563d98b27d02a1d694fc4ed82b5554fd534c9daf |
|
24-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add a binder IPC to close socket connections. Bug: 27824851 Bug: 27867653 Change-Id: I2e63ccfb268db763ec732594a73c2908838468b8
/system/netd/server/UidRanges.cpp
|
b8087363143050d214d48e5620a330776ca95a69 |
|
30-Mar-2016 |
Robin Lee <rgl@google.com> |
Server API to only allow networking by VPN apps Secure virtual networks already create rules to route all traffic into theirselves. This depends on the secure network already existing. API creates an ip rule at a priority level below SECURE_VPN which can catch traffic before VPN comes up, if it is a requirement that no traffic ever leaves without first going through VPN. Bug: 26694104 Bug: 26354134 Change-Id: If23df0760c6eb0ad137fc26c5124e48edf23b722
/system/netd/server/UidRanges.cpp
|
fff4bd31ff2bad0acfd8f2439eccf7df70e9695f |
|
13-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Kill sockets when a VPN comes up. 1. Change the SockDiag callback function to be a filter that returns a bool instead of a function that optionally kills a socket. All existing callbacks basically only existed to kill sockets under certain conditions, and making them return a boolean allows reusing the same callback function signature to filter sockets as well. 2. Add a new SockDiag method to kill sockets based on a UidRanges object (which contains a number of UID ranges) and a list of users to skip. 3. Add a new UIDRANGE mode to SockDiagTest to test the above. 4. When UID ranges are added or removed from the VPN, kill sockets in those UID ranges unless the socket UIDs are in mProtectableUsers and thus their creator might have set the protect bit on their mark. Short of actually being able to see the socket mark on each socket and basing our decision on that, this is the best we can do. Bug: 26976388 Change-Id: I53a30df3feb63254a6451a29fa6041c9b679f9bb
/system/netd/server/UidRanges.cpp
|
e09b20aee85f1dfd8c18c3d8581ac875d939ba70 |
|
06-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add full support for UIDs in VPNs. Major: + Implement the functions mentioned in http://go/android-multinetwork-routing correctly, including handling accept(), connect(), setNetworkForSocket() and protect() and supporting functions like canUserSelectNetwork(). + Eliminate the old code path of getting/setting UID ranges through SecondaryTableController (which is currently unused) and mUidMap. Minor: + Rename some methods/variables for clarity and consistency. + Moved some methods in .cpp files to match declaration order in the .h files. Bug: 15409918 Change-Id: Ic6ce3646c58cf645db0d9a53cbeefdd7ffafff93
/system/netd/server/UidRanges.cpp
|
b1425cc09f8a29350520db0d4f489331df5a689b |
|
24-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add UID range support to VPNs. This adds the necessary routing rules. Future CLs will add the ability to select the right netId for connect(), setNetworkForSocket(), DNS resolutions, etc. Bug: 15409918 Change-Id: I88a67660d49cecda834dd72ab947fbfed250f09d
/system/netd/server/UidRanges.cpp
|