This commit exposes APIs to migrate a tunnel mode transform to
new source/destination addresses, as required by MOBIKE.
By calling the exposed API, the caller only caches the new
address in the transform. To complete the migration, caller
MUST apply the tranform to the appropriate tunnel.
This API design is mainly based on the kernel interface and use
cases. The Linux kernel requires Android to provide both the
IpSecTransform and the IpSecTunnelInterface to perform the
migration. And in most cases those two instances are managed
by different entities: IpSecTranform is managed by the key
exchange protocol (e.g. IKE) and IpSecTunnelInterface is managed by
the security tunnel provider (e.g. VPN, VCN, and IWLAN). Thus the
migration process has been designed to have two steps where the
key exchange protocol negotiates and caches the new address,
passes out the updated transform, and the security tunnel
provider applies the transform to a tunnel.
Another benefit of this API is it can also apply to the case
where the network peer does not support MOBIKE and thus cannot
update the existing transforms. In this case, the key exchange
protocol can create a new transform and give it to the security
tunnel provider, and the tunnel provider can still call "apply"
to perform migration without needing to know the details of the
transform update process.
Bug: 169171001
Test: atest FrameworksNetTests, IpSecManagerTunnelTest
Change-Id: I0658cdb09fb31f7e0fb9d0b07f37c2b72b6e705f
Based on documentation, String parameter to CloseGuard.open() should be the name of the method to close the resource (in this case Resource.close()).
As currently written, the debug output from warnIfOpen() will be "Resource failed to call constructor."
Bug: 131838407
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I25f005a7944bf3995ae6dc4c021ed1034f2187dd
Based on documentation, String parameter to CloseGuard.open() should be the name of the method to close the resource (in this case Resource.close()).
As currently written, the debug output from warnIfOpen() will be "Resource failed to call constructor."
Bug: 131838407
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9b8a71f9076712014bb883bbde5e5fbdb018b2d5
This commit adds methods to support migrating tunnel mode
IpSecTransform to new source/destination addresses.
Bug: 169171001
Test: atest FrameworksNetTests (new tests added)
Change-Id: Ic177015fba5b62d3f73009633118109d3631086f
Improve the setUnderlyingNetwork method by throwing IAE
when Network's LinkProperties is null. Also update the
API doc to give caller more guidance in using this API
Bug: 232309601
Test: UT: IpSecServiceParameterizedTest, IpSecServiceTest,
IpSecServiceRefcountedResourceTest, IpSecManagerTest, VpnTest
Test: CTS: IpSecManagerTest, IpSecManagerTunnelTest, Ikev2VpnTest
Test: make doc-comment-check-docs
Change-Id: Idab4706b0db42ed2222fb48b168589ed005d2f2f
Allows VCN and IKE unit tests to mock IpSecManager and thus stop
depending on the hidden APIs in the Connectivity module
(e.g. IpSecService binder interface). Otherwise, any changes on
these related hidden APIs will require topic changes across multiple
projects.
Bug: 217572993
Test: make update-api
Test: atest IpSecManagerTest, IpSecManagerTunnelTest
Change-Id: I29f3ac96f83b4271f29a7051d33ccf47a0dd6c57
Merged-In: I29f3ac96f83b4271f29a7051d33ccf47a0dd6c57
IpSec is going to be moved into Connectivity module and it needs to
use PolicyDirection annotation. Add PolicyDirection IntDef annotation
so that it can be used in the module.
Bug: 204153604
Test: FrameworksNetTests
Change-Id: Ib411d8c436d67574bfaf7f3aba43e5f31e7487e2
Remove ServiceManager hidden API dependency because this class
is going to be moved into mainline module. Thus have IpSecTransform
calls createTransform and deleteTransform through IpSecManager to
remove the ServiceManager usage.
Bug: 204153604
Test: FrameworksNetTests
Change-Id: Iba48da4aecac1080684d5a7e7e7ca2e31219591a
IpSec service is going to be moved into Connectivity module. Replace
Preconditions.checkNotNull with Objects.requireNonNull to remove
hidden API usages.
Bug: 204153604
Test: FrameworksNetTests
Change-Id: Iff7f76844d4126b0e17b62b4ce821449b5b6ce44
IpSecManager.DIRECTION_FWD is used by VcnGatewayConnection and
it will be not visible to platform after IpSec was moved into
Connectivity mainline module. Therefore, make DIRECTION_FWD
@SystemApi so that it can be used by VcnGatewayConnection.
Bug: 204153604
Test: FrameworksNetTests
Change-Id: I80dc2a5b4940504820cee0d8e2d2e59ef3fcca18
IpSecService is going to be moved into Connectivity mainline module.
Move all ipsec associated files to packages/ConnectivityT so that
it can be easily migrate these files to connectivity module after
clearing the hidden API usages.
Bug: 204153604
Test: build pass
FrameworksNetTests
CtsNetTestCases
Change-Id: I562b47f18e345988a2638cf886f86818f9144b91
