Check to ensure UDP-encap is used only for IPv4

This commit checks if UDP-encapsulation is used for unsupported address family and throws IllegalArgumentException when it happens. Bug: 74213459 Test: Tests added in testCreateTransportModeTransformWithEncap and testCreateTunnelModeTransformWithEncap. Command: runtest frameworks-net Verified on taimen. Change-Id: I10c01f2bad6aca23430849ea9ef6c1eb157ae131
2018-03-22 17:53:08 -07:00
parent 1ab508d361
commit e54eee0130
1 changed files with 34 additions and 12 deletions
--- a/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java
+++ b/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java
@@ -16,6 +16,8 @@
 package com.android.server;
 import static android.system.OsConstants.AF_INET;
 import static android.system.OsConstants.AF_INET6;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.fail;
@@ -64,16 +66,17 @@ public class IpSecServiceParameterizedTest {
    private static final int TEST_SPI = 0xD1201D;
    private final String mDestinationAddr;
    private final String mSourceAddr;
    private final String mDestinationAddr;
    private final LinkAddress mLocalInnerAddress;
    private final int mFamily;
    @Parameterized.Parameters
    public static Collection ipSecConfigs() {
        return Arrays.asList(
                new Object[][] {
-                {"1.2.3.4", "8.8.4.4", "10.0.1.1/24"},
+                {"1.2.3.4", "8.8.4.4", "10.0.1.1/24", AF_INET},
-                {"2601::2", "2601::10", "2001:db8::1/64"}
+                {"2601::2", "2601::10", "2001:db8::1/64", AF_INET6}
        });
    }
@@ -134,10 +137,11 @@ public class IpSecServiceParameterizedTest {
    private static final int REMOTE_ENCAP_PORT = 4500;
    public IpSecServiceParameterizedTest(
-            String sourceAddr, String destAddr, String localInnerAddr) {
+            String sourceAddr, String destAddr, String localInnerAddr, int family) {
        mSourceAddr = sourceAddr;
        mDestinationAddr = destAddr;
        mLocalInnerAddress = new LinkAddress(localInnerAddr);
        mFamily = family;
    }
    @Before
@@ -340,11 +344,20 @@ public class IpSecServiceParameterizedTest {
        addAuthAndCryptToIpSecConfig(ipSecConfig);
        addEncapSocketToIpSecConfig(udpSock.resourceId, ipSecConfig);
-        IpSecTransformResponse createTransformResp =
+        if (mFamily == AF_INET) {
-                mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
+            IpSecTransformResponse createTransformResp =
-        assertEquals(IpSecManager.Status.OK, createTransformResp.status);
+                    mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
            assertEquals(IpSecManager.Status.OK, createTransformResp.status);
-        verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp, udpSock.port);
+            verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp, udpSock.port);
        } else {
            try {
                IpSecTransformResponse createTransformResp =
                        mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
                fail("Expected IllegalArgumentException on attempt to use UDP Encap in IPv6");
            } catch (IllegalArgumentException expected) {
            }
        }
    }
    @Test
@@ -357,11 +370,20 @@ public class IpSecServiceParameterizedTest {
        addAuthAndCryptToIpSecConfig(ipSecConfig);
        addEncapSocketToIpSecConfig(udpSock.resourceId, ipSecConfig);
-        IpSecTransformResponse createTransformResp =
+        if (mFamily == AF_INET) {
-                mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
+            IpSecTransformResponse createTransformResp =
-        assertEquals(IpSecManager.Status.OK, createTransformResp.status);
+                    mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
            assertEquals(IpSecManager.Status.OK, createTransformResp.status);
-        verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp, udpSock.port);
+            verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp, udpSock.port);
        } else {
            try {
                IpSecTransformResponse createTransformResp =
                        mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
                fail("Expected IllegalArgumentException on attempt to use UDP Encap in IPv6");
            } catch (IllegalArgumentException expected) {
            }
        }
    }
    @Test