Use NetdClient to exempt racoon sockets from VPN
So that if we create a networkRejectNonSecureVpn rule, racoon doesn't
get its connection shut down.
This means we can drop the special-cased firewall code for racoon from
Android, and just use the same set of VPN ip rules as for third-party
apps.
Later on it might be possible to protect the socket without depending
on libnetd_client, see bug 34524989
Test: manual - enable always-on VPN with a legacy Ipsec PSK VPN on 464xlat network
Bug: 33159037
Change-Id: I89740d110cff8e67eb661b0b3d191eb49aa1e9d8
4 files changed
