From 7bcf9c28acc9d8074d85658e0de9c3088b09aaed Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Tue, 11 Feb 2020 23:36:42 -0800 Subject: [PATCH] Relax IPsec resource count restrictions. IPsec resource counts were selected to be conservative, due to unknowns about device capabilities. Since then, it appears that we no longer need such stringent quotas, and this can be relaxed. Test: FrameworksNetTest passing Change-Id: Id53d14e5698e5fcc410868424176b00350c7ae79 --- .../core/java/com/android/server/IpSecService.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java index 98ac4cb712..15cbfb5c65 100644 --- a/services/core/java/com/android/server/IpSecService.java +++ b/services/core/java/com/android/server/IpSecService.java @@ -360,10 +360,14 @@ public class IpSecService extends IIpSecService.Stub { @VisibleForTesting static final class UserRecord { /* Maximum number of each type of resource that a single UID may possess */ - public static final int MAX_NUM_TUNNEL_INTERFACES = 2; - public static final int MAX_NUM_ENCAP_SOCKETS = 2; - public static final int MAX_NUM_TRANSFORMS = 4; - public static final int MAX_NUM_SPIS = 8; + + // Up to 4 active VPNs/IWLAN with potential soft handover. + public static final int MAX_NUM_TUNNEL_INTERFACES = 8; + public static final int MAX_NUM_ENCAP_SOCKETS = 16; + + // SPIs and Transforms are both cheap, and are 1:1 correlated. + public static final int MAX_NUM_TRANSFORMS = 64; + public static final int MAX_NUM_SPIS = 64; /** * Store each of the OwnedResource types in an (thinly wrapped) sparse array for indexing