328a32e95a3e962d168fad681fb0d3376c209b55 |
|
29-Mar-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Really always allow networking on loopback. https://android-review.googlesource.com/#/c/294359/ attempted to allow networking on loopback, but actually does not do anything because no packet has both -i lo and -o lo: loopback packets have -i lo in INPUT and -o lo in OUTPUT. (cherry picked from commit d7e2e8a1238ebd4396e28524ca2104770fbbcf17) Test: bullhead builds, boots Test: netd_{unit,integration}_test pass Test: loopback traffic is matched by new "-i lo" and "-o lo" rules Test: originated and received traffic is not matched by new rules Bug: 34444781 Change-Id: Ib7f1d04ea4ae85506c2b0a87bd5aa1378057f07f
/system/netd/tests/binder_test.cpp
|
1e299c63fd42f02f23547690275d4f6f9cd5fcc4 |
|
27-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Move createTunInterface to its own test file for use elsewhere. Bug: 28362720 Test: test-only change. netd_{unit,integration}_test pass. Change-Id: I89f7c922ae8f8a550db58938dacff92390cc1d0f
/system/netd/tests/binder_test.cpp
|
fe3cbd68b08553f48a3cea2ea9f365d4dbd424ec |
|
13-Dec-2016 |
Jeff Sharkey <jsharkey@android.com> |
Follow libcutils refactoring. Change-Id: I1da39d6d125388aa4398d5ee402bbdf3805505ea
/system/netd/tests/binder_test.cpp
|
7e05cc933bf45f7a6e6e93027883f0d329a7101e |
|
21-Sep-2016 |
Robin Lee <rgl@google.com> |
Move Stopwatch into its own header Bug: 29748723 Test: netd_integration_test (cherry picked from commit cc544162e08dd0df271cd77a3f2c85dbaaa461e2) Change-Id: I02a9ad8591d1c98f146fe2fe8c3b25a2d752ab55
/system/netd/tests/binder_test.cpp
|
1805105559b296e83650f6a3ed6c6dabe898ad33 |
|
06-May-2016 |
Chih-Hung Hsieh <chh@google.com> |
Fix google-explicit-constructor warnings. Bug: 28341362 Change-Id: Idadc9ad22fdd9d014c8fe0522c89b6ec9d05ae98
/system/netd/tests/binder_test.cpp
|
55b06f85b13553b7b0b5a76f650f452d5a9473c5 |
|
04-Jul-2016 |
Erik Kline <ek@google.com> |
Add general /proc/sys/net/ipv[46]/{conf,neigh}/ interface Bug: 21859053 Bug: 28135208 (cherry picked from commit b218a87e0777d3d2c93231e03ef7315d783e3279) Change-Id: Ie32c86511b97358d208a4c84a1c69a75c703bf3b
/system/netd/tests/binder_test.cpp
|
cc4f273830144d415cfba01d65314606c444577d |
|
03-Aug-2016 |
Erik Kline <ek@google.com> |
Add tests for interface add/remove binder API Bug: 30298058 (cherry picked from commit 46ae27cd20e70393843799efe8de9180295a4953) Change-Id: I06cd226c75a8cc42eac5b5d1d27031af30c0662e
/system/netd/tests/binder_test.cpp
|
a95e114a89aee4d7aef32263057beed2e2a31495 |
|
26-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Allow networking on loopback in doze, standby, and powersave. Restricting networking on loopback is needlessly restrictive because it doesn't have substantial power impact. Bug: 30186506 (cherry picked from commit 238e81894de39fe7c5ed74f297c36a4798008247) Change-Id: I90130f3654a880a743ce6b66994306214d74b05c
/system/netd/tests/binder_test.cpp
|
755faa9dae1fbe7cead43702a05fe2821c1573d3 |
|
27-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Make the socketDestroy tests use a fake tun interface. On real devices, we often don't want to destroy sockets that are on loopback. This CL makes our integration tests use sockets that don't look like they're on loopback, making it possible to test code that does not destroy sockets that are on loopback. Bug: 30186506 (cherry picked from commit 549a0f705849d0a1dcf9de38cbe54edad4a83cd9) Change-Id: Ic4b8a7cb684010576f0c9c40a037906c7ba4d93d
/system/netd/tests/binder_test.cpp
|
8054577a51024c7883f0141181c9c527265c0ee8 |
|
09-Jun-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Don't fail the test if the iptables lock is held. (cherry picked from commit 98ba4566752d640d97205389781705f7aaea1c63) Change-Id: I76e303a2dca8fc7500df53181ffe715b2a4398e8
/system/netd/tests/binder_test.cpp
|
5bbe13bdc4470d0af2786fc62ad40a8ba8ff5830 |
|
17-May-2016 |
Robin Lee <rgl@google.com> |
Merge "Drop PROHIBIT_NON_VPN priority 11500 -> 12500" into nyc-dev
|
f157caf303ab397b3d350b33c842f79902058d16 |
|
13-May-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Make firewallReplaceUidChain match the behaviour of createChain. The behaviour of the firewallReplaceUidChain was incorrect in several ways: 1. It was missing the "always allow TCP RST packets" rules which were added in http://ag/963000 . 2. It included a RETURN statement at the end of blacklist chains, which is superfluous since all user-defined chains implicitly return, and became incorrect when http://ag/963000 switched the behaviour of blacklist chains from inserting new rules at the beginning to appending them at the end. 3. It was missing the rules to allow the types of ICMPv6 packets that are critical in maintaining connectivity. By itself, this change is a no-op since nothing currently calls firewallReplaceUidRule. Bug: 26675191 Change-Id: I985e6861812908cbe7eaf0f54ca0ad39c22bbfeb
/system/netd/tests/binder_test.cpp
|
6c84ef62d953eae93c36ffa831e9b451560afba0 |
|
03-May-2016 |
Robin Lee <rgl@google.com> |
Drop PROHIBIT_NON_VPN priority 11500 -> 12500 So that the rule can be kept up 100% of the time instead of dropping it when VPN comes on. Bug: 26694104 Change-Id: I1df6b8f588e54d72e34dbcbd15492513e07fac3d
/system/netd/tests/binder_test.cpp
|
563d98b27d02a1d694fc4ed82b5554fd534c9daf |
|
24-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add a binder IPC to close socket connections. Bug: 27824851 Bug: 27867653 Change-Id: I2e63ccfb268db763ec732594a73c2908838468b8
/system/netd/tests/binder_test.cpp
|
b8087363143050d214d48e5620a330776ca95a69 |
|
30-Mar-2016 |
Robin Lee <rgl@google.com> |
Server API to only allow networking by VPN apps Secure virtual networks already create rules to route all traffic into theirselves. This depends on the secure network already existing. API creates an ip rule at a priority level below SECURE_VPN which can catch traffic before VPN comes up, if it is a requirement that no traffic ever leaves without first going through VPN. Bug: 26694104 Bug: 26354134 Change-Id: If23df0760c6eb0ad137fc26c5124e48edf23b722
/system/netd/tests/binder_test.cpp
|
699aa99dd9bdf850fc70b1a531eb11224304c766 |
|
15-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Move the Stopwatch class to NetdConstants. Also implement TimedOperation by subclassing Stopwatch, since it essentially does the same thing. Change-Id: I68febcf1caa8a00b548790f9e3ccc10836877639
/system/netd/tests/binder_test.cpp
|
464eabecf1174154b8f61845610c3f4f0ca294b3 |
|
25-Mar-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Attempt to make data saver mode work for real. The data saver refactoring change was incorrect in >= two ways: 1. It relied on the bw_costly_shared chain, which is currently unused. NetworkManagementService just has a "TODO: support quota shared across interfaces" comment about it. What actually happens when setting quota is that each costly interface chain (e.g., bw_costly_rmnet_data0) directly hooks in the bw_penalty box chain. 2. Implementing app whitelisting using "RETURN" inside bw_happy_box was pointless because if data saver was enabled, there was a REJECT at the end of the bw_costly_shared chain that it was returning to. Instead, go back to the previous approach which hooked bw_happy_box at the end of bw_penalty_box. Also, add an additional bw_data_saver rule at the end of bw_happy_box. bw_data_saver only contains one rule: RETURN if data saver is enabled or REJECT if data saver is disabled. That way: 1. If the app is blacklisted, bw_penalty_box REJECTs. If not: 2. If the app is whitelisted (system apps are always whitelisted) bw_happy_box RETURNs to bw_costly_rmnet_data0, skipping bw_data_saver. 3. If an app is neither blacklisted nor whitelisted, bw_happy_box jumps to bw_data_saver. If data saver is enabled, it REJECTs the packet, and if not, it RETURNs to bw_costly_rmnet_data0. 4. When we RETURN to bw_costly_rmnet_data0, either because the app is whitelisted, or because data saver is off, bw_costly_rmnet_data0 applies mobile data usage limits, and then RETURNs to bw_OUTPUT, which calls xt_qtaguid, etc. Bug: 26685616 Bug: 27506285 Change-Id: If15397afde6862d95827a1fdd30f60efd7fab66a
/system/netd/tests/binder_test.cpp
|
dedd271d9961dbe8b99ffa7d54ffd63ac326f866 |
|
21-Mar-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add a binder RPC to enable/disable data saver. Bug: 26685616 Bug: 27506285 Change-Id: Id11ee717cfc1c79070b6bbec397986c25947646c
/system/netd/tests/binder_test.cpp
|
89faa349525ad1110b6fa3f2149e6ef825c65662 |
|
26-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add an RPC to replace a UID firewall rule. Also add a binder_test that exercises binder RPCs to the real netd service running on the device Bug: 21725996 Bug: 27239233 Change-Id: Ic83d81605021a0578d6cd32f889290be61d76125
/system/netd/tests/binder_test.cpp
|