Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 02c7abac856c3e94f4a2714d673cefb65c55efb7
commit02c7abac856c3e94f4a2714d673cefb65c55efb7[log] [tgz]
authorLorenzo Colitti <lorenzo@google.com>Thu Oct 16 00:55:07 2014 +0900
committerLorenzo Colitti <lorenzo@google.com>Thu Oct 16 01:16:50 2014 +0900
treeef05718481146d0d5e92e70c8ccec674db427ba3
parent0cb7903ddedbbb8a8171926e4460b74af589369d [diff]
Don't make lockdown VPN source firewall rules over-broad.

Currently, the lockdown VPN adds firewall allow rules matching
the whole subnet that the server assigned, so for example if
the VPN server assigns it the IP address 10.1.23.5/8, it will
allow the whole of 10.0.0.0/8 to pass the firewall.

This is needlessly overbroad and has a particularly bad corner
case where if the prefix length is 0, everything is allowed.

Bug: 17695048
Change-Id: Idbec4b3aea0f72f9bdfd26dcd72d6a97d026fb12
1 file changed
tree: ef05718481146d0d5e92e70c8ccec674db427ba3
  1. api/
  2. cmds/
  3. core/
  4. data/
  5. docs/
  6. drm/
  7. graphics/
  8. include/
  9. keystore/
  10. libs/
  11. location/
  12. media/
  13. native/
  14. nfc-extras/
  15. obex/
  16. opengl/
  17. packages/
  18. policy/
  19. rs/
  20. samples/
  21. sax/
  22. services/
  23. telecomm/
  24. telephony/
  25. test-runner/
  26. tests/
  27. tools/
  28. wifi/
  29. Android.mk
  30. CleanSpec.mk
  31. MODULE_LICENSE_APACHE2
  32. NOTICE
  33. preloaded-classes