2 files changed, 9 insertions, 33 deletions

diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index e484ca0a2487..968528ca5b29 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -52,7 +52,6 @@ import android.net.Ikev2VpnProfile;
 import android.net.IpPrefix;
 import android.net.IpSecManager;
 import android.net.IpSecManager.IpSecTunnelInterface;
-import android.net.IpSecManager.UdpEncapsulationSocket;
 import android.net.IpSecTransform;
 import android.net.LinkAddress;
 import android.net.LinkProperties;
@@ -2201,7 +2200,6 @@ public class Vpn {
         /** Signal to ensure shutdown is honored even if a new Network is connected. */
         private boolean mIsRunning = true;
 
-        @Nullable private UdpEncapsulationSocket mEncapSocket;
         @Nullable private IpSecTunnelInterface mTunnelIface;
         @Nullable private IkeSession mSession;
         @Nullable private Network mActiveNetwork;
@@ -2352,29 +2350,21 @@ public class Vpn {
                     resetIkeState();
                     mActiveNetwork = network;
 
-                    // TODO(b/149356682): Update this based on new IKE API
-                    mEncapSocket = mIpSecManager.openUdpEncapsulationSocket();
-
-                    // TODO(b/149356682): Update this based on new IKE API
                     final IkeSessionParams ikeSessionParams =
-                            VpnIkev2Utils.buildIkeSessionParams(mProfile, mEncapSocket);
+                            VpnIkev2Utils.buildIkeSessionParams(mContext, mProfile, network);
                     final ChildSessionParams childSessionParams =
                             VpnIkev2Utils.buildChildSessionParams();
 
                     // TODO: Remove the need for adding two unused addresses with
                     // IPsec tunnels.
+                    final InetAddress address = InetAddress.getLocalHost();
                     mTunnelIface =
                             mIpSecManager.createIpSecTunnelInterface(
-                                    ikeSessionParams.getServerAddress() /* unused */,
-                                    ikeSessionParams.getServerAddress() /* unused */,
+                                    address /* unused */,
+                                    address /* unused */,
                                     network);
                     mNetd.setInterfaceUp(mTunnelIface.getInterfaceName());
 
-                    // Socket must be bound to prevent network switches from causing
-                    // the IKE teardown to fail/timeout.
-                    // TODO(b/149356682): Update this based on new IKE API
-                    network.bindSocket(mEncapSocket.getFileDescriptor());
-
                     mSession = mIkev2SessionCreator.createIkeSession(
                             mContext,
                             ikeSessionParams,
@@ -2459,16 +2449,6 @@ public class Vpn {
                 mSession.kill(); // Kill here to make sure all resources are released immediately
                 mSession = null;
             }
-
-            // TODO(b/149356682): Update this based on new IKE API
-            if (mEncapSocket != null) {
-                try {
-                    mEncapSocket.close();
-                } catch (IOException e) {
-                    Log.e(TAG, "Failed to close encap socket", e);
-                }
-                mEncapSocket = null;
-            }
         }
 
         /**
diff --git a/services/core/java/com/android/server/connectivity/VpnIkev2Utils.java b/services/core/java/com/android/server/connectivity/VpnIkev2Utils.java
index 33fc32b78df7..3da304c07910 100644
--- a/services/core/java/com/android/server/connectivity/VpnIkev2Utils.java
+++ b/services/core/java/com/android/server/connectivity/VpnIkev2Utils.java
@@ -35,10 +35,10 @@ import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_AES128_XCBC
 import static android.net.ipsec.ike.SaProposal.PSEUDORANDOM_FUNCTION_HMAC_SHA1;
 
 import android.annotation.NonNull;
+import android.content.Context;
 import android.net.Ikev2VpnProfile;
 import android.net.InetAddresses;
 import android.net.IpPrefix;
-import android.net.IpSecManager.UdpEncapsulationSocket;
 import android.net.IpSecTransform;
 import android.net.Network;
 import android.net.RouteInfo;
@@ -84,18 +84,14 @@ import java.util.List;
  */
 public class VpnIkev2Utils {
     static IkeSessionParams buildIkeSessionParams(
-            @NonNull Ikev2VpnProfile profile, @NonNull UdpEncapsulationSocket socket) {
-        // TODO(b/149356682): Update this based on new IKE API. Only numeric addresses supported
-        //                    until then. All others throw IAE (caught by caller).
-        final InetAddress serverAddr = InetAddresses.parseNumericAddress(profile.getServerAddr());
+            @NonNull Context context, @NonNull Ikev2VpnProfile profile, @NonNull Network network) {
         final IkeIdentification localId = parseIkeIdentification(profile.getUserIdentity());
         final IkeIdentification remoteId = parseIkeIdentification(profile.getServerAddr());
 
-        // TODO(b/149356682): Update this based on new IKE API.
         final IkeSessionParams.Builder ikeOptionsBuilder =
-                new IkeSessionParams.Builder()
-                        .setServerAddress(serverAddr)
-                        .setUdpEncapsulationSocket(socket)
+                new IkeSessionParams.Builder(context)
+                        .setServerHostname(profile.getServerAddr())
+                        .setNetwork(network)
                         .setLocalIdentification(localId)
                         .setRemoteIdentification(remoteId);
         setIkeAuth(profile, ikeOptionsBuilder);