Add checks to ensure SPIs are not reused
This change adds an additional check in CheckIpsecConfig to prevent
users from using the same SPI twice. This allows for a more granular
error message.
Bug: 70642141
Test: Tests added in IpSecServiceParameterizedTest
Change-Id: I9621fb05c6b162bd8ae8db4ac1e64feaa9d0ac73
diff --git a/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java b/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java
index d9d4eeb..1618e07 100644
--- a/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java
+++ b/tests/net/java/com/android/server/IpSecServiceParameterizedTest.java
@@ -268,6 +268,31 @@
anyInt());
}
+ public void testCreateTwoTransformsWithSameSpis() throws Exception {
+ IpSecConfig ipSecConfig = new IpSecConfig();
+ addDefaultSpisAndRemoteAddrToIpSecConfig(ipSecConfig);
+ addAuthAndCryptToIpSecConfig(ipSecConfig);
+
+ IpSecTransformResponse createTransformResp =
+ mIpSecService.createTransform(ipSecConfig, new Binder());
+ assertEquals(IpSecManager.Status.OK, createTransformResp.status);
+
+ // Attempting to create transform a second time with the same SPIs should throw an error...
+ try {
+ mIpSecService.createTransform(ipSecConfig, new Binder());
+ fail("IpSecService should have thrown an error for reuse of SPI");
+ } catch (IllegalStateException expected) {
+ }
+
+ // ... even if the transform is deleted
+ mIpSecService.deleteTransform(createTransformResp.resourceId);
+ try {
+ mIpSecService.createTransform(ipSecConfig, new Binder());
+ fail("IpSecService should have thrown an error for reuse of SPI");
+ } catch (IllegalStateException expected) {
+ }
+ }
+
@Test
public void testDeleteTransform() throws Exception {
IpSecConfig ipSecConfig = new IpSecConfig();
