| d1df597001aadd5d83c9a3d1fe8bbde2bc9256ca |
|
06-May-2015 |
Paul Jensen <pauljensen@google.com> |
Add FwmarkServer support for querying whether a UID can access a NetID
This new FwmarkServer API is only accessible from system apps.
Bug:20470604
Change-Id: Ie2376cdddc10f658fcc5802ef3e8dc9f1948d5c0
/system/netd/include/NetdClient.h
|
| a69d9472ac48d4e09f049fb740e60b7217e03861 |
|
12-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Introduce a SELECT_FOR_USER fwmarkd command.
This lets SYSTEM apps mark a socket with the network that would apply to an
arbitrary UID. I.e., either the VPN that applies to that user, or the default
network, if there's no such VPN.
This command will be used by system apps that proxy stuff for a user, so that
they can route the same way that user would have. Examples of such system apps
are the DnsProxyListener, MediaServer and DownloadManager.
The "explicit" bit is NOT set, so that if the user's VPN is a split tunnel, the
route lookup will fall-through to the default network as desired.
The "protect" bit is set, so that the socket bypasses any VPN applicable to the
system app itself. Note that even if the uid being proxied for is also subject
to the same VPN, this still works because the relevant rule doesn't care about
the protected bit (see modifyVpnSystemPermissionRule() in RouteController.cpp).
Change-Id: I4d501e5214b127f4ae9eaeb7befb1751cd102308
/system/netd/include/NetdClient.h
|
| 3a069e6a76752a0ee73c60f276ae362d1c01467f |
|
22-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Return negative errno (instead of positive) on failure.
http://ag/489245 changed some return values from bools to errno values. However,
in forthcoming CLs, @lorenzo uses the convention of negative errno to indicate
failure. So, be consistent with that style.
Change-Id: I3eac8f142c36a2e779cda289c07ee374c49e2f6b
/system/netd/include/NetdClient.h
|
| 4d4c8b7e294d845103ecb10f968713717a3e6406 |
|
20-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add getNetworkForSocket().
This doesn't require a roundtrip to netd, since anybody can read the SO_MARK.
Change-Id: I51dd17725c4534cb0d5dbc8e93e844e6a7847959
/system/netd/include/NetdClient.h
|
| 31f4210e6fc5c9b749468a2af0bac94992352010 |
|
20-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Return errors explicitly instead of using errno.
Change-Id: Ia29f500e747a8c72d13a8f38c3b08c319c8c029a
/system/netd/include/NetdClient.h
|
| d794e580dbe1a8b4192850b0e117654401514af8 |
|
19-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Add a client API to protect a socket from VPNs.
The server side hasn't been implemented yet (see FwmarkServer.cpp).
A UID can only be in a single VPN at any time, so there's no need
to specify a netId or vpnId.
Change-Id: Ie9c4590a9900e1ebf28418c4b9c4760cc0a5501a
/system/netd/include/NetdClient.h
|
| efbe05d203f2f1cc3c24ddc111be159a1ff1f292 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
New network selection APIs.
Continued from: https://android-review.git.corp.google.com/#/c/94977/
Change-Id: Ie0576888f50a8ce91bbb0a4794708b406eb0aa35
/system/netd/include/NetdClient.h
|