Make Transforms Unidirectional
Convert the IpSecTransform from being a bi-directional
pair of SAs to a unidirectional single SA. This CL
also removes the concept of "direction from SAs meaning
that a IpSecTransform may now be applied to a socket
in either direction.
-Remove direction parameter from SAs and SPIs.
-Convert to using source and destination rather than
local and remote addresses.
Bug: 71717213
Test: CTS - IpSecManagerTest
Change-Id: I7150c2b03057e18a7d9d3edff302baf10e1ee729
diff --git a/server/NetdNativeService.cpp b/server/NetdNativeService.cpp
index 0cb740f..249d408 100644
--- a/server/NetdNativeService.cpp
+++ b/server/NetdNativeService.cpp
@@ -405,9 +405,8 @@
binder::Status NetdNativeService::ipSecAllocateSpi(
int32_t transformId,
- int32_t direction,
- const std::string& localAddress,
- const std::string& remoteAddress,
+ const std::string& sourceAddress,
+ const std::string& destinationAddress,
int32_t inSpi,
int32_t* outSpi) {
// Necessary locking done in IpSecService and kernel
@@ -415,9 +414,8 @@
ALOGD("ipSecAllocateSpi()");
return asBinderStatus(gCtls->xfrmCtrl.ipSecAllocateSpi(
transformId,
- direction,
- localAddress,
- remoteAddress,
+ sourceAddress,
+ destinationAddress,
inSpi,
outSpi));
}
@@ -425,9 +423,8 @@
binder::Status NetdNativeService::ipSecAddSecurityAssociation(
int32_t transformId,
int32_t mode,
- int32_t direction,
- const std::string& localAddress,
- const std::string& remoteAddress,
+ const std::string& sourceAddress,
+ const std::string& destinationAddress,
int64_t underlyingNetworkHandle,
int32_t spi,
const std::string& authAlgo, const std::vector<uint8_t>& authKey, int32_t authTruncBits,
@@ -440,7 +437,7 @@
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
ALOGD("ipSecAddSecurityAssociation()");
return asBinderStatus(gCtls->xfrmCtrl.ipSecAddSecurityAssociation(
- transformId, mode, direction, localAddress, remoteAddress,
+ transformId, mode, sourceAddress, destinationAddress,
underlyingNetworkHandle,
spi,
authAlgo, authKey, authTruncBits,
@@ -451,18 +448,16 @@
binder::Status NetdNativeService::ipSecDeleteSecurityAssociation(
int32_t transformId,
- int32_t direction,
- const std::string& localAddress,
- const std::string& remoteAddress,
+ const std::string& sourceAddress,
+ const std::string& destinationAddress,
int32_t spi) {
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
ALOGD("ipSecDeleteSecurityAssociation()");
return asBinderStatus(gCtls->xfrmCtrl.ipSecDeleteSecurityAssociation(
transformId,
- direction,
- localAddress,
- remoteAddress,
+ sourceAddress,
+ destinationAddress,
spi));
}
@@ -470,8 +465,8 @@
const android::base::unique_fd& socket,
int32_t transformId,
int32_t direction,
- const std::string& localAddress,
- const std::string& remoteAddress,
+ const std::string& sourceAddress,
+ const std::string& destinationAddress,
int32_t spi) {
// Necessary locking done in IpSecService and kernel
ENFORCE_PERMISSION(CONNECTIVITY_INTERNAL);
@@ -480,8 +475,8 @@
socket,
transformId,
direction,
- localAddress,
- remoteAddress,
+ sourceAddress,
+ destinationAddress,
spi));
}