Only add permissions in accept(); do not try to enforce anything.
Previously, we were enforcing that the user has access to the network over which
the socket is accepted. This has two problems:
1. We weren't handling the loopback interface ('lo') correctly. It's not part of
any network, so the NetId in the fwmark is NETID_UNSET. In
NetworkController::isUserPermittedOnNetwork(), we would fail to find a valid
network, and so we would return false.
2. We have decided that in fact, we don't want to enforce this even for other
interfaces, due to the SYN-ACK problem. See the comments and discussion at:
http://go/android-multinetwork-routing
Bug: 16079376
Change-Id: I3f07f67d06dd7b48bfdfa5616ee22e098e31f8af1 file changed