| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL changes the valid subPriority range from 0-999 to 0-998 and uses
999 as a special value that does not set the network as the default for
the given uids.
We have evaluated adding a boolean to the UidRangesParcel, but that
would require us to keep track of it in mUidRangeMap and separating
Network::appliesToUser into two functions (isUsersDefaultNetwork and
doesUserHaveAccess). In addition, per uid deny rules are not supported,
so there is really no benefit to the use of multiple subPriorities in
explicit and implicit rules.
Test: atest PerAppNetworkPermissionsTest
Change-Id: I7522de13e36f2bdc3d192264d78b96423d76c607
|
| |
|
|
|
|
|
|
| |
Rename DEFAULT_SUB_PRIORITY to SUB_PRIORITY_HIGHEST and
LOWEST_SUB_PRIORITY to SUB_PRIORITY_LOWEST.
Test: builds
Change-Id: Ic62ad37d8bb2fafa488589e2e25f8c890c5dd649
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a preparation change for separating routing for the
bypassable VPN network. The routing will need to be updated
depending on whether the local traffic is excluded in the VPN
network. This member is expected to be used in VPN network
only, so add it in the VirtualNetwork, instead of Network.
Bug: 184750836
Test: cd system/netd ; atest
Change-Id: I0aac077c0ab82df1da0cf7db82f99210485b6ff1
|
| |
|
|
|
|
|
|
|
| |
Signed integer gives us flexibility to use negative number (like -1)
for special purposes in the future.
Bug: N/A
Test: atest
Change-Id: I1e930459c9ed9d3834613473430c9570dc1a302a
|
| |
|
|
|
|
|
|
|
| |
TrafficController.
Test: m; flash; boot
Test: atest InterfaceControllerTest TrafficControllerTest
Test: atest XfrmControllerTest netd_integration_test
Change-Id: I0dd7e2a94743ac03235db35f4e40338c19fd5403
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Log:
NetworkController
Permission of users:
NETWORK: 1002, 10131, 10142, 10153
SYSTEM: 1000, 1001, 1073, 2000, 10070, 10093, 10095, 10111, 10112, 10116, 10117, 10124, 10152
Bug: 204260474
Test: build / flash / adb shell dumpsys netd
Change-Id: Idf799b91382d9c139225d55f38d33860d51a1995
|
| |\
| |
| |
| |
| |
| | |
* changes:
Add "throw" and "unreachable" routes to NetdBinderTest
Use route priority only for route cache invalidation
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For routes cache invalidation we add and remove default throw routes
with low priority. Initial implementation set low priority for all
default throw routes, which didn't matter at the time, since throw
routes were not commonly used.
Now, throw routes are going to become more common (e.g. used in VPN
routing tables). This CL makes sure we only set low priority on
default throw routes if they are used for route cache invalidation.
Bug: 186082280
Test: atest NetdBinderTest
Change-Id: I4d457152c4177528ca9766a7909bc3ee51319a33
|
| |/
|
|
|
| |
Test: m
Change-Id: I40082f7d56f4d3ba088ebcab9417b4d2da0d6ba2
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dump UID ranges of each network.
$ adb shell dumpsys netd
...
Networks:
...
51 DUMMY dummy0
52 UNREACHABLE
prio 1 uids{ 99995 }
99 LOCAL
65502 PHYSICAL netde1291
Required permission: NONE
prio 1 uids{ 99998 99999 }; prio 2 uids{ 99997 }
65503 VIRTUAL netd15920
prio 0 uids{ 99999 }
Bug: 182460808
Test: atest NetdBinderTest & adb shell dumpsys netd
Change-Id: Ic167f5b37b97390c3b9f0a87856e90fcb1bafdc5
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Network preference per-profile and OEM network preferences can't be set
at the same time, because it is unclear what should happen if both
preferences are active for one given UID. Therefore, it needs a
parameter for ConnectivityService to specify which preference is prior
to others.
In this commit:
1. Adds a pair of methods with parcelable parameter, which currently
includes netId, UID range array and subsidiary priority.
2. The subsidiary priority will be used to adjust the original IP rule
priority. UID ranges can applies to different network with different
subsidiary priority. But a single UID should not apply to multiple
networks with the same subsidiary priority.
3. The possible value of subsidiary priority for physical and
unreachable networks is 0-999. 0 is the highest priority. 0 is also
the default value. Virtual network supports only the default value.
4. Netd and its tests reference to latest AIDL version (unstable).
Bug: 182460808
Test: m; flash; cd system/netd/; atest
Test: atest FrameworksNetTests
Test: atest HostsideVpnTests
Change-Id: I94e8830d0a21ffcca17757fe4783a4be9438c8b4
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
OEMs need VPN type information in Netd for customization. According to
stable AIDL rules, Netd can neither extend parameters in the existing
networkCreateVpn, nor add a new API with the identical name (function
overloading). Thus, add an extensible API which can create physical
network, virtual network, and so on. Deprecate networkCreatePhysical
and networkCreateVpn.
Bug: 171872481
Test: atest
Change-Id: I9094593c902d91d90a8210960c608f0a50f163ff
|
| |
|
|
|
|
|
|
|
|
| |
Somehow netd may stuck during initialization. We don't have enough
information to know which step it is stuck. Add traces to narrow down
scope.
Test: adb logcat | grep netd
Bug: 183677095
Change-Id: Ib7bba4301e238c8cc3f6e8ea11bdcbe86f68f4e4
|
| |
|
|
|
|
|
|
|
| |
Enumeration Network::Type and member function Network::getType() can be
removed after aosp/1657760. Specializations of each type of network are
implemented in subclass. No functionality changes.
Test: atest
Change-Id: Ib57bf26e4f0a60f7f01bec3109fb84458fb3abfb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Let UID_DEFAULT_NETWORK has higher priority than
UID_DEFAULT_UNREACHABLE. Otherwise, the app will be told by
ConnectivityService that it has a network in step 1 of the scenario
below, which may potentially cause a user-visible error.
framework --> netd
step 1: add uid to OEM-paid network list
step 2: remove uid from unreachable network
Test: atest
Change-Id: I3fa49449b9d593b4a0346e8c2cb8d334628c0294
|
| |
|
|
|
|
|
|
|
| |
The unreachable network in Netd is designed for PANS feature. Disallow
arbitrary apps to use it, or it may become harder to change and/or
difficult or impossible to delete when apps start to depend on.
Test: atest
Change-Id: Iee6edd24ef5c2383a125a2b78ce63951f6da9d16
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Framework provides several preferences in PANS feature. To meet those
preferences, Netd needs to support two operations for framework:
(1) Set OEM-paid network as default network for apps.
(2) Prohibit apps to use default network if it is not explicitly
selected.
The #1 is supported by previous commit already. This commit implements
the #2, which adds a new IP rule priority for unconnected socket, reuses
existing IP rule priorities in explicit and implicit network selection.
Rules are looks like:
15000: from all fwmark 0x10034/0x1ffff iif lo uidrange x-y unreachable
...
22000: from all fwmark 0x34/0x1ffff iif lo uidrange x-y unreachable
...
27000: from all fwmark 0x0/0xffff iif lo uidrange x-y unreachable
An UNREACHABLE network (netId 52) is created for framework to specify
that the default network is unavailable for designated apps.
Bug: 181579204
Test: atest
Change-Id: I21530928a85870df673e2d1387fde130fe5a0104
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Extend networkAddUidRanges and networkRemoveUidRanges from
virtual-network-only to physical network. With this change, the
ConnectivityService can replace the default physical network for
specified applications without changing applications' code.
Bug: 176507580
Test: cd system/netd; atest
Test: atest HostsideVpnTests
Test: atest FrameworksNetTests
Change-Id: I556043f4401746bcf844a0c15a7d92aec12faad3
|
| |/
|
|
|
|
|
| |
Test: builds, atest, TreeHugger
Bug: 167500195
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia1a45de523bb20d451df2041a9cc3fe9930f6686
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Netd currently calls maybeCloseSockets before adding/removing users for
network. The task should be moved from netd to CS. In this way, we can
handle WiFi lingering more easily in the future.
Test: cd system/netd; atest
Test: atest HostsideVpnTests
Test: atest FrameworksNetTests
Change-Id: Iaffd73b400e69417633551725bd69b574d1987ac
|
| |/
|
|
|
|
|
| |
Add utility functions in Network class for better readability.
Test: atest
Change-Id: Iafaf111b5d980407b27605c85817ce8ff82f5bf1
|
| |
|
|
|
|
|
|
| |
Move the same parameter check code from addUsersToNetwork and
removeUsersFromNetwork to a function.
Test: atest
Change-Id: Ib48b04933d998cc2b843673c8348086b8f2c9033
|
| |
|
|
|
|
|
|
|
|
| |
Move uid ranges code from sub class VirtualNetwork to super class
Network. So they can be reused when we support uid ranges on physical
network. No functionality change.
Test: cd system/netd; atest
Test: atest HostsideVpnTests
Change-Id: I6a170264c82418ae1e625c0fc587cd091e56f9dd
|
| |
|
|
|
|
|
| |
Make funtion generic for followed physical network use case.
Test: atest
Change-Id: I30f61815a2626068a99c4b4bd77bea8b2c16bd47
|
| |
|
|
|
|
| |
Comments only. No functionality change.
Change-Id: If16651a2373890c50d017e07965c73a59f846b81
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RouteController tracks in the sInterfaceToTable map the the
interface indices of every interface used in physical and virtual
networks. This ensures that when an interface is removed from a
network (by passing in the interface name), the rules (which
specify interface indices) are correctly deleted even if the
interface has been deleted or has been deleted and re-added with
a new interface index.
Currently this does not happen for interfaces added to the local
network. That means that when those interfaces are deleted, the
rules might not be deleted. It also results in spurious messages
logged by NetworkController such as:
03-24 00:38:47.553 16612 16635 E Netd : getIfIndex: cannot find interface testtap1
03-24 00:38:47.553 16612 16635 E Netd : inconceivable! added interface testtap1 with no index
Note that since P this map is read by RouteController::getIfIndex
and used by code that assumes this will always return an
interface index. In the case of an interface in the local
network, this is not possible because the map stores mappings
between ifindex and routing table. In the case of the local
network, the routing table is always ROUTE_TABLE_LOCAL_NETWORK,
so there is no way to get the interface index. Fix these callers
so they do not attempt do to this.
Bug: 150644681
Test: TetheringIntegrationTests:EthernetTetheringTest
Change-Id: I8042e5b91bcb3175d9ad540526df396a139976f0
|
| |
|
|
|
| |
Test: build, atest
Change-Id: I9fb8cd2a0cd10d1dd516aad5e79876013a844b92
|
| |
|
|
|
|
|
|
|
|
| |
- Route may include optional MTU parameter
- Change route is added so routes don't need to be deleted then re-added
- Add/Del/Change functions to pass route info as parcel
Bug: 142892223
Test: new unit tests
Change-Id: Idc32ecb0520b1f4136b3fe0e3f7b6800fb3005a6
|
| |
|
|
|
|
|
|
|
| |
instead of hand-crafted stub for libnetd_resolv apex.
Bug: N/A
Test: m && flash && boot
Test: adb shell ldd /system/bin/netd # shows libnetd_resolv.so from apex
Change-Id: I0eefe1fb2bfef70489c32fd075a11cef538e048b
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
The public method was dead code, getNetworkForDnsLocked() is still used.
Test: atest
Change-Id: Icb3756aeb3f4cadf9a2477a5a568f4402059dc4b
|
| |/
|
|
|
|
|
| |
No functionality change. Also remove some header guards along the way.
Test: m
Change-Id: I1afdcaea95a3dd56f392c4e61d7670f43615792a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, netd use explicitlySelected bit to ensure that
the VPN fallthrough rule does not match if a non-zero NetId was
explicitly specified. This is inconsistent with the normal case
of an application that is subject to the VPN, because in that case,
the fallthrough rule does match.
This commit removes the explicitlySelected bit and relax the guarantee.
This ensure that the behaviour of an app that selects the VPN network
is the same as the behaviour of an app that specifies no network but
is subject to the VPN.
VPN traffic will fallthrough default network if no route is hit in VPN
route table.
Assume vpn netId is 102, default network interface is wlan0 with no
permisiion. Below is the result of route rule before/after this commit.
Before:
21000: from all fwmark 0x10066/0x1ffff lookup wlan0
After:
21000: from all fwmark 0x66/0xffff lookup wlan0
Bug: 119216095
Test: built, flashed, booted
system/netd/tests/runtests.sh
Change-Id: I03411644dc82cabcaf1f3274a17f36ec4e173c2e
|
| |
|
|
|
|
|
|
|
|
| |
Make ndc communicating with netd via binder
Bug: 65862741
Test: built, flashed, booted
system/netd/tests/runtests.sh pass
manual test ndc commands
Change-Id: I9edfda61d8c3a4d7b404a428e7dbb4d08eff62a9
|
| |
|
|
|
|
|
|
|
|
|
| |
1. remove all resolver related commands in netd
2. remove unused API in libnetd_resolv
Bug: 126141549
Test: built, flashed, booted
system/netd/tests/runtests.sh pass
Change-Id: I35ac8f241eebd6284a6a685ef86cd77a1fce4388
|
| |
|
|
|
|
|
|
|
|
|
| |
1. Make DnsProxyListener get DNS64 prefix internally in libnetd_resolv
2. resolver_test uses IDnsResolver instead of INetd for resolver cmds
Bug: 126141549
Test: built, flashed, booted
system/netd/tests/runtests.sh pass
Change-Id: Ic904a3efd42ac4011ddd94ff4344449c9e647ceb
|
| |
|
|
|
|
|
|
|
|
|
|
| |
resolver related component in libnetd_resolv
needs it to easily print dump log.
Bug: 122564854
Test: built, flashed, booted
system/netd/tests/runtests.sh pass
adb shell dumpsys netd, worked fine
Change-Id: Ic97d5f21b738fc3074e9308f4846191e744ed479
|
| |
|
|
|
|
|
|
|
|
| |
The double-underscore prefixes are a leftover from when this code lived
in bionic. Now we're slowly getting rid of them...
Also cleanup transitive includes a bit.
Test: atest resolv_integration_test resolv_unit_test
Change-Id: I65ed8aed273be4af37a982a167f364a1f33f9a36
|
| |
|
|
|
|
|
|
|
|
| |
This is a workaround to allow us to use libnetd_resolv.so from
the resolver APEX before b/120661824 is fixed.
Test: builds, boots
Test: system/netd/tests/runtests.sh
Test: atest FrameworksNetTests android.net.cts.ConnectivityManagerTest
Change-Id: I752ae248bb59545b0a4fbc1a7b8c9bcd697a31d4
|
| |
|
|
|
|
|
|
|
|
| |
getHasDns() and VirtualNetwork.mHasDns are no more useful after commit
aops/658122.
Bug: 116539103
Test: system/netd/tests/runtests.sh pass
Change-Id: Ica04984a954a9e89a5eb38a9b262775d686f8ed4
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
getHasDns() returns the value assigned from networkCreateVpn(). It causes
issues when DNS configuration is changed without triggering VPN reconnection.
For example, first established vpn has no DNS server, then switch to the one
with DNS server, the system continues to use the DNS servers from the default
network in addition to the ones assigned from the VPN server, resulting in a
DNS leak. In the reverse case it causes DNS resolution fails. New API
resolv_has_nameserver() get DNS information from the DNS resolver directly.
Bug: 116539103
Test: verify patch via unmerged CTS test case aosp/658122 (with
little modification)
Change-Id: Ie01814435f4361c258c4ba96a47eb917f5441274
|
| |
|
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I7fac7b98a61da5820b374cbd221397a05aaa93d2
|
| |
|
|
|
|
|
|
|
|
| |
Additionally rename functions and structs to eliminate those ugly
underscores from the public API (with the notable exception of
__res_params, which will come in its own separate change to keep this
one from growing too large).
Test: build, flash, then 'atest netd_integration_test'
Change-Id: I7e9b0ee6cdbec889e9c35b5a17b5daa65533686e
|
| |
|
|
|
|
|
|
| |
Fixes -Wzero-as-null-pointer-constant warning.
Test: m
Bug: 68236239
Change-Id: I226a0599db4f7c3557e55cade7869d00bd314949
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Test: system/netd/tests/runtests.sh
Bug: 111381576
Change-Id: I0ebb9ac758b55f10536fef75f0eb7b69e2feccbc
|
| |/
|
|
|
|
| |
Test: built, flashed, booted
system/netd/tests/runtests.sh passes
Change-Id: I42b52d815b6ba0ba6f93dc27e83a900d2abec715
|
| |
|
|
|
|
|
|
| |
Test: as follows
- built, flashed, booted
- "adb shell dumpsys netd" shows logs
- tests/runtests.sh passes
Change-Id: I0e44da7f9a9cc53074ffc396b958e9e2dbcd2603
|
