system_netd.git - system

	Commit message (Collapse)	Author	Age	Files	Lines
*	Strict-related commands porting	Luke Huang	2018-08-01	1	-6/+6
\| \| \| \| \| \| \|	Test: built, flashed, booted system/netd/tests/runtests.sh passes Change-Id: Ibff8b050915c65e44cd37bb835943b8582fc003a
*	Rename <cutils/log.h> to <log/log.h>	Logan Chien	2018-04-23	1	-1/+1
\| \| \| \| \| \|	Bug: 78370064 Test: lunch aosp_walleye-userdebug && cd system/netd && mma Change-Id: I495f7cdc3f2aab26947f10041fc559700367f2ea
*	Don't trip up when deleting strict iptables rules.	Lorenzo Colitti	2017-10-04	1	-7/+17
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Currently, when applying a cleartext policy to a UID, StrictController will attempt to delete all possible policies that might previously have applied to this UID. Because only two of these rules can exist at any given time, at least one of these deletes is guaranteed to fail, causing the whole operation to fail. Instead of adding a log or reject rule for every UID, add a rule that sends that UID to its own chain which then contains the log or reject rule. That way, deleting the previous policy only requires deleting the chain, which is something we know exists. (cherry picked from commit 81e02f21424ebda9a314c7b9fbc31cfe2a99444f) Bug: 64988066 Test: netd_{unit,integration}_test pass Test: android.os.cts.StrictModeTest passes Change-Id: Ic9d66220a65f2ce9510c4194e7b874d3d5dca5d7
*	Move the last StrictController command to iptables-restore	Lorenzo Colitti	2017-07-18	1	-29/+23
\| \| \| \| \| \|	Bug: 28362720 Test: unit tests pass Change-Id: I8a4d2b8ea66799c6c3205b00f04ee1999fc7c68b
*	Delete all EOTs in iptables commands and remove fixCommandString.	Lorenzo Colitti	2017-02-10	1	-2/+2
\| \| \| \| \| \| \|	Test: bullead builds and boots with no iptables errors Test: netd_{unit,integration}_test pass Bug: 32323979 Change-Id: I33ad04ee8f0562bcd4e14046352c934cd2039a5d
*	Use iptables-restore in StrictController startup.	Lorenzo Colitti	2016-03-30	1	-70/+75
\| \| \| \| \|	Bug: 21725996 Change-Id: I2c049a934189f3c87ee15f052abc07d35814f0c9
*	Add a test for StrictController.	Lorenzo Colitti	2016-03-30	1	-0/+2
\| \| \| \| \| \|	Bug: 21725996 Bug: 25691379 Change-Id: I24b838161eaf98dede2ae897157ba42414fc926f
*	Store MARK/CONNMARK flags in a central location.	Alex Klyubin	2015-02-02	1	-12/+23
\| \| \| \| \| \| \| \|	MARK/CONNMARK values/tags are shared accross all controllers because of the way the firewall works. To avoid accidental clashes, it's best to store the values used in a central place. Change-Id: I76aaba38cba6554704a5635b1e7297a144e6e2ff
*	Offer to detect non-SSL/TLS network traffic.	Jeff Sharkey	2015-01-15	1	-0/+176
	Introduces new module that provides network-related features for the StrictMode developer API. The first feature offers to detect sockets sending data not wrapped inside a layer of SSL/TLS encryption. This carefully only adds overhead to UIDs that have requested detection, and it uses CONNMARK to quickly accept/reject packets from streams that have already been inspected. Detection is done by looking for a well-known TLS handshake header; it's not future proof, but it's a good start. Handles both IPv4 and IPv6. When requested, we also log the triggering packet through NFLOG and back up to the framework to aid investigation. Bug: 18335678 Change-Id: Ie8fab785139dfb55a71b6dc7a0f3c75a8408224b