Skip to content

GitLab

Switch branch/tag
  1. 20 Aug, 2015 2 commits
  3. 19 Aug, 2015 1 commit
  5. 18 Aug, 2015 1 commit
    • Stephen Hines's avatar
      Move local union such that it doesn't escape (and get optimized out). · f86df558
      Stephen Hines authored 
      Bug: 23239997

The Clang update exposed a latent bug in the code here, where a pointer
to a local variable escaped the encapsulating block. Clang noticed the
end of this object's lifetime, and removed assignments to its original
storage (because they are now dead assignments). By moving the union out
of the block, it will survive until the sendmsg() call, and the expected
writes will be restored.

Change-Id: If2106d2f53d761ddca6dd26ab2648244d737dcd9
      f86df558
  7. 04 Aug, 2015 2 commits
  9. 28 Jul, 2015 1 commit
  11. 06 Jul, 2015 1 commit
    • Erik Kline's avatar
      Use struct android_net_context when interfacing with bionic · cea2d345
      Erik Kline authored 
      Add a new NetworkController::getNetworkContext() that builds the
contents of a struct net_context out of getNetworkForConnect()
and getNetworkForDns().

Bug: 19470192
Bug: 20733156
Bug: 21832279
Change-Id: I5a69b0413a83d33be28b78c0a99359b109517a8f
      cea2d345
  13. 26 Jun, 2015 1 commit
    • Xiaohui Chen's avatar
      netd: add default fw white list for system uids · feb2b61d
      Xiaohui Chen authored 
      In uid firewall white list, we white list the system uid range
by default to make sure system processes will always have network
access.

BUG:22094135
Change-Id: I8f472a98a9fd93591a2887982cec1458d7683613
      feb2b61d
  15. 15 Jun, 2015 1 commit
    • Xiaohui Chen's avatar
      netd: add two child chains to firewall · 1cdfa9ad
      Xiaohui Chen authored 
      This is an attempt to speed up getting out of device idle.  It groups
uid firewall rules in these child chains so we can attach/detach a whole
chain instead of individual uid rules.

BUG:21446713
Change-Id: I61dc7d14110e633c5994e466481b9cac633a7a4f
      1cdfa9ad
  17. 03 Jun, 2015 1 commit
  19. 13 May, 2015 4 commits
  21. 06 May, 2015 1 commit
  23. 29 Apr, 2015 1 commit
    • Amith Yamasani's avatar
      Blacklist uids for network access · 390e4ea8
      Amith Yamasani authored 
      FirewallController can now be in blacklist mode (aka disabled)
or whitelist mode (aka enabled).

Some of the methods don't do anything when in blacklist mode.

Uid rules updated to allow dropping packets to uids that
shouldn't get any network access, usually for idle apps.

Added a wait option to iptables calls to make sure it doesn't
fail if there's contention. Fixes a flakiness I was seeing in
removing rules.

Bug: 20066058
Change-Id: I815bcb45aa06d04020e902df8c67bb3894e98f40
      390e4ea8
  25. 28 Apr, 2015 1 commit
  27. 01 Apr, 2015 1 commit
  29. 27 Mar, 2015 1 commit
  31. 16 Mar, 2015 11 commits
  33. 15 Mar, 2015 1 commit
  35. 14 Mar, 2015 2 commits
  37. 13 Mar, 2015 1 commit
  39. 10 Mar, 2015 3 commits
  41. 05 Mar, 2015 1 commit
  43. 27 Feb, 2015 1 commit
    • Lorenzo Colitti's avatar
      Add oif rules that allow UID 0 to bypass the VPN. · 57947f02
      Lorenzo Colitti authored 
      This is needed for wifi calling so that the kernel (which does
not set marks) can tee packets towards the modem. It also fixes
things like not being able to reply to DHCP requests from
tethered clients when a VPN is up.

System apps can already bypass the VPN using explicit marks, so
allowing UID 0 to do so does not create additional bypass VPN
issues.

Bug: 19500693
Change-Id: Ie324026893637e9bd8e7aa65a37579569390e7b7
      57947f02