Automatically set IPsec tunnel interface as up
This change makes IPsec tunnel interfaces automatically get brought up once they are created. Originally this was considered to be an additional safety check, as they would not be start routing traffic until explicitly brought up. However, in the intervening time, the NetworkManagementController now requires the NETWORK_STACK permission to set an interface as up. Additionally, that call is a hidden API, and thus not usable for use cases such as IWLAN. Bug: 149348618 Test: FrameworksNetTests, CtsNetTestCases passing. Change-Id: I55b63a748463a388e1e2991d2d5d6b3023545e60
This commit is contained in:
Benedict Wong
@@ -46,6 +46,7 @@ import android.net.LinkAddress;
|
|||||||
import android.net.Network;
|
import android.net.Network;
|
||||||
import android.net.NetworkUtils;
|
import android.net.NetworkUtils;
|
||||||
import android.os.Binder;
|
import android.os.Binder;
|
||||||
|
import android.os.INetworkManagementService;
|
||||||
import android.os.ParcelFileDescriptor;
|
import android.os.ParcelFileDescriptor;
|
||||||
import android.system.Os;
|
import android.system.Os;
|
||||||
import android.test.mock.MockContext;
|
import android.test.mock.MockContext;
|
||||||
@@ -135,6 +136,7 @@ public class IpSecServiceParameterizedTest {
|
|||||||
};
|
};
|
||||||
|
|
||||||
INetd mMockNetd;
|
INetd mMockNetd;
|
||||||
|
INetworkManagementService mNetworkManager;
|
||||||
PackageManager mMockPkgMgr;
|
PackageManager mMockPkgMgr;
|
||||||
IpSecService.IpSecServiceConfiguration mMockIpSecSrvConfig;
|
IpSecService.IpSecServiceConfiguration mMockIpSecSrvConfig;
|
||||||
IpSecService mIpSecService;
|
IpSecService mIpSecService;
|
||||||
@@ -160,9 +162,10 @@ public class IpSecServiceParameterizedTest {
|
|||||||
@Before
|
@Before
|
||||||
public void setUp() throws Exception {
|
public void setUp() throws Exception {
|
||||||
mMockNetd = mock(INetd.class);
|
mMockNetd = mock(INetd.class);
|
||||||
|
mNetworkManager = mock(INetworkManagementService.class);
|
||||||
mMockPkgMgr = mock(PackageManager.class);
|
mMockPkgMgr = mock(PackageManager.class);
|
||||||
mMockIpSecSrvConfig = mock(IpSecService.IpSecServiceConfiguration.class);
|
mMockIpSecSrvConfig = mock(IpSecService.IpSecServiceConfiguration.class);
|
||||||
mIpSecService = new IpSecService(mMockContext, mMockIpSecSrvConfig);
|
mIpSecService = new IpSecService(mMockContext, mNetworkManager, mMockIpSecSrvConfig);
|
||||||
|
|
||||||
// Injecting mock netd
|
// Injecting mock netd
|
||||||
when(mMockIpSecSrvConfig.getNetdInstance()).thenReturn(mMockNetd);
|
when(mMockIpSecSrvConfig.getNetdInstance()).thenReturn(mMockNetd);
|
||||||
@@ -609,6 +612,7 @@ public class IpSecServiceParameterizedTest {
|
|||||||
anyInt(),
|
anyInt(),
|
||||||
anyInt(),
|
anyInt(),
|
||||||
anyInt());
|
anyInt());
|
||||||
|
verify(mNetworkManager).setInterfaceUp(createTunnelResp.interfaceName);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|||||||
@@ -31,6 +31,7 @@ import static org.mockito.Mockito.verify;
|
|||||||
import android.content.Context;
|
import android.content.Context;
|
||||||
import android.os.Binder;
|
import android.os.Binder;
|
||||||
import android.os.IBinder;
|
import android.os.IBinder;
|
||||||
|
import android.os.INetworkManagementService;
|
||||||
import android.os.RemoteException;
|
import android.os.RemoteException;
|
||||||
|
|
||||||
import androidx.test.filters.SmallTest;
|
import androidx.test.filters.SmallTest;
|
||||||
@@ -61,7 +62,8 @@ public class IpSecServiceRefcountedResourceTest {
|
|||||||
public void setUp() throws Exception {
|
public void setUp() throws Exception {
|
||||||
mMockContext = mock(Context.class);
|
mMockContext = mock(Context.class);
|
||||||
mMockIpSecSrvConfig = mock(IpSecService.IpSecServiceConfiguration.class);
|
mMockIpSecSrvConfig = mock(IpSecService.IpSecServiceConfiguration.class);
|
||||||
mIpSecService = new IpSecService(mMockContext, mMockIpSecSrvConfig);
|
mIpSecService = new IpSecService(
|
||||||
|
mMockContext, mock(INetworkManagementService.class), mMockIpSecSrvConfig);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void assertResourceState(
|
private void assertResourceState(
|
||||||
|
|||||||
@@ -42,6 +42,7 @@ import android.net.IpSecManager;
|
|||||||
import android.net.IpSecSpiResponse;
|
import android.net.IpSecSpiResponse;
|
||||||
import android.net.IpSecUdpEncapResponse;
|
import android.net.IpSecUdpEncapResponse;
|
||||||
import android.os.Binder;
|
import android.os.Binder;
|
||||||
|
import android.os.INetworkManagementService;
|
||||||
import android.os.ParcelFileDescriptor;
|
import android.os.ParcelFileDescriptor;
|
||||||
import android.os.Process;
|
import android.os.Process;
|
||||||
import android.system.ErrnoException;
|
import android.system.ErrnoException;
|
||||||
@@ -115,6 +116,7 @@ public class IpSecServiceTest {
|
|||||||
}
|
}
|
||||||
|
|
||||||
Context mMockContext;
|
Context mMockContext;
|
||||||
|
INetworkManagementService mMockNetworkManager;
|
||||||
INetd mMockNetd;
|
INetd mMockNetd;
|
||||||
IpSecService.IpSecServiceConfiguration mMockIpSecSrvConfig;
|
IpSecService.IpSecServiceConfiguration mMockIpSecSrvConfig;
|
||||||
IpSecService mIpSecService;
|
IpSecService mIpSecService;
|
||||||
@@ -122,9 +124,10 @@ public class IpSecServiceTest {
|
|||||||
@Before
|
@Before
|
||||||
public void setUp() throws Exception {
|
public void setUp() throws Exception {
|
||||||
mMockContext = mock(Context.class);
|
mMockContext = mock(Context.class);
|
||||||
|
mMockNetworkManager = mock(INetworkManagementService.class);
|
||||||
mMockNetd = mock(INetd.class);
|
mMockNetd = mock(INetd.class);
|
||||||
mMockIpSecSrvConfig = mock(IpSecService.IpSecServiceConfiguration.class);
|
mMockIpSecSrvConfig = mock(IpSecService.IpSecServiceConfiguration.class);
|
||||||
mIpSecService = new IpSecService(mMockContext, mMockIpSecSrvConfig);
|
mIpSecService = new IpSecService(mMockContext, mMockNetworkManager, mMockIpSecSrvConfig);
|
||||||
|
|
||||||
// Injecting mock netd
|
// Injecting mock netd
|
||||||
when(mMockIpSecSrvConfig.getNetdInstance()).thenReturn(mMockNetd);
|
when(mMockIpSecSrvConfig.getNetdInstance()).thenReturn(mMockNetd);
|
||||||
@@ -132,7 +135,7 @@ public class IpSecServiceTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testIpSecServiceCreate() throws InterruptedException {
|
public void testIpSecServiceCreate() throws InterruptedException {
|
||||||
IpSecService ipSecSrv = IpSecService.create(mMockContext);
|
IpSecService ipSecSrv = IpSecService.create(mMockContext, mMockNetworkManager);
|
||||||
assertNotNull(ipSecSrv);
|
assertNotNull(ipSecSrv);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -604,8 +607,8 @@ public class IpSecServiceTest {
|
|||||||
@Test
|
@Test
|
||||||
public void testOpenUdpEncapSocketTagsSocket() throws Exception {
|
public void testOpenUdpEncapSocketTagsSocket() throws Exception {
|
||||||
IpSecService.UidFdTagger mockTagger = mock(IpSecService.UidFdTagger.class);
|
IpSecService.UidFdTagger mockTagger = mock(IpSecService.UidFdTagger.class);
|
||||||
IpSecService testIpSecService =
|
IpSecService testIpSecService = new IpSecService(
|
||||||
new IpSecService(mMockContext, mMockIpSecSrvConfig, mockTagger);
|
mMockContext, mMockNetworkManager, mMockIpSecSrvConfig, mockTagger);
|
||||||
|
|
||||||
IpSecUdpEncapResponse udpEncapResp =
|
IpSecUdpEncapResponse udpEncapResp =
|
||||||
testIpSecService.openUdpEncapsulationSocket(0, new Binder());
|
testIpSecService.openUdpEncapsulationSocket(0, new Binder());
|
||||||
|
|||||||
Reference in New Issue
Block a user