Merge changes I37dd459d,I1959f308 into rvc-dev (0cd6d1cb) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/IpSecService.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -1776,7 +1776,7 @@ public class IpSecService extends IIpSecService.Stub {
		socketRecord =
		userRecord.mEncapSocketRecords.getResourceOrThrow(c.getEncapSocketResourceId());
		}
		SpiRecord spiRecord = userRecord.mSpiRecords.getResourceOrThrow(c.getSpiResourceId());
		SpiRecord spiRecord = transformInfo.getSpiRecord();

		int mark =
		(direction == IpSecManager.DIRECTION_OUT)
		@@ -1809,7 +1809,7 @@ public class IpSecService extends IIpSecService.Stub {

		// Set outbound SPI only. We want inbound to use any valid SA (old, new) on rekeys,
		// but want to guarantee outbound packets are sent over the new SA.
		spi = transformInfo.getSpiRecord().getSpi();
		spi = spiRecord.getSpi();
		}

		// Always update the policy with the relevant XFRM_IF_ID

tests/net/java/com/android/server/IpSecServiceParameterizedTest.java

+95 −0

Original line number	Diff line number	Diff line
		@@ -547,6 +547,46 @@ public class IpSecServiceParameterizedTest {

		@Test
		public void testApplyTransportModeTransform() throws Exception {
		verifyApplyTransportModeTransformCommon(false);
		}

		@Test
		public void testApplyTransportModeTransformReleasedSpi() throws Exception {
		verifyApplyTransportModeTransformCommon(true);
		}

		public void verifyApplyTransportModeTransformCommon(
		boolean closeSpiBeforeApply) throws Exception {
		IpSecConfig ipSecConfig = new IpSecConfig();
		addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
		addAuthAndCryptToIpSecConfig(ipSecConfig);

		IpSecTransformResponse createTransformResp =
		mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");

		if (closeSpiBeforeApply) {
		mIpSecService.releaseSecurityParameterIndex(ipSecConfig.getSpiResourceId());
		}

		Socket socket = new Socket();
		socket.bind(null);
		ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(socket);

		int resourceId = createTransformResp.resourceId;
		mIpSecService.applyTransportModeTransform(pfd, IpSecManager.DIRECTION_OUT, resourceId);

		verify(mMockNetd)
		.ipSecApplyTransportModeTransform(
		eq(pfd),
		eq(mUid),
		eq(IpSecManager.DIRECTION_OUT),
		anyString(),
		anyString(),
		eq(TEST_SPI));
		}

		@Test
		public void testApplyTransportModeTransformWithClosedSpi() throws Exception {
		IpSecConfig ipSecConfig = new IpSecConfig();
		addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
		addAuthAndCryptToIpSecConfig(ipSecConfig);
		@@ -554,6 +594,9 @@ public class IpSecServiceParameterizedTest {
		IpSecTransformResponse createTransformResp =
		mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");

		// Close SPI record
		mIpSecService.releaseSecurityParameterIndex(ipSecConfig.getSpiResourceId());

		Socket socket = new Socket();
		socket.bind(null);
		ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(socket);
		@@ -660,6 +703,15 @@ public class IpSecServiceParameterizedTest {

		@Test
		public void testApplyTunnelModeTransform() throws Exception {
		verifyApplyTunnelModeTransformCommon(false);
		}

		@Test
		public void testApplyTunnelModeTransformReleasedSpi() throws Exception {
		verifyApplyTunnelModeTransformCommon(true);
		}

		public void verifyApplyTunnelModeTransformCommon(boolean closeSpiBeforeApply) throws Exception {
		IpSecConfig ipSecConfig = new IpSecConfig();
		ipSecConfig.setMode(IpSecTransform.MODE_TUNNEL);
		addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
		@@ -670,6 +722,49 @@ public class IpSecServiceParameterizedTest {
		IpSecTunnelInterfaceResponse createTunnelResp =
		createAndValidateTunnel(mSourceAddr, mDestinationAddr, "blessedPackage");

		if (closeSpiBeforeApply) {
		mIpSecService.releaseSecurityParameterIndex(ipSecConfig.getSpiResourceId());
		}

		int transformResourceId = createTransformResp.resourceId;
		int tunnelResourceId = createTunnelResp.resourceId;
		mIpSecService.applyTunnelModeTransform(tunnelResourceId, IpSecManager.DIRECTION_OUT,
		transformResourceId, "blessedPackage");

		for (int selAddrFamily : ADDRESS_FAMILIES) {
		verify(mMockNetd)
		.ipSecUpdateSecurityPolicy(
		eq(mUid),
		eq(selAddrFamily),
		eq(IpSecManager.DIRECTION_OUT),
		anyString(),
		anyString(),
		eq(TEST_SPI),
		anyInt(), // iKey/oKey
		anyInt(), // mask
		eq(tunnelResourceId));
		}

		ipSecConfig.setXfrmInterfaceId(tunnelResourceId);
		verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp);
		}


		@Test
		public void testApplyTunnelModeTransformWithClosedSpi() throws Exception {
		IpSecConfig ipSecConfig = new IpSecConfig();
		ipSecConfig.setMode(IpSecTransform.MODE_TUNNEL);
		addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
		addAuthAndCryptToIpSecConfig(ipSecConfig);

		IpSecTransformResponse createTransformResp =
		mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
		IpSecTunnelInterfaceResponse createTunnelResp =
		createAndValidateTunnel(mSourceAddr, mDestinationAddr, "blessedPackage");

		// Close SPI record
		mIpSecService.releaseSecurityParameterIndex(ipSecConfig.getSpiResourceId());

		int transformResourceId = createTransformResp.resourceId;
		int tunnelResourceId = createTunnelResp.resourceId;
		mIpSecService.applyTunnelModeTransform(tunnelResourceId, IpSecManager.DIRECTION_OUT,