Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 84a8dcaf07edd78977dbce2924d950500a66293b^! / . / server / NetdNativeService.cpp
commit84a8dcaf07edd78977dbce2924d950500a66293b[log] [tgz]
authorBenedict Wong <benedictwong@google.com>Fri Jan 19 12:12:17 2018 -0800
committerNathan Harold <nharold@google.com>Wed Jan 24 00:44:44 2018 -0800
tree5da2c0295b2bf7672d422bdb7c260b792b0feeec
parent3bc6509b7495238b98b52a363ce5edf7926e8279 [diff] [blame]
Add global policy methods to aidl

Exposes global policy add/remove methods to aidl, allowing java system
services to use it. This will be used for tunnel mode, where security
policies must be added/updated/deleted, and logic should preferably be
in IpSecService.

Bug: 63588681
Test: Compiles
Change-Id: Ie6e99ba18ac5930273c91e81e320a2987fa17815

diff --git a/server/NetdNativeService.cpp b/server/NetdNativeService.cpp
index eb6a84b..8e02e25 100644
--- a/server/NetdNativeService.cpp
+++ b/server/NetdNativeService.cpp

@@ -557,6 +557,67 @@
                     socket));
 }
 
+binder::Status NetdNativeService::ipSecAddSecurityPolicy(
+        int32_t transformId,
+        int32_t direction,
+        const std::string& sourceAddress,
+        const std::string& destinationAddress,
+        int32_t spi,
+        int32_t markValue,
+        int32_t markMask){
+    // Necessary locking done in IpSecService and kernel
+    ENFORCE_PERMISSION(NETWORK_STACK);
+    ALOGD("ipSecAddSecurityPolicy()");
+    return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityPolicy(
+                    transformId,
+                    direction,
+                    sourceAddress,
+                    destinationAddress,
+                    spi,
+                    markValue,
+                    markMask));
+}
+
+binder::Status NetdNativeService::ipSecUpdateSecurityPolicy(
+        int32_t transformId,
+        int32_t direction,
+        const std::string& sourceAddress,
+        const std::string& destinationAddress,
+        int32_t spi,
+        int32_t markValue,
+        int32_t markMask){
+    // Necessary locking done in IpSecService and kernel
+    ENFORCE_PERMISSION(NETWORK_STACK);
+    ALOGD("ipSecAddSecurityPolicy()");
+    return asBinderStatus(gCtls->xfrmCtrl.ipSecUpdateSecurityPolicy(
+                    transformId,
+                    direction,
+                    sourceAddress,
+                    destinationAddress,
+                    spi,
+                    markValue,
+                    markMask));
+}
+
+binder::Status NetdNativeService::ipSecDeleteSecurityPolicy(
+        int32_t transformId,
+        int32_t direction,
+        const std::string& sourceAddress,
+        const std::string& destinationAddress,
+        int32_t markValue,
+        int32_t markMask){
+    // Necessary locking done in IpSecService and kernel
+    ENFORCE_PERMISSION(NETWORK_STACK);
+    ALOGD("ipSecAddSecurityPolicy()");
+    return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityPolicy(
+                    transformId,
+                    direction,
+                    sourceAddress,
+                    destinationAddress,
+                    markValue,
+                    markMask));
+}
+
 binder::Status NetdNativeService::setIPv6AddrGenMode(const std::string& ifName,
                                                      int32_t mode) {
     ENFORCE_PERMISSION(NETWORK_STACK);