[ipsec-doze] Add fchown capabilities, and fw rules Add some firewall rules to allow doze mode packets to be sent/received on ESP & no-socket packets. No-socket packets are no security risk because they are either forwarded, going to be forwarded, or will be dropped at routing tables (unless they are ESP). Bug: 62994731 Test: New tests added, run Change-Id: I2d8704498b564403d94123e4938091dee8fb98c1

commit: b2daefb0fd5eb1e6ed4ff2149e13a09ee5748711 [log] [tgz]
author: Benedict Wong <benedictwong@google.com> Wed Dec 06 22:05:46 2017 -0800
committer: Benedict Wong <benedictwong@google.com> Mon Dec 18 15:56:49 2017 -0800
tree: e0eb183f036a0dff44be2ecc60db908dd2b0fd09
parent: 164c8966c6bce401907c2f140e8c69452a89d227 [diff] [blame]
diff --git a/server/XfrmController.h b/server/XfrmController.h
index a881b64..56c1847 100644
--- a/server/XfrmController.h
+++ b/server/XfrmController.h

@@ -122,6 +122,9 @@
 public:
     XfrmController();
 
+    netdutils::Status ipSecSetEncapSocketOwner(const android::base::unique_fd& socket, int newUid,
+                                               uid_t callerUid);
+
     netdutils::Status ipSecAllocateSpi(int32_t transformId, int32_t direction,
                                        const std::string& localAddress,
                                        const std::string& remoteAddress, int32_t inSpi,
commit	b2daefb0fd5eb1e6ed4ff2149e13a09ee5748711	[log] [tgz]
author	Benedict Wong <benedictwong@google.com>	Wed Dec 06 22:05:46 2017 -0800
committer	Benedict Wong <benedictwong@google.com>	Mon Dec 18 15:56:49 2017 -0800
tree	e0eb183f036a0dff44be2ecc60db908dd2b0fd09
parent	164c8966c6bce401907c2f140e8c69452a89d227 [diff] [blame]