| commit | 0586a602922f23e846821bd843e487676c0f6562 | [log] [tgz] |
|---|---|---|
| author | junyulai <junyulai@google.com> | Tue Apr 30 14:42:05 2019 +0800 |
| committer | junyulai <junyulai@google.com> | Fri May 10 00:36:58 2019 +0800 |
| tree | 45a91f4f92fbf0ff4ff50a39af8506501b0b90e4 | |
| parent | 4dca18aa3131a04684f194532ff3e02858f1d75e [diff] |
Limit unprivileged keepalives per uid Public APIs for creating unprivileged NATT socket keepalive might allow users to exhaust resource if malicious apps try to create keepalives with fd which is not created by IpSecService through binder call. Thus, this change add customizable limitation per uid to prevent resource exhaustion attack. Bug: 129371366 Bug: 132307230 Test: atest FrameworksNetTests Change-Id: Ibcb91105e46f7e898b8aa7c2babc3344ef2c6257