| a1067c8d2b2165f1058a3a8216bed4efacfa1c80 |
|
02-Oct-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Improve error return values on network selection.
It's very confusing to see EPERM when opening or connecting a
socket when the problem is not security-related. In the (common)
case where an app cannot select a network because it does not
exist, return ENONET ("Machine is not on network") instead.
Also, return EREMOTEIO for when we can't figure out who the user
is, and use EPERM for VPN denials and EACCES for permission
bits.
Bug: 17702933
Change-Id: Ia680c485e0ea1efad1ad374231d994e9bfd4cd5a
/system/netd/server/NetworkController.cpp
|
| bbdde9909b7b4fd31c5857156ceb00049bf4992d |
|
06-Sep-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Reserve NetIds 1..50 for OEM use.
Also reserve 51..100 for our use.
Bug: 17303534
Change-Id: Id082368b493dc3c5b5c479e51d273458d80ec6aa
/system/netd/server/NetworkController.cpp
|
| 99286fe1ef6fc325c28dd10b651b5adedd549495 |
|
12-Aug-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Make destroying networks more robust.
1. Retry route flushes if they fail.
2. Make destroyNetwork ignore (but return) errors.
Bug: 16944962
Change-Id: I26301613437d7cc373ff64955fd44d716e9982b9
/system/netd/server/NetworkController.cpp
|
| 738c93ee075354ffafb3a8ceef76e9aa711f057b |
|
30-Jul-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Minor improvements to NetworkController error reporting.
Currently, when trying to perform an operation on netId that
does not exist, we return EINVAL. This can be confusing
because lots of things can return EINVAL for many different
reasons.
Instead, change this to ENONET ("Machine is not on network"),
which was what Sreeram originally implemented before we changed
it to EINVAL. I also considered ENOENT ("No such file or
directory"), but on reflection that seems less appropriate, and
it's used by other things as well. ENONET appears to have no
uses in our tree. It is also clearly separate from the ESRCH we
return for nonexistent rules.
While I'm at it, also disambiguate some of the
if (foo || bar ) { return EFOO; } to return two different error
codes.
Bug: 16667349
Change-Id: Ief2d720a58679aa746f5ba273d545487d0825e52
/system/netd/server/NetworkController.cpp
|
| 507e7c5bbfcd1d68f67477866497adb1748c5fd5 |
|
28-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Merge "Fix fwmark handling for bypassable VPNs and DNS." into lmp-dev
|
| 1011b4941d96d9fd90bc7243be387b63ec775936 |
|
25-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix fwmark handling for bypassable VPNs and DNS.
This is a significant change to the way fwmarks are handled for two purposes:
1. Bypassable VPN.
This was introduced in http://ag/510058 and had an issue that if there's a
default network, it would always be used in connect(), so the bypassable VPN
wouldn't get any traffic. This CL fixes that issue by using the bypassable
VPN's NetId in connect(). See the comments in the code for more details.
2. DNS.
The previous DNS code (specifically, getNetworkForUser()) had two problems:
+ Even if a user asks for a NetId they have permission for, we'd always use
the user's VPN if they were subject to one. So, for example, a system IMS
app that brings up the mobile network in the presence of a VPN would still
have its DNS queries sent over the VPN, instead of mobile as desired.
+ Any user could perform DNS over any valid network, even one they didn't
have permissions for, as long as they weren't subject to a VPN. So, for
example, an app could use the DNS servers of a different profile's VPN.
This CL fixes those problems. See getNetworkForDns() for more details.
The two pieces above are inter-related. Previously, we never set the explicit
bit from the DNS code. But we need to do that if the user asks for a network
explicitly, for two reasons:
o So that the DNS query is really restricted to that network and doesn't
fallthrough to the default network.
o So that the heuristic described in ON_CONNECT works in all cases. I.e., if the
DNS proxy's connect() request comes in with the explicit bit NOT set, we know
that the NetId can only be either the default network or a VPN.
This CL is not intended to be robust against race conditions. In general, very
little of the netd code is resilient. A separate effort needs to be undertaken
to carefully audit all the code and logic to guard against things like:
* A VPN being established between calls to getNetworkForDns() and connect().
* State changes between multiple calls to NetworkController from clients such as
FwmarkServer and DnsProxyListener.
* Routing rules / iptables rules being set up in a less-than-ideal order.
* ... etc.
Bug: 15347374
Change-Id: I5baad9168c4f4f3ef4129e07234b4bf24b0d8ba2
/system/netd/server/NetworkController.cpp
|
| 48e19b037e7e20674048ef76bf31ce65c741347c |
|
23-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Implement the fallthrough rule to support split tunnel VPNs.
Change-Id: Ibc48caedb5954c6b12bfa553d978bab56c4b09aa
/system/netd/server/NetworkController.cpp
|
| 95684ba176a9fe5ea59207d7202e47fa12bbfdbe |
|
23-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Implement support for bypassable VPNs.
Bypassable VPNs grab all traffic by default (just like secure VPNs), but:
+ They allow all apps to choose other networks using the multinetwork APIs.
If these other networks are insecure ("untrusted"), they will enforce that the
app holds the necessary permissions, such as CHANGE_NETWORK_STATE.
+ They support consistent routing. If an app has an existing connection over
some other network when the bypassable VPN comes up, it's not interrupted.
Bug: 15347374
Change-Id: Iaee9c6f6fa8103215738570d2b65d3fcf10343f3
/system/netd/server/NetworkController.cpp
|
| 87475a1471373b72ffc9f81f17dfd7884723fa86 |
|
16-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix WiFi-Direct and Tethering.
A LocalNetwork object now always exists in the NetworkController, with a fixed
NetId that's guaranteed not to collide with NetIds created by the framework.
When routes are added on an interface tracked by the LocalNetwork, they are
added to a fixed "local_network" table.
When NAT is enabled, we add a special "iif -> oif" tethering rule.
Bug: 15413694
Bug: 15413741
Change-Id: I36effc438d5ac193a77174493bf196cb68a5b97a
/system/netd/server/NetworkController.cpp
|
| 070b2d296de30e3dbc68c21f542acb1f2914d870 |
|
12-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Don't reset a VPN's NetId in the connect() shim.
Change-Id: I0cc6c0e221a40c9100c8f4c0c5e761fce3f9b0ae
/system/netd/server/NetworkController.cpp
|
| 6a773534e7f8541f221f27fb8063af079b1a5936 |
|
11-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix tethering in the case of a regular upstream connection.
Fixes tethering via Ethernet, Bluetooth and WiFi (hotspot).
Tethering when the upstream has a DUN-specific APN is likely still broken
(untested).
For now, assign a fixed NetId (a hack) until we can change the framework to
create a valid NetworkAgent and all that jazz.
Bug: 15968336
Bug: 14988803
Change-Id: Idcf4d492d9329a9c87913e27be6dd835a792bea2
/system/netd/server/NetworkController.cpp
|
| e09b20aee85f1dfd8c18c3d8581ac875d939ba70 |
|
06-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add full support for UIDs in VPNs.
Major:
+ Implement the functions mentioned in http://go/android-multinetwork-routing
correctly, including handling accept(), connect(), setNetworkForSocket()
and protect() and supporting functions like canUserSelectNetwork().
+ Eliminate the old code path of getting/setting UID ranges through
SecondaryTableController (which is currently unused) and mUidMap.
Minor:
+ Rename some methods/variables for clarity and consistency.
+ Moved some methods in .cpp files to match declaration order in the .h files.
Bug: 15409918
Change-Id: Ic6ce3646c58cf645db0d9a53cbeefdd7ffafff93
/system/netd/server/NetworkController.cpp
|
| 5009d5ef3fbcdc69d772b528fd22184b7d605afa |
|
03-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Update routing rules.
As per the latest changes to: http://go/android-multinetwork-routing
Functional changes:
+ Add explicit=NO to the implicit network rules, though it's a no-op.
+ Remove most of the UID=0 (kernel access) rules since they are no longer
needed, except in one case to allow access to a VPN.
+ Add the explicit, protect and permissions bits to the incoming packet mark.
+ VPNs now don't need an implicit network rule.
+ Modifying network permissions now modifies the incoming packet mark as well.
Cosmetic changes:
+ Renamed the legacy tables to match their permissions (SYSTEM and NETWORK).
+ Renamed most functions and methods for clarity and consistency.
+ Renamed and adjusted some ule priorities.
+ Move most rule modifications into their own functions, to prevent brittle
reliance on the previous state of the fwmark/mask variables.
Change-Id: I958a7e158ee918d5254de606fcfa55fe23327438
/system/netd/server/NetworkController.cpp
|
| ed4bd1f7d219f9f5f56763ea02cf4947e78397f6 |
|
05-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix permissions handling.
+ Rename the permissions as per: http://go/android-multinetwork-routing
+ Make the SYSTEM permission explicitly include NETWORK.
+ Grant the SYSTEM permission to system UIDs by default, but allow the framework
to override them if necessary.
+ Move the "string to permission" parsing to CommandListener.cpp, thus allowing
us to get rid of Permission.cpp.
+ There's no need to support multiple permissions string arguments, so tighten
that up.
Change-Id: I73d51b5e2f44a97e6d5ab5943ff198cebfbcc0c4
/system/netd/server/NetworkController.cpp
|
| 89dad013e4dd98434b0409a84567f38782894029 |
|
02-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Keep track of users allowed to call protect() explicitly.
This is an API change between ConnectivityService and Netd.
The ownerUid was meant for this purpose, but it's insufficient, as apps need to
call protect() _before_ they create a VPN.
Bug: 15409918
Change-Id: If804aa106002e96d5ffb623d32db35fd76928367
/system/netd/server/NetworkController.cpp
|
| 36ed53e37b2639681055b2d3d8777241e7dd6982 |
|
02-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Cosmetic: Add a way to query the type of a network.
This is a cosmetic change, i.e., there's no change in functionality.
This is the poor man's RTTI. It turns out that maintaining separate lists (or
maps) of the different types of networks gets burdensome pretty quickly
(especially in an upcoming CL where we add functions like
canUserSelectNetwork()).
Change-Id: If5250c0fc106045f681d0fd71278b793addbe1e3
/system/netd/server/NetworkController.cpp
|
| eb27b7ec10faf47a93fbc2863092cc667b05e252 |
|
01-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Fix routing rules.
Fix the rules in RouteController as per the latest iteration of the routing
design: http://go/android-multinetwork-routing. Changes include:
+ The legacy tables have to be global. So remove the UID being passed in to
modifyRoute() and remove the associated TODOs.
+ Add UID=0 rules to let the kernel access routes on privileged networks.
+ Add a UID=0 clause to the directly-connected hack, thus fixing the TODO.
+ Add the privileged_legacy table just above the legacy table, when overriding
the default network. (The same table remains added at the top of the rule
chain, to override VPNs, but only for CONNECTIVITY_INTERNAL-privileged apps).
Other cosmetic changes:
+ Update the names and values of the rule priorities.
+ Move the legacy table IDs to the .h file in anticipation of using them from
bugreport / dump commands.
+ Make 'action' the first parameter consistently.
Change-Id: I6634a19ddc8062b2ef55d926c7892fff8c586106
/system/netd/server/NetworkController.cpp
|
| b1425cc09f8a29350520db0d4f489331df5a689b |
|
24-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add UID range support to VPNs.
This adds the necessary routing rules.
Future CLs will add the ability to select the right netId for connect(),
setNetworkForSocket(), DNS resolutions, etc.
Bug: 15409918
Change-Id: I88a67660d49cecda834dd72ab947fbfed250f09d
/system/netd/server/NetworkController.cpp
|
| 4043f01f8e25f24246efadc710ad7440aab75529 |
|
23-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Introduce VPN support.
This change sets up the basic routing rules for VPNs. It doesn't yet handle UID
ranges (that are meant to apply to the VPN) correctly. That's forthcoming in
other CLs.
Bug: 15409918
Change-Id: I284de04f176dcf6ba702361de6a614266256d04e
/system/netd/server/NetworkController.cpp
|
| f4f6c8de3f091be4b91a5a9d7f14e8882ec6d502 |
|
23-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Refactor: Encapsulate permissions and interfaces into a Network class.
Currently, there's a lot of logic in NetworkController surrounding events such
as interface addition/removal, network creation/destruction and default network
change, because these events are interwined. For example, adding an interface
means also adding a corresponding default network rule if the interface is being
added to the current default network.
When we introduce VPNs into this mix, things will get hairy real quick for all
this logic in NetworkController.
In this refactor, we introduce an abstract base class Network which supports
adding and removing interfaces. The main concrete implementation of this is
PhysicalNetwork, which allows setting permissions and "default network" state.
Since we've moved network permissions into the above class, and user permissions
into NetworkController, PermissionsController is unused and has been removed.
Also fix a few bugs in RouteController:
+ Use uidEnd correctly.
+ Check for all error cases in inet_pton.
+ Check the return value of android_fork_execvp() correctly.
+ The "return cmd1() && cmd2()" pattern is wrong. Rewrite that code.
Also (non-functional changes):
+ Remove instantiations of RouteController. It has static methods only.
+ Reorder some blocks in CommandListener so that the most frequent commands are
checked first.
+ Remove unused paramError() and clearNetworkPreference().
+ Change all return codes to int (negative errno) wherever applicable.
+ Add WARN_UNUSED_RESULT everywhere.
+ Cleanup some style in RouteController and NetworkController.
+ Use uid_t instead of unsigned for user IDs.
+ Add clearer log messages at the source of failures.
+ Add a check for when fwmark bits are set without corresponding mask bits.
Bug: 15409918
Change-Id: Ibba78b0850160f9f3d17d476f16331a6db0025d1
/system/netd/server/NetworkController.cpp
|
| 96f261e8b28048b8cb48f5a4e81822c73bb813f4 |
|
23-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Pass rule modification errors back to CommandListener.
Change-Id: If01334dccad8b6230648713a57fd58be180ac66b
/system/netd/server/NetworkController.cpp
|
| f7fc8eccb0a6a4fbca4cafdf53f5c167c8f1d755 |
|
17-Jun-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Pass route add/delete errors back to CommandListener.
Change-Id: Id1d6d578963080e141f71bc1303801fc53bce40a
/system/netd/server/NetworkController.cpp
|
| a561e121c724e9163b2e256e15eef660e3a326da |
|
12-Jun-2014 |
Paul Jensen <pauljensen@google.com> |
Cache interface indices in case interfaces go away.
Without caching them netd will fail to remove rules and routes,
for example, when the Bluetooth reverse-tether interface ("bt-pan")
goes away.
bug:15407087
Change-Id: I99fcf00f9645a0b029455516a705b70110f62ff6
/system/netd/server/NetworkController.cpp
|
| 6ff16785ae1f67f44a73ad00d6c86690af6772d2 |
|
11-Jun-2014 |
Paul Jensen <pauljensen@google.com> |
Fix use-after-free of interface name during network destruction.
bug:15560990
Change-Id: I899827c4f50847a3a60b6359f829bee5d6eb4f00
/system/netd/server/NetworkController.cpp
|
| bfe8e77344c713844dbb40b14999f50a1e2a2142 |
|
30-May-2014 |
Lorenzo Colitti <lorenzo@google.com> |
am ce8f583f: Set errno in NetworkController commands.
* commit 'ce8f583ff6620a19602d3c4604557e1b1501cafa':
Set errno in NetworkController commands.
|
| 38b7af1f2cb9579895465fabc37865f5dadcac25 |
|
22-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Support legacy routes added by apps via ensureRouteToHost().
This adds the routes to two fixed tables:
+ LEGACY, which has higher priority than other non-explicit lookup tables
(per-network and default network).
+ PRIVILEGED_LEGACY, available only to system apps and has higher priority than
VPNs (system apps are those with the CONNECTIVITY_INTERNAL permission).
This will be changed to per-UID tables once the kernel supports UID-based
routing, so that these legacy routes are scoped to each app and not global.
Also, fix a TODO: The framework (as of http://ag/471599) will not set the
gateway argument if it's actually a direct-connected route.
Change-Id: I0ee1ca89fdc859d75a89021ca8c1902811b1e4a9
/system/netd/server/NetworkController.cpp
|
| ce8f583ff6620a19602d3c4604557e1b1501cafa |
|
28-May-2014 |
Lorenzo Colitti <lorenzo@google.com> |
Set errno in NetworkController commands.
Set errno in the NetworkController functions that are called by
CommandListener and where failure causes an operationError. This
is because operationError always appends errno to its messages,
and
"400 481 addInterfaceToNetwork() failed (Device or resource busy)"
is more useful than:
"400 481 addInterfaceToNetwork() failed (Success)"
We already call ALOGE to put descriptive messages in the system
log, but the bugreport already conveniently aggregates all netd
commands in one place in the network_management service dump, and
it would help if the errno in those messages were accurate.
Unfortunately many of the route and iptables commands shell out
to /sbin/ip and we can't return meaningful values, but we'll
fix that when (if?) we replace that with a proper netlink
implementation.
Bug: 15316764
Change-Id: Ia47f451029d611491aa72bca602de77333f2c6a0
/system/netd/server/NetworkController.cpp
|
| 72604075e74af459fb4637404fbf030422c6b6b6 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Rework the determination of a "valid network".
+ isNetIdValid() doesn't make much sense. What we want is whether the netId has
actually been created (via createNetwork()).
+ It isn't an error to call deleteNetwork() or setDefaultNetwork() even when
there are no interfaces assigned to the network.
+ Secure all accesses to the maps in PermissionsController with locks; they are
called from many threads (CommandListener, DnsProxyListener and FwmarkServer).
+ Remove the redundant mIfaceNetidMap.
+ Minor cosmetic changes to things such as #includes and log messages.
Change-Id: Ieb154589b24f00ba8067eaaec4def3534aec4923
/system/netd/server/NetworkController.cpp
|
| f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd.
Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
/system/netd/server/NetworkController.cpp
|