Disable the AppOp Restriction for IpSec Tunnels

This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.

Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde

services/core/java/com/android/server/IpSecService.java

@@ -1481,10 +1481,13 @@ public class IpSecService extends IIpSecService.Stub {
         }
     }
 
+    private static final String TUNNEL_OP = "STOPSHIP"; // = AppOpsManager.OP_MANAGE_IPSEC_TUNNELS;
+
     private void enforceTunnelPermissions(String callingPackage) {
         checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels");
+        if (false) { // STOPSHIP if this line is present
             switch (getAppOpsManager().noteOp(
-                    AppOpsManager.OP_MANAGE_IPSEC_TUNNELS,
+                        TUNNEL_OP,
                         Binder.getCallingUid(), callingPackage)) {
                 case AppOpsManager.MODE_DEFAULT:
                     mContext.enforceCallingOrSelfPermission(
@@ -1496,6 +1499,7 @@ public class IpSecService extends IIpSecService.Stub {
                     throw new SecurityException("Request to ignore AppOps for non-legacy API");
             }
         }
+    }
 
     private void createOrUpdateTransform(
             IpSecConfig c, int resourceId, SpiRecord spiRecord, EncapSocketRecord socketRecord)