Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b2920572 authored by Benedict Wong's avatar Benedict Wong
Browse files

Cleanup and update comments SA mark disabling comments 

This commit cleans up and upates comments with regard to changes in
aosp/721999, clarifying the restrictions and potential pitfalls we would
see with regards to IPsec tunnel mode without updatable SAs.

Bug: 111854872
Test: Compiles, comment-only change
Change-Id: I07b0063987463c1a3cf42e112839a31739947c80
parent 781dae63

services/core/java/com/android/server/IpSecService.java

+5 −0
Original line number Diff line number Diff line
@@ -1770,6 +1770,11 @@ public class IpSecService extends IIpSecService.Stub { 
            //     and SPs have matching marks (as VTI are meant to be built).

            // Currently update does nothing with marks. Leave empty (defaulting to 0) to ensure the

            //     config matches the actual allocated resources in the kernel.

            // All SAs will have zero marks (from creation time), and any policy that matches the

            //     same src/dst could match these SAs. Non-IpSecService governed processes that

            //     establish floating policies with the same src/dst may result in undefined

            //     behavior. This is generally limited to vendor code due to the permissions

            //     (CAP_NET_ADMIN) required.

            //

            // c.setMarkValue(mark);

            // c.setMarkMask(0xffffffff);