Snap for 6353066 from d9f9a8d70f9af4769cbdaab366285408dcf89e0e to rvc-release

Change-Id: Ia9e4d7125d6cbdb552b59ee81e27873c094550d5
2020-04-01 02:04:53 +00:00
parent 756c7d52e4 3fafd684c5
commit dd7d4c668f
1 changed files with 19 additions and 7 deletions
--- a/services/core/java/com/android/server/IpSecService.java
+++ b/services/core/java/com/android/server/IpSecService.java
@@ -46,6 +46,7 @@ import android.net.TrafficStats;
 import android.net.util.NetdService;
 import android.os.Binder;
 import android.os.IBinder;
+import android.os.INetworkManagementService;
 import android.os.ParcelFileDescriptor;
 import android.os.RemoteException;
 import android.os.ServiceSpecificException;
@@ -114,6 +115,9 @@ public class IpSecService extends IIpSecService.Stub {
    /* Binder context for this service */
    private final Context mContext;

+    /* NetworkManager instance */
+    private final INetworkManagementService mNetworkManager;
+
    /**
     * The next non-repeating global ID for tracking resources between users, this service, and
     * kernel data structures. Accessing this variable is not thread safe, so it is only read or
@@ -992,12 +996,13 @@ public class IpSecService extends IIpSecService.Stub {
     *
     * @param context Binder context for this service
     */
-    private IpSecService(Context context) {
-        this(context, IpSecServiceConfiguration.GETSRVINSTANCE);
+    private IpSecService(Context context, INetworkManagementService networkManager) {
+        this(context, networkManager, IpSecServiceConfiguration.GETSRVINSTANCE);
    }

-    static IpSecService create(Context context) throws InterruptedException {
-        final IpSecService service = new IpSecService(context);
+    static IpSecService create(Context context, INetworkManagementService networkManager)
+            throws InterruptedException {
+        final IpSecService service = new IpSecService(context, networkManager);
        service.connectNativeNetdService();
        return service;
    }
@@ -1011,9 +1016,11 @@ public class IpSecService extends IIpSecService.Stub {

    /** @hide */
    @VisibleForTesting
-    public IpSecService(Context context, IpSecServiceConfiguration config) {
+    public IpSecService(Context context, INetworkManagementService networkManager,
+            IpSecServiceConfiguration config) {
        this(
                context,
+                networkManager,
                config,
                (fd, uid) -> {
                    try {
@@ -1027,9 +1034,10 @@ public class IpSecService extends IIpSecService.Stub {

    /** @hide */
    @VisibleForTesting
-    public IpSecService(
-            Context context, IpSecServiceConfiguration config, UidFdTagger uidFdTagger) {
+    public IpSecService(Context context, INetworkManagementService networkManager,
+            IpSecServiceConfiguration config, UidFdTagger uidFdTagger) {
        mContext = context;
+        mNetworkManager = Objects.requireNonNull(networkManager);
        mSrvConfig = config;
        mUidFdTagger = uidFdTagger;
    }
@@ -1308,6 +1316,10 @@ public class IpSecService extends IIpSecService.Stub {
            final INetd netd = mSrvConfig.getNetdInstance();
            netd.ipSecAddTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey, resourceId);

+            Binder.withCleanCallingIdentity(() -> {
+                mNetworkManager.setInterfaceUp(intfName);
+            });
+
            for (int selAddrFamily : ADDRESS_FAMILIES) {
                // Always send down correct local/remote addresses for template.
                netd.ipSecAddSecurityPolicy(