835d2c2d6f151059c4d70adbfdac9aca7b3f98c5 |
|
02-Feb-2016 |
Jorge Lucangeli Obes <jorgelo@google.com> |
Refactor IpTables class to remove duplication. This CL tries to remove as much duplicated code from the IpTables class as possible. The basic construct of running the same command with different executables/options is extracted into a helper function. Moreover, the unit tests are simplified by mocking one function call higher and removing a lot of set-up duplication. Bug: 26911013 Change-Id: Iecdacab2ef6ffa5631c877835bdfb0bf7191536c
/system/firewalld/iptables.h
|
2b2e047243cc1db7c5f0c744822db0fdbb7a95e0 |
|
01-Feb-2016 |
Jorge Lucangeli Obes <jorgelo@google.com> |
Run unit tests on Brillo. Looks like IPv6 is working correctly, so re-enable that too. Bug: 26911013 Change-Id: Iad0390e3a41a429460794b7c243ebca59cf64146
/system/firewalld/iptables.h
|
6c733cf77b78062afd7d70eb68f8832d77362086 |
|
23-Jan-2016 |
Kevin Cernekee <cernekee@google.com> |
Add rules to route IPv6 third party VPN traffic Currently only IPv4 traffic is handled by third party VPNs. Extend the UID_MATCH and route setup to IPv6. Bug: chromium:522003 TEST=`FEATURES=test emerge-link firewalld` TEST=manual Change-Id: I9352506e98e1fdcace093d443e2fa2b95887d720
/system/firewalld/iptables.h
|
e478a11fbfb297ce3bb3da1dc6ec16a0da6c997f |
|
13-Oct-2015 |
Alex Vakulenko <avakulenko@google.com> |
firewalld: Rename "chromeos" -> "brillo" in include paths and namespaces libchromeos is transitioning to libbrillo and chromeos namespaces and include directory is changing to brillo. Bug: 24872993 Change-Id: Icc70ef99c10acc983a9c261faaa983e26536ad04
/system/firewalld/iptables.h
|
c20ed4ff74624300767ba77bc7deea8eb881527e |
|
21-Aug-2015 |
Gilad Arnold <garnold@google.com> |
Unify DBus adaptor include paths. Now the DBus header generation in AOSP has stabilized, we should resolve these differences. Bug: 23426296 Change-Id: I7de2d63efdc3a5f5d2479a3a9d6f08fc8ce9b7bb
/system/firewalld/iptables.h
|
df78e333d29a83d97aefe07f84bd5c02f667d11b |
|
20-Aug-2015 |
Daniel Erat <derat@google.com> |
Use __ANDROID__ instead of __BRILLO__. __ANDROID__ is defined automatically by the toolchain. Bug: 23358460 Change-Id: I7487625802deb48ff31da8410125fa910a88ca74
/system/firewalld/iptables.h
|
6b8fa374cca2bedbb31afa8d3e484472112e3cff |
|
19-Aug-2015 |
Ying Wang <wangying@google.com> |
Update with new DBus generated adaptor header files. Bug: 22608897 Change-Id: Ic9131ca64383a96cab47807daeb8257693e5eaa2
/system/firewalld/iptables.h
|
7db56bd4c91a516637995b9bf75241cb0c323bf9 |
|
06-Aug-2015 |
Gilad Arnold <garnold@google.com> |
Build firewalld in Android. * Drop firewalld/ prefix from #include paths. * Rename the DBus interface definition to have a .dbus.xml suffix; needed for it to be picked up by the build infrastructure. * Add __BRILLO__ preprocessor symbol for conditionally: 1) Removing support for Permission Broker (currently not available and no concrete porting plan yet). 2) Disable dropping privileges in minijail invocations (yet to be figured out). 3) Adapting DBus bindings header paths (slightly different). 4) Adapting helper utility paths (iptables, iproute2). 5) Making punching of IPv6 firewall rules optional and autodetected. * Re-license everything to AOSP and add NOTICE and MODULE_LICENSE_APACHE2. * Added Android.mk for building all the targets we need, including init.firewalld.rc with proper SELinux attributes (when supported). Bug: 22827985 Change-Id: I05f74f80f95f689b4bbf60a2708e76ef5495b96e
/system/firewalld/iptables.h
|
b8e5875f414afa642031e14a4b271927aaa8b250 |
|
09-May-2015 |
Jorge Lucangeli Obes <jorgelo@chromium.org> |
firewalld: Run 'iptables' as a regular user. BUG=chromium:487019 TEST=Unit tests, platform_Firewall CQ-DEPEND=CL:270621 Change-Id: Ic49e7d7912d96f9cec29cf2a3f34f50e71c02391 Reviewed-on: https://chromium-review.googlesource.com/270170 Trybot-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Bartosz Fabianowski <bartfab@chromium.org> Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
/system/firewalld/iptables.h
|
73cb183d526a3b6b9fc7aadaffde2da13a6cd371 |
|
09-May-2015 |
Jorge Lucangeli Obes <jorgelo@chromium.org> |
firewalld: Mock IpTables::{Add|Delete}AcceptRule methods. This CL paves the way to launch 'ip(6)tables' using Minijail. We cannot use the current approach of providing test-only binaries because Minijail will not work when running as non-root (such as in unit tests). Therefore, we need to mock {Add|Delete}Accept. Also add an Exec() method to wrap the Minijail invocation in the future, and clean up some of the unit tests. BUG=chromium:487019 TEST=Existing unit tests. Change-Id: I6ddf41bf5c2e8e7fa8f6369d08a3fb37ad2edeb6 Reviewed-on: https://chromium-review.googlesource.com/270341 Trybot-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Bartosz Fabianowski <bartfab@chromium.org> Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
/system/firewalld/iptables.h
|
d66fae25e69366d77c7b1db7e27aa23b6b393f55 |
|
05-Mar-2015 |
Prabhu Kaliamoorthi <kaliamoorthi@chromium.org> |
firewalld: Add unit test for ApplyVpnSetup in IpTables This CL adds unit test for ApplyVpnSetup routine added to firewalld for supporting third party VPN in chrome OS. BUG=chromium:460418 TEST=Ran the unit test Change-Id: Ice71477f6c3ab9ee76de48ced94d535e015e00fb Reviewed-on: https://chromium-review.googlesource.com/256302 Tested-by: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org> Commit-Queue: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>
/system/firewalld/iptables.h
|
650d229bfc31be30636c2ac62f242952e4f583d4 |
|
25-Feb-2015 |
Jorge Lucangeli Obes <jorgelo@chromium.org> |
firewalld: Monitor permission_broker lifetime. If/when permission_broker exits, plug all firewall holes. BUG=None TEST=Manual: deploy to device, punch a hole. TEST='restart permission_broker', holes are punched. Change-Id: I3885b2338ad25f79c50a7f8c0aa4375e092ecceb Reviewed-on: https://chromium-review.googlesource.com/253790 Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org> Trybot-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
/system/firewalld/iptables.h
|
40653d0e058ff0f7908b28874224bbb085e99905 |
|
12-Feb-2015 |
Prabhu Kaliamoorthi <kaliamoorthi@chromium.org> |
firewalld: Add routines to firewalld to mark traffic and masquerade This CL adds routines to firewalld that enable network traffic to be marked based on user id and masquerading rules for network interfaces. BUG=chromium:458075 TEST=Manual testing Change-Id: I81e08f1c20bf99887ac87c9970fcc2a58dcd2355 Reviewed-on: https://chromium-review.googlesource.com/249111 Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org> Commit-Queue: Prabhu Kaliamoorthi <kaliamoorthi@chromium.org>
/system/firewalld/iptables.h
|
bef267fbda7fd62cc3b7d50b8980a0d073d5e089 |
|
14-Feb-2015 |
Jorge Lucangeli Obes <jorgelo@chromium.org> |
firewalld: Add IPv6 firewall rules. BUG=brillo:252 TEST=Unit tests. Change-Id: I784472ce5f0c7d0649b38e48bd23b3acba9ffbbc Reviewed-on: https://chromium-review.googlesource.com/249982 Trybot-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Alex Vakulenko <avakulenko@chromium.org> Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
/system/firewalld/iptables.h
|
eee27d2ce09514ff5d758f2e2b43b1b1f8832775 |
|
12-Feb-2015 |
Jorge Lucangeli Obes <jorgelo@chromium.org> |
firewalld, permission_broker: add initial support for interfaces. This is the first patch in a two-patch series. It adds support for specifying interfaces to firewalld. The next patch will make permission_broker use this support. BUG=brillo:185 TEST=unit tests TEST=platform_Firewall Change-Id: Ic3247a20a55427e85a4fb1ff4beadb813f8e9b7c Reviewed-on: https://chromium-review.googlesource.com/249360 Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Zeping Qiu <zqiu@chromium.org> Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
/system/firewalld/iptables.h
|
5affd8895f6879153fce488c3f92271349eeadc9 |
|
30-Jan-2015 |
Jorge Lucangeli Obes <jorgelo@chromium.org> |
firewalld: make D-Bus methods simple. BUG=chromium:435400 TEST=unit tests Change-Id: I4afa4264332ed3ef2eb0e4fafbbb7917e5c995ba Reviewed-on: https://chromium-review.googlesource.com/244492 Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org> Trybot-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Chris Masone <cmasone@chromium.org>
/system/firewalld/iptables.h
|
0e7a658e0f72b0d2113f5c06136620236dde96f9 |
|
17-Jan-2015 |
Jorge Lucangeli Obes <jorgelo@chromium.org> |
firewalld: Plug all firewall holes on destruction. Also, make {Add|Delete}AllowRule non-static since they always use |executable_path_|. BUG=chromium:435400 TEST=Add firewall hole via D-Bus, check 'iptables -S', see firewall hole. TEST=Stop daemon, check 'iptables -S', firewall hole is gone. Change-Id: Id6d0db376d34ba21997b29dc45aef435590b55fa Reviewed-on: https://chromium-review.googlesource.com/241716 Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
/system/firewalld/iptables.h
|
bfc594be31a695a78cf409374b2433d1af0f13d5 |
|
10-Dec-2014 |
Jorge Lucangeli Obes <jorgelo@chromium.org> |
firewalld: Implement UDP hole punching. BUG=chromium:435400 TEST=New unit tests pass. TEST=dbus-send --system --dest=org.chromium.firewalld --print-reply \ /org/chromium/firewalld \ org.chromium.firewalld.PunchUdpHole uint16:53 succeeds. TEST='iptables -S' shows the new rule. TEST=dbus-send --system --dest=org.chromium.firewalld --print-reply \ /org/chromium/firewalld \ org.chromium.firewalld.PlugUdpHole uint16:53 success. TEST='iptables -S' no longer shows the new rule. TEST=TCP 80 works as well. Change-Id: I5a3d0b52038e2adba0b695471daeb06101eabcb1 Reviewed-on: https://chromium-review.googlesource.com/234433 Trybot-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
/system/firewalld/iptables.h
|
8620868c44d58dc0632df3a7be7c48be1eb2421b |
|
06-Dec-2014 |
Jorge Lucangeli Obes <jorgelo@chromium.org> |
firewalld: add IpTables wrapper. Implement firewall functionality. Split up part of FirewallService's functionality into a class that can be easily unit-tested. TODO: allow punching holes for UDP ports as well. BUG=chromium:435400 TEST=New unit tests pass. TEST=dbus-send --system --dest=org.chromium.firewalld --print-reply \ /org/chromium/firewalld \ org.chromium.firewalld.PunchHole uint16:80 twice, success. TEST='iptables -S' shows the new rule. TEST=dbus-send --system --dest=org.chromium.firewalld --print-reply \ /org/chromium/firewalld \ org.chromium.firewalld.PlugHole uint16:80 once, success. TEST='iptables -S' no longer shows the new rule. TEST=Second time, error. Change-Id: Ic8fc9d1fb3ac3deecde304922a709befa55015fb Reviewed-on: https://chromium-review.googlesource.com/233723 Trybot-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Kees Cook <keescook@chromium.org> Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
/system/firewalld/iptables.h
|