Merge "Added implementation for VTI add/remove address" into pi-dev
diff --git a/core/java/android/net/IIpSecService.aidl b/core/java/android/net/IIpSecService.aidl
index 3ce0283..3a3ddcc 100644
--- a/core/java/android/net/IIpSecService.aidl
+++ b/core/java/android/net/IIpSecService.aidl
@@ -16,6 +16,7 @@
package android.net;
+import android.net.LinkAddress;
import android.net.Network;
import android.net.IpSecConfig;
import android.net.IpSecUdpEncapResponse;
@@ -48,11 +49,11 @@
void addAddressToTunnelInterface(
int tunnelResourceId,
- String localAddr);
+ in LinkAddress localAddr);
void removeAddressFromTunnelInterface(
int tunnelResourceId,
- String localAddr);
+ in LinkAddress localAddr);
void deleteTunnelInterface(int resourceId);
diff --git a/core/java/android/net/IpSecManager.java b/core/java/android/net/IpSecManager.java
index fbf3056..4e1f834 100644
--- a/core/java/android/net/IpSecManager.java
+++ b/core/java/android/net/IpSecManager.java
@@ -656,10 +656,14 @@
* tunneled traffic.
*
* @param address the local address for traffic inside the tunnel
- * @throws IOException if the address could not be added
* @hide
*/
- public void addAddress(LinkAddress address) throws IOException {
+ public void addAddress(LinkAddress address) {
+ try {
+ mService.addAddressToTunnelInterface(mResourceId, address);
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
}
/**
@@ -668,10 +672,14 @@
* <p>Remove an address which was previously added to the IpSecTunnelInterface
*
* @param address to be removed
- * @throws IOException if the address could not be removed
* @hide
*/
- public void removeAddress(LinkAddress address) throws IOException {
+ public void removeAddress(LinkAddress address) {
+ try {
+ mService.removeAddressFromTunnelInterface(mResourceId, address);
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
}
private IpSecTunnelInterface(@NonNull IIpSecService service,
diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java
index d3f1a7b..f1f251f 100644
--- a/services/core/java/com/android/server/IpSecService.java
+++ b/services/core/java/com/android/server/IpSecService.java
@@ -36,6 +36,7 @@
import android.net.IpSecTransformResponse;
import android.net.IpSecTunnelInterfaceResponse;
import android.net.IpSecUdpEncapResponse;
+import android.net.LinkAddress;
import android.net.Network;
import android.net.NetworkUtils;
import android.net.TrafficStats;
@@ -618,10 +619,8 @@
spi,
mConfig.getMarkValue(),
mConfig.getMarkMask());
- } catch (ServiceSpecificException e) {
- // FIXME: get the error code and throw is at an IOException from Errno Exception
- } catch (RemoteException e) {
- Log.e(TAG, "Failed to delete SA with ID: " + mResourceId);
+ } catch (RemoteException | ServiceSpecificException e) {
+ Log.e(TAG, "Failed to delete SA with ID: " + mResourceId, e);
}
getResourceTracker().give();
@@ -681,10 +680,8 @@
.getNetdInstance()
.ipSecDeleteSecurityAssociation(
mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0);
- } catch (ServiceSpecificException e) {
- // FIXME: get the error code and throw is at an IOException from Errno Exception
- } catch (RemoteException e) {
- Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId);
+ } catch (ServiceSpecificException | RemoteException e) {
+ Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId, e);
}
mSpi = IpSecManager.INVALID_SECURITY_PARAMETER_INDEX;
@@ -829,15 +826,13 @@
0, direction, wildcardAddr, wildcardAddr, mark, 0xffffffff);
}
}
- } catch (ServiceSpecificException e) {
- // FIXME: get the error code and throw is at an IOException from Errno Exception
- } catch (RemoteException e) {
+ } catch (ServiceSpecificException | RemoteException e) {
Log.e(
TAG,
"Failed to delete VTI with interface name: "
+ mInterfaceName
+ " and id: "
- + mResourceId);
+ + mResourceId, e);
}
getResourceTracker().give();
@@ -1319,7 +1314,9 @@
* from multiple local IP addresses over the same tunnel.
*/
@Override
- public synchronized void addAddressToTunnelInterface(int tunnelResourceId, String localAddr) {
+ public synchronized void addAddressToTunnelInterface(
+ int tunnelResourceId, LinkAddress localAddr) {
+ enforceNetworkStackPermission();
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
// Get tunnelInterface record; if no such interface is found, will throw
@@ -1327,8 +1324,21 @@
TunnelInterfaceRecord tunnelInterfaceInfo =
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
- // TODO: Add calls to netd:
- // Add address to TunnelInterface
+ try {
+ // We can assume general validity of the IP address, since we get them as a
+ // LinkAddress, which does some validation.
+ mSrvConfig
+ .getNetdInstance()
+ .interfaceAddAddress(
+ tunnelInterfaceInfo.mInterfaceName,
+ localAddr.getAddress().getHostAddress(),
+ localAddr.getPrefixLength());
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ } catch (ServiceSpecificException e) {
+ // If we get here, one of the arguments provided was invalid. Wrap the SSE, and throw.
+ throw new IllegalArgumentException(e);
+ }
}
/**
@@ -1337,7 +1347,8 @@
*/
@Override
public synchronized void removeAddressFromTunnelInterface(
- int tunnelResourceId, String localAddr) {
+ int tunnelResourceId, LinkAddress localAddr) {
+ enforceNetworkStackPermission();
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
// Get tunnelInterface record; if no such interface is found, will throw
@@ -1345,8 +1356,21 @@
TunnelInterfaceRecord tunnelInterfaceInfo =
userRecord.mTunnelInterfaceRecords.getResourceOrThrow(tunnelResourceId);
- // TODO: Add calls to netd:
- // Remove address from TunnelInterface
+ try {
+ // We can assume general validity of the IP address, since we get them as a
+ // LinkAddress, which does some validation.
+ mSrvConfig
+ .getNetdInstance()
+ .interfaceDelAddress(
+ tunnelInterfaceInfo.mInterfaceName,
+ localAddr.getAddress().getHostAddress(),
+ localAddr.getPrefixLength());
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ } catch (ServiceSpecificException e) {
+ // If we get here, one of the arguments provided was invalid. Wrap the SSE, and throw.
+ throw new IllegalArgumentException(e);
+ }
}
/**