE
when Network's LinkProperties is null. Also update the
API doc to give caller more guidance in using this API

Bug: 232309601
Test: UT: IpSecServiceParameterizedTest, IpSecServiceTest,
      IpSecServiceRefcountedResourceTest, IpSecManagerTest, VpnTest
Test: CTS: IpSecManagerTest, IpSecManagerTunnelTest, Ikev2VpnTest
Test: make doc-comment-check-docs
Change-Id: Idab4706b0db42ed2222fb48b168589ed005d2f2f

framework-t/src/android/net/IpSecManager.java

@@ -817,10 +817,10 @@ public class IpSecManager {
          * </ol>
          *
          * @param underlyingNetwork the new {@link Network} that will carry traffic for this tunnel.
-         *     This network MUST never be the network exposing this IpSecTunnelInterface, otherwise
-         *     this method will throw an {@link IllegalArgumentException}. If the
-         *     IpSecTunnelInterface is later added to this network, all outbound traffic will be
-         *     blackholed.
+         *     This network MUST be a functional {@link Network} with valid {@link LinkProperties},
+         *     and MUST never be the network exposing this IpSecTunnelInterface, otherwise this
+         *     method will throw an {@link IllegalArgumentException}. If the IpSecTunnelInterface is
+         *     later added to this network, all outbound traffic will be blackholed.
          */
         // TODO: b/169171001 Update the documentation when transform migration is supported.
         // The purpose of making updating network and applying transforms separate is to leave open
@@ -962,7 +962,6 @@ public class IpSecManager {
      * IP header and IPsec Header on all inbound traffic).
      * <p>Applications should probably not use this API directly.
      *
-     *
      * @param tunnel The {@link IpSecManager#IpSecTunnelInterface} that will use the supplied
      *        transform.
      * @param direction the direction, {@link DIRECTION_OUT} or {@link #DIRECTION_IN} in which

service-t/src/com/android/server/IpSecService.java

@@ -1452,6 +1452,11 @@ public class IpSecService extends IIpSecService.Stub {
         final ConnectivityManager connectivityManager =
                 mContext.getSystemService(ConnectivityManager.class);
         final LinkProperties lp = connectivityManager.getLinkProperties(underlyingNetwork);
+        if (lp == null) {
+            throw new IllegalArgumentException(
+                    "LinkProperties is null. The underlyingNetwork may not be functional");
+        }
+
         if (tunnelInterfaceInfo.getInterfaceName().equals(lp.getInterfaceName())) {
             throw new IllegalArgumentException(
                     "Underlying network cannot be the network being exposed by this tunnel");

tests/unit/java/com/android/server/IpSecServiceParameterizedTest.java

@@ -782,6 +782,23 @@ public class IpSecServiceParameterizedTest {
         assertEquals(newFakeNetwork, tunnelInterfaceInfo.getUnderlyingNetwork());
     }
 
+    @Test
+    public void testSetNetworkForTunnelInterfaceFailsForNullLp() throws Exception {
+        final IpSecTunnelInterfaceResponse createTunnelResp =
+                createAndValidateTunnel(mSourceAddr, mDestinationAddr, BLESSED_PACKAGE);
+        final Network newFakeNetwork = new Network(1000);
+        final int tunnelIfaceResourceId = createTunnelResp.resourceId;
+
+        try {
+            mIpSecService.setNetworkForTunnelInterface(
+                    tunnelIfaceResourceId, newFakeNetwork, BLESSED_PACKAGE);
+            fail(
+                    "Expected an IllegalArgumentException for underlying network with null"
+                            + " LinkProperties");
+        } catch (IllegalArgumentException expected) {
+        }
+    }
+
     @Test
     public void testSetNetworkForTunnelInterfaceFailsForInvalidResourceId() throws Exception {
         final IpSecTunnelInterfaceResponse createTunnelResp =