a2d039c860379779bc079bc0e800d7b472e7bb3f |
|
01-Sep-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Merge changes Ifd209207,Ib7440f93,Idc80bfd4 * changes: Rename natctrl_* iptables rules to tetherctrl_* Remove support for filtering tether stats. Move all tethering functionality into TetherController.
|
a93126d6a1fb762537916adf2f103f893689e50f |
|
24-Aug-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Move all tethering functionality into TetherController. This includes the entirety of NatController and relevant parts of BandwidthController (specifically, getTetherStats and its dependencies). This will make the code easier to understand and allow netd to privide a simpler API to the framework (e.g., by providing higher-level methods that perform what today are multiple operations from the framework's point of view). It will also reduce duplication of state (e.g., interface pairs kept by NatController partially overlap with downstream interfaces kept by TetherController) and avoid dependencies between controllers. This CL makes no functional changes. The only code changes are the ones necessary for compilation. Specifically: - Move some methods into IptablesBaseTest.cpp so they can be used from two test classes. - Change TetherController::iptablesRestoreFunction to the three-argument used by the erstwhile BandwidthController tests. Where appropriate, variable names have been changed, but strings that actually appear on device, such as iptables rule names, are left as is and will be changed in a future CL. Bug: 32163131 Bug: 64995262 Test: bullhead builds, boots Test: netd_{unit,integration}_test pass Change-Id: Idc80bfd424ce011826305f84b1cc98e741698601
/system/netd/server/CommandListener.h
|
548bbd4643841bbd058c31e832af5e9d213edf90 |
|
28-Aug-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Ensure the sockets we inherit from init are FD_CLOEXEC. Bug: 65104811 Test: bullhead builds, boots Test: lsof of iptables-restore doesn't show /dev/socket/netd and friends Change-Id: I64c7c30364662147ae1b010500635f8ce21b2d0a
/system/netd/server/CommandListener.h
|
7035f228d17e925116b1b64a7c917b3196ab8818 |
|
13-Feb-2017 |
Lorenzo Colitti <lorenzo@google.com> |
Put most of netd into the android::net namespace. Test: netd_{unit,integration}_test pass Test: bullhead builds, boots Bug: 34873832 Change-Id: I0a252328041b342f9c03cd08c11a69d452b045b3
/system/netd/server/CommandListener.h
|
a62db754d9c78c352f64dc9d07877eb84a75b547 |
|
02-Aug-2016 |
Christopher Wiley <wiley@google.com> |
Remove WiFi related logic from netd This is now managed by wificond. Bug: 30041228 Test: There were no more callsites for the corresponding methods in NetworkManagementService. Change-Id: Ia07a8819f8b46e15695819c6beb64d69b0dcfde1 (cherry picked from commit ac392585811ea4488116342fc3bc3b9925bbfd8a)
/system/netd/server/CommandListener.h
|
1f643e5d79a011ee816f0fd5cf82a5d123493e84 |
|
05-Apr-2016 |
Pierre Imai <imaipi@google.com> |
resolve merge conflicts of bd1fa02 to nyc-dev-plus-aosp Change-Id: Ieb8227b4e7b7bebe469d24737835d0b7c5753bc4
|
12f6baf16328cdeea8f079616c2c44ac28f82496 |
|
09-Mar-2016 |
Pierre Imai <imaipi@google.com> |
Let netd to use the new set_nameservers_for_net call. Also add more test for netd's resolver. Change-Id: I79fa6c2d754ace6a76804afccf60c4443b49bf6a
/system/netd/server/CommandListener.h
|
ddf2d5bc87fe6de7cae2b73a17dbaf35033565ca |
|
26-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Allow finer-grained locking, and use it in FirewallCmd. FirewallController is stateless and FirewallCmd does not access any other controllers, so it is safe not to take the big netd lock. Bug: 27239233 Change-Id: I246696c4b17fa005c7d6b38ecd627747aa608831
/system/netd/server/CommandListener.h
|
1cfa54374f5ba63d69d6fcca767c4f6647cb6de2 |
|
24-Feb-2016 |
Pierre Imai <imaipi@google.com> |
Wrap netd's controller to make them usable from other classes Change-Id: Icb76b43e89c5a9e5806b95002d3653dd99912494
/system/netd/server/CommandListener.h
|
e4d626ea35b7a402388b524e2feafc81e6387697 |
|
02-Feb-2016 |
Lorenzo Colitti <lorenzo@google.com> |
Initial netd binder interface. In this change: 1. AIDL files for a new, android.net.INetd service, and corresponding implementation using generated code. For now the interface is just a prototype: it only has one trivial method. 2. Permission checking code to check for CONNECTIVITY_INTERNAL. 3. Add a Big Netd Lock and provide a wrapper that makes it easy to ensure that it is taken by every CommandListener command. Bug: 27239233 Change-Id: I448d0ac233edd0e351a7fe7f13901fb6871683a2
/system/netd/server/CommandListener.h
|
1cdfa9adfa584029cb6d9ac13a2896786001b3a1 |
|
09-Jun-2015 |
Xiaohui Chen <xiaohuic@google.com> |
netd: add two child chains to firewall This is an attempt to speed up getting out of device idle. It groups uid firewall rules in these child chains so we can attach/detach a whole chain instead of individual uid rules. BUG:21446713 Change-Id: I61dc7d14110e633c5994e466481b9cac633a7a4f
/system/netd/server/CommandListener.h
|
390e4ea8106f9e741bc80fb962aaee94d5b28cbb |
|
26-Apr-2015 |
Amith Yamasani <yamasani@google.com> |
Blacklist uids for network access FirewallController can now be in blacklist mode (aka disabled) or whitelist mode (aka enabled). Some of the methods don't do anything when in blacklist mode. Uid rules updated to allow dropping packets to uids that shouldn't get any network access, usually for idle apps. Added a wait option to iptables calls to make sure it doesn't fail if there's contention. Fixes a flakiness I was seeing in removing rules. Bug: 20066058 Change-Id: I815bcb45aa06d04020e902df8c67bb3894e98f40
/system/netd/server/CommandListener.h
|
fbe497fcd808e4317572ad48c42545105309a347 |
|
29-Oct-2014 |
Jeff Sharkey <jsharkey@android.com> |
Offer to detect non-SSL/TLS network traffic. Introduces new module that provides network-related features for the StrictMode developer API. The first feature offers to detect sockets sending data not wrapped inside a layer of SSL/TLS encryption. This carefully only adds overhead to UIDs that have requested detection, and it uses CONNMARK to quickly accept/reject packets from streams that have already been inspected. Detection is done by looking for a well-known TLS handshake header; it's not future proof, but it's a good start. Handles both IPv4 and IPv6. When requested, we also log the triggering packet through NFLOG and back up to the framework to aid investigation. Bug: 18335678 Change-Id: Ie8fab785139dfb55a71b6dc7a0f3c75a8408224b
/system/netd/server/CommandListener.h
|
1604e18615f824adb2d54c36320069ba6fcb4796 |
|
20-Jul-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Cleanup: Delete dead code. Bug: 15413389 Change-Id: I315468832ef18ffc84174e54774ab63b86d284dc
/system/netd/server/CommandListener.h
|
f4f6c8de3f091be4b91a5a9d7f14e8882ec6d502 |
|
23-Jun-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Refactor: Encapsulate permissions and interfaces into a Network class. Currently, there's a lot of logic in NetworkController surrounding events such as interface addition/removal, network creation/destruction and default network change, because these events are interwined. For example, adding an interface means also adding a corresponding default network rule if the interface is being added to the current default network. When we introduce VPNs into this mix, things will get hairy real quick for all this logic in NetworkController. In this refactor, we introduce an abstract base class Network which supports adding and removing interfaces. The main concrete implementation of this is PhysicalNetwork, which allows setting permissions and "default network" state. Since we've moved network permissions into the above class, and user permissions into NetworkController, PermissionsController is unused and has been removed. Also fix a few bugs in RouteController: + Use uidEnd correctly. + Check for all error cases in inet_pton. + Check the return value of android_fork_execvp() correctly. + The "return cmd1() && cmd2()" pattern is wrong. Rewrite that code. Also (non-functional changes): + Remove instantiations of RouteController. It has static methods only. + Reorder some blocks in CommandListener so that the most frequent commands are checked first. + Remove unused paramError() and clearNetworkPreference(). + Change all return codes to int (negative errno) wherever applicable. + Add WARN_UNUSED_RESULT everywhere. + Cleanup some style in RouteController and NetworkController. + Use uid_t instead of unsigned for user IDs. + Add clearer log messages at the source of failures. + Add a check for when fwmark bits are set without corresponding mask bits. Bug: 15409918 Change-Id: Ibba78b0850160f9f3d17d476f16331a6db0025d1
/system/netd/server/CommandListener.h
|
f4cfad361175a7f9ccf4d41e76a9b289c3c3da22 |
|
21-May-2014 |
Sreeram Ramachandran <sreeram@google.com> |
Move netd_client into netd. Change-Id: Ie4b6b303225c93f2448a503d6ea9cebb552cbad5
/system/netd/server/CommandListener.h
|