| 8dc1fd0237992e1d693376b4f6eea45e7447e9db |
|
05-Apr-2017 |
Nathan Harold <nharold@google.com> |
Add UDP Encap Socket Support to IpSecManager
-Implement the UdpEncapsulationSocket
-Convert all ManagedResources to use resourceIds
-Rework ManagedResource to track resourceIds
Bug: 30984788
Test: cts - IpSecManagerTest#testUdpEncapsulation()
Change-Id: I7b1099c487051a8d951c1485791c4b6cef2deb1d
/frameworks/base/core/java/android/net/IpSecTransform.java
|
| ac11ccb1f66d5dadb6c6fd1d47408e36c48c94ce |
|
25-Apr-2017 |
Nathan Harold <nharold@google.com> |
Hide IpSecManager, IpSecTransform, and IpSecAlgorithm
These classes, originally planned to be part of the
public API, are not ready for public consumption.
They are planned to be un-hidden in a future release.
Bug: 37681043
Test: make update-api and make
Change-Id: I8caccd3f8455341cb56a2256354eacbadedff047
/frameworks/base/core/java/android/net/IpSecTransform.java
|
| 93962f34ce21f5aac825afbcebf2f3e8c7a30910 |
|
07-Mar-2017 |
Nathan Harold <nharold@google.com> |
Add Initial IPsec APIs to IpSecService
-Plumb IpSecManager APIs to NetD
-Add Resource Management to IpSecService
Bug: 33695893
Test: CTS verifies nearly all of these paths
Change-Id: Ic43965c6158f28cac53810adbf5cf50d2c54f920
/frameworks/base/core/java/android/net/IpSecTransform.java
|
| 48b566557d5a66d4476008b3c59b815eb78cb373 |
|
30-Mar-2017 |
Nathan Harold <nharold@google.com> |
IpSecManager and IpSecTransform API Cleanup
-Remove Int-based SPI usage from the IpSecTransform.Builder
This is essentially a less-safe method overload, and it is both
unnecessary and difficult to implement: the cross-validation
between SPI and Transform is actually useful, and the kernel
requires two different mechanisms to use an unreserved vs a
reserved (alloc'd) SPI: CREATESA vs UPDATESA, which makes this
hard to support. API Council has questioned the value of this,
and they are right: everything points to "remove this". In the
future, if we find that SPI reservation is overhead, we can
always add it back.
-Hiding the TunnelMode builder method and application/remove
methods. These will not land by the time the next API
stabilizes, so better to hide them now that this is a
near-certainty. Expectation is to un-hide them in the subsequent
API bump.
Bug: 36073210
Test: Compilation, verified nobody is calling these stubs
Change-Id: Ic1a3f2cf7128633318ac175d6b56b45eb8d21cab
/frameworks/base/core/java/android/net/IpSecTransform.java
|
| c4f879925b58b1b5ca9a3cfdc898c20cbf56355a |
|
29-Mar-2017 |
Nathan Harold <nharold@google.com> |
Change reserveSecurityParameterIndex() to take a remoteAddress
To make the SPI reservation more semantically consistent with the
transform creation API, and to ensure that we always create SPI
reservations relative to a well-known remote, we should take the
SPI request relative to a remote (rather than to a destination).
This necessitates that we now consider direction separately, which
is used for keying the SA-Id.
Bug: 36073210
Test: compilation
Change-Id: I81e955c20128c1f8e04fd68eb26669561f827a78
/frameworks/base/core/java/android/net/IpSecTransform.java
|
| 330e1089da80cddcd68758512370d217b19f8890 |
|
13-Jan-2017 |
Nathan Harold <nharold@google.com> |
Add API Surface for creating IpSec Transforms
This CL adds an API to set up an IPSec Security Association
and Security Policy to perform Transport-Mode and Tunnel-Mode encapuslation
of IP Packets.
Bug: 30984788
Bug: 34811752
Test: 34812052, 34811227
Change-Id: Ic9f63c7bb366302a24baa3e1b79020210910ac0a
/frameworks/base/core/java/android/net/IpSecTransform.java
|