Cross Reference: /frameworks/base/core/java/android/net/IpSecManager.java

History log of /frameworks/base/core/java/android/net/IpSecManager.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
d86b8fea43ebb6e5c31691b44d8ceb0d8d3c9072	03-Jun-2017	Jeff Sharkey <jsharkey@android.com>	Annotate @SystemApi with required permissions. Most @SystemApi methods should be protected with system (or higher) permissions, so annotate common methods with @RequiresPermission to make automatic verification easier. Verification is really only relevant when calling into system services (where permissions checking can happen on the other side of a Binder call), so annotate managers with the new @SystemService annotation, which is now automatically documented. This is purely a docs change; no logic changes are being made. Test: make -j32 update-api && make -j32 offline-sdk-docs Bug: 62263906 Change-Id: I2554227202d84465676aa4ab0dd336b5c45fc651 /frameworks/base/core/java/android/net/IpSecManager.java
bd62d6aff264b8e8ce4a06ca6417e69bcca3006b	25-Apr-2017	Nathan Harold <nharold@google.com>	Hide IpSecManager, IpSecTransform, and IpSecAlgorithm These classes, originally planned to be part of the public API, are not ready for public consumption. They are planned to be un-hidden in a future release. Bug: 37681043 Test: make update-api and make Merged-In: I8caccd3f8455341cb56a2256354eacbadedff047 Change-Id: I8caccd3f8455341cb56a2256354eacbadedff047 (cherry picked from commit e38565fc74ee19e27175782be3cf2f0dffefd3a6) /frameworks/base/core/java/android/net/IpSecManager.java
10f051ca91f352acea3ccd329da87db67012bd19	18-Apr-2017	Nathan Harold <nharold@google.com>	Hide Socket+DatagramSocket IpSecTransform methods These methods do not currently work for IPv4 sockets, so they need to be hidden until the underlying kernel code can be made to work properly in a dual-stack environment. Bug: 36073210 Test: compilation Merged-In: Idce367f638a42da374a7f1dc5ebb8931c9555e06 Change-Id: Idce367f638a42da374a7f1dc5ebb8931c9555e06 (cherry picked from commit da18b028f85e9a2c969c636aea6abf7f4bac3922) /frameworks/base/core/java/android/net/IpSecManager.java
05c7b5ad7cdba444db3d7813bf69da8f5d7f9058	18-Apr-2017	Nathan Harold <nharold@google.com>	Consistenly Throw IOExceptions from IpSecManager Bug: 36073210 Test: api-update Change-Id: Ia3825e85b09b6330f1326a26cf9e1cadf9dacf71 Merged-In: Ia3825e85b09b6330f1326a26cf9e1cadf9dacf71 (cherry picked from commit c2fd6cfdc9dce33d57a3c2780e0527dd4b1bfeb9) /frameworks/base/core/java/android/net/IpSecManager.java
09098dc441913f30905f6ffd6f73262924858dd0	07-Apr-2017	Nathan Harold <nharold@google.com>	Add FileDescriptor Versions of applyTransportModeTransform() Because there is no way using the Java sockets API to actually get a socket of AF_INET on mode machines, it is necessary to provide a way to apply transforms to sockets made using the native wrapper API, which uses POSIX APIs and will create a socket that is AF_INET. Bug: 36073210 Test: b/34811227 Change-Id: I28ac7cc4f36045ce523a54111e5be975b0331356 /frameworks/base/core/java/android/net/IpSecManager.java
5ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590a	07-Apr-2017	Nathan Harold <nharold@google.com>	IpSecManager and IpSecAlgorithm API Tweaks -Add a reserveSecurityParamterIndex() function that allows the system to select an SPI. -Disallow INVALID_SECURITY_PARAMETER_INDEX from being passed as an explicit SPI request. -Remove the ALGO_ prefix from constants in IpSecAlgorithm Bug: 36073210 Test: Updated CTS tests still pass on bullhead Change-Id: Ic94809996076b0718f153f550b82192fe7048a2e /frameworks/base/core/java/android/net/IpSecManager.java
f1dad26972dceac86edfc42bc87753b7ad8ad54f	07-Mar-2017	Nathan Harold <nharold@google.com>	Add Initial IPsec APIs to IpSecService -Plumb IpSecManager APIs to NetD -Add Resource Management to IpSecService Bug: 30984788 Test: b/34812052, b/34811227 Change-Id: Ic43965c6158f28cac53810adbf5cf50d2c54f920 (cherry picked from commit 93962f34ce21f5aac825afbcebf2f3e8c7a30910) /frameworks/base/core/java/android/net/IpSecManager.java
127f4558003a12e7bdebc74defc04f413090296c	30-Mar-2017	Nathan Harold <nharold@google.com>	IpSecManager and IpSecTransform API Cleanup -Remove Int-based SPI usage from the IpSecTransform.Builder This is essentially a less-safe method overload, and it is both unnecessary and difficult to implement: the cross-validation between SPI and Transform is actually useful, and the kernel requires two different mechanisms to use an unreserved vs a reserved (alloc'd) SPI: CREATESA vs UPDATESA, which makes this hard to support. API Council has questioned the value of this, and they are right: everything points to "remove this". In the future, if we find that SPI reservation is overhead, we can always add it back. -Hiding the TunnelMode builder method and application/remove methods. These will not land by the time the next API stabilizes, so better to hide them now that this is a near-certainty. Expectation is to un-hide them in the subsequent API bump. Bug: 36073210 Test: Compilation, verified nobody is calling these stubs Change-Id: Ic1a3f2cf7128633318ac175d6b56b45eb8d21cab (cherry picked from commit 48b566557d5a66d4476008b3c59b815eb78cb373) /frameworks/base/core/java/android/net/IpSecManager.java
eece454de1178260b97e3d5dd99c83003139eb5f	29-Mar-2017	Nathan Harold <nharold@google.com>	Change reserveSecurityParameterIndex() to take a remoteAddress To make the SPI reservation more semantically consistent with the transform creation API, and to ensure that we always create SPI reservations relative to a well-known remote, we should take the SPI request relative to a remote (rather than to a destination). This necessitates that we now consider direction separately, which is used for keying the SA-Id. Bug: 36073210 Test: compilation Change-Id: I81e955c20128c1f8e04fd68eb26669561f827a78 (cherry picked from commit c4f879925b58b1b5ca9a3cfdc898c20cbf56355a) /frameworks/base/core/java/android/net/IpSecManager.java
cbb58ecc866f90b2fe829b808a65652376006c24	02-Mar-2017	Nathan Harold <nharold@google.com>	Add a Skeleton IpSecService -Add IpSecService with the necessary glue to connect to netd -Add code to retrieve IpSecService from System Server Bug: 30984788 Test: b/34812052, b/34811227 Change-Id: I4cdcb643421141202f77a0e2f87a37012de0cd92 (cherry picked from commit 28084d89ec136b56f5012be33a0dea147962f9f6) /frameworks/base/core/java/android/net/IpSecManager.java
330e1089da80cddcd68758512370d217b19f8890	13-Jan-2017	Nathan Harold <nharold@google.com>	Add API Surface for creating IpSec Transforms This CL adds an API to set up an IPSec Security Association and Security Policy to perform Transport-Mode and Tunnel-Mode encapuslation of IP Packets. Bug: 30984788 Bug: 34811752 Test: 34812052, 34811227 Change-Id: Ic9f63c7bb366302a24baa3e1b79020210910ac0a /frameworks/base/core/java/android/net/IpSecManager.java