Skip to content
Snippets Groups Projects
Commit 5c0b66ed authored by Motomu Utsumi's avatar Motomu Utsumi Committed by Mohammad Hasan Keramat J
Browse files

Drop packets to VPN address ingressing via non-VPN interface 

Cherry-pick of aosp/2795711 to backport VPN security fix to non-mainline
U devices.
Since isTetheringFeatureNotChickenedOut is not available on U branch,
this feature is enabled on T+ devices without kill switch.
Also, this CL removes test changes since CSTest utilities are not
available on u branches.

When there are addresses that are used by a single VPN interface,
ConnectivityService sets ingress discard rules to drop packets to this
address from the non-Vpn interfaces

Bug: 193031925
Test: TH
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d493a3aa7dcca3219b139616c9de3c6ee8181f86)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:1027bc813ea6a5b97bc0f55401e01f5eec91e94a)
Merged-In: I5933d42f3fd257139fb803ede1391e10d9d1211b
Change-Id: I5933d42f3fd257139fb803ede1391e10d9d1211b
parent 741ed0b4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment