Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2a42aa89 authored by Benedict Wong's avatar Benedict Wong Committed by Automerger Merge Worker
Browse files

Merge "Add clarifying comments on for IPsec forward policies" am: 1a88665f 

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1702525

Change-Id: I7267d331065ceadb830a14170920810f053eacb8
parents f98d2cc9 1a88665f

services/core/java/com/android/server/IpSecService.java

+11 −1
Original line number Diff line number Diff line
@@ -1112,7 +1112,7 @@ public class IpSecService extends IIpSecService.Stub { 
            case IpSecManager.DIRECTION_IN:

                return;

            case IpSecManager.DIRECTION_FWD:

                // Only NETWORK_STACK or PERMISSION_NETWORK_STACK allowed to use forward policies

                // Only NETWORK_STACK or MAINLINE_NETWORK_STACK allowed to use forward policies

                PermissionUtils.enforceNetworkStackPermission(mContext);

                return;

        }
@@ -1358,6 +1358,16 @@ public class IpSecService extends IIpSecService.Stub { 
                        ikey,

                        0xffffffff,

                        resourceId);



                // Add a forwarding policy on the tunnel interface. In order to support forwarding

                // the IpSecTunnelInterface must have a forwarding policy matching the incoming SA.

                //

                // Unless a IpSecTransform is also applied against this interface in DIRECTION_FWD,

                // forwarding will be blocked by default (as would be the case if this policy was

                // absent).

                //

                // This is necessary only on the tunnel interface, and not any the interface to

                // which traffic will be forwarded to.

                netd.ipSecAddSecurityPolicy(

                        callerUid,

                        selAddrFamily,