Remove UdpEncapsulationSocket references in VPNs am: 8b555224ba am: 272225d659 (b1fdd9c9) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/connectivity/Vpn.java

+1 −22

Original line number	Diff line number	Diff line
		@@ -52,7 +52,6 @@ import android.net.Ikev2VpnProfile;
		import android.net.IpPrefix;
		import android.net.IpSecManager;
		import android.net.IpSecManager.IpSecTunnelInterface;
		import android.net.IpSecManager.UdpEncapsulationSocket;
		import android.net.IpSecTransform;
		import android.net.LinkAddress;
		import android.net.LinkProperties;
		@@ -2201,7 +2200,6 @@ public class Vpn {
		/** Signal to ensure shutdown is honored even if a new Network is connected. */
		private boolean mIsRunning = true;

		@Nullable private UdpEncapsulationSocket mEncapSocket;
		@Nullable private IpSecTunnelInterface mTunnelIface;
		@Nullable private IkeSession mSession;
		@Nullable private Network mActiveNetwork;
		@@ -2352,12 +2350,8 @@ public class Vpn {
		resetIkeState();
		mActiveNetwork = network;

		// TODO(b/149356682): Update this based on new IKE API
		mEncapSocket = mIpSecManager.openUdpEncapsulationSocket();

		// TODO(b/149356682): Update this based on new IKE API
		final IkeSessionParams ikeSessionParams =
		VpnIkev2Utils.buildIkeSessionParams(mProfile, mEncapSocket);
		VpnIkev2Utils.buildIkeSessionParams(mContext, mProfile, network);
		final ChildSessionParams childSessionParams =
		VpnIkev2Utils.buildChildSessionParams();

		@@ -2370,11 +2364,6 @@ public class Vpn {
		network);
		mNetd.setInterfaceUp(mTunnelIface.getInterfaceName());

		// Socket must be bound to prevent network switches from causing
		// the IKE teardown to fail/timeout.
		// TODO(b/149356682): Update this based on new IKE API
		network.bindSocket(mEncapSocket.getFileDescriptor());

		mSession = mIkev2SessionCreator.createIkeSession(
		mContext,
		ikeSessionParams,
		@@ -2459,16 +2448,6 @@ public class Vpn {
		mSession.kill(); // Kill here to make sure all resources are released immediately
		mSession = null;
		}

		// TODO(b/149356682): Update this based on new IKE API
		if (mEncapSocket != null) {
		try {
		mEncapSocket.close();
		} catch (IOException e) {
		Log.e(TAG, "Failed to close encap socket", e);
		}
		mEncapSocket = null;
		}
		}

		/**

services/core/java/com/android/server/connectivity/VpnIkev2Utils.java

+4 −4

Original line number	Diff line number	Diff line
		@@ -35,10 +35,10 @@ import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC
		import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1;

		import android.annotation.NonNull;
		import android.content.Context;
		import android.net.Ikev2VpnProfile;
		import android.net.InetAddresses;
		import android.net.IpPrefix;
		import android.net.IpSecManager.UdpEncapsulationSocket;
		import android.net.IpSecTransform;
		import android.net.Network;
		import android.net.RouteInfo;
		@@ -84,7 +84,7 @@ import java.util.List;
		*/
		public class VpnIkev2Utils {
		static IkeSessionParams buildIkeSessionParams(
		@NonNull Ikev2VpnProfile profile, @NonNull UdpEncapsulationSocket socket) {
		@NonNull Context context, @NonNull Ikev2VpnProfile profile, @NonNull Network network) {
		// TODO(b/149356682): Update this based on new IKE API. Only numeric addresses supported
		// until then. All others throw IAE (caught by caller).
		final InetAddress serverAddr = InetAddresses.parseNumericAddress(profile.getServerAddr());
		@@ -93,9 +93,9 @@ public class VpnIkev2Utils {

		// TODO(b/149356682): Update this based on new IKE API.
		final IkeSessionParams.Builder ikeOptionsBuilder =
		new IkeSessionParams.Builder()
		new IkeSessionParams.Builder(context)
		.setServerAddress(serverAddr)
		.setUdpEncapsulationSocket(socket)
		.setNetwork(network)
		.setLocalIdentification(localId)
		.setRemoteIdentification(remoteId);
		setIkeAuth(profile, ikeOptionsBuilder);