From 1768744a3dc522329bc7eecc75286033e4c9df48 Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Wed, 6 Dec 2017 21:56:35 -0800 Subject: [PATCH] [ipsec-doze] Add fchown to IpSecService to support doze Encap sockets are currently created as the system server, and should be fchown'd to the user for whom it was created on behalf of. Bug: 62994731 Test: New tests added and run to IpSecService Change-Id: Icc49e709ae588981e69765fdb77537d7ffbac5fe --- .../core/java/com/android/server/IpSecService.java | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java index a764808368..d3ab1259c9 100644 --- a/services/core/java/com/android/server/IpSecService.java +++ b/services/core/java/com/android/server/IpSecService.java @@ -988,12 +988,6 @@ public class IpSecService extends IIpSecService.Stub { sockFd = Os.socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); mUidFdTagger.tag(sockFd, callingUid); - if (port != 0) { - Log.v(TAG, "Binding to port " + port); - Os.bind(sockFd, INADDR_ANY, port); - } else { - port = bindToRandomPort(sockFd); - } // This code is common to both the unspecified and specified port cases Os.setsockoptInt( sockFd, @@ -1001,6 +995,14 @@ public class IpSecService extends IIpSecService.Stub { OsConstants.UDP_ENCAP, OsConstants.UDP_ENCAP_ESPINUDP); + mSrvConfig.getNetdInstance().ipSecSetEncapSocketOwner(sockFd, callingUid); + if (port != 0) { + Log.v(TAG, "Binding to port " + port); + Os.bind(sockFd, INADDR_ANY, port); + } else { + port = bindToRandomPort(sockFd); + } + userRecord.mEncapSocketRecords.put( resourceId, new RefcountedResource(