Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 818dca1a authored by Benedict Wong's avatar Benedict Wong Committed by evitayan
Browse files

Remove UdpEncapsulationSocket references in VPNs 

This is a clean cherry-pick from aosp/1237527

This changes the IkeSessionParams generation to set a specific Network,
and no longer passes a UDP encapsulation socket.

Bug: 149356682
Test: FrameworksNetTests passing.
Change-Id: I69f184762490b1dd3d3261d00c81fd32bbebddfc
parent a2668e55

services/core/java/com/android/server/connectivity/Vpn.java

+1 −22
Original line number Diff line number Diff line
@@ -52,7 +52,6 @@ import android.net.Ikev2VpnProfile; 
import android.net.IpPrefix;

import android.net.IpSecManager;

import android.net.IpSecManager.IpSecTunnelInterface;

import android.net.IpSecManager.UdpEncapsulationSocket;

import android.net.IpSecTransform;

import android.net.LinkAddress;

import android.net.LinkProperties;
@@ -2201,7 +2200,6 @@ public class Vpn { 
        /** Signal to ensure shutdown is honored even if a new Network is connected. */

        private boolean mIsRunning = true;



        @Nullable private UdpEncapsulationSocket mEncapSocket;

        @Nullable private IpSecTunnelInterface mTunnelIface;

        @Nullable private IkeSession mSession;

        @Nullable private Network mActiveNetwork;
@@ -2352,12 +2350,8 @@ public class Vpn { 
                    resetIkeState();

                    mActiveNetwork = network;



                    // TODO(b/149356682): Update this based on new IKE API

                    mEncapSocket = mIpSecManager.openUdpEncapsulationSocket();



                    // TODO(b/149356682): Update this based on new IKE API

                    final IkeSessionParams ikeSessionParams =

                            VpnIkev2Utils.buildIkeSessionParams(mProfile, mEncapSocket);

                            VpnIkev2Utils.buildIkeSessionParams(mContext, mProfile, network);

                    final ChildSessionParams childSessionParams =

                            VpnIkev2Utils.buildChildSessionParams();
@@ -2370,11 +2364,6 @@ public class Vpn { 
                                    network);

                    mNetd.setInterfaceUp(mTunnelIface.getInterfaceName());



                    // Socket must be bound to prevent network switches from causing

                    // the IKE teardown to fail/timeout.

                    // TODO(b/149356682): Update this based on new IKE API

                    network.bindSocket(mEncapSocket.getFileDescriptor());



                    mSession = mIkev2SessionCreator.createIkeSession(

                            mContext,

                            ikeSessionParams,
@@ -2459,16 +2448,6 @@ public class Vpn { 
                mSession.kill(); // Kill here to make sure all resources are released immediately

                mSession = null;

            }



            // TODO(b/149356682): Update this based on new IKE API

            if (mEncapSocket != null) {

                try {

                    mEncapSocket.close();

                } catch (IOException e) {

                    Log.e(TAG, "Failed to close encap socket", e);

                }

                mEncapSocket = null;

            }

        }



        /**

services/core/java/com/android/server/connectivity/VpnIkev2Utils.java

+4 −4
Original line number Diff line number Diff line
@@ -35,10 +35,10 @@ import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC 
import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1;



import android.annotation.NonNull;

import android.content.Context;

import android.net.Ikev2VpnProfile;

import android.net.InetAddresses;

import android.net.IpPrefix;

import android.net.IpSecManager.UdpEncapsulationSocket;

import android.net.IpSecTransform;

import android.net.Network;

import android.net.RouteInfo;
@@ -84,7 +84,7 @@ import java.util.List; 
 */

public class VpnIkev2Utils {

    static IkeSessionParams buildIkeSessionParams(

            @NonNull Ikev2VpnProfile profile, @NonNull UdpEncapsulationSocket socket) {

            @NonNull Context context, @NonNull Ikev2VpnProfile profile, @NonNull Network network) {

        // TODO(b/149356682): Update this based on new IKE API. Only numeric addresses supported

        //                    until then. All others throw IAE (caught by caller).

        final InetAddress serverAddr = InetAddresses.parseNumericAddress(profile.getServerAddr());
@@ -93,9 +93,9 @@ public class VpnIkev2Utils { 


        // TODO(b/149356682): Update this based on new IKE API.

        final IkeSessionParams.Builder ikeOptionsBuilder =

                new IkeSessionParams.Builder()

                new IkeSessionParams.Builder(context)

                        .setServerAddress(serverAddr)

                        .setUdpEncapsulationSocket(socket)

                        .setNetwork(network)

                        .setLocalIdentification(localId)

                        .setRemoteIdentification(remoteId);

        setIkeAuth(profile, ikeOptionsBuilder);