| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For those fields existing in the IkeTunnelConnectionParams,
the value should be retrieved from the object to honor the
setting in the object. IkeTunnelConnectionParams are serialized
in a safe manner to ensure that they do not conflict with the
serialization scheme of VpnProfile. However, copying some of
these fields(e.g. IkeKeyId) may conflict with the serialization
scheme.
Bug: 243718982
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: I510c47e26feabd5cebe9497ef495e4d729d0f7c6
(cherry picked from commit 84afc69b95dee89fd4e7a9567dc3ef8dd56bc385)
Merged-In: I510c47e26feabd5cebe9497ef495e4d729d0f7c6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change ensures that null ProxyInfo instances are honored
and reflected in the actual VpnProfile.
Ikev2VpnProfiles incorrectly set ProxyInfo as an empty instance
when provided with a null ProxyInfo. Other components in the
system sometimes have different behavior if presented with an
empty ProxyInfo instead of a null one.
Bug: 244281603
Test: atest FrameworksNetTests
Test: Manual testing with VPN validation enabled
Change-Id: I67ee2aa5c96dc22ba8fcd2be3fd4c090dec20697
(cherry picked from commit 29348dbfca787235ae1eabbe1a8b7b262187f197)
Merged-In: I67ee2aa5c96dc22ba8fcd2be3fd4c090dec20697
|
| |
|
|
|
|
| |
Bug: 184750836
Test: m
Change-Id: If7a64d0a7d607dafa353c3dfd4bcbac189d1fef3
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop parsing the IKE options from the input IkeTunnelConnectionParams
if exists. The caller shuould get the relevant infortation the
params.
The field is also stored in the VpnProfile if it built from an
Ikev2VpnProfile.
Bug: 184750836
Test: atest FrameworksNetTests HostsideVpnTests
Test: build ; flash ; connect VPN successfully
Change-Id: Id05c17285915462c7a6cd51d5fb4ee5da7f465ba
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IkeTunnelConnectionParams contains more information than the
existing fields inside Ikev2VpnProfile. If the Ikev2VpnProfile
is built from an IkeTunnelConnectionParams, saving it to the
existing fields of Ikev2VpnProfile may cause information lost,
such as IKE options. Thus, store the IkeTunnelConnectionParams
as a field inside Ikev2VpnProfile.
The other Ike options are mutually exclusive with
IkeTunnelConnectionParams. The information such as Preshared
key or username/password may not return expected values if a
profile is built from an IkeTunnelConnectionParams. This may
confuse API callers for using the other getters. Thus, expose
a getter to retrieve IkeTunnelConnectionParams
Bug: 184750836
Test: atest FrameworksNetTests
CTS-Coverage-Bug: 184750836
Change-Id: I61e9a9549b87951956afdcbae2518228994e4729
|
| |
|
|
|
|
|
|
|
| |
Change naming of getExcludeLocalRoutes and setExcludedLocalRoutes
APIs based on API review feedback.
Bug: 217742354
Test: atest FrameworksNetTests
Change-Id: Ia330b571726f93fb38dc24341cc6b748269ccb61
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Expose an API to allow VPNs app to ask for running the validation
check on the VPN network built from Ikev2VpnProfile.
Bug: 184750836
Test: New test in Ikev2VpnTest
Also FrameworksNetTests
Change-Id: I385bb887b6c697d8f5d87af750dbd2aab44afca6
CTS-Coverage-Bug: 184750836
(but CTS is in the same topic, just not detected by the tool)
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Bug: 184750836
Test: make update-api
Test: atest FrameworksNetTests
Change-Id: I70470ab3a945570a23607e39d18f9825d9e1d7aa
CTS-Coverage-Bug: 184750836
|
| |/
|
|
|
|
|
|
|
|
| |
Add a new builder constructor in Ikev2VpnProfile.Builder to allow
building Ikev2VpnProfile from a IkeTunnelConnectionParams object.
Bug: 184750836
Test: atest FrameworksNetTests
Change-Id: I586e7b24c35a777d39402148036d25606a733e85
CTS-Coverage-Bug: 184750836
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
The security implications of this API have to be clarified.
Test: comment-only change
Change-Id: Ifa42dfcda961f7645db7da99a307216d8fe21dca
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
fromVpnProfile() will be called in the system server directly.
If the input VpnProfile does not set excludeLocalRoute with a
bypassable VPN, it will crash system server. Thus, only set
the excludeLocalRoutes in the bypassable VpnProfile.
Bug: 184750836
Test: atest FrameworksNetTests
Change-Id: I311cc7e3c46ab4f6721f477f227e76ba4c0712f6
|
| |/
|
|
|
|
|
|
|
|
|
| |
If excludeLocalRoutes is set, it means the VPN is not fully-routed.
The bypassable bit should also be set to reflect the behavior
in the VPN profile. Thus, verify it in the constructor to ensure
the behavior.
Bug: 184750836
Test: atest FrameworksNetTests
Change-Id: I5d2c7bea2e0d5e77f9241c1efc295b3929e1dae3
|
| |
|
|
|
|
|
|
|
| |
Add a extra variable to store whether the local traffic is
exempted from the VPN.
Bug: 184750836
Test: atest FrameworksNetTests
Change-Id: I70301901c2374ded9fdf179d0ce64e7bb2d7b1ab
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IpSecAlgorithm. Those new algorithms have stronger
security guarantees and better performances.
This commit also removes algorithm name validation because all
algorithms are URL encoded to ensure no special characters create
problems due to their use by VpnProfile for list or field delimiting
(e.g. rfc7539esp(chacha20,poly1305))
Bug: 185265778
Test: atest FrameworksNetTests, CtsNetTestCases
Test: All new algorithms are manually verified
Change-Id: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Use public stable API to load certificates from keystore.
* Also use grants to allow racoon to use keystore keys without
special exceptions in keystore.
* Use LegacyProfileStore instead of Keystore for storing VPN profiles.
Bug: 175068876
Bug: 171305607
Test: atest android.net.cts.Ikev2VpnTest
atest android.net.cts.IpSecManagerTest
atest com.android.server.connectivity.VpnTest
atest com.android.server.ConnectivityServiceTest
Merged-In: I27975113896ea137260a9f94a34fb1c3ca173fe3
Change-Id: I27975113896ea137260a9f94a34fb1c3ca173fe3
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a partial cherry-pick of change:
I5eedb571c9d78862115dfdc5dae1cf2a35343580
for connectivity classes.
Bug: 170883422
Test: m
Merged-In: I5eedb571c9d78862115dfdc5dae1cf2a35343580
Change-Id: I7dc661863b73f4198ddb4f3a1566583d0f07db3c
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of sharing the constant from LinkProperties, use the already
defined constant in the NetworkConstants class.
This allows Ikev2VpnProfile to allow depending on non-public
LinkProperties APIs, as LinkProperties is planned to move to
framework-connectivity.
Bug: 174436414
Test: m
Change-Id: I594bb7e81bc7681799c16eff621a5ffd1b29624c
|
| |
|
|
|
|
|
|
|
| |
This change adds the @RequiresFeature annotation to Ikev2VpnProfile
Builder methods, and checks before provisioning VPN profiles.
Bug: 156681625
Test: New tests added, passing.
Change-Id: I125d8fbe5d67fb877ad7d0636c007cb3e1a9f59b
|
| |
|
|
|
|
|
|
|
|
|
| |
This change adds the ability for IKEv2/IPsec VPN profiles to run on Test
Networks. If enabled, the IKEv2/IPsec VPN profiles will request ONLY
test networks.
Bug: 148582947
Test: FrameworksNetTests passing
Test: Added for testing
Change-Id: I2511b39b27a1e29ae97907cdb12728d13fb1628f
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These were previously being suppressed by doclava but with this change,
all failures are fixed and the suppression logic has been removed.
To fix the issues, there were a few possible changes made:
- broken reference to a public API (such as incorrect parameters): fixed
- unnecessary @link inside an @see tag: fixed
- @see referring to an @hide or @SystemApi: reference removed
- broken references to inner class constructors
- worked around by fully qualifying the constructor
Bug: 6963924
Test: make doc-comment-check-docs
Change-Id: Ifbdce2de96cdffa560bd90f549fa7184d1f9af85
Merged-In: Ifbdce2de96cdffa560bd90f549fa7184d1f9af85
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds support for validating and filtering IPsec algorithms.
Without a public API exposing IKEv2 algorithms (and their respective
public APIs), the allowedAlgorithms can only filter the proposals for
IPsec (Child) SA algorithms.
Additionally, this removes the HMAC_SHA1 from the IKE SA's integrity
algorithm proposals due to insecurity
Bug: 153701879
Test: FrameworksNetTests passing, new tests added
Change-Id: I7e61a1612692db275b751330af5bacbf86836a8c
|
| |
|
|
|
|
|
|
|
|
| |
This change corrects the VpnProfile's maxMtu defaults to match that of
the Ikev2VpnProfile. 1400 is too high as a default, and Settings will
run into an issue here quite often.
Bug: 152573931
Test: FrameworksNetTests passing
Change-Id: I97ba5903b3cc1ed6a21c706ed3d78bd8ecbeee0c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit allows the startLegacyVpn() call to start Platform VPN
profiles, allowing Settings to use the IKEv2/IPsec VPN options
When using an aliased private key, the
Ikev2VpnProfile.KEYSTORE_ALIAS_PREFIX must be prepended to the front of
the alias. This will in turn result in the fromVpnProfile() function to
pull the key from the KeyStore, as opposed to the inline-key that the
VpnManager API uses.
Bug: 148991741
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested
Change-Id: Icbca695c353b2e12e99305676404dbf1a4495949
|
|
|
This change adds configuration classes for Platform VPNs, with the
extensibility for further platform VPNs to be added in future.
Profile validity is checked upon construction, and upon changing
conversion from VpnProfile instances. Internal storage and method calls
all use VpnProfiles to allow for reuse of existing infrastructure.
However, when Platform VPN implementations are started, the internal
VpnProfile will be converted back into the respective
PlatformVpnProfile for validity checking.
Bug: 143325939
Test: Compiles, FrameworksNetTests passing.
Change-Id: I3c375fb08c132fc062e893c375f5c36460122162
|
