Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 30cfe321 authored by Benedict Wong's avatar Benedict Wong Committed by Automerger Merge Worker
Browse files

Use TransformRecord to get SPI instead of SpiRecord am: 963502fa

Change-Id: I4a186a8c098dbad6c0d97d2ee0cdc1a9342b8a19
parents 0f7d11be 963502fa
Loading
Loading
Loading
Loading
+2 −2
Original line number Original line Diff line number Diff line
@@ -1776,7 +1776,7 @@ public class IpSecService extends IIpSecService.Stub {
            socketRecord =
            socketRecord =
                    userRecord.mEncapSocketRecords.getResourceOrThrow(c.getEncapSocketResourceId());
                    userRecord.mEncapSocketRecords.getResourceOrThrow(c.getEncapSocketResourceId());
        }
        }
        SpiRecord spiRecord = userRecord.mSpiRecords.getResourceOrThrow(c.getSpiResourceId());
        SpiRecord spiRecord = transformInfo.getSpiRecord();


        int mark =
        int mark =
                (direction == IpSecManager.DIRECTION_OUT)
                (direction == IpSecManager.DIRECTION_OUT)
@@ -1809,7 +1809,7 @@ public class IpSecService extends IIpSecService.Stub {


                // Set outbound SPI only. We want inbound to use any valid SA (old, new) on rekeys,
                // Set outbound SPI only. We want inbound to use any valid SA (old, new) on rekeys,
                // but want to guarantee outbound packets are sent over the new SA.
                // but want to guarantee outbound packets are sent over the new SA.
                spi = transformInfo.getSpiRecord().getSpi();
                spi = spiRecord.getSpi();
            }
            }


            // Always update the policy with the relevant XFRM_IF_ID
            // Always update the policy with the relevant XFRM_IF_ID
+68 −0
Original line number Original line Diff line number Diff line
@@ -571,6 +571,35 @@ public class IpSecServiceParameterizedTest {
                        eq(TEST_SPI));
                        eq(TEST_SPI));
    }
    }


    @Test
    public void testApplyTransportModeTransformWithClosedSpi() throws Exception {
        IpSecConfig ipSecConfig = new IpSecConfig();
        addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
        addAuthAndCryptToIpSecConfig(ipSecConfig);

        IpSecTransformResponse createTransformResp =
                mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");

        // Close SPI record
        mIpSecService.releaseSecurityParameterIndex(ipSecConfig.getSpiResourceId());

        Socket socket = new Socket();
        socket.bind(null);
        ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(socket);

        int resourceId = createTransformResp.resourceId;
        mIpSecService.applyTransportModeTransform(pfd, IpSecManager.DIRECTION_OUT, resourceId);

        verify(mMockNetd)
                .ipSecApplyTransportModeTransform(
                        eq(pfd),
                        eq(mUid),
                        eq(IpSecManager.DIRECTION_OUT),
                        anyString(),
                        anyString(),
                        eq(TEST_SPI));
    }

    @Test
    @Test
    public void testRemoveTransportModeTransform() throws Exception {
    public void testRemoveTransportModeTransform() throws Exception {
        Socket socket = new Socket();
        Socket socket = new Socket();
@@ -693,6 +722,45 @@ public class IpSecServiceParameterizedTest {
        verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp);
        verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp);
    }
    }



    @Test
    public void testApplyTunnelModeTransformWithClosedSpi() throws Exception {
        IpSecConfig ipSecConfig = new IpSecConfig();
        ipSecConfig.setMode(IpSecTransform.MODE_TUNNEL);
        addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
        addAuthAndCryptToIpSecConfig(ipSecConfig);

        IpSecTransformResponse createTransformResp =
                mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
        IpSecTunnelInterfaceResponse createTunnelResp =
                createAndValidateTunnel(mSourceAddr, mDestinationAddr, "blessedPackage");

        // Close SPI record
        mIpSecService.releaseSecurityParameterIndex(ipSecConfig.getSpiResourceId());

        int transformResourceId = createTransformResp.resourceId;
        int tunnelResourceId = createTunnelResp.resourceId;
        mIpSecService.applyTunnelModeTransform(tunnelResourceId, IpSecManager.DIRECTION_OUT,
                transformResourceId, "blessedPackage");

        for (int selAddrFamily : ADDRESS_FAMILIES) {
            verify(mMockNetd)
                    .ipSecUpdateSecurityPolicy(
                            eq(mUid),
                            eq(selAddrFamily),
                            eq(IpSecManager.DIRECTION_OUT),
                            anyString(),
                            anyString(),
                            eq(TEST_SPI),
                            anyInt(), // iKey/oKey
                            anyInt(), // mask
                            eq(tunnelResourceId));
        }

        ipSecConfig.setXfrmInterfaceId(tunnelResourceId);
        verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp);
    }

    @Test
    @Test
    public void testAddRemoveAddressFromTunnelInterface() throws Exception {
    public void testAddRemoveAddressFromTunnelInterface() throws Exception {
        for (String pkgName : new String[]{"blessedPackage", "systemPackage"}) {
        for (String pkgName : new String[]{"blessedPackage", "systemPackage"}) {