| a2d039c860379779bc079bc0e800d7b472e7bb3f |
|
01-Sep-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Merge changes Ifd209207,Ib7440f93,Idc80bfd4
* changes:
Rename natctrl_* iptables rules to tetherctrl_*
Remove support for filtering tether stats.
Move all tethering functionality into TetherController.
|
| a93126d6a1fb762537916adf2f103f893689e50f |
|
24-Aug-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Move all tethering functionality into TetherController.
This includes the entirety of NatController and relevant
parts of BandwidthController (specifically, getTetherStats
and its dependencies).
This will make the code easier to understand and allow netd to
privide a simpler API to the framework (e.g., by providing
higher-level methods that perform what today are multiple
operations from the framework's point of view).
It will also reduce duplication of state (e.g., interface pairs
kept by NatController partially overlap with downstream
interfaces kept by TetherController) and avoid dependencies
between controllers.
This CL makes no functional changes. The only code changes are
the ones necessary for compilation. Specifically:
- Move some methods into IptablesBaseTest.cpp so they can be
used from two test classes.
- Change TetherController::iptablesRestoreFunction to the
three-argument used by the erstwhile BandwidthController
tests.
Where appropriate, variable names have been changed, but strings
that actually appear on device, such as iptables rule names, are
left as is and will be changed in a future CL.
Bug: 32163131
Bug: 64995262
Test: bullhead builds, boots
Test: netd_{unit,integration}_test pass
Change-Id: Idc80bfd424ce011826305f84b1cc98e741698601
/system/netd/server/CommandListener.h
|
| 548bbd4643841bbd058c31e832af5e9d213edf90 |
|
28-Aug-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Ensure the sockets we inherit from init are FD_CLOEXEC.
Bug: 65104811
Test: bullhead builds, boots
Test: lsof of iptables-restore doesn't show /dev/socket/netd and friends
Change-Id: I64c7c30364662147ae1b010500635f8ce21b2d0a
/system/netd/server/CommandListener.h
|
| 7035f228d17e925116b1b64a7c917b3196ab8818 |
|
13-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Put most of netd into the android::net namespace.
Test: netd_{unit,integration}_test pass
Test: bullhead builds, boots
Bug: 34873832
Change-Id: I0a252328041b342f9c03cd08c11a69d452b045b3
/system/netd/server/CommandListener.h
|
| a62db754d9c78c352f64dc9d07877eb84a75b547 |
|
02-Aug-2016 |
Christopher Wiley <wiley@google.com> |
Remove WiFi related logic from netd
This is now managed by wificond.
Bug: 30041228
Test: There were no more callsites for the corresponding methods
in NetworkManagementService.
Change-Id: Ia07a8819f8b46e15695819c6beb64d69b0dcfde1
(cherry picked from commit ac392585811ea4488116342fc3bc3b9925bbfd8a)
/system/netd/server/CommandListener.h
|
| 1f643e5d79a011ee816f0fd5cf82a5d123493e84 |
|
05-Apr-2016 |
Pierre Imai <imaipi@google.com> |
resolve merge conflicts of bd1fa02 to nyc-dev-plus-aosp
Change-Id: Ieb8227b4e7b7bebe469d24737835d0b7c5753bc4
|
| 12f6baf16328cdeea8f079616c2c44ac28f82496 |
|
09-Mar-2016 |
Pierre Imai <imaipi@google.com> |
Let netd to use the new set_nameservers_for_net call.
Also add more test for netd's resolver.
Change-Id: I79fa6c2d754ace6a76804afccf60c4443b49bf6a
/system/netd/server/CommandListener.h
|
| ddf2d5bc87fe6de7cae2b73a17dbaf35033565ca |
|
26-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Allow finer-grained locking, and use it in FirewallCmd.
FirewallController is stateless and FirewallCmd does not access
any other controllers, so it is safe not to take the big netd
lock.
Bug: 27239233
Change-Id: I246696c4b17fa005c7d6b38ecd627747aa608831
/system/netd/server/CommandListener.h
|
| 1cfa54374f5ba63d69d6fcca767c4f6647cb6de2 |
|
24-Feb-2016 |
Pierre Imai <imaipi@google.com> |
Wrap netd's controller to make them usable from other classes
Change-Id: Icb76b43e89c5a9e5806b95002d3653dd99912494
/system/netd/server/CommandListener.h
|
| e4d626ea35b7a402388b524e2feafc81e6387697 |
|
02-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Initial netd binder interface.
In this change:
1. AIDL files for a new, android.net.INetd service, and
corresponding implementation using generated code. For now the
interface is just a prototype: it only has one trivial method.
2. Permission checking code to check for CONNECTIVITY_INTERNAL.
3. Add a Big Netd Lock and provide a wrapper that makes it easy
to ensure that it is taken by every CommandListener command.
Bug: 27239233
Change-Id: I448d0ac233edd0e351a7fe7f13901fb6871683a2
/system/netd/server/CommandListener.h
|
| 1cdfa9adfa584029cb6d9ac13a2896786001b3a1 |
|
09-Jun-2015 |
Xiaohui Chen <xiaohuic@google.com> |
netd: add two child chains to firewall
This is an attempt to speed up getting out of device idle. It groups
uid firewall rules in these child chains so we can attach/detach a whole
chain instead of individual uid rules.
BUG:21446713
Change-Id: I61dc7d14110e633c5994e466481b9cac633a7a4f
/system/netd/server/CommandListener.h
|
| 390e4ea8106f9e741bc80fb962aaee94d5b28cbb |
|
26-Apr-2015 |
Amith Yamasani <yamasani@google.com> |
Blacklist uids for network access
FirewallController can now be in blacklist mode (aka disabled)
or whitelist mode (aka enabled).
Some of the methods don't do anything when in blacklist mode.
Uid rules updated to allow dropping packets to uids that
shouldn't get any network access, usually for idle apps.
Added a wait option to iptables calls to make sure it doesn't
fail if there's contention. Fixes a flakiness I was seeing in
removing rules.
Bug: 20066058
Change-Id: I815bcb45aa06d04020e902df8c67bb3894e98f40
/system/netd/server/CommandListener.h
|
| fbe497fcd808e4317572ad48c42545105309a347 |
|
29-Oct-2014 |
Jeff Sharkey <jsharkey@android.com> |
Offer to detect non-SSL/TLS network traffic.
Introduces new module that provides network-related features for
the StrictMode developer API. The first feature offers to detect
sockets sending data not wrapped inside a layer of SSL/TLS
encryption.
This carefully only adds overhead to UIDs that have requested
detection, and it uses CONNMARK to quickly accept/reject packets
from streams that have already been inspected. Detection is done
by looking for a well-known TLS handshake header; it's not future
proof, but it's a good start. Handles both IPv4 and IPv6.
When requested, we also log the triggering packet through NFLOG and
back up to the framework to aid investigation.
Bug: 18335678
Change-Id: Ie8fab785139dfb55a71b6dc7a0f3c75a8408224b
/system/netd/server/CommandListener.h
|
| 1604e18615f824adb2d54c36320069ba6fcb4796 |
|
20-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Cleanup: Delete dead code.
Bug: 15413389
Change-Id: I315468832ef18ffc84174e54774ab63b86d284dc
/system/netd/server/CommandListener.h
|
| f4f6c8de3f091be4b91a5a9d7f14e8882ec6d502 |
|
23-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Refactor: Encapsulate permissions and interfaces into a Network class.
Currently, there's a lot of logic in NetworkController surrounding events such
as interface addition/removal, network creation/destruction and default network
change, because these events are interwined. For example, adding an interface
means also adding a corresponding default network rule if the interface is being
added to the current default network.
When we introduce VPNs into this mix, things will get hairy real quick for all
this logic in NetworkController.
In this refactor, we introduce an abstract base class Network which supports
adding and removing interfaces. The main concrete implementation of this is
PhysicalNetwork, which allows setting permissions and "default network" state.
Since we've moved network permissions into the above class, and user permissions
into NetworkController, PermissionsController is unused and has been removed.
Also fix a few bugs in RouteController:
+ Use uidEnd correctly.
+ Check for all error cases in inet_pton.
+ Check the return value of android_fork_execvp() correctly.
+ The "return cmd1() && cmd2()" pattern is wrong. Rewrite that code.
Also (non-functional changes):
+ Remove instantiations of RouteController. It has static methods only.
+ Reorder some blocks in CommandListener so that the most frequent commands are
checked first.
+ Remove unused paramError() and clearNetworkPreference().
+ Change all return codes to int (negative errno) wherever applicable.
+ Add WARN_UNUSED_RESULT everywhere.
+ Cleanup some style in RouteController and NetworkController.
+ Use uid_t instead of unsigned for user IDs.
+ Add clearer log messages at the source of failures.
+ Add a check for when fwmark bits are set without corresponding mask bits.
Bug: 15409918
Change-Id: Ibba78b0850160f9f3d17d476f16331a6db0025d1
/system/netd/server/CommandListener.h
|
| f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd.
Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
/system/netd/server/CommandListener.h
|