Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 564e2aa81ea2de3d10977ad661bbbd9884a2ac0f
commit564e2aa81ea2de3d10977ad661bbbd9884a2ac0f[log] [tgz]
authorBenedict Wong <benedictwong@google.com>Mon May 07 20:06:44 2018 -0700
committerBenedict Wong <benedictwong@google.com>Thu Aug 30 10:55:02 2018 -0700
tree4fb8cefd0b1b3cd26b3d1afacbc5ee2a6d338d60
parent9137ecafbd77f1ddeb613a6bc58a872bb04785ac [diff]
Use tunnel local/remote addresses in security policies

This patch changes tunnel mode security policies to use the actual
tunnel's local and remote addresses to select the SA.
This prevents the kernel from calling xfrm_get_saddr(), which does a
route lookup, potentially resolving an incorrect saddr.

Bug: 79384676
Test: CTS, IpSecService* tests passing
Change-Id: I8223225e2363a79591a0bb0040aa8619cf84c184
1 file changed
tree: 4fb8cefd0b1b3cd26b3d1afacbc5ee2a6d338d60
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. libs/
  12. location/
  13. lowpan/
  14. media/
  15. native/
  16. nfc-extras/
  17. obex/
  18. opengl/
  19. packages/
  20. proto/
  21. rs/
  22. samples/
  23. sax/
  24. services/
  25. telecomm/
  26. telephony/
  27. test-base/
  28. test-legacy/
  29. test-mock/
  30. test-runner/
  31. tests/
  32. tools/
  33. vr/
  34. wifi/
  35. Android.bp
  36. Android.mk
  37. CleanSpec.mk
  38. MODULE_LICENSE_APACHE2
  39. NOTICE
  40. pathmap.mk
  41. PREUPLOAD.cfg