commit 8e853c11ac902a251574f5620db4fccfdb997b50
author Karsten Tausche <karsten@fairphone.com> Thu Aug 26 18:19:26 2021 +0200
committer Karsten Tausche <karsten@fairphone.com> Thu Aug 26 18:19:26 2021 +0200
tree 02655f29619ed06cf48fa53aaecf032fb3fed0da
parent 765503ee2a99b865dc7bba30219408238ae61a8b
parent bfef3bb78b23cb3f3f12a6880ecafd5def3b66a5

Merge tag 'android-security-10.0.0_r53' into int/10/fp2

Android security 10.0.0 release 53

* tag 'android-security-10.0.0_r53':

Change-Id: I3c19837f555ad55c9dcbb6119a4131e5e3eee9b6

net/test/xfrm_test.py

diff --git a/net/test/xfrm_test.py b/net/test/xfrm_test.py
index afcacde..64be084 100755
--- a/net/test/xfrm_test.py
+++ b/net/test/xfrm_test.py
@@ -846,12 +846,22 @@
                                             xfrm_base._ALGO_CBC_AES_256)
 
       # Add a default SA with no mark that routes to nowhere.
-      self.xfrm.AddSaInfo(local,
-                          remote,
-                          TEST_SPI, xfrm.XFRM_MODE_TUNNEL, 0,
-                          xfrm_base._ALGO_CBC_AES_256,
-                          xfrm_base._ALGO_HMAC_SHA1,
-                          None, None, None, 0, is_update=False)
+      try:
+          self.xfrm.AddSaInfo(local,
+                              remote,
+                              TEST_SPI, xfrm.XFRM_MODE_TUNNEL, 0,
+                              xfrm_base._ALGO_CBC_AES_256,
+                              xfrm_base._ALGO_HMAC_SHA1,
+                              None, None, mark, 0, is_update=False)
+      except IOError as e:
+          self.assertEquals(EEXIST, e.errno, "SA exists")
+          self.xfrm.AddSaInfo(local,
+                              remote,
+                              TEST_SPI, xfrm.XFRM_MODE_TUNNEL, 0,
+                              xfrm_base._ALGO_CBC_AES_256,
+                              xfrm_base._ALGO_HMAC_SHA1,
+                              None, None, mark, 0, is_update=True)
+
       self.assertRaisesErrno(
           ENETUNREACH,
           s.sendto, net_test.UDP_PAYLOAD, (remote, 53))
@@ -862,7 +872,7 @@
                           TEST_SPI, xfrm.XFRM_MODE_TUNNEL, 0,
                           xfrm_base._ALGO_CBC_AES_256,
                           xfrm_base._ALGO_HMAC_SHA1,
-                          None, None, None, netid, is_update=True)
+                          None, None, mark, netid, is_update=True)
 
       # Now the payload routes to the updated netid.
       s.sendto(net_test.UDP_PAYLOAD, (remote, 53))
@@ -876,7 +886,7 @@
                          TEST_SPI, xfrm.XFRM_MODE_TUNNEL, 0,
                          xfrm_base._ALGO_CBC_AES_256,
                          xfrm_base._ALGO_HMAC_SHA1,
-                         None, None, None, reroute_netid, is_update=True)
+                         None, None, mark, reroute_netid, is_update=True)
 
       s.sendto(net_test.UDP_PAYLOAD, (remote, 53))
       self._ExpectEspPacketOn(reroute_netid, TEST_SPI, 2, length, None, None)
@@ -887,7 +897,7 @@
       sainfo, attributes = dump[0]
       self.assertEquals(reroute_netid, attributes["XFRMA_OUTPUT_MARK"])
 
-      self.xfrm.DeleteSaInfo(remote, TEST_SPI, IPPROTO_ESP, None)
+      self.xfrm.DeleteSaInfo(remote, TEST_SPI, IPPROTO_ESP, mark)
       self.xfrm.DeletePolicyInfo(sel, xfrm.XFRM_POLICY_OUT, mark)
 
 if __name__ == "__main__":