LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Add checks to ensure SPIs are not reused" am: 66aa524a04 am: 1a2e3f3b54

Browse Source 
am: ac94b41c42

Change-Id: I13738ac37710ec7934998ef269681ae7c41c612e
This commit is contained in:
Benedict Wong
2018-01-23 20:40:39 +00:00
committed by android-build-merger
parent d3a884ac8d ac94b41c42
commit fd337e9e6a
1 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
services/core/java/com/android/server/IpSecService.java
View File

@@ -571,6 +571,8 @@ public class IpSecService extends IIpSecService.Stub {
mConfig = config; mConfig = config;
mSpi = spi; mSpi = spi;
mSocket = socket; mSocket = socket;
spi.setOwnedByTransform();
} }
public IpSecConfig getConfig() { public IpSecConfig getConfig() {
@@ -651,16 +653,6 @@ public class IpSecService extends IIpSecService.Stub {
/** always guarded by IpSecService#this */ /** always guarded by IpSecService#this */
@Override @Override
public void freeUnderlyingResources() { public void freeUnderlyingResources() {
if (mOwnedByTransform) {
Log.d(TAG, "Cannot release Spi " + mSpi + ": Currently locked by a Transform");
// Because SPIs are "handed off" to transform, objects, they should never be
// freed from the SpiRecord once used in a transform. (They refer to the same SA,
// thus ownership and responsibility for freeing these resources passes to the
// Transform object). Thus, we should let the user free them without penalty once
// they are applied in a Transform object.
return;
}
try { try {
mSrvConfig mSrvConfig
.getNetdInstance() .getNetdInstance()
@@ -694,6 +686,10 @@ public class IpSecService extends IIpSecService.Stub {
mOwnedByTransform = true; mOwnedByTransform = true;
} }
public boolean getOwnedByTransform() {
return mOwnedByTransform;
}
@Override @Override
public void invalidate() throws RemoteException { public void invalidate() throws RemoteException {
getUserRecord().removeSpiRecord(mResourceId); getUserRecord().removeSpiRecord(mResourceId);
@@ -1107,6 +1103,11 @@ public class IpSecService extends IIpSecService.Stub {
// Retrieve SPI record; will throw IllegalArgumentException if not found // Retrieve SPI record; will throw IllegalArgumentException if not found
SpiRecord s = userRecord.mSpiRecords.getResourceOrThrow(config.getSpiResourceId()); SpiRecord s = userRecord.mSpiRecords.getResourceOrThrow(config.getSpiResourceId());
// Check to ensure that SPI has not already been used.
if (s.getOwnedByTransform()) {
throw new IllegalStateException("SPI already in use; cannot be used in new Transforms");
}
// If no remote address is supplied, then use one from the SPI. // If no remote address is supplied, then use one from the SPI.
if (TextUtils.isEmpty(config.getDestinationAddress())) { if (TextUtils.isEmpty(config.getDestinationAddress())) {
config.setDestinationAddress(s.getDestinationAddress()); config.setDestinationAddress(s.getDestinationAddress());