From feebc885a2da1d8bb1fcb5f460a10b51380993e2 Mon Sep 17 00:00:00 2001
From: Nathan Harold <nharold@google.com>
Date: Tue, 27 Feb 2018 19:19:40 -0800
Subject: [PATCH] Check mOwnedByTransform to avoid DELSA on SPI

The owned by transform flag prevents the removal
of an SPI from accidentally deleting an associated
SA in the kernel. That flag wasn't actually being
checked, so deleting an SPI would result in the
transform being removed.

The existing code already guarantees that the SA is
deleted when the transform is deleted

Bug: 73258845
Test: runtest frameworks-net
Change-Id: I4c26aea7af817a5d9e54da5db1cdf4f943bcae06
---
 .../core/java/com/android/server/IpSecService.java     | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java
index 45e9481c22..89f599b17f 100644
--- a/services/core/java/com/android/server/IpSecService.java
+++ b/services/core/java/com/android/server/IpSecService.java
@@ -676,10 +676,12 @@ public class IpSecService extends IIpSecService.Stub {
         @Override
         public void freeUnderlyingResources() {
             try {
-                mSrvConfig
-                        .getNetdInstance()
-                        .ipSecDeleteSecurityAssociation(
-                                mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0);
+                if (!mOwnedByTransform) {
+                    mSrvConfig
+                            .getNetdInstance()
+                            .ipSecDeleteSecurityAssociation(
+                                    mResourceId, mSourceAddress, mDestinationAddress, mSpi, 0, 0);
+                }
             } catch (ServiceSpecificException | RemoteException e) {
                 Log.e(TAG, "Failed to delete SPI reservation with ID: " + mResourceId, e);
             }