Relax IPsec resource count restrictions.
IPsec resource counts were selected to be conservative, due to unknowns
about device capabilities. Since then, it appears that we no longer need
such stringent quotas, and this can be relaxed.
Test: FrameworksNetTest passing
Change-Id: Id53d14e5698e5fcc410868424176b00350c7ae79
diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java
index 98ac4cb..15cbfb5 100644
--- a/services/core/java/com/android/server/IpSecService.java
+++ b/services/core/java/com/android/server/IpSecService.java
@@ -360,10 +360,14 @@
@VisibleForTesting
static final class UserRecord {
/* Maximum number of each type of resource that a single UID may possess */
- public static final int MAX_NUM_TUNNEL_INTERFACES = 2;
- public static final int MAX_NUM_ENCAP_SOCKETS = 2;
- public static final int MAX_NUM_TRANSFORMS = 4;
- public static final int MAX_NUM_SPIS = 8;
+
+ // Up to 4 active VPNs/IWLAN with potential soft handover.
+ public static final int MAX_NUM_TUNNEL_INTERFACES = 8;
+ public static final int MAX_NUM_ENCAP_SOCKETS = 16;
+
+ // SPIs and Transforms are both cheap, and are 1:1 correlated.
+ public static final int MAX_NUM_TRANSFORMS = 64;
+ public static final int MAX_NUM_SPIS = 64;
/**
* Store each of the OwnedResource types in an (thinly wrapped) sparse array for indexing