[ipsec-doze] Add fchown capabilities, and fw rules Add some firewall rules to allow doze mode packets to be sent/received on ESP & no-socket packets. No-socket packets are no security risk because they are either forwarded, going to be forwarded, or will be dropped at routing tables (unless they are ESP). Bug: 62994731 Test: New tests added, run Change-Id: I2d8704498b564403d94123e4938091dee8fb98c1

commit: b2daefb0fd5eb1e6ed4ff2149e13a09ee5748711 [log] [tgz]
author: Benedict Wong <benedictwong@google.com> Wed Dec 06 22:05:46 2017 -0800
committer: Benedict Wong <benedictwong@google.com> Mon Dec 18 15:56:49 2017 -0800
tree: e0eb183f036a0dff44be2ecc60db908dd2b0fd09
parent: 164c8966c6bce401907c2f140e8c69452a89d227 [diff] [blame]
diff --git a/server/NetdNativeService.h b/server/NetdNativeService.h
index 0d7f721..6842f1a 100644
--- a/server/NetdNativeService.h
+++ b/server/NetdNativeService.h

@@ -76,6 +76,8 @@
     binder::Status getMetricsReportingLevel(int *reportingLevel) override;
     binder::Status setMetricsReportingLevel(const int reportingLevel) override;
 
+    binder::Status ipSecSetEncapSocketOwner(const android::base::unique_fd& socket, int newUid);
+
     binder::Status ipSecAllocateSpi(
             int32_t transformId,
             int32_t direction,
commit	b2daefb0fd5eb1e6ed4ff2149e13a09ee5748711	[log] [tgz]
author	Benedict Wong <benedictwong@google.com>	Wed Dec 06 22:05:46 2017 -0800
committer	Benedict Wong <benedictwong@google.com>	Mon Dec 18 15:56:49 2017 -0800
tree	e0eb183f036a0dff44be2ecc60db908dd2b0fd09
parent	164c8966c6bce401907c2f140e8c69452a89d227 [diff] [blame]