[ipsec-doze] Add fchown capabilities, and fw rules Add some firewall rules to allow doze mode packets to be sent/received on ESP & no-socket packets. No-socket packets are no security risk because they are either forwarded, going to be forwarded, or will be dropped at routing tables (unless they are ESP). Bug: 62994731 Test: New tests added, run Change-Id: I2d8704498b564403d94123e4938091dee8fb98c1

commit: b2daefb0fd5eb1e6ed4ff2149e13a09ee5748711 [log] [tgz]
author: Benedict Wong <benedictwong@google.com> Wed Dec 06 22:05:46 2017 -0800
committer: Benedict Wong <benedictwong@google.com> Mon Dec 18 15:56:49 2017 -0800
tree: e0eb183f036a0dff44be2ecc60db908dd2b0fd09
parent: 164c8966c6bce401907c2f140e8c69452a89d227 [diff] [blame]
diff --git a/libnetdutils/Syscalls.cpp b/libnetdutils/Syscalls.cpp
index 5354341..9a05e3b 100644
--- a/libnetdutils/Syscalls.cpp
+++ b/libnetdutils/Syscalls.cpp

@@ -65,6 +65,15 @@
         return status::ok;
     }
 
+    Status getsockopt(Fd sock, int level, int optname, void* optval,
+                      socklen_t* optlen) const override {
+        auto rv = ::getsockopt(sock.get(), level, optname, optval, optlen);
+        if (rv == -1) {
+            return statusFromErrno(errno, "getsockopt() failed");
+        }
+        return status::ok;
+    }
+
     Status setsockopt(Fd sock, int level, int optname, const void* optval,
                       socklen_t optlen) const override {
         auto rv = ::setsockopt(sock.get(), level, optname, optval, optlen);
commit	b2daefb0fd5eb1e6ed4ff2149e13a09ee5748711	[log] [tgz]
author	Benedict Wong <benedictwong@google.com>	Wed Dec 06 22:05:46 2017 -0800
committer	Benedict Wong <benedictwong@google.com>	Mon Dec 18 15:56:49 2017 -0800
tree	e0eb183f036a0dff44be2ecc60db908dd2b0fd09
parent	164c8966c6bce401907c2f140e8c69452a89d227 [diff] [blame]