Commit 1a2c5e91 authored by Robin Lee's avatar Robin Lee
Browse files

Use NetdClient to exempt racoon sockets from VPN

So that if we create a networkRejectNonSecureVpn rule, racoon doesn't
get its connection shut down.

This means we can drop the special-cased firewall code for racoon from
Android, and just use the same set of VPN ip rules as for third-party
apps.

Later on it might be possible to protect the socket without depending
on libnetd_client, see bug 34524989

Test: manual - enable always-on VPN with a legacy Ipsec PSK VPN on 464xlat network
Bug: 33159037
Change-Id: I89740d110cff8e67eb661b0b3d191eb49aa1e9d8
parent fcef899d
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment