Implement Ikev2VpnRunner (b07baa2f) · Commits · e / os / android_frameworks_base

core/java/android/net/IpSecManager.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -51,7 +51,7 @@ import java.net.Socket;
		*
		* <p>Note that not all aspects of IPsec are permitted by this API. Applications may create
		* transport mode security associations and apply them to individual sockets. Applications looking
		* to create a VPN should use {@link VpnService}.
		* to create an IPsec VPN should use {@link VpnManager} and {@link Ikev2VpnProfile}.
		*
		* @see <a href="https://tools.ietf.org/html/rfc4301">RFC 4301, Security Architecture for the
		* Internet Protocol</a>

+9 −9

Original line number	Diff line number	Diff line
		@@ -1557,16 +1557,16 @@ public class IpSecService extends IIpSecService.Stub {
		}

		checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels");
		switch (getAppOpsManager().noteOp(TUNNEL_OP, Binder.getCallingUid(), callingPackage)) {
		case AppOpsManager.MODE_DEFAULT:
		mContext.enforceCallingOrSelfPermission(
		android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
		break;
		case AppOpsManager.MODE_ALLOWED:

		// OP_MANAGE_IPSEC_TUNNELS will return MODE_ERRORED by default, including for the system
		// server. If the appop is not granted, require that the caller has the MANAGE_IPSEC_TUNNELS
		// permission or is the System Server.
		if (AppOpsManager.MODE_ALLOWED == getAppOpsManager().noteOpNoThrow(
		TUNNEL_OP, Binder.getCallingUid(), callingPackage)) {
		return;
		default:
		throw new SecurityException("Request to ignore AppOps for non-legacy API");
		}
		mContext.enforceCallingOrSelfPermission(
		android.Manifest.permission.MANAGE_IPSEC_TUNNELS, "IpSecService");
		}

		private void createOrUpdateTransform(