| c6201c3754710e235f16118761b23760ff4136ad |
|
13-Sep-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Close sockets when changing network permissions.
Bug: 23113288
Change-Id: I8dcb02c79c81244e5b7288cb50770ac6a5867fcc
/system/netd/server/PhysicalNetwork.cpp
|
| 6d7e6235b560be2ead9889c4035184573ab1b70a |
|
01-Aug-2014 |
Paul Jensen <pauljensen@google.com> |
Remove default routing rule & table before we forget table number.
We clear the interface index cache when we remove an interface from a
network, so we must only do this after we remove the default rule so
we still know the table number (calculated from interface index).
bug:16728065
Change-Id: I538673dcba49820a9e21f60407754fae30de02cf
/system/netd/server/PhysicalNetwork.cpp
|
| 48e19b037e7e20674048ef76bf31ce65c741347c |
|
23-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Implement the fallthrough rule to support split tunnel VPNs.
Change-Id: Ibc48caedb5954c6b12bfa553d978bab56c4b09aa
/system/netd/server/PhysicalNetwork.cpp
|
| 5009d5ef3fbcdc69d772b528fd22184b7d605afa |
|
03-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Update routing rules.
As per the latest changes to: http://go/android-multinetwork-routing
Functional changes:
+ Add explicit=NO to the implicit network rules, though it's a no-op.
+ Remove most of the UID=0 (kernel access) rules since they are no longer
needed, except in one case to allow access to a VPN.
+ Add the explicit, protect and permissions bits to the incoming packet mark.
+ VPNs now don't need an implicit network rule.
+ Modifying network permissions now modifies the incoming packet mark as well.
Cosmetic changes:
+ Renamed the legacy tables to match their permissions (SYSTEM and NETWORK).
+ Renamed most functions and methods for clarity and consistency.
+ Renamed and adjusted some ule priorities.
+ Move most rule modifications into their own functions, to prevent brittle
reliance on the previous state of the fwmark/mask variables.
Change-Id: I958a7e158ee918d5254de606fcfa55fe23327438
/system/netd/server/PhysicalNetwork.cpp
|
| 36ed53e37b2639681055b2d3d8777241e7dd6982 |
|
02-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Cosmetic: Add a way to query the type of a network.
This is a cosmetic change, i.e., there's no change in functionality.
This is the poor man's RTTI. It turns out that maintaining separate lists (or
maps) of the different types of networks gets burdensome pretty quickly
(especially in an upcoming CL where we add functions like
canUserSelectNetwork()).
Change-Id: If5250c0fc106045f681d0fd71278b793addbe1e3
/system/netd/server/PhysicalNetwork.cpp
|
| f4f6c8de3f091be4b91a5a9d7f14e8882ec6d502 |
|
23-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Refactor: Encapsulate permissions and interfaces into a Network class.
Currently, there's a lot of logic in NetworkController surrounding events such
as interface addition/removal, network creation/destruction and default network
change, because these events are interwined. For example, adding an interface
means also adding a corresponding default network rule if the interface is being
added to the current default network.
When we introduce VPNs into this mix, things will get hairy real quick for all
this logic in NetworkController.
In this refactor, we introduce an abstract base class Network which supports
adding and removing interfaces. The main concrete implementation of this is
PhysicalNetwork, which allows setting permissions and "default network" state.
Since we've moved network permissions into the above class, and user permissions
into NetworkController, PermissionsController is unused and has been removed.
Also fix a few bugs in RouteController:
+ Use uidEnd correctly.
+ Check for all error cases in inet_pton.
+ Check the return value of android_fork_execvp() correctly.
+ The "return cmd1() && cmd2()" pattern is wrong. Rewrite that code.
Also (non-functional changes):
+ Remove instantiations of RouteController. It has static methods only.
+ Reorder some blocks in CommandListener so that the most frequent commands are
checked first.
+ Remove unused paramError() and clearNetworkPreference().
+ Change all return codes to int (negative errno) wherever applicable.
+ Add WARN_UNUSED_RESULT everywhere.
+ Cleanup some style in RouteController and NetworkController.
+ Use uid_t instead of unsigned for user IDs.
+ Add clearer log messages at the source of failures.
+ Add a check for when fwmark bits are set without corresponding mask bits.
Bug: 15409918
Change-Id: Ibba78b0850160f9f3d17d476f16331a6db0025d1
/system/netd/server/PhysicalNetwork.cpp
|