Loading core/java/android/net/IpSecTransform.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -462,7 +462,7 @@ public final class IpSecTransform implements AutoCloseable { mConfig.setMode(MODE_TUNNEL); mConfig.setMode(MODE_TUNNEL); mConfig.setSourceAddress(sourceAddress.getHostAddress()); mConfig.setSourceAddress(sourceAddress.getHostAddress()); mConfig.setSpiResourceId(spi.getResourceId()); mConfig.setSpiResourceId(spi.getResourceId()); return new IpSecTransform(mContext, mConfig); return new IpSecTransform(mContext, mConfig).activate(); } } /** /** Loading services/core/java/com/android/server/IpSecService.java +34 −23 Original line number Original line Diff line number Diff line Loading @@ -87,6 +87,7 @@ public class IpSecService extends IIpSecService.Stub { private static final String NETD_SERVICE_NAME = "netd"; private static final String NETD_SERVICE_NAME = "netd"; private static final int[] DIRECTIONS = private static final int[] DIRECTIONS = new int[] {IpSecManager.DIRECTION_OUT, IpSecManager.DIRECTION_IN}; new int[] {IpSecManager.DIRECTION_OUT, IpSecManager.DIRECTION_IN}; private static final String[] WILDCARD_ADDRESSES = new String[]{"0.0.0.0", "::"}; private static final int NETD_FETCH_TIMEOUT_MS = 5000; // ms private static final int NETD_FETCH_TIMEOUT_MS = 5000; // ms private static final int MAX_PORT_BIND_ATTEMPTS = 10; private static final int MAX_PORT_BIND_ATTEMPTS = 10; Loading Loading @@ -413,12 +414,16 @@ public class IpSecService extends IIpSecService.Stub { .append(mTransformQuotaTracker) .append(mTransformQuotaTracker) .append(", mSocketQuotaTracker=") .append(", mSocketQuotaTracker=") .append(mSocketQuotaTracker) .append(mSocketQuotaTracker) .append(", mTunnelQuotaTracker=") .append(mTunnelQuotaTracker) .append(", mSpiRecords=") .append(", mSpiRecords=") .append(mSpiRecords) .append(mSpiRecords) .append(", mTransformRecords=") .append(", mTransformRecords=") .append(mTransformRecords) .append(mTransformRecords) .append(", mEncapSocketRecords=") .append(", mEncapSocketRecords=") .append(mEncapSocketRecords) .append(mEncapSocketRecords) .append(", mTunnelInterfaceRecords=") .append(mTunnelInterfaceRecords) .append("}") .append("}") .toString(); .toString(); } } Loading Loading @@ -815,12 +820,14 @@ public class IpSecService extends IIpSecService.Stub { try { try { mSrvConfig.getNetdInstance().removeVirtualTunnelInterface(mInterfaceName); mSrvConfig.getNetdInstance().removeVirtualTunnelInterface(mInterfaceName); for(String wildcardAddr : WILDCARD_ADDRESSES) { for (int direction : DIRECTIONS) { for (int direction : DIRECTIONS) { int mark = (direction == IpSecManager.DIRECTION_IN) ? mIkey : mOkey; int mark = (direction == IpSecManager.DIRECTION_IN) ? mIkey : mOkey; mSrvConfig mSrvConfig .getNetdInstance() .getNetdInstance() .ipSecDeleteSecurityPolicy( .ipSecDeleteSecurityPolicy( 0, direction, mLocalAddress, mRemoteAddress, mark, 0xffffffff); 0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff); } } } } catch (ServiceSpecificException e) { } catch (ServiceSpecificException e) { // FIXME: get the error code and throw is at an IOException from Errno Exception // FIXME: get the error code and throw is at an IOException from Errno Exception Loading Loading @@ -1261,6 +1268,7 @@ public class IpSecService extends IIpSecService.Stub { .getNetdInstance() .getNetdInstance() .addVirtualTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey); .addVirtualTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey); for(String wildcardAddr : WILDCARD_ADDRESSES) { for (int direction : DIRECTIONS) { for (int direction : DIRECTIONS) { int mark = (direction == IpSecManager.DIRECTION_OUT) ? okey : ikey; int mark = (direction == IpSecManager.DIRECTION_OUT) ? okey : ikey; Loading @@ -1269,12 +1277,13 @@ public class IpSecService extends IIpSecService.Stub { .ipSecAddSecurityPolicy( .ipSecAddSecurityPolicy( 0, // Use 0 for reqId 0, // Use 0 for reqId direction, direction, "", wildcardAddr, "", wildcardAddr, 0, 0, mark, mark, 0xffffffff); 0xffffffff); } } } userRecord.mTunnelInterfaceRecords.put( userRecord.mTunnelInterfaceRecords.put( resourceId, resourceId, Loading Loading @@ -1646,17 +1655,19 @@ public class IpSecService extends IIpSecService.Stub { c.setNetwork(tunnelInterfaceInfo.getUnderlyingNetwork()); c.setNetwork(tunnelInterfaceInfo.getUnderlyingNetwork()); // If outbound, also add SPI to the policy. // If outbound, also add SPI to the policy. for(String wildcardAddr : WILDCARD_ADDRESSES) { mSrvConfig mSrvConfig .getNetdInstance() .getNetdInstance() .ipSecUpdateSecurityPolicy( .ipSecUpdateSecurityPolicy( 0, // Use 0 for reqId 0, // Use 0 for reqId direction, direction, "", wildcardAddr, "", wildcardAddr, transformInfo.getSpiRecord().getSpi(), transformInfo.getSpiRecord().getSpi(), mark, mark, 0xffffffff); 0xffffffff); } } } // Update SA with tunnel mark (ikey or okey based on direction) // Update SA with tunnel mark (ikey or okey based on direction) createOrUpdateTransform(c, transformResourceId, spiRecord, socketRecord); createOrUpdateTransform(c, transformResourceId, spiRecord, socketRecord); Loading Loading
core/java/android/net/IpSecTransform.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -462,7 +462,7 @@ public final class IpSecTransform implements AutoCloseable { mConfig.setMode(MODE_TUNNEL); mConfig.setMode(MODE_TUNNEL); mConfig.setSourceAddress(sourceAddress.getHostAddress()); mConfig.setSourceAddress(sourceAddress.getHostAddress()); mConfig.setSpiResourceId(spi.getResourceId()); mConfig.setSpiResourceId(spi.getResourceId()); return new IpSecTransform(mContext, mConfig); return new IpSecTransform(mContext, mConfig).activate(); } } /** /** Loading
services/core/java/com/android/server/IpSecService.java +34 −23 Original line number Original line Diff line number Diff line Loading @@ -87,6 +87,7 @@ public class IpSecService extends IIpSecService.Stub { private static final String NETD_SERVICE_NAME = "netd"; private static final String NETD_SERVICE_NAME = "netd"; private static final int[] DIRECTIONS = private static final int[] DIRECTIONS = new int[] {IpSecManager.DIRECTION_OUT, IpSecManager.DIRECTION_IN}; new int[] {IpSecManager.DIRECTION_OUT, IpSecManager.DIRECTION_IN}; private static final String[] WILDCARD_ADDRESSES = new String[]{"0.0.0.0", "::"}; private static final int NETD_FETCH_TIMEOUT_MS = 5000; // ms private static final int NETD_FETCH_TIMEOUT_MS = 5000; // ms private static final int MAX_PORT_BIND_ATTEMPTS = 10; private static final int MAX_PORT_BIND_ATTEMPTS = 10; Loading Loading @@ -413,12 +414,16 @@ public class IpSecService extends IIpSecService.Stub { .append(mTransformQuotaTracker) .append(mTransformQuotaTracker) .append(", mSocketQuotaTracker=") .append(", mSocketQuotaTracker=") .append(mSocketQuotaTracker) .append(mSocketQuotaTracker) .append(", mTunnelQuotaTracker=") .append(mTunnelQuotaTracker) .append(", mSpiRecords=") .append(", mSpiRecords=") .append(mSpiRecords) .append(mSpiRecords) .append(", mTransformRecords=") .append(", mTransformRecords=") .append(mTransformRecords) .append(mTransformRecords) .append(", mEncapSocketRecords=") .append(", mEncapSocketRecords=") .append(mEncapSocketRecords) .append(mEncapSocketRecords) .append(", mTunnelInterfaceRecords=") .append(mTunnelInterfaceRecords) .append("}") .append("}") .toString(); .toString(); } } Loading Loading @@ -815,12 +820,14 @@ public class IpSecService extends IIpSecService.Stub { try { try { mSrvConfig.getNetdInstance().removeVirtualTunnelInterface(mInterfaceName); mSrvConfig.getNetdInstance().removeVirtualTunnelInterface(mInterfaceName); for(String wildcardAddr : WILDCARD_ADDRESSES) { for (int direction : DIRECTIONS) { for (int direction : DIRECTIONS) { int mark = (direction == IpSecManager.DIRECTION_IN) ? mIkey : mOkey; int mark = (direction == IpSecManager.DIRECTION_IN) ? mIkey : mOkey; mSrvConfig mSrvConfig .getNetdInstance() .getNetdInstance() .ipSecDeleteSecurityPolicy( .ipSecDeleteSecurityPolicy( 0, direction, mLocalAddress, mRemoteAddress, mark, 0xffffffff); 0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff); } } } } catch (ServiceSpecificException e) { } catch (ServiceSpecificException e) { // FIXME: get the error code and throw is at an IOException from Errno Exception // FIXME: get the error code and throw is at an IOException from Errno Exception Loading Loading @@ -1261,6 +1268,7 @@ public class IpSecService extends IIpSecService.Stub { .getNetdInstance() .getNetdInstance() .addVirtualTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey); .addVirtualTunnelInterface(intfName, localAddr, remoteAddr, ikey, okey); for(String wildcardAddr : WILDCARD_ADDRESSES) { for (int direction : DIRECTIONS) { for (int direction : DIRECTIONS) { int mark = (direction == IpSecManager.DIRECTION_OUT) ? okey : ikey; int mark = (direction == IpSecManager.DIRECTION_OUT) ? okey : ikey; Loading @@ -1269,12 +1277,13 @@ public class IpSecService extends IIpSecService.Stub { .ipSecAddSecurityPolicy( .ipSecAddSecurityPolicy( 0, // Use 0 for reqId 0, // Use 0 for reqId direction, direction, "", wildcardAddr, "", wildcardAddr, 0, 0, mark, mark, 0xffffffff); 0xffffffff); } } } userRecord.mTunnelInterfaceRecords.put( userRecord.mTunnelInterfaceRecords.put( resourceId, resourceId, Loading Loading @@ -1646,17 +1655,19 @@ public class IpSecService extends IIpSecService.Stub { c.setNetwork(tunnelInterfaceInfo.getUnderlyingNetwork()); c.setNetwork(tunnelInterfaceInfo.getUnderlyingNetwork()); // If outbound, also add SPI to the policy. // If outbound, also add SPI to the policy. for(String wildcardAddr : WILDCARD_ADDRESSES) { mSrvConfig mSrvConfig .getNetdInstance() .getNetdInstance() .ipSecUpdateSecurityPolicy( .ipSecUpdateSecurityPolicy( 0, // Use 0 for reqId 0, // Use 0 for reqId direction, direction, "", wildcardAddr, "", wildcardAddr, transformInfo.getSpiRecord().getSpi(), transformInfo.getSpiRecord().getSpi(), mark, mark, 0xffffffff); 0xffffffff); } } } // Update SA with tunnel mark (ikey or okey based on direction) // Update SA with tunnel mark (ikey or okey based on direction) createOrUpdateTransform(c, transformResourceId, spiRecord, socketRecord); createOrUpdateTransform(c, transformResourceId, spiRecord, socketRecord); Loading
