Merge "Use TransformRecord to get SPI instead of SpiRecord" am: 3a28eabc52 am:... (b568780e) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/IpSecService.java

+2 −2

Original line number	Diff line number	Diff line
		@@ -1776,7 +1776,7 @@ public class IpSecService extends IIpSecService.Stub {
		socketRecord =
		userRecord.mEncapSocketRecords.getResourceOrThrow(c.getEncapSocketResourceId());
		}
		SpiRecord spiRecord = userRecord.mSpiRecords.getResourceOrThrow(c.getSpiResourceId());
		SpiRecord spiRecord = transformInfo.getSpiRecord();

		int mark =
		(direction == IpSecManager.DIRECTION_OUT)
		@@ -1809,7 +1809,7 @@ public class IpSecService extends IIpSecService.Stub {

		// Set outbound SPI only. We want inbound to use any valid SA (old, new) on rekeys,
		// but want to guarantee outbound packets are sent over the new SA.
		spi = transformInfo.getSpiRecord().getSpi();
		spi = spiRecord.getSpi();
		}

		// Always update the policy with the relevant XFRM_IF_ID

tests/net/java/com/android/server/IpSecServiceParameterizedTest.java

+68 −0

Original line number	Diff line number	Diff line
		@@ -571,6 +571,35 @@ public class IpSecServiceParameterizedTest {
		eq(TEST_SPI));
		}

		@Test
		public void testApplyTransportModeTransformWithClosedSpi() throws Exception {
		IpSecConfig ipSecConfig = new IpSecConfig();
		addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
		addAuthAndCryptToIpSecConfig(ipSecConfig);

		IpSecTransformResponse createTransformResp =
		mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");

		// Close SPI record
		mIpSecService.releaseSecurityParameterIndex(ipSecConfig.getSpiResourceId());

		Socket socket = new Socket();
		socket.bind(null);
		ParcelFileDescriptor pfd = ParcelFileDescriptor.fromSocket(socket);

		int resourceId = createTransformResp.resourceId;
		mIpSecService.applyTransportModeTransform(pfd, IpSecManager.DIRECTION_OUT, resourceId);

		verify(mMockNetd)
		.ipSecApplyTransportModeTransform(
		eq(pfd),
		eq(mUid),
		eq(IpSecManager.DIRECTION_OUT),
		anyString(),
		anyString(),
		eq(TEST_SPI));
		}

		@Test
		public void testRemoveTransportModeTransform() throws Exception {
		Socket socket = new Socket();
		@@ -693,6 +722,45 @@ public class IpSecServiceParameterizedTest {
		verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp);
		}


		@Test
		public void testApplyTunnelModeTransformWithClosedSpi() throws Exception {
		IpSecConfig ipSecConfig = new IpSecConfig();
		ipSecConfig.setMode(IpSecTransform.MODE_TUNNEL);
		addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
		addAuthAndCryptToIpSecConfig(ipSecConfig);

		IpSecTransformResponse createTransformResp =
		mIpSecService.createTransform(ipSecConfig, new Binder(), "blessedPackage");
		IpSecTunnelInterfaceResponse createTunnelResp =
		createAndValidateTunnel(mSourceAddr, mDestinationAddr, "blessedPackage");

		// Close SPI record
		mIpSecService.releaseSecurityParameterIndex(ipSecConfig.getSpiResourceId());

		int transformResourceId = createTransformResp.resourceId;
		int tunnelResourceId = createTunnelResp.resourceId;
		mIpSecService.applyTunnelModeTransform(tunnelResourceId, IpSecManager.DIRECTION_OUT,
		transformResourceId, "blessedPackage");

		for (int selAddrFamily : ADDRESS_FAMILIES) {
		verify(mMockNetd)
		.ipSecUpdateSecurityPolicy(
		eq(mUid),
		eq(selAddrFamily),
		eq(IpSecManager.DIRECTION_OUT),
		anyString(),
		anyString(),
		eq(TEST_SPI),
		anyInt(), // iKey/oKey
		anyInt(), // mask
		eq(tunnelResourceId));
		}

		ipSecConfig.setXfrmInterfaceId(tunnelResourceId);
		verifyTransformNetdCalledForCreatingSA(ipSecConfig, createTransformResp);
		}

		@Test
		public void testAddRemoveAddressFromTunnelInterface() throws Exception {
		for (String pkgName : new String[]{"blessedPackage", "systemPackage"}) {