From e0b3b8785e2f3379c0af6a91b7f8ccb1e36950c4 Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Tue, 11 Feb 2020 23:36:42 -0800 Subject: [PATCH] Relax IPsec resource count restrictions. IPsec resource counts were selected to be conservative, due to unknowns about device capabilities. Since then, it appears that we no longer need such stringent quotas, and this can be relaxed. Test: FrameworksNetTest passing Change-Id: Id53d14e5698e5fcc410868424176b00350c7ae79 --- .../core/java/com/android/server/IpSecService.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java index 98ac4cb7122a9..15cbfb5c659e5 100644 --- a/services/core/java/com/android/server/IpSecService.java +++ b/services/core/java/com/android/server/IpSecService.java @@ -360,10 +360,14 @@ public class IpSecService extends IIpSecService.Stub { @VisibleForTesting static final class UserRecord { /* Maximum number of each type of resource that a single UID may possess */ - public static final int MAX_NUM_TUNNEL_INTERFACES = 2; - public static final int MAX_NUM_ENCAP_SOCKETS = 2; - public static final int MAX_NUM_TRANSFORMS = 4; - public static final int MAX_NUM_SPIS = 8; + + // Up to 4 active VPNs/IWLAN with potential soft handover. + public static final int MAX_NUM_TUNNEL_INTERFACES = 8; + public static final int MAX_NUM_ENCAP_SOCKETS = 16; + + // SPIs and Transforms are both cheap, and are 1:1 correlated. + public static final int MAX_NUM_TRANSFORMS = 64; + public static final int MAX_NUM_SPIS = 64; /** * Store each of the OwnedResource types in an (thinly wrapped) sparse array for indexing