From d4f76751992579d9fcbb636fff0ed4429bbfc75e Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 8 Aug 2012 12:20:13 +0200 Subject: [PATCH] Implement kernel_ipsec_t.bypass_socket() via JNI and VpnService.protect() --- .../android/jni/libandroidbridge/charonservice.c | 29 ++++++++++++++++++++++ .../android/jni/libandroidbridge/charonservice.h | 12 +++++++++ .../jni/libandroidbridge/kernel/android_ipsec.c | 3 ++- 3 files changed, 43 insertions(+), 1 deletion(-) diff --git a/src/frontends/android/jni/libandroidbridge/charonservice.c b/src/frontends/android/jni/libandroidbridge/charonservice.c index a9a3fe4..974875e 100644 --- a/src/frontends/android/jni/libandroidbridge/charonservice.c +++ b/src/frontends/android/jni/libandroidbridge/charonservice.c @@ -90,6 +90,34 @@ static void dbg_android(debug_t group, level_t level, char *fmt, ...) } } +METHOD(charonservice_t, bypass_socket, bool, + private_charonservice_t *this, int fd, int family) +{ + JNIEnv *env; + jmethodID method_id; + + androidjni_attach_thread(&env); + + method_id = (*env)->GetMethodID(env, android_charonvpnservice_class, + "protect", "(I)Z"); + if (!method_id) + { + goto failed; + } + if (!(*env)->CallBooleanMethod(env, this->vpn_service, method_id, fd)) + { + DBG1(DBG_CFG, "VpnService.protect() failed"); + goto failed; + } + androidjni_detach_thread(); + return TRUE; + +failed: + androidjni_exception_occurred(env); + androidjni_detach_thread(); + return FALSE; +} + /** * Initialize the charonservice object */ @@ -105,6 +133,7 @@ static void charonservice_init(JNIEnv *env, jobject service) INIT(this, .public = { + .bypass_socket = _bypass_socket, }, .vpn_service = (*env)->NewGlobalRef(env, service), ); diff --git a/src/frontends/android/jni/libandroidbridge/charonservice.h b/src/frontends/android/jni/libandroidbridge/charonservice.h index a356249..8bacd0a 100644 --- a/src/frontends/android/jni/libandroidbridge/charonservice.h +++ b/src/frontends/android/jni/libandroidbridge/charonservice.h @@ -28,6 +28,8 @@ #ifndef CHARONSERVICE_H_ #define CHARONSERVICE_H_ +#include + typedef struct charonservice_t charonservice_t; /** @@ -37,6 +39,16 @@ typedef struct charonservice_t charonservice_t; */ struct charonservice_t { + /** + * Install a bypass policy for the given socket using the protect() Method + * of the Android VpnService interface + * + * @param fd socket file descriptor + * @param family socket protocol family + * @return TRUE if operation successful + */ + bool (*bypass_socket)(charonservice_t *this, int fd, int family); + }; /** diff --git a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c index 8254c01..08cc616 100644 --- a/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c +++ b/src/frontends/android/jni/libandroidbridge/kernel/android_ipsec.c @@ -15,6 +15,7 @@ */ #include "android_ipsec.h" +#include "../charonservice.h" #include #include @@ -139,7 +140,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t, METHOD(kernel_ipsec_t, bypass_socket, bool, private_kernel_android_ipsec_t *this, int fd, int family) { - return NOT_SUPPORTED; + return charonservice->bypass_socket(charonservice, fd, family); } METHOD(kernel_ipsec_t, enable_udp_decap, bool, -- 2.7.4