996f037676c40316c713932c799050b53dcfb0a2 |
18-Aug-2015 |
Stephen Hines <srhines@google.com> |
Remove unnecessary __attribute__((optnone)). Bug: 23239997 Now that the underlying bug has been fixed, we no longer need to suppress optimizations to work around it. Change-Id: I9d450636598f62f4b890e09861b89853193b0a29
wmarkClient.cpp
|
de3eb3c99e1205b7db2e2a3eb84313af839a7d91 |
18-Aug-2015 |
Stephen Hines <srhines@google.com> |
am f86df558: Move local union such that it doesn\'t escape (and get optimized out). * commit 'f86df5580e86c2405c71c708408eeee57b38c0d3': Move local union such that it doesn't escape (and get optimized out).
|
f86df5580e86c2405c71c708408eeee57b38c0d3 |
18-Aug-2015 |
Stephen Hines <srhines@google.com> |
Move local union such that it doesn't escape (and get optimized out). Bug: 23239997 The Clang update exposed a latent bug in the code here, where a pointer to a local variable escaped the encapsulating block. Clang noticed the end of this object's lifetime, and removed assignments to its original storage (because they are now dead assignments). By moving the union out of the block, it will survive until the sendmsg() call, and the expected writes will be restored. Change-Id: If2106d2f53d761ddca6dd26ab2648244d737dcd9
wmarkClient.cpp
|
18070184759f91e8b3dd9e4f37a1977deee6712d |
16-Aug-2015 |
Stephen Hines <srhines@google.com> |
WAR: Set optnone for FwmarkClient::send to work around LLVM update bug. Bug: 23239997 Without this attribute, we constantly see SocketClient unable to write because of a broken pipe. Skipping optimizations on this function allows things to work properly again. Change-Id: I6b5a16a0bae86f4a12f59842b5563e0b815fcd9d
wmarkClient.cpp
|
d1df597001aadd5d83c9a3d1fe8bbde2bc9256ca |
06-May-2015 |
Paul Jensen <pauljensen@google.com> |
Add FwmarkServer support for querying whether a UID can access a NetID This new FwmarkServer API is only accessible from system apps. Bug:20470604 Change-Id: Ie2376cdddc10f658fcc5802ef3e8dc9f1948d5c0
wmarkClient.cpp
wmarkClient.h
etdClient.cpp
|
42d41d5d43bf99d939ee1d66645cea836241201c |
27-Mar-2015 |
Dan Albert <danalbert@google.com> |
Remove uses of libcxx.mk. This is a no-op. Change-Id: Ic9d3070b7c329d9744ed660e426c5f39704ffccc
ndroid.mk
|
fa18636462a4a3b32c68cd435108259fdc928687 |
03-Feb-2015 |
Nick Kralevich <nnk@google.com> |
am 69766c22: am 6c08cd6a: Merge "Avoid leaking file descriptors" * commit '69766c22edb99338c3b703aeadbaa286f6b78334': Avoid leaking file descriptors
|
53ea9cadf6cc5f8be1c16b5b6b660cd7366fd3f0 |
31-Jan-2015 |
Nick Kralevich <nnk@google.com> |
Avoid leaking file descriptors Add O_CLOEXEC on open() calls, and SOCK_CLOEXEC on socket calls. This avoids leaking file descriptors across execs. Addresses the following SELinux denial: audit(1422740213.283:8): avc: denied { read write } for pid=2597 comm="clatd" path="socket:[6709]" dev="sockfs" ino=6709 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket and allows the removal of some other SELinux rules which were inappropriately added because of leaking file descriptors. Change-Id: I9c180488ea1969d610e488f967a7276a672bb477
wmarkClient.cpp
etdClient.cpp
|
1ed73bbc4330728aaf69a42a1838d4532cfb38c1 |
28-Jan-2015 |
Elliott Hughes <enh@google.com> |
am 29cbbf2a: am b1842acd: Merge "Add missing <string.h> include." * commit '29cbbf2a37ceb841c20004189bac2bc2895aff2f': Add missing <string.h> include.
|
bb881e28e62bc5048f4a62d21104aa25da13b0f1 |
28-Jan-2015 |
Elliott Hughes <enh@google.com> |
Add missing <string.h> include. Change-Id: I14ea45e98b8271d6b53ac86e92ad3b5c7dac8f75
wmarkClient.cpp
|
7ad1c86e985a9ec4479bc3fedbf1546bb66649c7 |
06-Jan-2015 |
Dan Albert <danalbert@google.com> |
am 3dc3e542: am 1a3c689b: Merge "Fix missing errno.h includes after libc cleanup." * commit '3dc3e5423a183930fa981fa010f653be03201774': Fix missing errno.h includes after libc cleanup.
|
aa1be2b3d24d99f3ccb98ff4fbb2a81b63587eff |
06-Jan-2015 |
Dan Albert <danalbert@google.com> |
Fix missing errno.h includes after libc cleanup. These issues hadn't been found yet because a libc++ header was unconditionally pulling in errno.h. I've fixed the libc++ header now. Change-Id: Ib096634cdd231fc75bf7548e4b99babc7442dc53
etdClient.cpp
|
f823669357e8a5af5fd2958f530bf8bc7be61364 |
29-Dec-2014 |
Elliott Hughes <enh@google.com> |
am 9fb832c0: am 8a8b0c6a: Merge "Include what you use: <errno.h>." * commit '9fb832c0ee33c74f28cca8593b87ec1942684756': Include what you use: <errno.h>.
|
27aacc0d49dbc5c3721ae5ca6f6033be6537c4c3 |
29-Dec-2014 |
Elliott Hughes <enh@google.com> |
Include what you use: <errno.h>. Change-Id: Ic970f6bf4558e8e0ef3d7e480c2532c102abfd7c
wmarkClient.cpp
|
4aa79fa7f79c029b04a0dc026039617a6c0dcc65 |
27-Aug-2014 |
Dan Albert <danalbert@google.com> |
Need to link libc++ as well as include. Same as I17a390e2aff52faba90e7022a6c68a745c1fa74b, but also for netd/client. Change-Id: Ie555232616eb5997f05b9479fe8c5be1eb65f383
ndroid.mk
|
a69d9472ac48d4e09f049fb740e60b7217e03861 |
12-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Introduce a SELECT_FOR_USER fwmarkd command. This lets SYSTEM apps mark a socket with the network that would apply to an arbitrary UID. I.e., either the VPN that applies to that user, or the default network, if there's no such VPN. This command will be used by system apps that proxy stuff for a user, so that they can route the same way that user would have. Examples of such system apps are the DnsProxyListener, MediaServer and DownloadManager. The "explicit" bit is NOT set, so that if the user's VPN is a split tunnel, the route lookup will fall-through to the default network as desired. The "protect" bit is set, so that the socket bypasses any VPN applicable to the system app itself. Note that even if the uid being proxied for is also subject to the same VPN, this still works because the relevant rule doesn't care about the protected bit (see modifyVpnSystemPermissionRule() in RouteController.cpp). Change-Id: I4d501e5214b127f4ae9eaeb7befb1751cd102308
etdClient.cpp
|
d36c49c1d66585769d33d95f0eb2c9c524b337a4 |
02-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Minor style change. Change-Id: Ib1f89bff55506cf3881047dd876adbf97c789423
etdClient.cpp
|
3a069e6a76752a0ee73c60f276ae362d1c01467f |
22-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Return negative errno (instead of positive) on failure. http://ag/489245 changed some return values from bools to errno values. However, in forthcoming CLs, @lorenzo uses the convention of negative errno to indicate failure. So, be consistent with that style. Change-Id: I3eac8f142c36a2e779cda289c07ee374c49e2f6b
wmarkClient.cpp
wmarkClient.h
etdClient.cpp
|
4d4c8b7e294d845103ecb10f968713717a3e6406 |
20-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add getNetworkForSocket(). This doesn't require a roundtrip to netd, since anybody can read the SO_MARK. Change-Id: I51dd17725c4534cb0d5dbc8e93e844e6a7847959
etdClient.cpp
|
31f4210e6fc5c9b749468a2af0bac94992352010 |
20-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Return errors explicitly instead of using errno. Change-Id: Ia29f500e747a8c72d13a8f38c3b08c319c8c029a
wmarkClient.cpp
wmarkClient.h
etdClient.cpp
|
d794e580dbe1a8b4192850b0e117654401514af8 |
19-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add a client API to protect a socket from VPNs. The server side hasn't been implemented yet (see FwmarkServer.cpp). A UID can only be in a single VPN at any time, so there's no need to specify a netId or vpnId. Change-Id: Ie9c4590a9900e1ebf28418c4b9c4760cc0a5501a
etdClient.cpp
|
9fa2b130d86fa74eefdb847cf9694059205fd4cb |
03-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Use std::atomic<> instead of volatile sig_atomic_t. std::atomic<> comes with true load/store barriers, so it's preferable. Change-Id: Ife47b0e404f41aa74aeb168befd1ff4a6603f3ed
ndroid.mk
etdClient.cpp
|
2756045bebaac342f7cb70dad11519f896d44833 |
31-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Use AF_INET sockets when checking netIds in setNetworkFor{Process,Resolv}(). AF_UNIX sockets don't need to be marked, so we don't give netd the permission to operate on them (cf: netd.te). I.e., netd doesn't expect to receive them. Make sure that the creation of the AF_INET socket doesn't trigger another wasteful check with netd by calling the libc version directly. Bug: 13885501 Change-Id: I6b549232e57cacd47501edcefa4c0b4b79df9da0
etdClient.cpp
|
56afacf838d24cf8e54d2cf0d8ab9182ab704125 |
29-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Turn on C++11 and make all warnings into errors. As a consequence: + Comment out the names of all unused parameters. + Remove all unused variables and functions. In server/Android.mk, there are a couple of non-trivial changes: + Use libcxx instead of stlport. This is needed to fix a bunch of errors due to specifying -std=c++11. + LOCAL_SHARED_LIBRARIES is sorted. Technically, the order in which libraries are listed has an effect on linking, but nobody should be doing such brittle things anyway. Change-Id: I0aff5b745e04609da23144d0e8be4c5694321b8b
ndroid.mk
|
5fc275794ab41d110abbdb7683ed9db45918985f |
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Mark sockets on creation (socket()) and accept4(). Continued from: https://android-review.git.corp.google.com/#/c/95094/ Change-Id: Ib0b8f5d7c5013b91eae6bbc3847852eb355c7714
wmarkClient.cpp
wmarkClient.h
etdClient.cpp
|
efbe05d203f2f1cc3c24ddc111be159a1ff1f292 |
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
New network selection APIs. Continued from: https://android-review.git.corp.google.com/#/c/94977/ Change-Id: Ie0576888f50a8ce91bbb0a4794708b406eb0aa35
ndroid.mk
etdClient.cpp
|
f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd. Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
ndroid.mk
wmarkClient.cpp
wmarkClient.h
etdClient.cpp
|