Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / e5c3c8cccd81a9784abb96b9e165abd5fb76fd29
commite5c3c8cccd81a9784abb96b9e165abd5fb76fd29[log] [tgz]
authorjunyulai <junyulai@google.com>Tue Apr 30 14:42:05 2019 +0800
committerjunyulai <junyulai@google.com>Fri May 10 00:36:58 2019 +0800
tree680e31783332a2f1708b1143f6c95ad23692b52b
parenta91094aeb6a32bcbe79746c09e9f7f135f8c97e9 [diff]
Limit unprivileged keepalives per uid

Public APIs for creating unprivileged NATT socket keepalive
might allow users to exhaust resource if malicious apps try
to create keepalives with fd which is not created by
IpSecService through binder call. Thus, this change add
customizable limitation per uid to prevent resource exhaustion
attack.

Bug: 129371366
Bug: 132307230
Test: atest FrameworksNetTests
Change-Id: Ibcb91105e46f7e898b8aa7c2babc3344ef2c6257
3 files changed
tree: 680e31783332a2f1708b1143f6c95ad23692b52b
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. libs/
  12. location/
  13. lowpan/
  14. media/
  15. native/
  16. nfc-extras/
  17. obex/
  18. opengl/
  19. packages/
  20. proto/
  21. rs/
  22. samples/
  23. sax/
  24. services/
  25. startop/
  26. telecomm/
  27. telephony/
  28. test-base/
  29. test-legacy/
  30. test-mock/
  31. test-runner/
  32. tests/
  33. tools/
  34. vr/
  35. wifi/
  36. Android.bp
  37. Android.mk
  38. CleanSpec.mk
  39. jarjar_rules_hidl.txt
  40. MODULE_LICENSE_APACHE2
  41. NOTICE
  42. pathmap.mk
  43. PREUPLOAD.cfg