d86b8fea43ebb6e5c31691b44d8ceb0d8d3c9072 |
|
03-Jun-2017 |
Jeff Sharkey <jsharkey@android.com> |
Annotate @SystemApi with required permissions. Most @SystemApi methods should be protected with system (or higher) permissions, so annotate common methods with @RequiresPermission to make automatic verification easier. Verification is really only relevant when calling into system services (where permissions checking can happen on the other side of a Binder call), so annotate managers with the new @SystemService annotation, which is now automatically documented. This is purely a docs change; no logic changes are being made. Test: make -j32 update-api && make -j32 offline-sdk-docs Bug: 62263906 Change-Id: I2554227202d84465676aa4ab0dd336b5c45fc651
/frameworks/base/core/java/android/net/IpSecManager.java
|
bd62d6aff264b8e8ce4a06ca6417e69bcca3006b |
|
25-Apr-2017 |
Nathan Harold <nharold@google.com> |
Hide IpSecManager, IpSecTransform, and IpSecAlgorithm These classes, originally planned to be part of the public API, are not ready for public consumption. They are planned to be un-hidden in a future release. Bug: 37681043 Test: make update-api and make Merged-In: I8caccd3f8455341cb56a2256354eacbadedff047 Change-Id: I8caccd3f8455341cb56a2256354eacbadedff047 (cherry picked from commit e38565fc74ee19e27175782be3cf2f0dffefd3a6)
/frameworks/base/core/java/android/net/IpSecManager.java
|
10f051ca91f352acea3ccd329da87db67012bd19 |
|
18-Apr-2017 |
Nathan Harold <nharold@google.com> |
Hide Socket+DatagramSocket IpSecTransform methods These methods do not currently work for IPv4 sockets, so they need to be hidden until the underlying kernel code can be made to work properly in a dual-stack environment. Bug: 36073210 Test: compilation Merged-In: Idce367f638a42da374a7f1dc5ebb8931c9555e06 Change-Id: Idce367f638a42da374a7f1dc5ebb8931c9555e06 (cherry picked from commit da18b028f85e9a2c969c636aea6abf7f4bac3922)
/frameworks/base/core/java/android/net/IpSecManager.java
|
05c7b5ad7cdba444db3d7813bf69da8f5d7f9058 |
|
18-Apr-2017 |
Nathan Harold <nharold@google.com> |
Consistenly Throw IOExceptions from IpSecManager Bug: 36073210 Test: api-update Change-Id: Ia3825e85b09b6330f1326a26cf9e1cadf9dacf71 Merged-In: Ia3825e85b09b6330f1326a26cf9e1cadf9dacf71 (cherry picked from commit c2fd6cfdc9dce33d57a3c2780e0527dd4b1bfeb9)
/frameworks/base/core/java/android/net/IpSecManager.java
|
09098dc441913f30905f6ffd6f73262924858dd0 |
|
07-Apr-2017 |
Nathan Harold <nharold@google.com> |
Add FileDescriptor Versions of applyTransportModeTransform() Because there is no way using the Java sockets API to actually get a socket of AF_INET on mode machines, it is necessary to provide a way to apply transforms to sockets made using the native wrapper API, which uses POSIX APIs and will create a socket that is AF_INET. Bug: 36073210 Test: b/34811227 Change-Id: I28ac7cc4f36045ce523a54111e5be975b0331356
/frameworks/base/core/java/android/net/IpSecManager.java
|
5ad768c3b75c5dcc8e8aa90ee27f2beb7fe9590a |
|
07-Apr-2017 |
Nathan Harold <nharold@google.com> |
IpSecManager and IpSecAlgorithm API Tweaks -Add a reserveSecurityParamterIndex() function that allows the system to select an SPI. -Disallow INVALID_SECURITY_PARAMETER_INDEX from being passed as an explicit SPI request. -Remove the ALGO_ prefix from constants in IpSecAlgorithm Bug: 36073210 Test: Updated CTS tests still pass on bullhead Change-Id: Ic94809996076b0718f153f550b82192fe7048a2e
/frameworks/base/core/java/android/net/IpSecManager.java
|
f1dad26972dceac86edfc42bc87753b7ad8ad54f |
|
07-Mar-2017 |
Nathan Harold <nharold@google.com> |
Add Initial IPsec APIs to IpSecService -Plumb IpSecManager APIs to NetD -Add Resource Management to IpSecService Bug: 30984788 Test: b/34812052, b/34811227 Change-Id: Ic43965c6158f28cac53810adbf5cf50d2c54f920 (cherry picked from commit 93962f34ce21f5aac825afbcebf2f3e8c7a30910)
/frameworks/base/core/java/android/net/IpSecManager.java
|
127f4558003a12e7bdebc74defc04f413090296c |
|
30-Mar-2017 |
Nathan Harold <nharold@google.com> |
IpSecManager and IpSecTransform API Cleanup -Remove Int-based SPI usage from the IpSecTransform.Builder This is essentially a less-safe method overload, and it is both unnecessary and difficult to implement: the cross-validation between SPI and Transform is actually useful, and the kernel requires two different mechanisms to use an unreserved vs a reserved (alloc'd) SPI: CREATESA vs UPDATESA, which makes this hard to support. API Council has questioned the value of this, and they are right: everything points to "remove this". In the future, if we find that SPI reservation is overhead, we can always add it back. -Hiding the TunnelMode builder method and application/remove methods. These will not land by the time the next API stabilizes, so better to hide them now that this is a near-certainty. Expectation is to un-hide them in the subsequent API bump. Bug: 36073210 Test: Compilation, verified nobody is calling these stubs Change-Id: Ic1a3f2cf7128633318ac175d6b56b45eb8d21cab (cherry picked from commit 48b566557d5a66d4476008b3c59b815eb78cb373)
/frameworks/base/core/java/android/net/IpSecManager.java
|
eece454de1178260b97e3d5dd99c83003139eb5f |
|
29-Mar-2017 |
Nathan Harold <nharold@google.com> |
Change reserveSecurityParameterIndex() to take a remoteAddress To make the SPI reservation more semantically consistent with the transform creation API, and to ensure that we always create SPI reservations relative to a well-known remote, we should take the SPI request relative to a remote (rather than to a destination). This necessitates that we now consider direction separately, which is used for keying the SA-Id. Bug: 36073210 Test: compilation Change-Id: I81e955c20128c1f8e04fd68eb26669561f827a78 (cherry picked from commit c4f879925b58b1b5ca9a3cfdc898c20cbf56355a)
/frameworks/base/core/java/android/net/IpSecManager.java
|
cbb58ecc866f90b2fe829b808a65652376006c24 |
|
02-Mar-2017 |
Nathan Harold <nharold@google.com> |
Add a Skeleton IpSecService -Add IpSecService with the necessary glue to connect to netd -Add code to retrieve IpSecService from System Server Bug: 30984788 Test: b/34812052, b/34811227 Change-Id: I4cdcb643421141202f77a0e2f87a37012de0cd92 (cherry picked from commit 28084d89ec136b56f5012be33a0dea147962f9f6)
/frameworks/base/core/java/android/net/IpSecManager.java
|
330e1089da80cddcd68758512370d217b19f8890 |
|
13-Jan-2017 |
Nathan Harold <nharold@google.com> |
Add API Surface for creating IpSec Transforms This CL adds an API to set up an IPSec Security Association and Security Policy to perform Transport-Mode and Tunnel-Mode encapuslation of IP Packets. Bug: 30984788 Bug: 34811752 Test: 34812052, 34811227 Change-Id: Ic9f63c7bb366302a24baa3e1b79020210910ac0a
/frameworks/base/core/java/android/net/IpSecManager.java
|