Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9778c788 authored by nharold's avatar nharold Committed by Gerrit Code Review
Browse files

Merge changes from topic "ipsec-svc-cleanup" 

* changes:
  Split IpSecServiceTest to add IPv6 Tests
  Add equals() for IpSecAlgorithm and IpSecConfig
  Input Validation for IpSecService
parents cfe51aab 2e9a5200

core/java/android/net/IpSecAlgorithm.java

+10 −7
Original line number Original line Diff line number Diff line
@@ -24,6 +24,7 @@ import com.android.internal.util.HexDump; 




import java.lang.annotation.Retention;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.lang.annotation.RetentionPolicy;

import java.util.Arrays;





/**

/**

 * IpSecAlgorithm specifies a single algorithm that can be applied to an IpSec Transform. Refer to

 * IpSecAlgorithm specifies a single algorithm that can be applied to an IpSec Transform. Refer to
@@ -75,13 +76,7 @@ public final class IpSecAlgorithm implements Parcelable { 
    public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";

    public static final String AUTH_HMAC_SHA512 = "hmac(sha512)";





    /** @hide */

    /** @hide */

    @StringDef({

    @StringDef({CRYPT_AES_CBC, AUTH_HMAC_MD5, AUTH_HMAC_SHA1, AUTH_HMAC_SHA256, AUTH_HMAC_SHA512})

        CRYPT_AES_CBC,

        AUTH_HMAC_MD5,

        AUTH_HMAC_SHA1,

        AUTH_HMAC_SHA256,

        AUTH_HMAC_SHA512

    })

    @Retention(RetentionPolicy.SOURCE)

    @Retention(RetentionPolicy.SOURCE)

    public @interface AlgorithmName {}

    public @interface AlgorithmName {}
@@ -197,4 +192,12 @@ public final class IpSecAlgorithm implements Parcelable { 
                .append("}")

                .append("}")

                .toString();

                .toString();

    }

    }



    /** package */

    static boolean equals(IpSecAlgorithm lhs, IpSecAlgorithm rhs) {

        if (lhs == null || rhs == null) return (lhs == rhs);

        return (lhs.mName.equals(rhs.mName)

                && Arrays.equals(lhs.mKey, rhs.mKey)

                && lhs.mTruncLenBits == rhs.mTruncLenBits);

    }

};
 
};

core/java/android/net/IpSecConfig.java

+172 −101
Original line number Original line Diff line number Diff line
@@ -17,105 +17,170 @@ package android.net; 




import android.os.Parcel;

import android.os.Parcel;

import android.os.Parcelable;

import android.os.Parcelable;

import android.util.Log;



import java.net.InetAddress;

import com.android.internal.annotations.VisibleForTesting;

import java.net.UnknownHostException;





/** @hide */

/** @hide */

public final class IpSecConfig implements Parcelable {

public final class IpSecConfig implements Parcelable {

    private static final String TAG = "IpSecConfig";

    private static final String TAG = "IpSecConfig";





    // MODE_TRANSPORT or MODE_TUNNEL

    // MODE_TRANSPORT or MODE_TUNNEL

    int mode;

    private int mMode = IpSecTransform.MODE_TRANSPORT;





    // For tunnel mode

    // Needs to be valid only for tunnel mode

    InetAddress localAddress;

    // Preventing this from being null simplifies Java->Native binder

    private String mLocalAddress = "";





    InetAddress remoteAddress;

    // Preventing this from being null simplifies Java->Native binder

    private String mRemoteAddress = "";





    // Limit selection by network interface

    // The underlying network interface that represents the "gateway" Network

    Network network;

    // for outbound packets. It may also be used to select packets.

    private Network mNetwork;





    public static class Flow {

    public static class Flow {

        // Minimum requirements for identifying a transform

        // Minimum requirements for identifying a transform

        // SPI identifying the IPsec flow in packet processing

        // SPI identifying the IPsec flow in packet processing

        // and a remote IP address

        // and a remote IP address

        int spiResourceId;

        private int mSpiResourceId = IpSecManager.INVALID_RESOURCE_ID;





        // Encryption Algorithm

        // Encryption Algorithm

        IpSecAlgorithm encryption;

        private IpSecAlgorithm mEncryption;





        // Authentication Algorithm

        // Authentication Algorithm

        IpSecAlgorithm authentication;

        private IpSecAlgorithm mAuthentication;





        @Override

        @Override

        public String toString() {

        public String toString() {

            return new StringBuilder()

            return new StringBuilder()

                    .append("{spiResourceId=")

                    .append("{mSpiResourceId=")

                    .append(spiResourceId)

                    .append(mSpiResourceId)

                    .append(", encryption=")

                    .append(", mEncryption=")

                    .append(encryption)

                    .append(mEncryption)

                    .append(", authentication=")

                    .append(", mAuthentication=")

                    .append(authentication)

                    .append(mAuthentication)

                    .append("}")

                    .append("}")

                    .toString();

                    .toString();

        }

        }



        static boolean equals(IpSecConfig.Flow lhs, IpSecConfig.Flow rhs) {

            if (lhs == null || rhs == null) return (lhs == rhs);

            return (lhs.mSpiResourceId == rhs.mSpiResourceId

                    && IpSecAlgorithm.equals(lhs.mEncryption, rhs.mEncryption)

                    && IpSecAlgorithm.equals(lhs.mAuthentication, rhs.mAuthentication));

        }

    }

    }





    final Flow[] flow = new Flow[] {new Flow(), new Flow()};

    private final Flow[] mFlow = new Flow[] {new Flow(), new Flow()};





    // For tunnel mode IPv4 UDP Encapsulation

    // For tunnel mode IPv4 UDP Encapsulation

    // IpSecTransform#ENCAP_ESP_*, such as ENCAP_ESP_OVER_UDP_IKE

    // IpSecTransform#ENCAP_ESP_*, such as ENCAP_ESP_OVER_UDP_IKE

    int encapType;

    private int mEncapType = IpSecTransform.ENCAP_NONE;

    int encapLocalPortResourceId;

    private int mEncapSocketResourceId = IpSecManager.INVALID_RESOURCE_ID;

    int encapRemotePort;

    private int mEncapRemotePort;





    // An interval, in seconds between the NattKeepalive packets

    // An interval, in seconds between the NattKeepalive packets

    int nattKeepaliveInterval;

    private int mNattKeepaliveInterval;



    /** Set the mode for this IPsec transform */

    public void setMode(int mode) {

        mMode = mode;

    }



    /** Set the local IP address for Tunnel mode */

    public void setLocalAddress(String localAddress) {

        if (localAddress == null) {

            throw new IllegalArgumentException("localAddress may not be null!");

        }

        mLocalAddress = localAddress;

    }



    /** Set the remote IP address for this IPsec transform */

    public void setRemoteAddress(String remoteAddress) {

        if (remoteAddress == null) {

            throw new IllegalArgumentException("remoteAddress may not be null!");

        }

        mRemoteAddress = remoteAddress;

    }



    /** Set the SPI for a given direction by resource ID */

    public void setSpiResourceId(int direction, int resourceId) {

        mFlow[direction].mSpiResourceId = resourceId;

    }



    /** Set the encryption algorithm for a given direction */

    public void setEncryption(int direction, IpSecAlgorithm encryption) {

        mFlow[direction].mEncryption = encryption;

    }



    /** Set the authentication algorithm for a given direction */

    public void setAuthentication(int direction, IpSecAlgorithm authentication) {

        mFlow[direction].mAuthentication = authentication;

    }



    public void setNetwork(Network network) {

        mNetwork = network;

    }



    public void setEncapType(int encapType) {

        mEncapType = encapType;

    }



    public void setEncapSocketResourceId(int resourceId) {

        mEncapSocketResourceId = resourceId;

    }



    public void setEncapRemotePort(int port) {

        mEncapRemotePort = port;

    }



    public void setNattKeepaliveInterval(int interval) {

        mNattKeepaliveInterval = interval;

    }





    // Transport or Tunnel

    // Transport or Tunnel

    public int getMode() {

    public int getMode() {

        return mode;

        return mMode;

    }

    }





    public InetAddress getLocalAddress() {

    public String getLocalAddress() {

        return localAddress;

        return mLocalAddress;

    }

    }





    public int getSpiResourceId(int direction) {

    public int getSpiResourceId(int direction) {

        return flow[direction].spiResourceId;

        return mFlow[direction].mSpiResourceId;

    }

    }





    public InetAddress getRemoteAddress() {

    public String getRemoteAddress() {

        return remoteAddress;

        return mRemoteAddress;

    }

    }





    public IpSecAlgorithm getEncryption(int direction) {

    public IpSecAlgorithm getEncryption(int direction) {

        return flow[direction].encryption;

        return mFlow[direction].mEncryption;

    }

    }





    public IpSecAlgorithm getAuthentication(int direction) {

    public IpSecAlgorithm getAuthentication(int direction) {

        return flow[direction].authentication;

        return mFlow[direction].mAuthentication;

    }

    }





    public Network getNetwork() {

    public Network getNetwork() {

        return network;

        return mNetwork;

    }

    }





    public int getEncapType() {

    public int getEncapType() {

        return encapType;

        return mEncapType;

    }

    }





    public int getEncapLocalResourceId() {

    public int getEncapSocketResourceId() {

        return encapLocalPortResourceId;

        return mEncapSocketResourceId;

    }

    }





    public int getEncapRemotePort() {

    public int getEncapRemotePort() {

        return encapRemotePort;

        return mEncapRemotePort;

    }

    }





    public int getNattKeepaliveInterval() {

    public int getNattKeepaliveInterval() {

        return nattKeepaliveInterval;

        return mNattKeepaliveInterval;

    }

    }





    // Parcelable Methods

    // Parcelable Methods
@@ -127,82 +192,70 @@ public final class IpSecConfig implements Parcelable { 




    @Override

    @Override

    public void writeToParcel(Parcel out, int flags) {

    public void writeToParcel(Parcel out, int flags) {

        // TODO: Use a byte array or other better method for storing IPs that can also include scope

        out.writeInt(mMode);

        out.writeString((localAddress != null) ? localAddress.getHostAddress() : null);

        out.writeString(mLocalAddress);

        // TODO: Use a byte array or other better method for storing IPs that can also include scope

        out.writeString(mRemoteAddress);

        out.writeString((remoteAddress != null) ? remoteAddress.getHostAddress() : null);

        out.writeParcelable(mNetwork, flags);

        out.writeParcelable(network, flags);

        out.writeInt(mFlow[IpSecTransform.DIRECTION_IN].mSpiResourceId);

        out.writeInt(flow[IpSecTransform.DIRECTION_IN].spiResourceId);

        out.writeParcelable(mFlow[IpSecTransform.DIRECTION_IN].mEncryption, flags);

        out.writeParcelable(flow[IpSecTransform.DIRECTION_IN].encryption, flags);

        out.writeParcelable(mFlow[IpSecTransform.DIRECTION_IN].mAuthentication, flags);

        out.writeParcelable(flow[IpSecTransform.DIRECTION_IN].authentication, flags);

        out.writeInt(mFlow[IpSecTransform.DIRECTION_OUT].mSpiResourceId);

        out.writeInt(flow[IpSecTransform.DIRECTION_OUT].spiResourceId);

        out.writeParcelable(mFlow[IpSecTransform.DIRECTION_OUT].mEncryption, flags);

        out.writeParcelable(flow[IpSecTransform.DIRECTION_OUT].encryption, flags);

        out.writeParcelable(mFlow[IpSecTransform.DIRECTION_OUT].mAuthentication, flags);

        out.writeParcelable(flow[IpSecTransform.DIRECTION_OUT].authentication, flags);

        out.writeInt(mEncapType);

        out.writeInt(encapType);

        out.writeInt(mEncapSocketResourceId);

        out.writeInt(encapLocalPortResourceId);

        out.writeInt(mEncapRemotePort);

        out.writeInt(encapRemotePort);

        out.writeInt(mNattKeepaliveInterval);

    }



    // Package Private: Used by the IpSecTransform.Builder;

    // there should be no public constructor for this object

    IpSecConfig() {}



    private static InetAddress readInetAddressFromParcel(Parcel in) {

        String addrString = in.readString();

        if (addrString == null) {

            return null;

        }

        try {

            return InetAddress.getByName(addrString);

        } catch (UnknownHostException e) {

            Log.wtf(TAG, "Invalid IpAddress " + addrString);

            return null;

        }

    }

    }





    @VisibleForTesting

    public IpSecConfig() {}



    private IpSecConfig(Parcel in) {

    private IpSecConfig(Parcel in) {

        localAddress = readInetAddressFromParcel(in);

        mMode = in.readInt();

        remoteAddress = readInetAddressFromParcel(in);

        mLocalAddress = in.readString();

        network = (Network) in.readParcelable(Network.class.getClassLoader());

        mRemoteAddress = in.readString();

        flow[IpSecTransform.DIRECTION_IN].spiResourceId = in.readInt();

        mNetwork = (Network) in.readParcelable(Network.class.getClassLoader());

        flow[IpSecTransform.DIRECTION_IN].encryption =

        mFlow[IpSecTransform.DIRECTION_IN].mSpiResourceId = in.readInt();

        mFlow[IpSecTransform.DIRECTION_IN].mEncryption =

                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());

                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());

        flow[IpSecTransform.DIRECTION_IN].authentication =

        mFlow[IpSecTransform.DIRECTION_IN].mAuthentication =

                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());

                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());

        flow[IpSecTransform.DIRECTION_OUT].spiResourceId = in.readInt();

        mFlow[IpSecTransform.DIRECTION_OUT].mSpiResourceId = in.readInt();

        flow[IpSecTransform.DIRECTION_OUT].encryption =

        mFlow[IpSecTransform.DIRECTION_OUT].mEncryption =

                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());

                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());

        flow[IpSecTransform.DIRECTION_OUT].authentication =

        mFlow[IpSecTransform.DIRECTION_OUT].mAuthentication =

                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());

                (IpSecAlgorithm) in.readParcelable(IpSecAlgorithm.class.getClassLoader());

        encapType = in.readInt();

        mEncapType = in.readInt();

        encapLocalPortResourceId = in.readInt();

        mEncapSocketResourceId = in.readInt();

        encapRemotePort = in.readInt();

        mEncapRemotePort = in.readInt();

        mNattKeepaliveInterval = in.readInt();

    }

    }





    @Override

    @Override

    public String toString() {

    public String toString() {

        StringBuilder strBuilder = new StringBuilder();

        StringBuilder strBuilder = new StringBuilder();

        strBuilder

        strBuilder

                .append("{mode=")

                .append("{mMode=")

                .append(mode == IpSecTransform.MODE_TUNNEL ? "TUNNEL" : "TRANSPORT")

                .append(mMode == IpSecTransform.MODE_TUNNEL ? "TUNNEL" : "TRANSPORT")

                .append(", localAddress=")

                .append(", mLocalAddress=")

                .append(localAddress)

                .append(mLocalAddress)

                .append(", remoteAddress=")

                .append(", mRemoteAddress=")

                .append(remoteAddress)

                .append(mRemoteAddress)

                .append(", network=")

                .append(", mNetwork=")

                .append(network)

                .append(mNetwork)

                .append(", encapType=")

                .append(", mEncapType=")

                .append(encapType)

                .append(mEncapType)

                .append(", encapLocalPortResourceId=")

                .append(", mEncapSocketResourceId=")

                .append(encapLocalPortResourceId)

                .append(mEncapSocketResourceId)

                .append(", encapRemotePort=")

                .append(", mEncapRemotePort=")

                .append(encapRemotePort)

                .append(mEncapRemotePort)

                .append(", nattKeepaliveInterval=")

                .append(", mNattKeepaliveInterval=")

                .append(nattKeepaliveInterval)

                .append(mNattKeepaliveInterval)

                .append(", flow[OUT]=")

                .append(", mFlow[OUT]=")

                .append(flow[IpSecTransform.DIRECTION_OUT])

                .append(mFlow[IpSecTransform.DIRECTION_OUT])

                .append(", flow[IN]=")

                .append(", mFlow[IN]=")

                .append(flow[IpSecTransform.DIRECTION_IN])

                .append(mFlow[IpSecTransform.DIRECTION_IN])

                .append("}");

                .append("}");





        return strBuilder.toString();

        return strBuilder.toString();
@@ -218,4 +271,22 @@ public final class IpSecConfig implements Parcelable { 
                    return new IpSecConfig[size];

                    return new IpSecConfig[size];

                }

                }

            };

            };



    @VisibleForTesting

    public static boolean equals(IpSecConfig lhs, IpSecConfig rhs) {

        if (lhs == null || rhs == null) return (lhs == rhs);

        return (lhs.mMode == rhs.mMode

                && lhs.mLocalAddress.equals(rhs.mLocalAddress)

                && lhs.mRemoteAddress.equals(rhs.mRemoteAddress)

                && ((lhs.mNetwork != null && lhs.mNetwork.equals(rhs.mNetwork))

                        || (lhs.mNetwork == rhs.mNetwork))

                && lhs.mEncapType == rhs.mEncapType

                && lhs.mEncapSocketResourceId == rhs.mEncapSocketResourceId

                && lhs.mEncapRemotePort == rhs.mEncapRemotePort

                && lhs.mNattKeepaliveInterval == rhs.mNattKeepaliveInterval

                && IpSecConfig.Flow.equals(lhs.mFlow[IpSecTransform.DIRECTION_OUT],

                        rhs.mFlow[IpSecTransform.DIRECTION_OUT])

                && IpSecConfig.Flow.equals(lhs.mFlow[IpSecTransform.DIRECTION_IN],

                        rhs.mFlow[IpSecTransform.DIRECTION_IN]));

    }

}
 
}

core/java/android/net/IpSecManager.java

+6 −2
Original line number Original line Diff line number Diff line
@@ -26,6 +26,8 @@ import android.os.RemoteException; 
import android.util.AndroidException;

import android.util.AndroidException;

import android.util.Log;

import android.util.Log;





import com.android.internal.annotations.VisibleForTesting;



import dalvik.system.CloseGuard;

import dalvik.system.CloseGuard;





import java.io.FileDescriptor;

import java.io.FileDescriptor;
@@ -188,7 +190,8 @@ public final class IpSecManager { 
        }

        }





        /** @hide */

        /** @hide */

        int getResourceId() {

        @VisibleForTesting

        public int getResourceId() {

            return mResourceId;

            return mResourceId;

        }

        }

    }

    }
@@ -489,7 +492,8 @@ public final class IpSecManager { 
        }

        }





        /** @hide */

        /** @hide */

        int getResourceId() {

        @VisibleForTesting

        public int getResourceId() {

            return mResourceId;

            return mResourceId;

        }

        }

    };

    };

core/java/android/net/IpSecTransform.java

+27 −76
Original line number Original line Diff line number Diff line
@@ -68,10 +68,10 @@ public final class IpSecTransform implements AutoCloseable { 
    public @interface TransformDirection {}

    public @interface TransformDirection {}





    /** @hide */

    /** @hide */

    public static final int MODE_TUNNEL = 0;

    public static final int MODE_TRANSPORT = 0;





    /** @hide */

    /** @hide */

    public static final int MODE_TRANSPORT = 1;

    public static final int MODE_TUNNEL = 1;





    /** @hide */

    /** @hide */

    public static final int ENCAP_NONE = 0;

    public static final int ENCAP_NONE = 0;
@@ -113,7 +113,11 @@ public final class IpSecTransform implements AutoCloseable { 
        return IIpSecService.Stub.asInterface(b);

        return IIpSecService.Stub.asInterface(b);

    }

    }





    private void checkResultStatusAndThrow(int status)

    /**

     * Checks the result status and throws an appropriate exception if

     * the status is not Status.OK.

     */

    private void checkResultStatus(int status)

            throws IOException, IpSecManager.ResourceUnavailableException,

            throws IOException, IpSecManager.ResourceUnavailableException,

                    IpSecManager.SpiUnavailableException {

                    IpSecManager.SpiUnavailableException {

        switch (status) {

        switch (status) {
@@ -141,7 +145,7 @@ public final class IpSecTransform implements AutoCloseable { 
                IpSecTransformResponse result =

                IpSecTransformResponse result =

                        svc.createTransportModeTransform(mConfig, new Binder());

                        svc.createTransportModeTransform(mConfig, new Binder());

                int status = result.status;

                int status = result.status;

                checkResultStatusAndThrow(status);

                checkResultStatus(status);

                mResourceId = result.resourceId;

                mResourceId = result.resourceId;





                /* Keepalive will silently fail if not needed by the config; but, if needed and

                /* Keepalive will silently fail if not needed by the config; but, if needed and
@@ -243,62 +247,21 @@ public final class IpSecTransform implements AutoCloseable { 




    /* Package */

    /* Package */

    void startKeepalive(Context c) {

    void startKeepalive(Context c) {

        // FIXME: NO_KEEPALIVE needs to be a constant

        if (mConfig.getNattKeepaliveInterval() != 0) {

        if (mConfig.getNattKeepaliveInterval() == 0) {

            Log.wtf(TAG, "Keepalive not yet supported.");

            return;

        }

        }



        ConnectivityManager cm =

                (ConnectivityManager) c.getSystemService(Context.CONNECTIVITY_SERVICE);



        if (mKeepalive != null) {

            Log.wtf(TAG, "Keepalive already started for this IpSecTransform.");

            return;

    }

    }





        synchronized (mKeepaliveSyncLock) {

    /** @hide */

            mKeepalive =

    @VisibleForTesting

                    cm.startNattKeepalive(

    public int getResourceId() {

                            mConfig.getNetwork(),

                            mConfig.getNattKeepaliveInterval(),

                            mKeepaliveCallback,

                            mConfig.getLocalAddress(),

                            0x1234, /* FIXME: get the real port number again,

                                    which we need to retrieve from the provided

                                    EncapsulationSocket, and which isn't currently

                                    stashed in IpSecConfig */

                            mConfig.getRemoteAddress());

            try {

                // FIXME: this is still a horrible way to fudge the synchronous callback

                mKeepaliveSyncLock.wait(2000);

            } catch (InterruptedException e) {

            }

        }

        if (mKeepaliveStatus != ConnectivityManager.PacketKeepalive.SUCCESS) {

            throw new UnsupportedOperationException("Packet Keepalive cannot be started");

        }

    }



    /* Package */

    int getResourceId() {

        return mResourceId;

        return mResourceId;

    }

    }





    /* Package */

    /* Package */

    void stopKeepalive() {

    void stopKeepalive() {

        if (mKeepalive == null) {

        return;

        return;

    }

    }

        mKeepalive.stop();

        synchronized (mKeepaliveSyncLock) {

            if (mKeepaliveStatus == ConnectivityManager.PacketKeepalive.SUCCESS) {

                try {

                    mKeepaliveSyncLock.wait(2000);

                } catch (InterruptedException e) {

                }

            }

        }

    }





    /**

    /**

     * Builder object to facilitate the creation of IpSecTransform objects.

     * Builder object to facilitate the creation of IpSecTransform objects.
@@ -323,7 +286,7 @@ public final class IpSecTransform implements AutoCloseable { 
         */

         */

        public IpSecTransform.Builder setEncryption(

        public IpSecTransform.Builder setEncryption(

                @TransformDirection int direction, IpSecAlgorithm algo) {

                @TransformDirection int direction, IpSecAlgorithm algo) {

            mConfig.flow[direction].encryption = algo;

            mConfig.setEncryption(direction, algo);

            return this;

            return this;

        }

        }
@@ -338,7 +301,7 @@ public final class IpSecTransform implements AutoCloseable { 
         */

         */

        public IpSecTransform.Builder setAuthentication(

        public IpSecTransform.Builder setAuthentication(

                @TransformDirection int direction, IpSecAlgorithm algo) {

                @TransformDirection int direction, IpSecAlgorithm algo) {

            mConfig.flow[direction].authentication = algo;

            mConfig.setAuthentication(direction, algo);

            return this;

            return this;

        }

        }
@@ -361,9 +324,7 @@ public final class IpSecTransform implements AutoCloseable { 
         */

         */

        public IpSecTransform.Builder setSpi(

        public IpSecTransform.Builder setSpi(

                @TransformDirection int direction, IpSecManager.SecurityParameterIndex spi) {

                @TransformDirection int direction, IpSecManager.SecurityParameterIndex spi) {

            // TODO: convert to using the resource Id of the SPI. Then build() can validate

            mConfig.setSpiResourceId(direction, spi.getResourceId());

            // the owner in the IpSecService

            mConfig.flow[direction].spiResourceId = spi.getResourceId();

            return this;

            return this;

        }

        }
@@ -378,7 +339,7 @@ public final class IpSecTransform implements AutoCloseable { 
         */

         */

        @SystemApi

        @SystemApi

        public IpSecTransform.Builder setUnderlyingNetwork(Network net) {

        public IpSecTransform.Builder setUnderlyingNetwork(Network net) {

            mConfig.network = net;

            mConfig.setNetwork(net);

            return this;

            return this;

        }

        }
@@ -395,10 +356,9 @@ public final class IpSecTransform implements AutoCloseable { 
         */

         */

        public IpSecTransform.Builder setIpv4Encapsulation(

        public IpSecTransform.Builder setIpv4Encapsulation(

                IpSecManager.UdpEncapsulationSocket localSocket, int remotePort) {

                IpSecManager.UdpEncapsulationSocket localSocket, int remotePort) {

            // TODO: check encap type is valid.

            mConfig.setEncapType(ENCAP_ESPINUDP);

            mConfig.encapType = ENCAP_ESPINUDP;

            mConfig.setEncapSocketResourceId(localSocket.getResourceId());

            mConfig.encapLocalPortResourceId = localSocket.getResourceId();

            mConfig.setEncapRemotePort(remotePort);

            mConfig.encapRemotePort = remotePort;

            return this;

            return this;

        }

        }
@@ -416,7 +376,7 @@ public final class IpSecTransform implements AutoCloseable { 
         */

         */

        @SystemApi

        @SystemApi

        public IpSecTransform.Builder setNattKeepalive(int intervalSeconds) {

        public IpSecTransform.Builder setNattKeepalive(int intervalSeconds) {

            mConfig.nattKeepaliveInterval = intervalSeconds;

            mConfig.setNattKeepaliveInterval(intervalSeconds);

            return this;

            return this;

        }

        }
@@ -451,8 +411,8 @@ public final class IpSecTransform implements AutoCloseable { 
                        IpSecManager.SpiUnavailableException, IOException {

                        IpSecManager.SpiUnavailableException, IOException {

            //FIXME: argument validation here

            //FIXME: argument validation here

            //throw new IllegalArgumentException("Natt Keepalive requires UDP Encapsulation");

            //throw new IllegalArgumentException("Natt Keepalive requires UDP Encapsulation");

            mConfig.mode = MODE_TRANSPORT;

            mConfig.setMode(MODE_TRANSPORT);

            mConfig.remoteAddress = remoteAddress;

            mConfig.setRemoteAddress(remoteAddress.getHostAddress());

            return new IpSecTransform(mContext, mConfig).activate();

            return new IpSecTransform(mContext, mConfig).activate();

        }

        }
@@ -473,9 +433,9 @@ public final class IpSecTransform implements AutoCloseable { 
                InetAddress localAddress, InetAddress remoteAddress) {

                InetAddress localAddress, InetAddress remoteAddress) {

            //FIXME: argument validation here

            //FIXME: argument validation here

            //throw new IllegalArgumentException("Natt Keepalive requires UDP Encapsulation");

            //throw new IllegalArgumentException("Natt Keepalive requires UDP Encapsulation");

            mConfig.localAddress = localAddress;

            mConfig.setLocalAddress(localAddress.getHostAddress());

            mConfig.remoteAddress = remoteAddress;

            mConfig.setRemoteAddress(remoteAddress.getHostAddress());

            mConfig.mode = MODE_TUNNEL;

            mConfig.setMode(MODE_TUNNEL);

            return new IpSecTransform(mContext, mConfig);

            return new IpSecTransform(mContext, mConfig);

        }

        }
@@ -489,14 +449,5 @@ public final class IpSecTransform implements AutoCloseable { 
            mContext = context;

            mContext = context;

            mConfig = new IpSecConfig();

            mConfig = new IpSecConfig();

        }

        }



        /**

         * Return an {@link IpSecConfig} object for testing purposes.

         * @hide

         */

        @VisibleForTesting

        public IpSecConfig getIpSecConfig() {

            return mConfig;

        }

    }

    }

}
 
}

services/core/java/com/android/server/IpSecService.java

+122 −29

File changed.

Preview size limit exceeded, changes collapsed.