Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8b555224 authored by Benedict Wong's avatar Benedict Wong Committed by Yan Yan
Browse files

Remove UdpEncapsulationSocket references in VPNs 

This changes the IkeSessionParams generation to set a specific Network,
and no longer passes a UDP encapsulation socket.

Bug: 149356682
Test: FrameworksNetTests passing.
Change-Id: I69f184762490b1dd3d3261d00c81fd32bbebddfc
Merged-In: I69f184762490b1dd3d3261d00c81fd32bbebddfc
(cherry picked from commit 818dca1a)
parent faff9bd8

services/core/java/com/android/server/connectivity/Vpn.java

+1 −22
Original line number Diff line number Diff line
@@ -52,7 +52,6 @@ import android.net.Ikev2VpnProfile; 
import android.net.IpPrefix;

import android.net.IpSecManager;

import android.net.IpSecManager.IpSecTunnelInterface;

import android.net.IpSecManager.UdpEncapsulationSocket;

import android.net.IpSecTransform;

import android.net.LinkAddress;

import android.net.LinkProperties;
@@ -2201,7 +2200,6 @@ public class Vpn { 
        /** Signal to ensure shutdown is honored even if a new Network is connected. */

        private boolean mIsRunning = true;



        @Nullable private UdpEncapsulationSocket mEncapSocket;

        @Nullable private IpSecTunnelInterface mTunnelIface;

        @Nullable private IkeSession mSession;

        @Nullable private Network mActiveNetwork;
@@ -2352,12 +2350,8 @@ public class Vpn { 
                    resetIkeState();

                    mActiveNetwork = network;



                    // TODO(b/149356682): Update this based on new IKE API

                    mEncapSocket = mIpSecManager.openUdpEncapsulationSocket();



                    // TODO(b/149356682): Update this based on new IKE API

                    final IkeSessionParams ikeSessionParams =

                            VpnIkev2Utils.buildIkeSessionParams(mProfile, mEncapSocket);

                            VpnIkev2Utils.buildIkeSessionParams(mContext, mProfile, network);

                    final ChildSessionParams childSessionParams =

                            VpnIkev2Utils.buildChildSessionParams();
@@ -2370,11 +2364,6 @@ public class Vpn { 
                                    network);

                    mNetd.setInterfaceUp(mTunnelIface.getInterfaceName());



                    // Socket must be bound to prevent network switches from causing

                    // the IKE teardown to fail/timeout.

                    // TODO(b/149356682): Update this based on new IKE API

                    network.bindSocket(mEncapSocket.getFileDescriptor());



                    mSession = mIkev2SessionCreator.createIkeSession(

                            mContext,

                            ikeSessionParams,
@@ -2459,16 +2448,6 @@ public class Vpn { 
                mSession.kill(); // Kill here to make sure all resources are released immediately

                mSession = null;

            }



            // TODO(b/149356682): Update this based on new IKE API

            if (mEncapSocket != null) {

                try {

                    mEncapSocket.close();

                } catch (IOException e) {

                    Log.e(TAG, "Failed to close encap socket", e);

                }

                mEncapSocket = null;

            }

        }



        /**

services/core/java/com/android/server/connectivity/VpnIkev2Utils.java

+4 −4
Original line number Diff line number Diff line
@@ -35,10 +35,10 @@ import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC 
import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1;



import android.annotation.NonNull;

import android.content.Context;

import android.net.Ikev2VpnProfile;

import android.net.InetAddresses;

import android.net.IpPrefix;

import android.net.IpSecManager.UdpEncapsulationSocket;

import android.net.IpSecTransform;

import android.net.Network;

import android.net.RouteInfo;
@@ -84,7 +84,7 @@ import java.util.List; 
 */

public class VpnIkev2Utils {

    static IkeSessionParams buildIkeSessionParams(

            @NonNull Ikev2VpnProfile profile, @NonNull UdpEncapsulationSocket socket) {

            @NonNull Context context, @NonNull Ikev2VpnProfile profile, @NonNull Network network) {

        // TODO(b/149356682): Update this based on new IKE API. Only numeric addresses supported

        //                    until then. All others throw IAE (caught by caller).

        final InetAddress serverAddr = InetAddresses.parseNumericAddress(profile.getServerAddr());
@@ -93,9 +93,9 @@ public class VpnIkev2Utils { 


        // TODO(b/149356682): Update this based on new IKE API.

        final IkeSessionParams.Builder ikeOptionsBuilder =

                new IkeSessionParams.Builder()

                new IkeSessionParams.Builder(context)

                        .setServerAddress(serverAddr)

                        .setUdpEncapsulationSocket(socket)

                        .setNetwork(network)

                        .setLocalIdentification(localId)

                        .setRemoteIdentification(remoteId);

        setIkeAuth(profile, ikeOptionsBuilder);