Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_base / 3c5fe888675b4f60b76cd058a3296112c8037b63
commit3c5fe888675b4f60b76cd058a3296112c8037b63[log] [tgz]
authorjunyulai <junyulai@google.com>Tue Apr 30 14:42:05 2019 +0800
committerChalard Jean <jchalard@google.com>Mon May 13 15:53:02 2019 +0900
treef996e68793e5ce26ebe331a412c9c5361c7ed9c8
parent2ee367ece93f64acb2b74e6daa6ef6187d87da14 [diff]
Limit unprivileged keepalives per uid

Public APIs for creating unprivileged NATT socket keepalive
might allow users to exhaust resource if malicious apps try
to create keepalives with fd which is not created by
IpSecService through binder call. Thus, this change add
customizable limitation per uid to prevent resource exhaustion
attack.

Bug: 129371366
Bug: 132307230
Test: atest FrameworksNetTests

Clean cherry-pick of aosp/954040
Merged-In: Ibcb91105e46f7e898b8aa7c2babc3344ef2c6257
Merged-In: Ia667386c1a8949839871a6949d79552d9c8b88f0

Change-Id: I92f6d977b6dfde4e1bf74df6b60c9a0b9e8eec40
3 files changed
tree: f996e68793e5ce26ebe331a412c9c5361c7ed9c8
  1. apct-tests/
  2. api/
  3. cmds/
  4. config/
  5. core/
  6. data/
  7. docs/
  8. drm/
  9. graphics/
  10. keystore/
  11. libs/
  12. location/
  13. lowpan/
  14. media/
  15. native/
  16. nfc-extras/
  17. obex/
  18. opengl/
  19. packages/
  20. proto/
  21. rs/
  22. samples/
  23. sax/
  24. services/
  25. startop/
  26. telecomm/
  27. telephony/
  28. test-base/
  29. test-legacy/
  30. test-mock/
  31. test-runner/
  32. tests/
  33. tools/
  34. wifi/
  35. .gitignore
  36. Android.bp
  37. Android.mk
  38. CleanSpec.mk
  39. jarjar_rules_hidl.txt
  40. MODULE_LICENSE_APACHE2
  41. NOTICE
  42. pathmap.mk
  43. PREUPLOAD.cfg