Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5a52d311 authored by chiachangwang's avatar chiachangwang Committed by Chiachang Wang
Browse files

Support Ikev2VpnProfile provisioned with IkeTunnelConnectionParams 

If the VpnProfile are built from an Ikev2VpnProfile provisioned
with IkeTunnelConnectionParams, the related Ike options should
come from the IkeTunnelConnectionParams. This commit also allow
Vpn to recognize the new profile type which is built from an
IkeTunnelConnectionParams.

Bug: 223841137
Test: atest FrameworksNetTests
Test: Tested with aosp/2063922
Change-Id: If817774bd940b8b75ec71e1a75bbd385a90ef18a
parent c4227ee2

services/core/java/com/android/server/connectivity/Vpn.java

+25 −4
Original line number Diff line number Diff line
@@ -84,6 +84,7 @@ import android.net.ipsec.ike.ChildSessionParams; 
import android.net.ipsec.ike.IkeSession;

import android.net.ipsec.ike.IkeSessionCallback;

import android.net.ipsec.ike.IkeSessionParams;

import android.net.ipsec.ike.IkeTunnelConnectionParams;

import android.net.ipsec.ike.exceptions.IkeProtocolException;

import android.os.Binder;

import android.os.Build.VERSION_CODES;
@@ -2266,6 +2267,11 @@ public class Vpn { 
                profile.setAllowedAlgorithms(Ikev2VpnProfile.DEFAULT_ALGORITHMS);

                startVpnProfilePrivileged(profile, VpnConfig.LEGACY_VPN);

                return;

            case VpnProfile.TYPE_IKEV2_FROM_IKE_TUN_CONN_PARAMS:

                // All the necessary IKE options should come from IkeTunnelConnectionParams in the

                // profile.

                startVpnProfilePrivileged(profile, VpnConfig.LEGACY_VPN);

                return;

            case VpnProfile.TYPE_L2TP_IPSEC_PSK:

                racoon = new String[] {

                    iface, profile.server, "udppsk", profile.ipsecIdentifier,
@@ -2700,10 +2706,23 @@ public class Vpn { 
                    resetIkeState();

                    mActiveNetwork = network;



                    final IkeSessionParams ikeSessionParams =

                            VpnIkev2Utils.buildIkeSessionParams(mContext, mProfile, network);

                    final ChildSessionParams childSessionParams =

                            VpnIkev2Utils.buildChildSessionParams(mProfile.getAllowedAlgorithms());

                    // Get Ike options from IkeTunnelConnectionParams if it's available in the

                    // profile.

                    final IkeTunnelConnectionParams ikeTunConnParams =

                            mProfile.getIkeTunnelConnectionParams();

                    final IkeSessionParams ikeSessionParams;

                    final ChildSessionParams childSessionParams;

                    if (ikeTunConnParams != null) {

                        final IkeSessionParams.Builder builder = new IkeSessionParams.Builder(

                                ikeTunConnParams.getIkeSessionParams()).setNetwork(network);

                        ikeSessionParams = builder.build();

                        childSessionParams = ikeTunConnParams.getTunnelModeChildSessionParams();

                    } else {

                        ikeSessionParams = VpnIkev2Utils.buildIkeSessionParams(

                                mContext, mProfile, network);

                        childSessionParams = VpnIkev2Utils.buildChildSessionParams(

                                mProfile.getAllowedAlgorithms());

                    }



                    // TODO: Remove the need for adding two unused addresses with

                    // IPsec tunnels.
@@ -3224,6 +3243,7 @@ public class Vpn { 
            case VpnProfile.TYPE_IKEV2_IPSEC_USER_PASS:

            case VpnProfile.TYPE_IKEV2_IPSEC_PSK:

            case VpnProfile.TYPE_IKEV2_IPSEC_RSA:

            case VpnProfile.TYPE_IKEV2_FROM_IKE_TUN_CONN_PARAMS:

                if (!mContext.getPackageManager().hasSystemFeature(

                        PackageManager.FEATURE_IPSEC_TUNNELS)) {

                    throw new UnsupportedOperationException(
@@ -3397,6 +3417,7 @@ public class Vpn { 
                case VpnProfile.TYPE_IKEV2_IPSEC_USER_PASS:

                case VpnProfile.TYPE_IKEV2_IPSEC_PSK:

                case VpnProfile.TYPE_IKEV2_IPSEC_RSA:

                case VpnProfile.TYPE_IKEV2_FROM_IKE_TUN_CONN_PARAMS:

                    mVpnRunner =

                            new IkeV2VpnRunner(Ikev2VpnProfile.fromVpnProfile(profile));

                    mVpnRunner.start();