Require IPSEC_TUNNEL_MIGRATION feature flag to migrate transforms

Bug: 169169973
Test: atest IpSecServiceParameterizedTest (new tests added)
Change-Id: I3dd45b29163cd1e0cdbef08cb8aabdb629cf73bc

framework-t/src/android/net/IpSecManager.java

@@ -65,6 +65,24 @@ import java.util.Objects;
 public class IpSecManager {
     private static final String TAG = "IpSecManager";
 
+    /**
+     * Feature flag to declare the kernel support of updating IPsec SAs.
+     *
+     * <p>Feature for {@link #getSystemAvailableFeatures} and {@link #hasSystemFeature}: The device
+     * has the requisite kernel support for migrating IPsec tunnels to new source/destination
+     * addresses.
+     *
+     * <p>This feature implies that the device supports XFRM Migration (CONFIG_XFRM_MIGRATE) and has
+     * the kernel fixes to allow XFRM Migration correctly
+     *
+     * @see android.content.pm.PackageManager#FEATURE_IPSEC_TUNNEL_MIGRATION
+     * @hide
+     */
+    // Redefine this flag here so that IPsec code shipped in a mainline module can build on old
+    // platforms before FEATURE_IPSEC_TUNNEL_MIGRATION API is released.
+    public static final String FEATURE_IPSEC_TUNNEL_MIGRATION =
+            "android.software.ipsec_tunnel_migration";
+
     /**
      * Used when applying a transform to direct traffic through an {@link IpSecTransform}
      * towards the host.
@@ -1015,8 +1033,7 @@ public class IpSecManager {
      * @param newDestinationAddress the new destination address
      * @hide
      */
-    // TODO: b/169169973 Require FEATURE_IPSEC_MIGRATE
-    @RequiresFeature(PackageManager.FEATURE_IPSEC_TUNNELS)
+    @RequiresFeature(FEATURE_IPSEC_TUNNEL_MIGRATION)
     @RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS)
     public void startMigration(
             @NonNull IpSecTransform transform,