Fix policy leak by deleting forwarding security policies Fix the policy leak by deleting forwarding policies when deleting the IPsec tunnel interface. Bug: 254566085 Test: atest IpSecServiceParameterizedTest (new tests added) Change-Id: I29dd4810abb978fe886776b2fbacdfc74325436d

commit: f4eceba0a92e85f5c1ac118f62c897a70b1f40fa [log] [tgz]
author: Yan Yan <evitayan@google.com> Mon Oct 31 20:41:13 2022 +0000
committer: Yan Yan <evitayan@google.com> Mon Oct 31 22:51:08 2022 +0000
tree: ccb9b9679401b8f0360a4324b6692a6b167d6c8b
parent: fb63db00c4d50e42f0b9fe593f6116baaa3dfe43 [diff] [blame]
diff --git a/service-t/src/com/android/server/IpSecService.java b/service-t/src/com/android/server/IpSecService.java
index 16b9f1e..6cee08a 100644
--- a/service-t/src/com/android/server/IpSecService.java
+++ b/service-t/src/com/android/server/IpSecService.java

@@ -859,6 +859,13 @@
                             mIkey,
                             0xffffffff,
                             mIfId);
+                    mNetd.ipSecDeleteSecurityPolicy(
+                            mUid,
+                            selAddrFamily,
+                            IpSecManager.DIRECTION_FWD,
+                            mIkey,
+                            0xffffffff,
+                            mIfId);
                 }
             } catch (ServiceSpecificException | RemoteException e) {
                 Log.e(
commit	f4eceba0a92e85f5c1ac118f62c897a70b1f40fa	[log] [tgz]
author	Yan Yan <evitayan@google.com>	Mon Oct 31 20:41:13 2022 +0000
committer	Yan Yan <evitayan@google.com>	Mon Oct 31 22:51:08 2022 +0000
tree	ccb9b9679401b8f0360a4324b6692a6b167d6c8b
parent	fb63db00c4d50e42f0b9fe593f6116baaa3dfe43 [diff] [blame]