Merge "Require NETWORK_STACK Permission for IpSec Tunnel Mode" (43699e90) · Commits · e / os / android_frameworks_base

core/java/android/net/IpSecManager.java

+3 −0

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ import static com.android.internal.util.Preconditions.checkNotNull;

		import android.annotation.IntDef;
		import android.annotation.NonNull;
		import android.annotation.RequiresPermission;
		import android.annotation.SystemApi;
		import android.annotation.SystemService;
		import android.annotation.TestApi;
		@@ -761,6 +762,7 @@ public final class IpSecManager {
		* @hide
		*/
		@SystemApi
		@RequiresPermission(android.Manifest.permission.NETWORK_STACK)
		public IpSecTunnelInterface createIpSecTunnelInterface(@NonNull InetAddress localAddress,
		@NonNull InetAddress remoteAddress, @NonNull Network underlyingNetwork)
		throws ResourceUnavailableException, IOException {
		@@ -780,6 +782,7 @@ public final class IpSecManager {
		* @hide
		*/
		@SystemApi
		@RequiresPermission(android.Manifest.permission.NETWORK_STACK)
		public void applyTunnelModeTransform(IpSecTunnelInterface tunnel, int direction,
		IpSecTransform transform) throws IOException {
		try {

+10 −0

Original line number	Diff line number	Diff line
		@@ -21,6 +21,7 @@ import static com.android.internal.util.Preconditions.checkNotNull;

		import android.annotation.IntDef;
		import android.annotation.NonNull;
		import android.annotation.RequiresPermission;
		import android.annotation.SystemApi;
		import android.content.Context;
		import android.os.Binder;
		@@ -266,6 +267,10 @@ public final class IpSecTransform implements AutoCloseable {
		* @hide
		*/
		@SystemApi
		@RequiresPermission(anyOf = {
		android.Manifest.permission.NETWORK_STACK,
		android.Manifest.permission.PACKET_KEEPALIVE_OFFLOAD
		})
		public void startNattKeepalive(@NonNull NattKeepaliveCallback userCallback,
		int intervalSeconds, @NonNull Handler handler) throws IOException {
		checkNotNull(userCallback);
		@@ -305,6 +310,10 @@ public final class IpSecTransform implements AutoCloseable {
		* @hide
		*/
		@SystemApi
		@RequiresPermission(anyOf = {
		android.Manifest.permission.NETWORK_STACK,
		android.Manifest.permission.PACKET_KEEPALIVE_OFFLOAD
		})
		public void stopNattKeepalive() {
		synchronized (mKeepaliveCallback) {
		if (mKeepalive == null) {
		@@ -449,6 +458,7 @@ public final class IpSecTransform implements AutoCloseable {
		* @hide
		*/
		@SystemApi
		@RequiresPermission(android.Manifest.permission.NETWORK_STACK)
		public IpSecTransform buildTunnelModeTransform(
		@NonNull InetAddress sourceAddress,
		@NonNull IpSecManager.SecurityParameterIndex spi)

+8 −0

Original line number	Diff line number	Diff line
		@@ -1438,7 +1438,9 @@ public class IpSecService extends IIpSecService.Stub {

		switch (config.getMode()) {
		case IpSecTransform.MODE_TRANSPORT:
		break;
		case IpSecTransform.MODE_TUNNEL:
		enforceNetworkStackPermission();
		break;
		default:
		throw new IllegalArgumentException(
		@@ -1446,6 +1448,11 @@ public class IpSecService extends IIpSecService.Stub {
		}
		}

		private void enforceNetworkStackPermission() {
		mContext.enforceCallingOrSelfPermission(android.Manifest.permission.NETWORK_STACK,
		"IpSecService");
		}

		private void createOrUpdateTransform(
		IpSecConfig c, int resourceId, SpiRecord spiRecord, EncapSocketRecord socketRecord)
		throws RemoteException {
		@@ -1615,6 +1622,7 @@ public class IpSecService extends IIpSecService.Stub {
		@Override
		public synchronized void applyTunnelModeTransform(
		int tunnelResourceId, int direction, int transformResourceId) throws RemoteException {
		enforceNetworkStackPermission();
		checkDirection(direction);

		UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());