| 328a32e95a3e962d168fad681fb0d3376c209b55 |
|
29-Mar-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Really always allow networking on loopback.
https://android-review.googlesource.com/#/c/294359/ attempted to
allow networking on loopback, but actually does not do anything
because no packet has both -i lo and -o lo: loopback packets have
-i lo in INPUT and -o lo in OUTPUT.
(cherry picked from commit d7e2e8a1238ebd4396e28524ca2104770fbbcf17)
Test: bullhead builds, boots
Test: netd_{unit,integration}_test pass
Test: loopback traffic is matched by new "-i lo" and "-o lo" rules
Test: originated and received traffic is not matched by new rules
Bug: 34444781
Change-Id: Ib7f1d04ea4ae85506c2b0a87bd5aa1378057f07f
/system/netd/tests/binder_test.cpp
|
| 1e299c63fd42f02f23547690275d4f6f9cd5fcc4 |
|
27-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Move createTunInterface to its own test file for use elsewhere.
Bug: 28362720
Test: test-only change. netd_{unit,integration}_test pass.
Change-Id: I89f7c922ae8f8a550db58938dacff92390cc1d0f
/system/netd/tests/binder_test.cpp
|
| fe3cbd68b08553f48a3cea2ea9f365d4dbd424ec |
|
13-Dec-2016 |
Jeff Sharkey <jsharkey@android.com> |
Follow libcutils refactoring.
Change-Id: I1da39d6d125388aa4398d5ee402bbdf3805505ea
/system/netd/tests/binder_test.cpp
|
| 7e05cc933bf45f7a6e6e93027883f0d329a7101e |
|
21-Sep-2016 |
Robin Lee <rgl@google.com> |
Move Stopwatch into its own header
Bug: 29748723
Test: netd_integration_test
(cherry picked from commit cc544162e08dd0df271cd77a3f2c85dbaaa461e2)
Change-Id: I02a9ad8591d1c98f146fe2fe8c3b25a2d752ab55
/system/netd/tests/binder_test.cpp
|
| 1805105559b296e83650f6a3ed6c6dabe898ad33 |
|
06-May-2016 |
Chih-Hung Hsieh <chh@google.com> |
Fix google-explicit-constructor warnings.
Bug: 28341362
Change-Id: Idadc9ad22fdd9d014c8fe0522c89b6ec9d05ae98
/system/netd/tests/binder_test.cpp
|
| 55b06f85b13553b7b0b5a76f650f452d5a9473c5 |
|
04-Jul-2016 |
Erik Kline <ek@google.com> |
Add general /proc/sys/net/ipv[46]/{conf,neigh}/ interface
Bug: 21859053
Bug: 28135208
(cherry picked from commit b218a87e0777d3d2c93231e03ef7315d783e3279)
Change-Id: Ie32c86511b97358d208a4c84a1c69a75c703bf3b
/system/netd/tests/binder_test.cpp
|
| cc4f273830144d415cfba01d65314606c444577d |
|
03-Aug-2016 |
Erik Kline <ek@google.com> |
Add tests for interface add/remove binder API
Bug: 30298058
(cherry picked from commit 46ae27cd20e70393843799efe8de9180295a4953)
Change-Id: I06cd226c75a8cc42eac5b5d1d27031af30c0662e
/system/netd/tests/binder_test.cpp
|
| a95e114a89aee4d7aef32263057beed2e2a31495 |
|
26-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Allow networking on loopback in doze, standby, and powersave.
Restricting networking on loopback is needlessly restrictive
because it doesn't have substantial power impact.
Bug: 30186506
(cherry picked from commit 238e81894de39fe7c5ed74f297c36a4798008247)
Change-Id: I90130f3654a880a743ce6b66994306214d74b05c
/system/netd/tests/binder_test.cpp
|
| 755faa9dae1fbe7cead43702a05fe2821c1573d3 |
|
27-Jul-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Make the socketDestroy tests use a fake tun interface.
On real devices, we often don't want to destroy sockets that
are on loopback. This CL makes our integration tests use
sockets that don't look like they're on loopback, making it
possible to test code that does not destroy sockets that are
on loopback.
Bug: 30186506
(cherry picked from commit 549a0f705849d0a1dcf9de38cbe54edad4a83cd9)
Change-Id: Ic4b8a7cb684010576f0c9c40a037906c7ba4d93d
/system/netd/tests/binder_test.cpp
|
| 8054577a51024c7883f0141181c9c527265c0ee8 |
|
09-Jun-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Don't fail the test if the iptables lock is held.
(cherry picked from commit 98ba4566752d640d97205389781705f7aaea1c63)
Change-Id: I76e303a2dca8fc7500df53181ffe715b2a4398e8
/system/netd/tests/binder_test.cpp
|
| 5bbe13bdc4470d0af2786fc62ad40a8ba8ff5830 |
|
17-May-2016 |
Robin Lee <rgl@google.com> |
Merge "Drop PROHIBIT_NON_VPN priority 11500 -> 12500" into nyc-dev
|
| f157caf303ab397b3d350b33c842f79902058d16 |
|
13-May-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Make firewallReplaceUidChain match the behaviour of createChain.
The behaviour of the firewallReplaceUidChain was incorrect in
several ways:
1. It was missing the "always allow TCP RST packets" rules which
were added in http://ag/963000 .
2. It included a RETURN statement at the end of blacklist chains,
which is superfluous since all user-defined chains implicitly
return, and became incorrect when http://ag/963000 switched the
behaviour of blacklist chains from inserting new rules at the
beginning to appending them at the end.
3. It was missing the rules to allow the types of ICMPv6 packets
that are critical in maintaining connectivity.
By itself, this change is a no-op since nothing currently calls
firewallReplaceUidRule.
Bug: 26675191
Change-Id: I985e6861812908cbe7eaf0f54ca0ad39c22bbfeb
/system/netd/tests/binder_test.cpp
|
| 6c84ef62d953eae93c36ffa831e9b451560afba0 |
|
03-May-2016 |
Robin Lee <rgl@google.com> |
Drop PROHIBIT_NON_VPN priority 11500 -> 12500
So that the rule can be kept up 100% of the time instead of dropping
it when VPN comes on.
Bug: 26694104
Change-Id: I1df6b8f588e54d72e34dbcbd15492513e07fac3d
/system/netd/tests/binder_test.cpp
|
| 563d98b27d02a1d694fc4ed82b5554fd534c9daf |
|
24-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add a binder IPC to close socket connections.
Bug: 27824851
Bug: 27867653
Change-Id: I2e63ccfb268db763ec732594a73c2908838468b8
/system/netd/tests/binder_test.cpp
|
| b8087363143050d214d48e5620a330776ca95a69 |
|
30-Mar-2016 |
Robin Lee <rgl@google.com> |
Server API to only allow networking by VPN apps
Secure virtual networks already create rules to route all traffic into
theirselves. This depends on the secure network already existing.
API creates an ip rule at a priority level below SECURE_VPN which
can catch traffic before VPN comes up, if it is a requirement that no
traffic ever leaves without first going through VPN.
Bug: 26694104
Bug: 26354134
Change-Id: If23df0760c6eb0ad137fc26c5124e48edf23b722
/system/netd/tests/binder_test.cpp
|
| 699aa99dd9bdf850fc70b1a531eb11224304c766 |
|
15-Apr-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Move the Stopwatch class to NetdConstants.
Also implement TimedOperation by subclassing Stopwatch, since
it essentially does the same thing.
Change-Id: I68febcf1caa8a00b548790f9e3ccc10836877639
/system/netd/tests/binder_test.cpp
|
| 464eabecf1174154b8f61845610c3f4f0ca294b3 |
|
25-Mar-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Attempt to make data saver mode work for real.
The data saver refactoring change was incorrect in >= two ways:
1. It relied on the bw_costly_shared chain, which is currently
unused. NetworkManagementService just has a "TODO: support
quota shared across interfaces" comment about it. What
actually happens when setting quota is that each costly
interface chain (e.g., bw_costly_rmnet_data0) directly hooks
in the bw_penalty box chain.
2. Implementing app whitelisting using "RETURN" inside
bw_happy_box was pointless because if data saver was enabled,
there was a REJECT at the end of the bw_costly_shared chain
that it was returning to.
Instead, go back to the previous approach which hooked
bw_happy_box at the end of bw_penalty_box. Also, add an
additional bw_data_saver rule at the end of bw_happy_box.
bw_data_saver only contains one rule: RETURN if data saver is
enabled or REJECT if data saver is disabled.
That way:
1. If the app is blacklisted, bw_penalty_box REJECTs. If not:
2. If the app is whitelisted (system apps are always whitelisted)
bw_happy_box RETURNs to bw_costly_rmnet_data0, skipping
bw_data_saver.
3. If an app is neither blacklisted nor whitelisted, bw_happy_box
jumps to bw_data_saver. If data saver is enabled, it REJECTs
the packet, and if not, it RETURNs to bw_costly_rmnet_data0.
4. When we RETURN to bw_costly_rmnet_data0, either because the
app is whitelisted, or because data saver is off,
bw_costly_rmnet_data0 applies mobile data usage limits,
and then RETURNs to bw_OUTPUT, which calls xt_qtaguid, etc.
Bug: 26685616
Bug: 27506285
Change-Id: If15397afde6862d95827a1fdd30f60efd7fab66a
/system/netd/tests/binder_test.cpp
|
| dedd271d9961dbe8b99ffa7d54ffd63ac326f866 |
|
21-Mar-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add a binder RPC to enable/disable data saver.
Bug: 26685616
Bug: 27506285
Change-Id: Id11ee717cfc1c79070b6bbec397986c25947646c
/system/netd/tests/binder_test.cpp
|
| 89faa349525ad1110b6fa3f2149e6ef825c65662 |
|
26-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Add an RPC to replace a UID firewall rule.
Also add a binder_test that exercises binder RPCs to the real
netd service running on the device
Bug: 21725996
Bug: 27239233
Change-Id: Ic83d81605021a0578d6cd32f889290be61d76125
/system/netd/tests/binder_test.cpp
|