Implement Ikev2VpnRunner
This change adds the implementation for IKEv2/IPsec VPNs. Bug: 144246767 Test: Manually tested Change-Id: I5ccec756cec49ccf57ccc4d5ad800eeb5d595a76
This commit is contained in:
Benedict Wong
@@ -51,7 +51,7 @@ import java.net.Socket;
|
||||
*
|
||||
* <p>Note that not all aspects of IPsec are permitted by this API. Applications may create
|
||||
* transport mode security associations and apply them to individual sockets. Applications looking
|
||||
* to create a VPN should use {@link VpnService}.
|
||||
* to create an IPsec VPN should use {@link VpnManager} and {@link Ikev2VpnProfile}.
|
||||
*
|
||||
* @see <a href="https://tools.ietf.org/html/rfc4301">RFC 4301, Security Architecture for the
|
||||
* Internet Protocol</a>
|
||||
|
||||
@@ -1556,16 +1556,16 @@ public class IpSecService extends IIpSecService.Stub {
|
||||
}
|
||||
|
||||
Objects.requireNonNull(callingPackage, "Null calling package cannot create IpSec tunnels");
|
||||
switch (getAppOpsManager().noteOp(TUNNEL_OP, Binder.getCallingUid(), callingPackage)) {
|
||||
case AppOpsManager.MODE_DEFAULT:
|
||||
mContext.enforceCallingOrSelfPermission(
|
||||
android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
|
||||
break;
|
||||
case AppOpsManager.MODE_ALLOWED:
|
||||
return;
|
||||
default:
|
||||
throw new SecurityException("Request to ignore AppOps for non-legacy API");
|
||||
|
||||
// OP_MANAGE_IPSEC_TUNNELS will return MODE_ERRORED by default, including for the system
|
||||
// server. If the appop is not granted, require that the caller has the MANAGE_IPSEC_TUNNELS
|
||||
// permission or is the System Server.
|
||||
if (AppOpsManager.MODE_ALLOWED == getAppOpsManager().noteOpNoThrow(
|
||||
TUNNEL_OP, Binder.getCallingUid(), callingPackage)) {
|
||||
return;
|
||||
}
|
||||
mContext.enforceCallingOrSelfPermission(
|
||||
android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
|
||||
}
|
||||
|
||||
private void createOrUpdateTransform(
|
||||
|
||||
Reference in New Issue
Block a user