LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add AppOps Checks for MANAGE_IPSEC_TUNNELS

Browse Source 
Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.

Bug: 66955045
Test: runtest frameworks-net
Merged-In: I17a4a286225b432c3e15ea1587d946189931b4f4
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
(cherry picked from commit 65ef843176)
This commit is contained in:
Nathan Harold
2018-03-15 18:06:06 -07:00
parent b9df8b1fca
commit cac8775b2a
4 changed files with 76 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
core/java/android/net/IIpSecService.aidl
View File

@@ -45,25 +45,31 @@ interface IIpSecService
in String localAddr,
in String remoteAddr,
in Network underlyingNetwork,
in IBinder binder);
in IBinder binder,
in String callingPackage);
void addAddressToTunnelInterface(
int tunnelResourceId,
in LinkAddress localAddr);
in LinkAddress localAddr,
in String callingPackage);
void removeAddressFromTunnelInterface(
int tunnelResourceId,
in LinkAddress localAddr);
in LinkAddress localAddr,
in String callingPackage);
void deleteTunnelInterface(int resourceId);
void deleteTunnelInterface(int resourceId, in String callingPackage);
IpSecTransformResponse createTransform(in IpSecConfig c, in IBinder binder);
IpSecTransformResponse createTransform(
in IpSecConfig c, in IBinder binder, in String callingPackage);
void deleteTransform(int transformId);
void applyTransportModeTransform(in ParcelFileDescriptor socket, int direction, int transformId);
void applyTransportModeTransform(
in ParcelFileDescriptor socket, int direction, int transformId);
void applyTunnelModeTransform(int tunnelResourceId, int direction, int transformResourceId);
void applyTunnelModeTransform(
int tunnelResourceId, int direction, int transformResourceId, in String callingPackage);
void removeTransportModeTransforms(in ParcelFileDescriptor socket);
}

25
core/java/android/net/IpSecManager.java
View File

@@ -140,6 +140,7 @@ public final class IpSecManager {
}
}
private final Context mContext;
private final IIpSecService mService;
/**
@@ -667,6 +668,7 @@ public final class IpSecManager {
*/
@SystemApi
public static final class IpSecTunnelInterface implements AutoCloseable {
private final String mOpPackageName;
private final IIpSecService mService;
private final InetAddress mRemoteAddress;
private final InetAddress mLocalAddress;
@@ -694,7 +696,8 @@ public final class IpSecManager {
@RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS)
public void addAddress(@NonNull LinkAddress address) throws IOException {
try {
mService.addAddressToTunnelInterface(mResourceId, address);
mService.addAddressToTunnelInterface(
mResourceId, address, mOpPackageName);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -712,16 +715,18 @@ public final class IpSecManager {
@RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS)
public void removeAddress(@NonNull LinkAddress address) throws IOException {
try {
mService.removeAddressFromTunnelInterface(mResourceId, address);
mService.removeAddressFromTunnelInterface(
mResourceId, address, mOpPackageName);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
}
private IpSecTunnelInterface(@NonNull IIpSecService service,
private IpSecTunnelInterface(@NonNull Context ctx, @NonNull IIpSecService service,
@NonNull InetAddress localAddress, @NonNull InetAddress remoteAddress,
@NonNull Network underlyingNetwork)
throws ResourceUnavailableException, IOException {
mOpPackageName = ctx.getOpPackageName();
mService = service;
mLocalAddress = localAddress;
mRemoteAddress = remoteAddress;
@@ -733,7 +738,8 @@ public final class IpSecManager {
localAddress.getHostAddress(),
remoteAddress.getHostAddress(),
underlyingNetwork,
new Binder());
new Binder(),
mOpPackageName);
switch (result.status) {
case Status.OK:
break;
@@ -762,7 +768,7 @@ public final class IpSecManager {
@Override
public void close() {
try {
mService.deleteTunnelInterface(mResourceId);
mService.deleteTunnelInterface(mResourceId, mOpPackageName);
mResourceId = INVALID_RESOURCE_ID;
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
@@ -807,7 +813,8 @@ public final class IpSecManager {
public IpSecTunnelInterface createIpSecTunnelInterface(@NonNull InetAddress localAddress,
@NonNull InetAddress remoteAddress, @NonNull Network underlyingNetwork)
throws ResourceUnavailableException, IOException {
return new IpSecTunnelInterface(mService, localAddress, remoteAddress, underlyingNetwork);
return new IpSecTunnelInterface(
mContext, mService, localAddress, remoteAddress, underlyingNetwork);
}
/**
@@ -833,7 +840,8 @@ public final class IpSecManager {
@PolicyDirection int direction, @NonNull IpSecTransform transform) throws IOException {
try {
mService.applyTunnelModeTransform(
tunnel.getResourceId(), direction, transform.getResourceId());
tunnel.getResourceId(), direction,
transform.getResourceId(), mContext.getOpPackageName());
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -845,7 +853,8 @@ public final class IpSecManager {
* @param context the application context for this manager
* @hide
*/
public IpSecManager(IIpSecService service) {
public IpSecManager(Context ctx, IIpSecService service) {
mContext = ctx;
mService = checkNotNull(service, "missing service");
}
}

3
core/java/android/net/IpSecTransform.java
View File

@@ -130,7 +130,8 @@ public final class IpSecTransform implements AutoCloseable {
synchronized (this) {
try {
IIpSecService svc = getIpSecService();
IpSecTransformResponse result = svc.createTransform(mConfig, new Binder());
IpSecTransformResponse result = svc.createTransform(
mConfig, new Binder(), mContext.getOpPackageName());
int status = result.status;
checkResultStatus(status);
mResourceId = result.resourceId;