Implement kernel_ipsec_t.bypass_socket() via JNI and VpnService.protect()

diff --git a/src/frontends/android/jni/libandroidbridge/charonservice.c b/src/frontends/android/jni/libandroidbridge/charonservice.c
index a9a3fe4..974875e 100644 (file)
--- a/src/frontends/android/jni/libandroidbridge/charonservice.c
+++ b/src/frontends/android/jni/libandroidbridge/charonservice.c
@@ -90,6 +90,34 @@ static void dbg_android(debug_t group, level_t level, char *fmt, ...)
        }
 }
 
+METHOD(charonservice_t, bypass_socket, bool,
+       private_charonservice_t *this, int fd, int family)
+{
+       JNIEnv *env;
+       jmethodID method_id;
+
+       androidjni_attach_thread(&env);
+
+       method_id = (*env)->GetMethodID(env, android_charonvpnservice_class,
+                                                                       "protect", "(I)Z");
+       if (!method_id)
+       {
+               goto failed;
+       }
+       if (!(*env)->CallBooleanMethod(env, this->vpn_service, method_id, fd))
+       {
+               DBG1(DBG_CFG, "VpnService.protect() failed");
+               goto failed;
+       }
+       androidjni_detach_thread();
+       return TRUE;
+
+failed:
+       androidjni_exception_occurred(env);
+       androidjni_detach_thread();
+       return FALSE;
+}
+
 /**
  * Initialize the charonservice object
  */
@@ -105,6 +133,7 @@ static void charonservice_init(JNIEnv *env, jobject service)
 
        INIT(this,
                .public = {
+                       .bypass_socket = _bypass_socket,
                },
                .vpn_service = (*env)->NewGlobalRef(env, service),
        );

diff --git a/src/frontends/android/jni/libandroidbridge/charonservice.h b/src/frontends/android/jni/libandroidbridge/charonservice.h
index a356249..8bacd0a 100644 (file)
--- a/src/frontends/android/jni/libandroidbridge/charonservice.h
+++ b/src/frontends/android/jni/libandroidbridge/charonservice.h
@@ -28,6 +28,8 @@
 #ifndef CHARONSERVICE_H_
 #define CHARONSERVICE_H_
 
+#include <library.h>
+
 typedef struct charonservice_t charonservice_t;
 
 /**
@@ -37,6 +39,16 @@ typedef struct charonservice_t charonservice_t;
  */
 struct charonservice_t {
 
+       /**
+        * Install a bypass policy for the given socket using the protect() Method
+        * of the Android VpnService interface
+        *
+        * @param fd                    socket file descriptor
+        * @param family                socket protocol family
+        * @return                              TRUE if operation successful
+        */
+       bool (*bypass_socket)(charonservice_t *this, int fd, int family);
+
 };
 
 /**

diff --git a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c
index 8254c01..08cc616 100644 (file)
--- a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c
+++ b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c
@@ -15,6 +15,7 @@
  */
 
 #include "android_ipsec.h"
+#include "../charonservice.h"
 
 #include <debug.h>
 #include <library.h>
@@ -139,7 +140,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t,
 METHOD(kernel_ipsec_t, bypass_socket, bool,
        private_kernel_android_ipsec_t *this, int fd, int family)
 {
-       return NOT_SUPPORTED;
+       return charonservice->bypass_socket(charonservice, fd, family);
 }
 
 METHOD(kernel_ipsec_t, enable_udp_decap, bool,