Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d3c7f0c2 authored by Yan Yan's avatar Yan Yan Committed by Android (Google) Code Review
Browse files

Merge changes from topic "ikeparams-api-change-rvc-dev" into rvc-dev 

* changes:
  Pass server address directly to IKE.
  Remove UdpEncapsulationSocket references in VPNs
parents cb3d162c a9159882

services/core/java/com/android/server/connectivity/Vpn.java

+4 −24
Original line number Diff line number Diff line
@@ -52,7 +52,6 @@ import android.net.Ikev2VpnProfile; 
import android.net.IpPrefix;

import android.net.IpSecManager;

import android.net.IpSecManager.IpSecTunnelInterface;

import android.net.IpSecManager.UdpEncapsulationSocket;

import android.net.IpSecTransform;

import android.net.LinkAddress;

import android.net.LinkProperties;
@@ -2201,7 +2200,6 @@ public class Vpn { 
        /** Signal to ensure shutdown is honored even if a new Network is connected. */

        private boolean mIsRunning = true;



        @Nullable private UdpEncapsulationSocket mEncapSocket;

        @Nullable private IpSecTunnelInterface mTunnelIface;

        @Nullable private IkeSession mSession;

        @Nullable private Network mActiveNetwork;
@@ -2352,29 +2350,21 @@ public class Vpn { 
                    resetIkeState();

                    mActiveNetwork = network;



                    // TODO(b/149356682): Update this based on new IKE API

                    mEncapSocket = mIpSecManager.openUdpEncapsulationSocket();



                    // TODO(b/149356682): Update this based on new IKE API

                    final IkeSessionParams ikeSessionParams =

                            VpnIkev2Utils.buildIkeSessionParams(mProfile, mEncapSocket);

                            VpnIkev2Utils.buildIkeSessionParams(mContext, mProfile, network);

                    final ChildSessionParams childSessionParams =

                            VpnIkev2Utils.buildChildSessionParams();



                    // TODO: Remove the need for adding two unused addresses with

                    // IPsec tunnels.

                    final InetAddress address = InetAddress.getLocalHost();

                    mTunnelIface =

                            mIpSecManager.createIpSecTunnelInterface(

                                    ikeSessionParams.getServerAddress() /* unused */,

                                    ikeSessionParams.getServerAddress() /* unused */,

                                    address /* unused */,

                                    address /* unused */,

                                    network);

                    mNetd.setInterfaceUp(mTunnelIface.getInterfaceName());



                    // Socket must be bound to prevent network switches from causing

                    // the IKE teardown to fail/timeout.

                    // TODO(b/149356682): Update this based on new IKE API

                    network.bindSocket(mEncapSocket.getFileDescriptor());



                    mSession = mIkev2SessionCreator.createIkeSession(

                            mContext,

                            ikeSessionParams,
@@ -2459,16 +2449,6 @@ public class Vpn { 
                mSession.kill(); // Kill here to make sure all resources are released immediately

                mSession = null;

            }



            // TODO(b/149356682): Update this based on new IKE API

            if (mEncapSocket != null) {

                try {

                    mEncapSocket.close();

                } catch (IOException e) {

                    Log.e(TAG, "Failed to close encap socket", e);

                }

                mEncapSocket = null;

            }

        }



        /**

services/core/java/com/android/server/connectivity/VpnIkev2Utils.java

+5 −9
Original line number Diff line number Diff line
@@ -35,10 +35,10 @@ import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC 
import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1;



import android.annotation.NonNull;

import android.content.Context;

import android.net.Ikev2VpnProfile;

import android.net.InetAddresses;

import android.net.IpPrefix;

import android.net.IpSecManager.UdpEncapsulationSocket;

import android.net.IpSecTransform;

import android.net.Network;

import android.net.RouteInfo;
@@ -84,18 +84,14 @@ import java.util.List; 
 */

public class VpnIkev2Utils {

    static IkeSessionParams buildIkeSessionParams(

            @NonNull Ikev2VpnProfile profile, @NonNull UdpEncapsulationSocket socket) {

        // TODO(b/149356682): Update this based on new IKE API. Only numeric addresses supported

        //                    until then. All others throw IAE (caught by caller).

        final InetAddress serverAddr = InetAddresses.parseNumericAddress(profile.getServerAddr());

            @NonNull Context context, @NonNull Ikev2VpnProfile profile, @NonNull Network network) {

        final IkeIdentification localId = parseIkeIdentification(profile.getUserIdentity());

        final IkeIdentification remoteId = parseIkeIdentification(profile.getServerAddr());



        // TODO(b/149356682): Update this based on new IKE API.

        final IkeSessionParams.Builder ikeOptionsBuilder =

                new IkeSessionParams.Builder()

                        .setServerAddress(serverAddr)

                        .setUdpEncapsulationSocket(socket)

                new IkeSessionParams.Builder(context)

                        .setServerHostname(profile.getServerAddr())

                        .setNetwork(network)

                        .setLocalIdentification(localId)

                        .setRemoteIdentification(remoteId);

        setIkeAuth(profile, ikeOptionsBuilder);