system_netd.git - system

	Commit message (Collapse)	Author	Age	Files	Lines
*	Remove floating-point time functions from StopWatch	Bernie Innocenti	2019-05-29	1	-1/+0
\| \| \| \| \| \| \| \| \| \|	Converting time units between floating-point milliseconds to integral micros and floating-point seconds is error prone and leads to subtle rounding bugs. Thus, consolidate all callers on microseconds and delete the older methods. Test: cd system/netd && atest . Change-Id: Ief6ad4dbd21f442bfd65e78d49548677f3172a53
*	Move Stopwatch to libnetdutils	Mike Yu	2019-04-03	1	-1/+0
\| \| \| \| \| \| \| \| \| \|	Move Stopwatch to libnetdutils as it is an useful utility across netd and the resolver library. Bug: 128662167 Test: system/netd/tests/runtests.sh passed Change-Id: Iebaffc66202fbe3a787ca645847762af1ed94bd7
*	Enable more clang-tidy checks and treat them as errors	Bernie Innocenti	2019-02-01	1	-2/+0
\| \| \| \| \|	Test: tests/runtests.sh Change-Id: If59480cee6460847f5c1cef17e3ef036b8e75651
*	Add type cast to fix build error with "-Wsign-compare" cflag.	Sehee Park	2018-12-06	1	-9/+9
\| \| \| \| \| \| \| \| \| \|	There is build error if "-Wsign-compare" is defined in cflags. Also add "-Wsign-compare" to Android.bp Test: Build Change-Id: If41da96ec521a0d2dcddf660e7effa218c99810d Signed-off-by: Sehee Park <sehee32.park@samsung.com>
*	Add fallback logic and enable XFRM-I support in netd	Benedict Wong	2018-11-22	1	-87/+165
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	This patch adds fallback logic, checking for XFRM-I kernel support, and switching to use XFRM-I if supported. Fallbacks to VTIs are provided for backward compatibility with 4.4 kernels. Parameters for VTI versus XFRM-I are selected based on the kernel support for XFRM interfaces. This is part of a patch set to enable XFRM-I support, with automatic fallbacks to VTI in XfrmController (3/3) Bug: 77856928 Test: Binder tests updated, passing. CTS & unit tests also passing Change-Id: Idf90adeec0d499fe4d566e4203f0eabb2b94fffa
*	Add XFRM-I support to XfrmController	Benedict Wong	2018-11-22	1	-28/+71
\| \| \| \| \| \| \| \| \| \| \| \|	This patch adds support for creating and managing XFRM interfaces, adding xfrm_if_id parameters to all relevant netlink calls. This is part of a patch set to enable XFRM-I support, with automatic fallbacks to VTI in XfrmController (2/3) Bug: 77856928 Test: Xfrm, Binder tests updated, passing Change-Id: I09869e6a0000384c9c4d0aef1de4d5434c33374a
*	Always set additional fwmark bits in output mark	Benedict Wong	2018-11-22	1	-2/+9
\| \| \| \| \| \| \| \| \| \| \|	This change always selects the protectFromVpn explicitlySelected and permission bits in the output mark of any tunnel mode SAs. This ensures that IWLAN and other telephony traffic does not get funneled through VPNs. Bug: 116035464 Test: Binder, unit tests passing. Change-Id: I873e287e0919c05772a39119c88bd358552232a1
*	Fix use-after-free asan hit in XfrmControllerTest	Bernie Innocenti	2018-10-29	1	-4/+2
\| \| \| \| \| \| \| \| \|	This test was forgetting to restore the original Syscalls object on cleanup, causing an asan hit. The fix consists in switching to the safer ScopedMockSyscalls, as all other tests do. Test: atest netd_unit_test (with asan enabled) Change-Id: I5ddaaf7e806aadd00b5b97006bf924ee5b7815dc
*	Refactor UidRange by using stable aidl structure	Luke Huang	2018-10-25	1	-1/+0
\| \| \| \| \| \| \| \| \|	Use stable aidl generated structure instead of UidRange Test: built, flashed, booted system/netd/tests/runtests.sh passes Change-Id: I136afcff167eac7d3c4774b9e60f607e086488bf
*	Use independent address families for SP selector and template	Benedict Wong	2018-08-30	1	-8/+10
\| \| \| \| \| \| \| \| \| \| \| \|	This patch allows Security Policy selectors and templates to have different address families, allowing for wildcard selectors, but specified templates. This is required for IPsec tunnel mode to work properly, as selectors match inner addresses (and thus must be dual IPv4/IPv6), while templates match outer addresses. Bug: 79384676 Test: CTS tests passing, ip xfrm monitor shows correct results Change-Id: I60214e17f50f91deb1ffdc71158131d237d1e642
*	netd: Enable clang-tidy and fix all warnings	Bernie Innocenti	2018-06-07	1	-8/+8
\| \| \| \| \| \|	Bug: 65246407 Test: m netd && system/netd/tests/runtests.sh Change-Id: I1d22b2bc317fe7218ccde78859ed0623d6a1f8df
*	Add VTI Netlink Interface in NetD	manojboopathi	2018-01-24	1	-0/+2
\| \| \| \| \| \| \| \| \|	Includes the logic to add / update / remove Virtual Tunnel Inteface in RouteController. Bug: 63589711 Test: Ran runtest -x "system/netd/tests/netd_integration_test.cpp" Change-Id: I49a86f2eceecaf34fbb1e5dc05a888447437bef0
*	Add output mark to XfrmController	Benedict Wong	2018-01-24	1	-9/+28
\| \| \| \| \| \| \| \| \| \| \|	Adds the ability for XfrmController to set output marks, to allow support for VTIs. This change uses the underlying networkId field (renamed from underlyingNetwork), for which the System Server currently passes the netid of the underlying Network. Bug: 72392543 Test: All tests (CTS + unit tests) passing Change-Id: I76fe052ecf0fc193f07713a2ea31a4ad58fc9ff9
*	Adding XFRM mark support for xfrm global policy	Di Lu	2018-01-23	1	-25/+55
\| \| \| \| \| \| \| \| \|	The xfrm mark will be sent to kernel in XFRMA_MARK netlink attribute. Bug: 63589600 Test: runtest -x server/netd_unit_test.cpp Change-Id: If2d2fdda2d0b3959ed79a3b948b033d76e4236aa
*	Add function to create and delete XFRM policy in XfrmController	ludi	2018-01-23	1	-0/+123
\| \| \| \| \| \| \|	Bug: 69561215 Test: runtest -x tests/netd_unit_test.cpp Change-Id: I17f4f069de182eafedf4d98748e1d7be02e663a9
*	Merge "Add support for removing IPsec Transforms from Sockets"	nharold	2018-01-19	1	-0/+28
\|\
\| *	Add support for removing IPsec Transforms from Sockets	ludi	2018-01-16	1	-0/+28
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This patch add support to remove per-socket IPsec security policies. This change is enabled by new support in the linux kernel to support clearing socket policies using the IP_XFRM_POLICY sockopt. Bug: 65688605 Test: runtest -x server/netd_unit_test.cpp Change-Id: I7ce8ae6c6475a2e030966376fc3184efb76f2465
* \|	Merge "Make Transforms Unidirectional"	nharold	2018-01-17	1	-9/+9
\|\ \ \| \|/ \|/\|
\| *	Make Transforms Unidirectional	Nathan Harold	2018-01-16	1	-9/+9
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Convert the IpSecTransform from being a bi-directional pair of SAs to a unidirectional single SA. This CL also removes the concept of "direction from SAs meaning that a IpSecTransform may now be applied to a socket in either direction. -Remove direction parameter from SAs and SPIs. -Convert to using source and destination rather than local and remote addresses. Bug: 71717213 Test: CTS - IpSecManagerTest Change-Id: I7150c2b03057e18a7d9d3edff302baf10e1ee729
* \|	Fix DelSA test due to invalid comparison	Benedict Wong	2018-01-11	1	-3/+4
\|/ \| \| \| \| \| \| \| \| \|	Was previously comparing between address family and IP version `6`, where it should have been comparing `version == 6` or `family == AF_INET6`. Changed to use version for consistency with other tests. Bug: 71875990 Test: Tests updated, and ran on marlin + sailfish Change-Id: I7f8b4523451871bec4480345b18e0b09b383021c
*	Relax the IP Family check in XfrmController	manojboopathi	2018-01-02	1	-22/+48
\| \| \| \| \| \| \| \| \| \| \| \|	To enable dual sockets, the family check in xfrmcontroller is very strict. This has been relaxed so that IP V6 sockets do not throw "Mismatched Address family" exception if V4 address is used. Also added Unit test to verify the same. Bug: 70160694 Test: Ran runtest -x system/netd/server/netd_unit_test.cpp Change-Id: Ib1bba21037ec1de3858c595fa32fee5e833d18bf
*	Merge "Add Tunnel Mode IPSec SA Support in NetD"	Manoj Boopathi Raj	2017-12-20	1	-7/+24
\|\
\| *	Add Tunnel Mode IPSec SA Support in NetD	manojboopathi	2017-12-18	1	-7/+24
\| \| \| \| \| \| \| \| \| \| \| \|	Bug: 63588541 Test: Ran runtest -x system/netd/server/netd_unit_test.cpp Change-Id: I0d71abcd9b84d241128472542537ba2f6dbac5ae
* \|	[ipsec-doze] Add fchown capabilities, and fw rules	Benedict Wong	2017-12-18	1	-0/+67
\|/ \| \| \| \| \| \| \| \| \| \|	Add some firewall rules to allow doze mode packets to be sent/received on ESP & no-socket packets. No-socket packets are no security risk because they are either forwarded, going to be forwarded, or will be dropped at routing tables (unless they are ESP). Bug: 62994731 Test: New tests added, run Change-Id: I2d8704498b564403d94123e4938091dee8fb98c1
*	Style cleanup in XfrmControllerTest	Jonathan Basseri	2017-10-24	1	-35/+26
\| \| \| \| \| \|	Bug: 65495297 Test: runtest -x system/netd/server/netd_unit_test.cpp Change-Id: Ia54ce01e459c58a4bd43fc754fa88c16439cf352
*	Add IPv6 tests to XfrmControllerTest.	Jonathan Basseri	2017-10-24	1	-79/+76
\| \| \| \| \| \| \| \| \| \|	Use the gTest library to create parameterized tests that run on both IPv4 and IPv6. Since UDP encap is not supported for IPv6, encap is not tested currently. We can add an IPv4-only test for encap. Bug: 65495297 Test: runtest -x system/netd/server/netd_unit_test.cpp Change-Id: Iabfcd0eadb94b8c57fb26112b39e0a896d90fb3d
*	Merge "Generate better test failure output."	Treehugger Robot	2017-10-19	1	-40/+28
\|\
\| *	Generate better test failure output.	Jonathan Basseri	2017-10-10	1	-40/+28
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Change the way XfrmControllerTest asserts xfrm_address_t and netdutils::Status values such that, - mismatched addresses are printed in inet_ntop form, and - status messages are printed for not-OK statuses. Bug: 65495297 Test: runtest -x system/netd/server/netd_unit_test.cpp Change-Id: I09c6320d1d4a8c92dee11aed451e3592388a951a
* \|	Add support for AES-GCM-ESP as an IPSec algorithm	Benedict Wong	2017-10-12	1	-2/+2
\|/ \| \| \| \| \| \| \| \|	Allows native AES-GCM-ESP to be used as an IPSec transport/tunnel mode algorithm with kernel support Bug: 63589918 Test: IPsecService tests added, existing ones pass Change-Id: I9f742027730f6affabb0667300f6d0d65983410c
*	Fix flaky XfrmControllerTest.	Jonathan Basseri	2017-09-14	1	-5/+5
\| \| \| \| \| \| \| \|	Several tests were comparing partially uninitialized structs. Bug: 65495297 Test: runtest -x system/netd/server/netd_unit_test.cpp Change-Id: Ia093b470e1119c1275615b569820d7ddf44fb8dd
*	Fix use-after-free in XfrmControllerTest.	Jonathan Basseri	2017-09-14	1	-7/+15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The test was capturing 'optval' and 'optlen' from setsockopt calls, but by the time the code under test has returned, the memory pointed to by optval is no longer valid. Update the test to copy the data before it is too late. If you are confused about how the gTest API is used here, look at SaveArg and SaveArgPointee here: https://github.com/google/googletest/blob/master/googlemock/docs/CheatSheet.md#side-effects Bug: 65495297 Test: runtest -x system/netd/server/netd_unit_test.cpp Change-Id: I490485dc8e1ef3569234653fa63af1c6409c075e
*	Clarify some comments in XfrmControllerTest.	Jonathan Basseri	2017-09-14	1	-7/+13
\| \| \| \| \| \|	Bug: 65495297 Test: runtest -x system/netd/server/netd_unit_test.cpp Change-Id: I7bb0a0892cc3dab3c5f5f742c952c8f4332ba0ef
*	Add unit test for xfrmcontroller	ludi	2017-09-13	1	-0/+374
	Bug: 38259578 Test: runtest -x tests/netd_integration_test.cpp Change-Id: Ie15b7447db8f084313d78f5900ace007e22e533e