Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | package android.net; |
| 17 | |
| 18 | import static com.android.internal.util.Preconditions.checkNotNull; |
| 19 | |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 20 | import android.annotation.IntDef; |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 21 | import android.annotation.NonNull; |
Nathan Harold | 5a920ca | 2018-02-02 18:34:25 -0800 | [diff] [blame] | 22 | import android.annotation.RequiresPermission; |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 23 | import android.annotation.SystemApi; |
Jeff Sharkey | d86b8fe | 2017-06-02 17:36:26 -0600 | [diff] [blame] | 24 | import android.annotation.SystemService; |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 25 | import android.annotation.TestApi; |
Jeff Sharkey | d86b8fe | 2017-06-02 17:36:26 -0600 | [diff] [blame] | 26 | import android.content.Context; |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 27 | import android.os.Binder; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 28 | import android.os.ParcelFileDescriptor; |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 29 | import android.os.RemoteException; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 30 | import android.util.AndroidException; |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 31 | import android.util.Log; |
Nathan Harold | b728217 | 2017-09-11 19:50:19 -0700 | [diff] [blame] | 32 | |
Nathan Harold | a10003d | 2017-08-23 13:46:33 -0700 | [diff] [blame] | 33 | import com.android.internal.annotations.VisibleForTesting; |
| 34 | |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 35 | import dalvik.system.CloseGuard; |
Nathan Harold | b728217 | 2017-09-11 19:50:19 -0700 | [diff] [blame] | 36 | |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 37 | import java.io.FileDescriptor; |
| 38 | import java.io.IOException; |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 39 | import java.lang.annotation.Retention; |
| 40 | import java.lang.annotation.RetentionPolicy; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 41 | import java.net.DatagramSocket; |
| 42 | import java.net.InetAddress; |
| 43 | import java.net.Socket; |
| 44 | |
| 45 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 46 | * This class contains methods for managing IPsec sessions. Once configured, the kernel will apply |
| 47 | * confidentiality (encryption) and integrity (authentication) to IP traffic. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 48 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 49 | * <p>Note that not all aspects of IPsec are permitted by this API. Applications may create |
| 50 | * transport mode security associations and apply them to individual sockets. Applications looking |
| 51 | * to create a VPN should use {@link VpnService}. |
| 52 | * |
| 53 | * @see <a href="https://tools.ietf.org/html/rfc4301">RFC 4301, Security Architecture for the |
Jonathan Basseri | 5fb9290 | 2017-11-16 10:58:01 -0800 | [diff] [blame] | 54 | * Internet Protocol</a> |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 55 | */ |
Jeff Sharkey | d86b8fe | 2017-06-02 17:36:26 -0600 | [diff] [blame] | 56 | @SystemService(Context.IPSEC_SERVICE) |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 57 | public final class IpSecManager { |
| 58 | private static final String TAG = "IpSecManager"; |
| 59 | |
| 60 | /** |
Nathan Harold | 7b7bea0 | 2018-03-06 13:22:22 -0800 | [diff] [blame] | 61 | * Used when applying a transform to direct traffic through an {@link IpSecTransform} |
| 62 | * towards the host. |
| 63 | * |
| 64 | * <p>See {@link #applyTransportModeTransform(Socket, int, IpSecTransform)}. |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 65 | */ |
| 66 | public static final int DIRECTION_IN = 0; |
| 67 | |
| 68 | /** |
Nathan Harold | 7b7bea0 | 2018-03-06 13:22:22 -0800 | [diff] [blame] | 69 | * Used when applying a transform to direct traffic through an {@link IpSecTransform} |
| 70 | * away from the host. |
| 71 | * |
| 72 | * <p>See {@link #applyTransportModeTransform(Socket, int, IpSecTransform)}. |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 73 | */ |
| 74 | public static final int DIRECTION_OUT = 1; |
| 75 | |
| 76 | /** @hide */ |
| 77 | @IntDef(value = {DIRECTION_IN, DIRECTION_OUT}) |
| 78 | @Retention(RetentionPolicy.SOURCE) |
| 79 | public @interface PolicyDirection {} |
| 80 | |
| 81 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 82 | * The Security Parameter Index (SPI) 0 indicates an unknown or invalid index. |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 83 | * |
| 84 | * <p>No IPsec packet may contain an SPI of 0. |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 85 | * |
| 86 | * @hide |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 87 | */ |
Jonathan Basseri | 5fb9290 | 2017-11-16 10:58:01 -0800 | [diff] [blame] | 88 | @TestApi public static final int INVALID_SECURITY_PARAMETER_INDEX = 0; |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 89 | |
| 90 | /** @hide */ |
| 91 | public interface Status { |
| 92 | public static final int OK = 0; |
| 93 | public static final int RESOURCE_UNAVAILABLE = 1; |
| 94 | public static final int SPI_UNAVAILABLE = 2; |
| 95 | } |
| 96 | |
| 97 | /** @hide */ |
Nathan Harold | 6119d8d | 2017-12-13 18:51:35 -0800 | [diff] [blame] | 98 | public static final int INVALID_RESOURCE_ID = -1; |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 99 | |
| 100 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 101 | * Thrown to indicate that a requested SPI is in use. |
| 102 | * |
| 103 | * <p>The combination of remote {@code InetAddress} and SPI must be unique across all apps on |
| 104 | * one device. If this error is encountered, a new SPI is required before a transform may be |
| 105 | * created. This error can be avoided by calling {@link |
Jonathan Basseri | 5fb9290 | 2017-11-16 10:58:01 -0800 | [diff] [blame] | 106 | * IpSecManager#allocateSecurityParameterIndex}. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 107 | */ |
| 108 | public static final class SpiUnavailableException extends AndroidException { |
| 109 | private final int mSpi; |
| 110 | |
| 111 | /** |
| 112 | * Construct an exception indicating that a transform with the given SPI is already in use |
| 113 | * or otherwise unavailable. |
| 114 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 115 | * @param msg description indicating the colliding SPI |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 116 | * @param spi the SPI that could not be used due to a collision |
| 117 | */ |
| 118 | SpiUnavailableException(String msg, int spi) { |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 119 | super(msg + " (spi: " + spi + ")"); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 120 | mSpi = spi; |
| 121 | } |
| 122 | |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 123 | /** Get the SPI that caused a collision. */ |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 124 | public int getSpi() { |
| 125 | return mSpi; |
| 126 | } |
| 127 | } |
| 128 | |
| 129 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 130 | * Thrown to indicate that an IPsec resource is unavailable. |
| 131 | * |
| 132 | * <p>This could apply to resources such as sockets, {@link SecurityParameterIndex}, {@link |
| 133 | * IpSecTransform}, or other system resources. If this exception is thrown, users should release |
| 134 | * allocated objects of the type requested. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 135 | */ |
| 136 | public static final class ResourceUnavailableException extends AndroidException { |
| 137 | |
| 138 | ResourceUnavailableException(String msg) { |
| 139 | super(msg); |
| 140 | } |
| 141 | } |
| 142 | |
Nathan Harold | 592dadb | 2018-03-15 18:06:06 -0700 | [diff] [blame] | 143 | private final Context mContext; |
Nathan Harold | 1afbef4 | 2017-03-01 18:55:06 -0800 | [diff] [blame] | 144 | private final IIpSecService mService; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 145 | |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 146 | /** |
| 147 | * This class represents a reserved SPI. |
| 148 | * |
| 149 | * <p>Objects of this type are used to track reserved security parameter indices. They can be |
Jonathan Basseri | 5fb9290 | 2017-11-16 10:58:01 -0800 | [diff] [blame] | 150 | * obtained by calling {@link IpSecManager#allocateSecurityParameterIndex} and must be released |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 151 | * by calling {@link #close()} when they are no longer needed. |
| 152 | */ |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 153 | public static final class SecurityParameterIndex implements AutoCloseable { |
Nathan Harold | 1afbef4 | 2017-03-01 18:55:06 -0800 | [diff] [blame] | 154 | private final IIpSecService mService; |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 155 | private final InetAddress mDestinationAddress; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 156 | private final CloseGuard mCloseGuard = CloseGuard.get(); |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 157 | private int mSpi = INVALID_SECURITY_PARAMETER_INDEX; |
Nathan Harold | 6119d8d | 2017-12-13 18:51:35 -0800 | [diff] [blame] | 158 | private int mResourceId = INVALID_RESOURCE_ID; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 159 | |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 160 | /** Get the underlying SPI held by this object. */ |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 161 | public int getSpi() { |
| 162 | return mSpi; |
| 163 | } |
| 164 | |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 165 | /** |
| 166 | * Release an SPI that was previously reserved. |
| 167 | * |
Nathan Harold | c4f8799 | 2017-03-29 10:47:59 -0700 | [diff] [blame] | 168 | * <p>Release an SPI for use by other users in the system. If a SecurityParameterIndex is |
| 169 | * applied to an IpSecTransform, it will become unusable for future transforms but should |
| 170 | * still be closed to ensure system resources are released. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 171 | */ |
| 172 | @Override |
| 173 | public void close() { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 174 | try { |
| 175 | mService.releaseSecurityParameterIndex(mResourceId); |
Nathan Harold | 6119d8d | 2017-12-13 18:51:35 -0800 | [diff] [blame] | 176 | mResourceId = INVALID_RESOURCE_ID; |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 177 | } catch (RemoteException e) { |
| 178 | throw e.rethrowFromSystemServer(); |
| 179 | } |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 180 | mCloseGuard.close(); |
| 181 | } |
| 182 | |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 183 | /** Check that the SPI was closed properly. */ |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 184 | @Override |
Nathan Harold | 440824f | 2017-11-07 17:17:45 -0800 | [diff] [blame] | 185 | protected void finalize() throws Throwable { |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 186 | if (mCloseGuard != null) { |
| 187 | mCloseGuard.warnIfOpen(); |
| 188 | } |
| 189 | |
| 190 | close(); |
| 191 | } |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 192 | |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 193 | private SecurityParameterIndex( |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 194 | @NonNull IIpSecService service, InetAddress destinationAddress, int spi) |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 195 | throws ResourceUnavailableException, SpiUnavailableException { |
| 196 | mService = service; |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 197 | mDestinationAddress = destinationAddress; |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 198 | try { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 199 | IpSecSpiResponse result = |
Jonathan Basseri | 5fb9290 | 2017-11-16 10:58:01 -0800 | [diff] [blame] | 200 | mService.allocateSecurityParameterIndex( |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 201 | destinationAddress.getHostAddress(), spi, new Binder()); |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 202 | |
| 203 | if (result == null) { |
| 204 | throw new NullPointerException("Received null response from IpSecService"); |
| 205 | } |
| 206 | |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 207 | int status = result.status; |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 208 | switch (status) { |
| 209 | case Status.OK: |
| 210 | break; |
| 211 | case Status.RESOURCE_UNAVAILABLE: |
| 212 | throw new ResourceUnavailableException( |
| 213 | "No more SPIs may be allocated by this requester."); |
| 214 | case Status.SPI_UNAVAILABLE: |
| 215 | throw new SpiUnavailableException("Requested SPI is unavailable", spi); |
| 216 | default: |
| 217 | throw new RuntimeException( |
| 218 | "Unknown status returned by IpSecService: " + status); |
| 219 | } |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 220 | mSpi = result.spi; |
| 221 | mResourceId = result.resourceId; |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 222 | |
| 223 | if (mSpi == INVALID_SECURITY_PARAMETER_INDEX) { |
| 224 | throw new RuntimeException("Invalid SPI returned by IpSecService: " + status); |
| 225 | } |
| 226 | |
| 227 | if (mResourceId == INVALID_RESOURCE_ID) { |
| 228 | throw new RuntimeException( |
| 229 | "Invalid Resource ID returned by IpSecService: " + status); |
| 230 | } |
| 231 | |
| 232 | } catch (RemoteException e) { |
| 233 | throw e.rethrowFromSystemServer(); |
| 234 | } |
| 235 | mCloseGuard.open("open"); |
| 236 | } |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 237 | |
| 238 | /** @hide */ |
Nathan Harold | a10003d | 2017-08-23 13:46:33 -0700 | [diff] [blame] | 239 | @VisibleForTesting |
| 240 | public int getResourceId() { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 241 | return mResourceId; |
| 242 | } |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 243 | } |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 244 | |
| 245 | /** |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 246 | * Reserve a random SPI for traffic bound to or from the specified destination address. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 247 | * |
| 248 | * <p>If successful, this SPI is guaranteed available until released by a call to {@link |
| 249 | * SecurityParameterIndex#close()}. |
| 250 | * |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 251 | * @param destinationAddress the destination address for traffic bearing the requested SPI. |
| 252 | * For inbound traffic, the destination should be an address currently assigned on-device. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 253 | * @return the reserved SecurityParameterIndex |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 254 | * @throws {@link #ResourceUnavailableException} indicating that too many SPIs are |
| 255 | * currently allocated for this user |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 256 | */ |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 257 | @NonNull |
| 258 | public SecurityParameterIndex allocateSecurityParameterIndex( |
| 259 | @NonNull InetAddress destinationAddress) throws ResourceUnavailableException { |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 260 | try { |
| 261 | return new SecurityParameterIndex( |
| 262 | mService, |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 263 | destinationAddress, |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 264 | IpSecManager.INVALID_SECURITY_PARAMETER_INDEX); |
| 265 | } catch (SpiUnavailableException unlikely) { |
| 266 | throw new ResourceUnavailableException("No SPIs available"); |
| 267 | } |
| 268 | } |
| 269 | |
| 270 | /** |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 271 | * Reserve the requested SPI for traffic bound to or from the specified destination address. |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 272 | * |
| 273 | * <p>If successful, this SPI is guaranteed available until released by a call to {@link |
| 274 | * SecurityParameterIndex#close()}. |
| 275 | * |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 276 | * @param destinationAddress the destination address for traffic bearing the requested SPI. |
| 277 | * For inbound traffic, the destination should be an address currently assigned on-device. |
Nathan Harold | 0f8c8bb0 | 2018-03-28 08:52:51 -0700 | [diff] [blame] | 278 | * @param requestedSpi the requested SPI, or '0' to allocate a random SPI. The range 1-255 is |
| 279 | * reserved and may not be used. See RFC 4303 Section 2.1. |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 280 | * @return the reserved SecurityParameterIndex |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 281 | * @throws {@link #ResourceUnavailableException} indicating that too many SPIs are |
| 282 | * currently allocated for this user |
| 283 | * @throws {@link #SpiUnavailableException} indicating that the requested SPI could not be |
| 284 | * reserved |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 285 | */ |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 286 | @NonNull |
Jonathan Basseri | 5fb9290 | 2017-11-16 10:58:01 -0800 | [diff] [blame] | 287 | public SecurityParameterIndex allocateSecurityParameterIndex( |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 288 | @NonNull InetAddress destinationAddress, int requestedSpi) |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 289 | throws SpiUnavailableException, ResourceUnavailableException { |
Nathan Harold | 6045429 | 2017-04-06 18:16:28 -0700 | [diff] [blame] | 290 | if (requestedSpi == IpSecManager.INVALID_SECURITY_PARAMETER_INDEX) { |
| 291 | throw new IllegalArgumentException("Requested SPI must be a valid (non-zero) SPI"); |
| 292 | } |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 293 | return new SecurityParameterIndex(mService, destinationAddress, requestedSpi); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 294 | } |
| 295 | |
| 296 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 297 | * Apply an IPsec transform to a stream socket. |
| 298 | * |
| 299 | * <p>This applies transport mode encapsulation to the given socket. Once applied, I/O on the |
| 300 | * socket will be encapsulated according to the parameters of the {@code IpSecTransform}. When |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 301 | * the transform is removed from the socket by calling {@link #removeTransportModeTransforms}, |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 302 | * unprotected traffic can resume on that socket. |
| 303 | * |
| 304 | * <p>For security reasons, the destination address of any traffic on the socket must match the |
Jonathan Basseri | 5fb9290 | 2017-11-16 10:58:01 -0800 | [diff] [blame] | 305 | * remote {@code InetAddress} of the {@code IpSecTransform}. Attempts to send traffic to any |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 306 | * other IP address will result in an IOException. In addition, reads and writes on the socket |
| 307 | * will throw IOException if the user deactivates the transform (by calling {@link |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 308 | * IpSecTransform#close()}) without calling {@link #removeTransportModeTransforms}. |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 309 | * |
Benedict Wong | 420fe00 | 2018-03-14 19:01:14 -0700 | [diff] [blame] | 310 | * <p>Note that when applied to TCP sockets, calling {@link IpSecTransform#close()} on an |
| 311 | * applied transform before completion of graceful shutdown may result in the shutdown sequence |
| 312 | * failing to complete. As such, applications requiring graceful shutdown MUST close the socket |
| 313 | * prior to deactivating the applied transform. Socket closure may be performed asynchronously |
| 314 | * (in batches), so the returning of a close function does not guarantee shutdown of a socket. |
| 315 | * Setting an SO_LINGER timeout results in socket closure being performed synchronously, and is |
| 316 | * sufficient to ensure shutdown. |
| 317 | * |
| 318 | * Specifically, if the transform is deactivated (by calling {@link IpSecTransform#close()}), |
| 319 | * prior to the socket being closed, the standard [FIN - FIN/ACK - ACK], or the reset [RST] |
| 320 | * packets are dropped due to the lack of a valid Transform. Similarly, if a socket without the |
| 321 | * SO_LINGER option set is closed, the delayed/batched FIN packets may be dropped. |
| 322 | * |
Jonathan Basseri | 5fb9290 | 2017-11-16 10:58:01 -0800 | [diff] [blame] | 323 | * <h4>Rekey Procedure</h4> |
| 324 | * |
Nathan Harold | 7b7bea0 | 2018-03-06 13:22:22 -0800 | [diff] [blame] | 325 | * <p>When applying a new tranform to a socket in the outbound direction, the previous transform |
| 326 | * will be removed and the new transform will take effect immediately, sending all traffic on |
| 327 | * the new transform; however, when applying a transform in the inbound direction, traffic |
| 328 | * on the old transform will continue to be decrypted and delivered until that transform is |
| 329 | * deallocated by calling {@link IpSecTransform#close()}. This overlap allows lossless rekey |
| 330 | * procedures where both transforms are valid until both endpoints are using the new transform |
| 331 | * and all in-flight packets have been received. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 332 | * |
| 333 | * @param socket a stream socket |
Nathan Harold | 7b7bea0 | 2018-03-06 13:22:22 -0800 | [diff] [blame] | 334 | * @param direction the direction in which the transform should be applied |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 335 | * @param transform a transport mode {@code IpSecTransform} |
| 336 | * @throws IOException indicating that the transform could not be applied |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 337 | */ |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 338 | public void applyTransportModeTransform(@NonNull Socket socket, |
| 339 | @PolicyDirection int direction, @NonNull IpSecTransform transform) throws IOException { |
Benedict Wong | d175a3d | 2018-04-02 18:12:34 -0700 | [diff] [blame] | 340 | // Ensure creation of FD. See b/77548890 for more details. |
| 341 | socket.getSoLinger(); |
| 342 | |
Nathan Harold | b548d25 | 2018-01-16 12:08:43 -0800 | [diff] [blame] | 343 | applyTransportModeTransform(socket.getFileDescriptor$(), direction, transform); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 344 | } |
| 345 | |
| 346 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 347 | * Apply an IPsec transform to a datagram socket. |
| 348 | * |
| 349 | * <p>This applies transport mode encapsulation to the given socket. Once applied, I/O on the |
| 350 | * socket will be encapsulated according to the parameters of the {@code IpSecTransform}. When |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 351 | * the transform is removed from the socket by calling {@link #removeTransportModeTransforms}, |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 352 | * unprotected traffic can resume on that socket. |
| 353 | * |
| 354 | * <p>For security reasons, the destination address of any traffic on the socket must match the |
| 355 | * remote {@code InetAddress} of the {@code IpSecTransform}. Attempts to send traffic to any |
| 356 | * other IP address will result in an IOException. In addition, reads and writes on the socket |
| 357 | * will throw IOException if the user deactivates the transform (by calling {@link |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 358 | * IpSecTransform#close()}) without calling {@link #removeTransportModeTransforms}. |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 359 | * |
Jonathan Basseri | 5fb9290 | 2017-11-16 10:58:01 -0800 | [diff] [blame] | 360 | * <h4>Rekey Procedure</h4> |
| 361 | * |
Nathan Harold | 7b7bea0 | 2018-03-06 13:22:22 -0800 | [diff] [blame] | 362 | * <p>When applying a new tranform to a socket in the outbound direction, the previous transform |
| 363 | * will be removed and the new transform will take effect immediately, sending all traffic on |
| 364 | * the new transform; however, when applying a transform in the inbound direction, traffic |
| 365 | * on the old transform will continue to be decrypted and delivered until that transform is |
| 366 | * deallocated by calling {@link IpSecTransform#close()}. This overlap allows lossless rekey |
| 367 | * procedures where both transforms are valid until both endpoints are using the new transform |
| 368 | * and all in-flight packets have been received. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 369 | * |
| 370 | * @param socket a datagram socket |
Nathan Harold | 7b7bea0 | 2018-03-06 13:22:22 -0800 | [diff] [blame] | 371 | * @param direction the direction in which the transform should be applied |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 372 | * @param transform a transport mode {@code IpSecTransform} |
| 373 | * @throws IOException indicating that the transform could not be applied |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 374 | */ |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 375 | public void applyTransportModeTransform(@NonNull DatagramSocket socket, |
| 376 | @PolicyDirection int direction, @NonNull IpSecTransform transform) throws IOException { |
Nathan Harold | b548d25 | 2018-01-16 12:08:43 -0800 | [diff] [blame] | 377 | applyTransportModeTransform(socket.getFileDescriptor$(), direction, transform); |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 378 | } |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 379 | |
| 380 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 381 | * Apply an IPsec transform to a socket. |
| 382 | * |
| 383 | * <p>This applies transport mode encapsulation to the given socket. Once applied, I/O on the |
| 384 | * socket will be encapsulated according to the parameters of the {@code IpSecTransform}. When |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 385 | * the transform is removed from the socket by calling {@link #removeTransportModeTransforms}, |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 386 | * unprotected traffic can resume on that socket. |
| 387 | * |
| 388 | * <p>For security reasons, the destination address of any traffic on the socket must match the |
| 389 | * remote {@code InetAddress} of the {@code IpSecTransform}. Attempts to send traffic to any |
| 390 | * other IP address will result in an IOException. In addition, reads and writes on the socket |
| 391 | * will throw IOException if the user deactivates the transform (by calling {@link |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 392 | * IpSecTransform#close()}) without calling {@link #removeTransportModeTransforms}. |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 393 | * |
Benedict Wong | 420fe00 | 2018-03-14 19:01:14 -0700 | [diff] [blame] | 394 | * <p>Note that when applied to TCP sockets, calling {@link IpSecTransform#close()} on an |
| 395 | * applied transform before completion of graceful shutdown may result in the shutdown sequence |
| 396 | * failing to complete. As such, applications requiring graceful shutdown MUST close the socket |
| 397 | * prior to deactivating the applied transform. Socket closure may be performed asynchronously |
| 398 | * (in batches), so the returning of a close function does not guarantee shutdown of a socket. |
| 399 | * Setting an SO_LINGER timeout results in socket closure being performed synchronously, and is |
| 400 | * sufficient to ensure shutdown. |
| 401 | * |
| 402 | * Specifically, if the transform is deactivated (by calling {@link IpSecTransform#close()}), |
| 403 | * prior to the socket being closed, the standard [FIN - FIN/ACK - ACK], or the reset [RST] |
| 404 | * packets are dropped due to the lack of a valid Transform. Similarly, if a socket without the |
| 405 | * SO_LINGER option set is closed, the delayed/batched FIN packets may be dropped. |
| 406 | * |
Jonathan Basseri | 5fb9290 | 2017-11-16 10:58:01 -0800 | [diff] [blame] | 407 | * <h4>Rekey Procedure</h4> |
| 408 | * |
Nathan Harold | 7b7bea0 | 2018-03-06 13:22:22 -0800 | [diff] [blame] | 409 | * <p>When applying a new tranform to a socket in the outbound direction, the previous transform |
| 410 | * will be removed and the new transform will take effect immediately, sending all traffic on |
| 411 | * the new transform; however, when applying a transform in the inbound direction, traffic |
| 412 | * on the old transform will continue to be decrypted and delivered until that transform is |
| 413 | * deallocated by calling {@link IpSecTransform#close()}. This overlap allows lossless rekey |
| 414 | * procedures where both transforms are valid until both endpoints are using the new transform |
| 415 | * and all in-flight packets have been received. |
Nathan Harold | b649935 | 2017-04-06 17:46:00 -0700 | [diff] [blame] | 416 | * |
| 417 | * @param socket a socket file descriptor |
Nathan Harold | 7b7bea0 | 2018-03-06 13:22:22 -0800 | [diff] [blame] | 418 | * @param direction the direction in which the transform should be applied |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 419 | * @param transform a transport mode {@code IpSecTransform} |
| 420 | * @throws IOException indicating that the transform could not be applied |
Nathan Harold | b649935 | 2017-04-06 17:46:00 -0700 | [diff] [blame] | 421 | */ |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 422 | public void applyTransportModeTransform(@NonNull FileDescriptor socket, |
| 423 | @PolicyDirection int direction, @NonNull IpSecTransform transform) throws IOException { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 424 | // We dup() the FileDescriptor here because if we don't, then the ParcelFileDescriptor() |
Nathan Harold | b548d25 | 2018-01-16 12:08:43 -0800 | [diff] [blame] | 425 | // constructor takes control and closes the user's FD when we exit the method. |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 426 | try (ParcelFileDescriptor pfd = ParcelFileDescriptor.dup(socket)) { |
Nathan Harold | a252331 | 2018-01-05 19:25:13 -0800 | [diff] [blame] | 427 | mService.applyTransportModeTransform(pfd, direction, transform.getResourceId()); |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 428 | } catch (RemoteException e) { |
| 429 | throw e.rethrowFromSystemServer(); |
| 430 | } |
Nathan Harold | b649935 | 2017-04-06 17:46:00 -0700 | [diff] [blame] | 431 | } |
| 432 | |
| 433 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 434 | * Remove an IPsec transform from a stream socket. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 435 | * |
Nathan Harold | f73d252 | 2018-01-17 01:00:20 -0800 | [diff] [blame] | 436 | * <p>Once removed, traffic on the socket will not be encrypted. Removing transforms from a |
| 437 | * socket allows the socket to be reused for communication in the clear. |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 438 | * |
| 439 | * <p>If an {@code IpSecTransform} object applied to this socket was deallocated by calling |
| 440 | * {@link IpSecTransform#close()}, then communication on the socket will fail until this method |
| 441 | * is called. |
| 442 | * |
| 443 | * @param socket a socket that previously had a transform applied to it |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 444 | * @throws IOException indicating that the transform could not be removed from the socket |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 445 | */ |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 446 | public void removeTransportModeTransforms(@NonNull Socket socket) throws IOException { |
Benedict Wong | d175a3d | 2018-04-02 18:12:34 -0700 | [diff] [blame] | 447 | // Ensure creation of FD. See b/77548890 for more details. |
| 448 | socket.getSoLinger(); |
| 449 | |
Nathan Harold | f73d252 | 2018-01-17 01:00:20 -0800 | [diff] [blame] | 450 | removeTransportModeTransforms(socket.getFileDescriptor$()); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 451 | } |
| 452 | |
| 453 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 454 | * Remove an IPsec transform from a datagram socket. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 455 | * |
Nathan Harold | f73d252 | 2018-01-17 01:00:20 -0800 | [diff] [blame] | 456 | * <p>Once removed, traffic on the socket will not be encrypted. Removing transforms from a |
| 457 | * socket allows the socket to be reused for communication in the clear. |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 458 | * |
| 459 | * <p>If an {@code IpSecTransform} object applied to this socket was deallocated by calling |
| 460 | * {@link IpSecTransform#close()}, then communication on the socket will fail until this method |
| 461 | * is called. |
| 462 | * |
| 463 | * @param socket a socket that previously had a transform applied to it |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 464 | * @throws IOException indicating that the transform could not be removed from the socket |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 465 | */ |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 466 | public void removeTransportModeTransforms(@NonNull DatagramSocket socket) throws IOException { |
Nathan Harold | f73d252 | 2018-01-17 01:00:20 -0800 | [diff] [blame] | 467 | removeTransportModeTransforms(socket.getFileDescriptor$()); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 468 | } |
| 469 | |
Nathan Harold | b649935 | 2017-04-06 17:46:00 -0700 | [diff] [blame] | 470 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 471 | * Remove an IPsec transform from a socket. |
Nathan Harold | b649935 | 2017-04-06 17:46:00 -0700 | [diff] [blame] | 472 | * |
Nathan Harold | f73d252 | 2018-01-17 01:00:20 -0800 | [diff] [blame] | 473 | * <p>Once removed, traffic on the socket will not be encrypted. Removing transforms from a |
| 474 | * socket allows the socket to be reused for communication in the clear. |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 475 | * |
| 476 | * <p>If an {@code IpSecTransform} object applied to this socket was deallocated by calling |
| 477 | * {@link IpSecTransform#close()}, then communication on the socket will fail until this method |
| 478 | * is called. |
| 479 | * |
| 480 | * @param socket a socket that previously had a transform applied to it |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 481 | * @throws IOException indicating that the transform could not be removed from the socket |
Nathan Harold | b649935 | 2017-04-06 17:46:00 -0700 | [diff] [blame] | 482 | */ |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 483 | public void removeTransportModeTransforms(@NonNull FileDescriptor socket) throws IOException { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 484 | try (ParcelFileDescriptor pfd = ParcelFileDescriptor.dup(socket)) { |
Nathan Harold | f73d252 | 2018-01-17 01:00:20 -0800 | [diff] [blame] | 485 | mService.removeTransportModeTransforms(pfd); |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 486 | } catch (RemoteException e) { |
| 487 | throw e.rethrowFromSystemServer(); |
| 488 | } |
| 489 | } |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 490 | |
| 491 | /** |
| 492 | * Remove a Tunnel Mode IPsec Transform from a {@link Network}. This must be used as part of |
| 493 | * cleanup if a tunneled Network experiences a change in default route. The Network will drop |
| 494 | * all traffic that cannot be routed to the Tunnel's outbound interface. If that interface is |
| 495 | * lost, all traffic will drop. |
| 496 | * |
Jonathan Basseri | 5fb9290 | 2017-11-16 10:58:01 -0800 | [diff] [blame] | 497 | * <p>TODO: Update javadoc for tunnel mode APIs at the same time the APIs are re-worked. |
| 498 | * |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 499 | * @param net a network that currently has transform applied to it. |
| 500 | * @param transform a Tunnel Mode IPsec Transform that has been previously applied to the given |
| 501 | * network |
| 502 | * @hide |
| 503 | */ |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 504 | public void removeTunnelModeTransform(Network net, IpSecTransform transform) {} |
| 505 | |
| 506 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 507 | * This class provides access to a UDP encapsulation Socket. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 508 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 509 | * <p>{@code UdpEncapsulationSocket} wraps a system-provided datagram socket intended for IKEv2 |
| 510 | * signalling and UDP encapsulated IPsec traffic. Instances can be obtained by calling {@link |
| 511 | * IpSecManager#openUdpEncapsulationSocket}. The provided socket cannot be re-bound by the |
| 512 | * caller. The caller should not close the {@code FileDescriptor} returned by {@link |
Benedict Wong | 6ea93c4 | 2018-03-27 16:55:48 -0700 | [diff] [blame] | 513 | * #getFileDescriptor}, but should use {@link #close} instead. |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 514 | * |
| 515 | * <p>Allowing the user to close or unbind a UDP encapsulation socket could impact the traffic |
| 516 | * of the next user who binds to that port. To prevent this scenario, these sockets are held |
| 517 | * open by the system so that they may only be closed by calling {@link #close} or when the user |
| 518 | * process exits. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 519 | */ |
| 520 | public static final class UdpEncapsulationSocket implements AutoCloseable { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 521 | private final ParcelFileDescriptor mPfd; |
Nathan Harold | 1afbef4 | 2017-03-01 18:55:06 -0800 | [diff] [blame] | 522 | private final IIpSecService mService; |
Nathan Harold | 6119d8d | 2017-12-13 18:51:35 -0800 | [diff] [blame] | 523 | private int mResourceId = INVALID_RESOURCE_ID; |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 524 | private final int mPort; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 525 | private final CloseGuard mCloseGuard = CloseGuard.get(); |
| 526 | |
Nathan Harold | 93962f3 | 2017-03-07 13:23:36 -0800 | [diff] [blame] | 527 | private UdpEncapsulationSocket(@NonNull IIpSecService service, int port) |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 528 | throws ResourceUnavailableException, IOException { |
Nathan Harold | 1afbef4 | 2017-03-01 18:55:06 -0800 | [diff] [blame] | 529 | mService = service; |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 530 | try { |
| 531 | IpSecUdpEncapResponse result = |
| 532 | mService.openUdpEncapsulationSocket(port, new Binder()); |
| 533 | switch (result.status) { |
| 534 | case Status.OK: |
| 535 | break; |
| 536 | case Status.RESOURCE_UNAVAILABLE: |
| 537 | throw new ResourceUnavailableException( |
| 538 | "No more Sockets may be allocated by this requester."); |
| 539 | default: |
| 540 | throw new RuntimeException( |
| 541 | "Unknown status returned by IpSecService: " + result.status); |
| 542 | } |
| 543 | mResourceId = result.resourceId; |
| 544 | mPort = result.port; |
| 545 | mPfd = result.fileDescriptor; |
| 546 | } catch (RemoteException e) { |
| 547 | throw e.rethrowFromSystemServer(); |
| 548 | } |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 549 | mCloseGuard.open("constructor"); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 550 | } |
| 551 | |
Benedict Wong | 6ea93c4 | 2018-03-27 16:55:48 -0700 | [diff] [blame] | 552 | /** Get the encapsulation socket's file descriptor. */ |
| 553 | public FileDescriptor getFileDescriptor() { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 554 | if (mPfd == null) { |
| 555 | return null; |
| 556 | } |
| 557 | return mPfd.getFileDescriptor(); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 558 | } |
| 559 | |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 560 | /** Get the bound port of the wrapped socket. */ |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 561 | public int getPort() { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 562 | return mPort; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 563 | } |
| 564 | |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 565 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 566 | * Close this socket. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 567 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 568 | * <p>This closes the wrapped socket. Open encapsulation sockets count against a user's |
| 569 | * resource limits, and forgetting to close them eventually will result in {@link |
| 570 | * ResourceUnavailableException} being thrown. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 571 | */ |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 572 | @Override |
Nathan Harold | 0bfb207 | 2017-04-17 17:11:58 -0700 | [diff] [blame] | 573 | public void close() throws IOException { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 574 | try { |
| 575 | mService.closeUdpEncapsulationSocket(mResourceId); |
Nathan Harold | 6119d8d | 2017-12-13 18:51:35 -0800 | [diff] [blame] | 576 | mResourceId = INVALID_RESOURCE_ID; |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 577 | } catch (RemoteException e) { |
| 578 | throw e.rethrowFromSystemServer(); |
| 579 | } |
| 580 | |
| 581 | try { |
| 582 | mPfd.close(); |
| 583 | } catch (IOException e) { |
| 584 | Log.e(TAG, "Failed to close UDP Encapsulation Socket with Port= " + mPort); |
| 585 | throw e; |
| 586 | } |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 587 | mCloseGuard.close(); |
| 588 | } |
| 589 | |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 590 | /** Check that the socket was closed properly. */ |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 591 | @Override |
| 592 | protected void finalize() throws Throwable { |
| 593 | if (mCloseGuard != null) { |
| 594 | mCloseGuard.warnIfOpen(); |
| 595 | } |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 596 | close(); |
| 597 | } |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 598 | |
| 599 | /** @hide */ |
Nathan Harold | a10003d | 2017-08-23 13:46:33 -0700 | [diff] [blame] | 600 | @VisibleForTesting |
| 601 | public int getResourceId() { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 602 | return mResourceId; |
| 603 | } |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 604 | }; |
| 605 | |
| 606 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 607 | * Open a socket for UDP encapsulation and bind to the given port. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 608 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 609 | * <p>See {@link UdpEncapsulationSocket} for the proper way to close the returned socket. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 610 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 611 | * @param port a local UDP port |
| 612 | * @return a socket that is bound to the given port |
| 613 | * @throws IOException indicating that the socket could not be opened or bound |
| 614 | * @throws ResourceUnavailableException indicating that too many encapsulation sockets are open |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 615 | */ |
| 616 | // Returning a socket in this fashion that has been created and bound by the system |
| 617 | // is the only safe way to ensure that a socket is both accessible to the user and |
| 618 | // safely usable for Encapsulation without allowing a user to possibly unbind from/close |
| 619 | // the port, which could potentially impact the traffic of the next user who binds to that |
| 620 | // socket. |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 621 | @NonNull |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 622 | public UdpEncapsulationSocket openUdpEncapsulationSocket(int port) |
| 623 | throws IOException, ResourceUnavailableException { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 624 | /* |
| 625 | * Most range checking is done in the service, but this version of the constructor expects |
| 626 | * a valid port number, and zero cannot be checked after being passed to the service. |
| 627 | */ |
| 628 | if (port == 0) { |
| 629 | throw new IllegalArgumentException("Specified port must be a valid port number!"); |
| 630 | } |
Nathan Harold | 1afbef4 | 2017-03-01 18:55:06 -0800 | [diff] [blame] | 631 | return new UdpEncapsulationSocket(mService, port); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 632 | } |
| 633 | |
| 634 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 635 | * Open a socket for UDP encapsulation. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 636 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 637 | * <p>See {@link UdpEncapsulationSocket} for the proper way to close the returned socket. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 638 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 639 | * <p>The local port of the returned socket can be obtained by calling {@link |
| 640 | * UdpEncapsulationSocket#getPort()}. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 641 | * |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 642 | * @return a socket that is bound to a local port |
| 643 | * @throws IOException indicating that the socket could not be opened or bound |
| 644 | * @throws ResourceUnavailableException indicating that too many encapsulation sockets are open |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 645 | */ |
| 646 | // Returning a socket in this fashion that has been created and bound by the system |
| 647 | // is the only safe way to ensure that a socket is both accessible to the user and |
| 648 | // safely usable for Encapsulation without allowing a user to possibly unbind from/close |
| 649 | // the port, which could potentially impact the traffic of the next user who binds to that |
| 650 | // socket. |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 651 | @NonNull |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 652 | public UdpEncapsulationSocket openUdpEncapsulationSocket() |
| 653 | throws IOException, ResourceUnavailableException { |
Nathan Harold | 8dc1fd0 | 2017-04-04 19:37:48 -0700 | [diff] [blame] | 654 | return new UdpEncapsulationSocket(mService, 0); |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 655 | } |
| 656 | |
| 657 | /** |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 658 | * This class represents an IpSecTunnelInterface |
| 659 | * |
| 660 | * <p>IpSecTunnelInterface objects track tunnel interfaces that serve as |
| 661 | * local endpoints for IPsec tunnels. |
| 662 | * |
| 663 | * <p>Creating an IpSecTunnelInterface creates a device to which IpSecTransforms may be |
| 664 | * applied to provide IPsec security to packets sent through the tunnel. While a tunnel |
| 665 | * cannot be used in standalone mode within Android, the higher layers may use the tunnel |
| 666 | * to create Network objects which are accessible to the Android system. |
| 667 | * @hide |
| 668 | */ |
| 669 | @SystemApi |
| 670 | public static final class IpSecTunnelInterface implements AutoCloseable { |
Nathan Harold | 592dadb | 2018-03-15 18:06:06 -0700 | [diff] [blame] | 671 | private final String mOpPackageName; |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 672 | private final IIpSecService mService; |
| 673 | private final InetAddress mRemoteAddress; |
| 674 | private final InetAddress mLocalAddress; |
| 675 | private final Network mUnderlyingNetwork; |
| 676 | private final CloseGuard mCloseGuard = CloseGuard.get(); |
| 677 | private String mInterfaceName; |
| 678 | private int mResourceId = INVALID_RESOURCE_ID; |
| 679 | |
| 680 | /** Get the underlying SPI held by this object. */ |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 681 | @NonNull |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 682 | public String getInterfaceName() { |
| 683 | return mInterfaceName; |
| 684 | } |
| 685 | |
| 686 | /** |
| 687 | * Add an address to the IpSecTunnelInterface |
| 688 | * |
| 689 | * <p>Add an address which may be used as the local inner address for |
| 690 | * tunneled traffic. |
| 691 | * |
| 692 | * @param address the local address for traffic inside the tunnel |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 693 | * @hide |
| 694 | */ |
Nathan Harold | c8f6306 | 2018-03-20 12:26:10 -0700 | [diff] [blame] | 695 | @SystemApi |
Nathan Harold | 1597884 | 2018-03-21 15:32:42 -0700 | [diff] [blame] | 696 | @RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS) |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 697 | public void addAddress(@NonNull LinkAddress address) throws IOException { |
Benedict Wong | da4b0c6 | 2018-03-01 18:53:07 -0800 | [diff] [blame] | 698 | try { |
Nathan Harold | 592dadb | 2018-03-15 18:06:06 -0700 | [diff] [blame] | 699 | mService.addAddressToTunnelInterface( |
| 700 | mResourceId, address, mOpPackageName); |
Benedict Wong | da4b0c6 | 2018-03-01 18:53:07 -0800 | [diff] [blame] | 701 | } catch (RemoteException e) { |
| 702 | throw e.rethrowFromSystemServer(); |
| 703 | } |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 704 | } |
| 705 | |
| 706 | /** |
| 707 | * Remove an address from the IpSecTunnelInterface |
| 708 | * |
| 709 | * <p>Remove an address which was previously added to the IpSecTunnelInterface |
| 710 | * |
| 711 | * @param address to be removed |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 712 | * @hide |
| 713 | */ |
Nathan Harold | c8f6306 | 2018-03-20 12:26:10 -0700 | [diff] [blame] | 714 | @SystemApi |
Nathan Harold | 1597884 | 2018-03-21 15:32:42 -0700 | [diff] [blame] | 715 | @RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS) |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 716 | public void removeAddress(@NonNull LinkAddress address) throws IOException { |
Benedict Wong | da4b0c6 | 2018-03-01 18:53:07 -0800 | [diff] [blame] | 717 | try { |
Nathan Harold | 592dadb | 2018-03-15 18:06:06 -0700 | [diff] [blame] | 718 | mService.removeAddressFromTunnelInterface( |
| 719 | mResourceId, address, mOpPackageName); |
Benedict Wong | da4b0c6 | 2018-03-01 18:53:07 -0800 | [diff] [blame] | 720 | } catch (RemoteException e) { |
| 721 | throw e.rethrowFromSystemServer(); |
| 722 | } |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 723 | } |
| 724 | |
Nathan Harold | 592dadb | 2018-03-15 18:06:06 -0700 | [diff] [blame] | 725 | private IpSecTunnelInterface(@NonNull Context ctx, @NonNull IIpSecService service, |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 726 | @NonNull InetAddress localAddress, @NonNull InetAddress remoteAddress, |
| 727 | @NonNull Network underlyingNetwork) |
| 728 | throws ResourceUnavailableException, IOException { |
Nathan Harold | 592dadb | 2018-03-15 18:06:06 -0700 | [diff] [blame] | 729 | mOpPackageName = ctx.getOpPackageName(); |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 730 | mService = service; |
| 731 | mLocalAddress = localAddress; |
| 732 | mRemoteAddress = remoteAddress; |
| 733 | mUnderlyingNetwork = underlyingNetwork; |
Benedict Wong | 8149f6e | 2018-01-18 18:31:45 -0800 | [diff] [blame] | 734 | |
| 735 | try { |
| 736 | IpSecTunnelInterfaceResponse result = |
| 737 | mService.createTunnelInterface( |
| 738 | localAddress.getHostAddress(), |
| 739 | remoteAddress.getHostAddress(), |
| 740 | underlyingNetwork, |
Nathan Harold | 592dadb | 2018-03-15 18:06:06 -0700 | [diff] [blame] | 741 | new Binder(), |
| 742 | mOpPackageName); |
Benedict Wong | 8149f6e | 2018-01-18 18:31:45 -0800 | [diff] [blame] | 743 | switch (result.status) { |
| 744 | case Status.OK: |
| 745 | break; |
| 746 | case Status.RESOURCE_UNAVAILABLE: |
| 747 | throw new ResourceUnavailableException( |
| 748 | "No more tunnel interfaces may be allocated by this requester."); |
| 749 | default: |
| 750 | throw new RuntimeException( |
| 751 | "Unknown status returned by IpSecService: " + result.status); |
| 752 | } |
| 753 | mResourceId = result.resourceId; |
| 754 | mInterfaceName = result.interfaceName; |
| 755 | } catch (RemoteException e) { |
| 756 | throw e.rethrowFromSystemServer(); |
| 757 | } |
| 758 | mCloseGuard.open("constructor"); |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 759 | } |
| 760 | |
| 761 | /** |
| 762 | * Delete an IpSecTunnelInterface |
| 763 | * |
| 764 | * <p>Calling close will deallocate the IpSecTunnelInterface and all of its system |
| 765 | * resources. Any packets bound for this interface either inbound or outbound will |
| 766 | * all be lost. |
| 767 | */ |
| 768 | @Override |
| 769 | public void close() { |
Benedict Wong | 8149f6e | 2018-01-18 18:31:45 -0800 | [diff] [blame] | 770 | try { |
Nathan Harold | 592dadb | 2018-03-15 18:06:06 -0700 | [diff] [blame] | 771 | mService.deleteTunnelInterface(mResourceId, mOpPackageName); |
Benedict Wong | 8149f6e | 2018-01-18 18:31:45 -0800 | [diff] [blame] | 772 | mResourceId = INVALID_RESOURCE_ID; |
| 773 | } catch (RemoteException e) { |
| 774 | throw e.rethrowFromSystemServer(); |
| 775 | } |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 776 | mCloseGuard.close(); |
| 777 | } |
| 778 | |
| 779 | /** Check that the Interface was closed properly. */ |
| 780 | @Override |
| 781 | protected void finalize() throws Throwable { |
| 782 | if (mCloseGuard != null) { |
| 783 | mCloseGuard.warnIfOpen(); |
| 784 | } |
| 785 | close(); |
| 786 | } |
Benedict Wong | 8149f6e | 2018-01-18 18:31:45 -0800 | [diff] [blame] | 787 | |
| 788 | /** @hide */ |
| 789 | @VisibleForTesting |
| 790 | public int getResourceId() { |
| 791 | return mResourceId; |
| 792 | } |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 793 | } |
| 794 | |
| 795 | /** |
| 796 | * Create a new IpSecTunnelInterface as a local endpoint for tunneled IPsec traffic. |
| 797 | * |
Benedict Wong | 8149f6e | 2018-01-18 18:31:45 -0800 | [diff] [blame] | 798 | * <p>An application that creates tunnels is responsible for cleaning up the tunnel when the |
| 799 | * underlying network goes away, and the onLost() callback is received. |
| 800 | * |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 801 | * @param localAddress The local addres of the tunnel |
| 802 | * @param remoteAddress The local addres of the tunnel |
| 803 | * @param underlyingNetwork the {@link Network} that will carry traffic for this tunnel. |
| 804 | * This network should almost certainly be a network such as WiFi with an L2 address. |
| 805 | * @return a new {@link IpSecManager#IpSecTunnelInterface} with the specified properties |
| 806 | * @throws IOException indicating that the socket could not be opened or bound |
| 807 | * @throws ResourceUnavailableException indicating that too many encapsulation sockets are open |
| 808 | * @hide |
| 809 | */ |
| 810 | @SystemApi |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 811 | @NonNull |
Nathan Harold | 1597884 | 2018-03-21 15:32:42 -0700 | [diff] [blame] | 812 | @RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS) |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 813 | public IpSecTunnelInterface createIpSecTunnelInterface(@NonNull InetAddress localAddress, |
| 814 | @NonNull InetAddress remoteAddress, @NonNull Network underlyingNetwork) |
| 815 | throws ResourceUnavailableException, IOException { |
Nathan Harold | 592dadb | 2018-03-15 18:06:06 -0700 | [diff] [blame] | 816 | return new IpSecTunnelInterface( |
| 817 | mContext, mService, localAddress, remoteAddress, underlyingNetwork); |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 818 | } |
| 819 | |
| 820 | /** |
Nathan Harold | 7b7bea0 | 2018-03-06 13:22:22 -0800 | [diff] [blame] | 821 | * Apply an active Tunnel Mode IPsec Transform to a {@link IpSecTunnelInterface}, which will |
| 822 | * tunnel all traffic for the given direction through the underlying network's interface with |
| 823 | * IPsec (applies an outer IP header and IPsec Header to all traffic, and expects an additional |
| 824 | * IP header and IPsec Header on all inbound traffic). |
| 825 | * <p>Applications should probably not use this API directly. |
| 826 | * |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 827 | * |
| 828 | * @param tunnel The {@link IpSecManager#IpSecTunnelInterface} that will use the supplied |
| 829 | * transform. |
| 830 | * @param direction the direction, {@link DIRECTION_OUT} or {@link #DIRECTION_IN} in which |
| 831 | * the transform will be used. |
| 832 | * @param transform an {@link IpSecTransform} created in tunnel mode |
| 833 | * @throws IOException indicating that the transform could not be applied due to a lower |
| 834 | * layer failure. |
| 835 | * @hide |
| 836 | */ |
| 837 | @SystemApi |
Nathan Harold | 1597884 | 2018-03-21 15:32:42 -0700 | [diff] [blame] | 838 | @RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS) |
Nathan Harold | 5cd64cc | 2018-03-16 17:27:30 -0700 | [diff] [blame] | 839 | public void applyTunnelModeTransform(@NonNull IpSecTunnelInterface tunnel, |
| 840 | @PolicyDirection int direction, @NonNull IpSecTransform transform) throws IOException { |
Benedict Wong | 8149f6e | 2018-01-18 18:31:45 -0800 | [diff] [blame] | 841 | try { |
| 842 | mService.applyTunnelModeTransform( |
Nathan Harold | 592dadb | 2018-03-15 18:06:06 -0700 | [diff] [blame] | 843 | tunnel.getResourceId(), direction, |
| 844 | transform.getResourceId(), mContext.getOpPackageName()); |
Benedict Wong | 8149f6e | 2018-01-18 18:31:45 -0800 | [diff] [blame] | 845 | } catch (RemoteException e) { |
| 846 | throw e.rethrowFromSystemServer(); |
| 847 | } |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 848 | } |
Nathan Harold | 7b7bea0 | 2018-03-06 13:22:22 -0800 | [diff] [blame] | 849 | |
Nathan Harold | c47eacc | 2018-01-17 16:09:24 -0800 | [diff] [blame] | 850 | /** |
Jonathan Basseri | c61b70d | 2017-04-21 15:53:51 -0700 | [diff] [blame] | 851 | * Construct an instance of IpSecManager within an application context. |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 852 | * |
| 853 | * @param context the application context for this manager |
| 854 | * @hide |
| 855 | */ |
Nathan Harold | 592dadb | 2018-03-15 18:06:06 -0700 | [diff] [blame] | 856 | public IpSecManager(Context ctx, IIpSecService service) { |
| 857 | mContext = ctx; |
Nathan Harold | 330e108 | 2017-01-12 18:38:57 -0800 | [diff] [blame] | 858 | mService = checkNotNull(service, "missing service"); |
| 859 | } |
| 860 | } |