Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 09098dc4 authored by Nathan Harold's avatar Nathan Harold
Browse files

Add FileDescriptor Versions of applyTransportModeTransform() 

Because there is no way using the Java sockets API to actually
get a socket of AF_INET on mode machines, it is necessary to
provide a way to apply transforms to sockets made using the
native wrapper API, which uses POSIX APIs and will create a
socket that is AF_INET.

Bug: 36073210
Test: b/34811227
Change-Id: I28ac7cc4f36045ce523a54111e5be975b0331356
parent 5ad768c3

api/current.txt

+2 −0
Original line number Diff line number Diff line
@@ -25539,10 +25539,12 @@ package android.net { 
  public final class IpSecManager {

    method public void applyTransportModeTransform(java.net.Socket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform) throws java.io.IOException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket(int) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform);

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;

    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0

api/system-current.txt

+2 −0
Original line number Diff line number Diff line
@@ -27712,10 +27712,12 @@ package android.net { 
  public final class IpSecManager {

    method public void applyTransportModeTransform(java.net.Socket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform) throws java.io.IOException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket(int) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform);

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;

    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0

api/test-current.txt

+2 −0
Original line number Diff line number Diff line
@@ -25646,10 +25646,12 @@ package android.net { 
  public final class IpSecManager {

    method public void applyTransportModeTransform(java.net.Socket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform) throws java.io.IOException;

    method public void applyTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform) throws java.io.IOException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket(int) throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.UdpEncapsulationSocket openUdpEncapsulationSocket() throws java.io.IOException, android.net.IpSecManager.ResourceUnavailableException;

    method public void removeTransportModeTransform(java.net.Socket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.net.DatagramSocket, android.net.IpSecTransform);

    method public void removeTransportModeTransform(java.io.FileDescriptor, android.net.IpSecTransform);

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress) throws android.net.IpSecManager.ResourceUnavailableException;

    method public android.net.IpSecManager.SecurityParameterIndex reserveSecurityParameterIndex(int, java.net.InetAddress, int) throws android.net.IpSecManager.ResourceUnavailableException, android.net.IpSecManager.SpiUnavailableException;

    field public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; // 0x0

core/java/android/net/IpSecManager.java

+31 −0
Original line number Diff line number Diff line
@@ -277,6 +277,23 @@ public final class IpSecManager { 
        }

    }



    /**

     * Apply an active Transport Mode IPsec Transform to a stream socket to perform IPsec

     * encapsulation of the traffic flowing between the socket and the remote InetAddress of that

     * transform. For security reasons, attempts to send traffic to any IP address other than the

     * address associated with that transform will throw an IOException. In addition, if the

     * IpSecTransform is later deactivated, the socket will throw an IOException on any calls to

     * send() or receive() until the transform is removed from the socket by calling {@link

     * #removeTransportModeTransform(Socket, IpSecTransform)};

     *

     * @param socket a socket file descriptor

     * @param transform an {@link IpSecTransform}, which must be an active Transport Mode transform.

     */

    public void applyTransportModeTransform(FileDescriptor socket, IpSecTransform transform)

            throws IOException {

        applyTransportModeTransform(new ParcelFileDescriptor(socket), transform);

    }



    /**

     * Apply an active Tunnel Mode IPsec Transform to a network, which will tunnel all traffic to

     * and from that network's interface with IPsec (applies an outer IP header and IPsec Header to
@@ -318,6 +335,20 @@ public final class IpSecManager { 
        removeTransportModeTransform(ParcelFileDescriptor.fromDatagramSocket(socket), transform);

    }



    /**

     * Remove a transform from a given stream socket. Once removed, traffic on the socket will not

     * be encypted. This allows sockets that have been used for IPsec to be reclaimed for

     * communication in the clear in the event socket reuse is desired. This operation will succeed

     * regardless of the underlying state of a transform. If a transform is removed, communication

     * on all sockets to which that transform was applied will fail until this method is called.

     *

     * @param socket a socket file descriptor that previously had a transform applied to it.

     * @param transform the IPsec Transform that was previously applied to the given socket

     */

    public void removeTransportModeTransform(FileDescriptor socket, IpSecTransform transform) {

        removeTransportModeTransform(new ParcelFileDescriptor(socket), transform);

    }



    /* Call down to activate a transform */

    private void removeTransportModeTransform(ParcelFileDescriptor pfd, IpSecTransform transform) {

        try {