794c5c714a4d4cf169769ec956845a6fb24e7ebc |
|
31-Oct-2016 |
Hugo Benichi <hugobenichi@google.com> |
Add success/errno to connect() event reporting Test: $ runtest -x system/netd/tests/netd_integration_test.cpp Bug: 32198976 Change-Id: I050a1fc4172214f38d1ab9ca2b83d882766e9522
/system/netd/client/NetdClient.cpp
|
4b9b78aa02336de9291e5085401cef44c03c3bba |
|
06-Oct-2016 |
Michal Karpinski <mkarpinski@google.com> |
Add connect event reporting Adds reporting of connect events including netId, destination IP address, destination port, uid and connect latency. Also enables the relevant tests in the connect_benchmark. Currently ignores the new data it receives, further work will be done in the subsequent CLs. Test: for now just the benchmarking, in the future CTS Bug: 29748723 Change-Id: Id9819552a6d9ad5efc1aff5262d44caa994952aa
/system/netd/client/NetdClient.cpp
|
cc544162e08dd0df271cd77a3f2c85dbaaa461e2 |
|
21-Sep-2016 |
Robin Lee <rgl@google.com> |
Move Stopwatch into its own header Bug: 29748723 Change-Id: I7433f766909177b0ec945aa26f98534069b35891 Test: netd_integration_test
/system/netd/client/NetdClient.cpp
|
d1df597001aadd5d83c9a3d1fe8bbde2bc9256ca |
|
06-May-2015 |
Paul Jensen <pauljensen@google.com> |
Add FwmarkServer support for querying whether a UID can access a NetID This new FwmarkServer API is only accessible from system apps. Bug:20470604 Change-Id: Ie2376cdddc10f658fcc5802ef3e8dc9f1948d5c0
/system/netd/client/NetdClient.cpp
|
53ea9cadf6cc5f8be1c16b5b6b660cd7366fd3f0 |
|
31-Jan-2015 |
Nick Kralevich <nnk@google.com> |
Avoid leaking file descriptors Add O_CLOEXEC on open() calls, and SOCK_CLOEXEC on socket calls. This avoids leaking file descriptors across execs. Addresses the following SELinux denial: audit(1422740213.283:8): avc: denied { read write } for pid=2597 comm="clatd" path="socket:[6709]" dev="sockfs" ino=6709 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket and allows the removal of some other SELinux rules which were inappropriately added because of leaking file descriptors. Change-Id: I9c180488ea1969d610e488f967a7276a672bb477
/system/netd/client/NetdClient.cpp
|
aa1be2b3d24d99f3ccb98ff4fbb2a81b63587eff |
|
06-Jan-2015 |
Dan Albert <danalbert@google.com> |
Fix missing errno.h includes after libc cleanup. These issues hadn't been found yet because a libc++ header was unconditionally pulling in errno.h. I've fixed the libc++ header now. Change-Id: Ib096634cdd231fc75bf7548e4b99babc7442dc53
/system/netd/client/NetdClient.cpp
|
a69d9472ac48d4e09f049fb740e60b7217e03861 |
|
12-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Introduce a SELECT_FOR_USER fwmarkd command. This lets SYSTEM apps mark a socket with the network that would apply to an arbitrary UID. I.e., either the VPN that applies to that user, or the default network, if there's no such VPN. This command will be used by system apps that proxy stuff for a user, so that they can route the same way that user would have. Examples of such system apps are the DnsProxyListener, MediaServer and DownloadManager. The "explicit" bit is NOT set, so that if the user's VPN is a split tunnel, the route lookup will fall-through to the default network as desired. The "protect" bit is set, so that the socket bypasses any VPN applicable to the system app itself. Note that even if the uid being proxied for is also subject to the same VPN, this still works because the relevant rule doesn't care about the protected bit (see modifyVpnSystemPermissionRule() in RouteController.cpp). Change-Id: I4d501e5214b127f4ae9eaeb7befb1751cd102308
/system/netd/client/NetdClient.cpp
|
d36c49c1d66585769d33d95f0eb2c9c524b337a4 |
|
02-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Minor style change. Change-Id: Ib1f89bff55506cf3881047dd876adbf97c789423
/system/netd/client/NetdClient.cpp
|
3a069e6a76752a0ee73c60f276ae362d1c01467f |
|
22-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Return negative errno (instead of positive) on failure. http://ag/489245 changed some return values from bools to errno values. However, in forthcoming CLs, @lorenzo uses the convention of negative errno to indicate failure. So, be consistent with that style. Change-Id: I3eac8f142c36a2e779cda289c07ee374c49e2f6b
/system/netd/client/NetdClient.cpp
|
4d4c8b7e294d845103ecb10f968713717a3e6406 |
|
20-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add getNetworkForSocket(). This doesn't require a roundtrip to netd, since anybody can read the SO_MARK. Change-Id: I51dd17725c4534cb0d5dbc8e93e844e6a7847959
/system/netd/client/NetdClient.cpp
|
31f4210e6fc5c9b749468a2af0bac94992352010 |
|
20-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Return errors explicitly instead of using errno. Change-Id: Ia29f500e747a8c72d13a8f38c3b08c319c8c029a
/system/netd/client/NetdClient.cpp
|
d794e580dbe1a8b4192850b0e117654401514af8 |
|
19-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add a client API to protect a socket from VPNs. The server side hasn't been implemented yet (see FwmarkServer.cpp). A UID can only be in a single VPN at any time, so there's no need to specify a netId or vpnId. Change-Id: Ie9c4590a9900e1ebf28418c4b9c4760cc0a5501a
/system/netd/client/NetdClient.cpp
|
9fa2b130d86fa74eefdb847cf9694059205fd4cb |
|
03-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Use std::atomic<> instead of volatile sig_atomic_t. std::atomic<> comes with true load/store barriers, so it's preferable. Change-Id: Ife47b0e404f41aa74aeb168befd1ff4a6603f3ed
/system/netd/client/NetdClient.cpp
|
2756045bebaac342f7cb70dad11519f896d44833 |
|
31-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Use AF_INET sockets when checking netIds in setNetworkFor{Process,Resolv}(). AF_UNIX sockets don't need to be marked, so we don't give netd the permission to operate on them (cf: netd.te). I.e., netd doesn't expect to receive them. Make sure that the creation of the AF_INET socket doesn't trigger another wasteful check with netd by calling the libc version directly. Bug: 13885501 Change-Id: I6b549232e57cacd47501edcefa4c0b4b79df9da0
/system/netd/client/NetdClient.cpp
|
5fc275794ab41d110abbdb7683ed9db45918985f |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Mark sockets on creation (socket()) and accept4(). Continued from: https://android-review.git.corp.google.com/#/c/95094/ Change-Id: Ib0b8f5d7c5013b91eae6bbc3847852eb355c7714
/system/netd/client/NetdClient.cpp
|
efbe05d203f2f1cc3c24ddc111be159a1ff1f292 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
New network selection APIs. Continued from: https://android-review.git.corp.google.com/#/c/94977/ Change-Id: Ie0576888f50a8ce91bbb0a4794708b406eb0aa35
/system/netd/client/NetdClient.cpp
|
f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd. Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
/system/netd/client/NetdClient.cpp
|