GitLab

Change-Id: Ieb26ec5fc333743b86d414ee558c978334647853

Change-Id: I2aa9721365e96c363648dd8e9e15718ed50e3c12

Breaks internal master.

This reverts commit b67219a7.

Change-Id: I43145f0724ad2d669b65d20b6fd6ccc44b8f0a4f

Change-Id: I51337014e2851f47dd5e183c4bfdf39bafa59942

* commit 'e3734499':
  Update for libbase.

StringPrintf and the string based file I/O are being moved to libbase.

Change-Id: I765d9e53f65a76d318d9d0d9503403fc092254d5

Change-Id: Ibb6101c8741f862f4732fb200f646dfd329f4782

merged from partner/m-wireless-wifi-dev
6c65afdd Parse all netids with stringToNetId.

merged from partner/m-wireless-wifi-dev
2f8e725e server: softap: Set hw_mode according to selected channel [DO NOT MERGE]

merged from partner/m-wireless-wifi-dev
1ecc6c93 set softAP on a specified band, including both 2.4 and 5 GHz band

Bug: 19500693
Change-Id: I25b7942784ec026d30c60273c9e13e34d082d25a

This is needed for wifi calling so that the kernel (which does
not set marks) can tee packets towards the modem. It also fixes
things like not being able to reply to DHCP requests from
tethered clients when a VPN is up.

System apps can already bypass the VPN using explicit marks, so
allowing UID 0 to do so does not create additional bypass VPN
issues.

Bug: 19500693
Change-Id: Ie324026893637e9bd8e7aa65a37579569390e7b7

Bug: 19500693

Change-Id: Ib3871106ea3c0d68327611e7568c0710210e4ff2

Currently the VPN rule for the primary user will match every
forwarded packet on the system, because it specifies a UID range
that includes 0, and forwarded packets have UID 0.

Use "iif lo" to limit the rule match to locally-originated
traffic. This requires a kernel that sets the loopback ifindex.
when originating packets. Anything based on 3.10 is fine, but
devices using 3.4 will need a one-line change for IPv6.

Bug: 19500693
Change-Id: Iaab88bed62716dc1cea33b45c4e258f6b3bfc9d0

Bug: 19500693
Change-Id: Ic25f2d8c481f1528e887e43ca3fa868189582110

1. Support multiple forwarding requests. Keep track of all
   requests inside TetherController, and enable system
   forwarding any time there is more than one active request.
2. Enable both IPv4 and IPv6 forwarding.

Bug: 19500693
Change-Id: Ic81bae7b399bc6ebf6a63de4bcd341885638dfa4

* commit '909757cf':
  Store MARK/CONNMARK flags in a central location.

Change-Id: Ie6348e38e90e48ffe115e63e5fde16640e2c3d92

* commit '7a269cb3':
  Store MARK/CONNMARK flags in a central location.

* commit 'f48d6abf':
  Switch writing to <utils/file.h>.

Change-Id: Idb2de24414f4dd8e926e625b62e4d12152dc4527

* commit 'a0b6b3a6':
  Use StringPrintf.

* commit '50c6639a':
  Use StringPrintf.

This doesn't replace every asprintf in netd, but it replaces the ones in code
I touched.

Change-Id: I2de5c7772523372bb36145e66e885aa8132ad58e

* commit '561ad8c1':
  Switch netd over to <utils/file.h>.

* commit '69766c22':
  Avoid leaking file descriptors

Change-Id: I8f4c9ae0d13d30e69b7a197eafdfcb9b2b9050c0

* commit '6c08cd6a':
  Avoid leaking file descriptors

Change-Id: Id79961cc4feee1c307dad06d64e3f4ffe060c4da

MARK/CONNMARK values/tags are shared accross all controllers because
of the way the firewall works. To avoid accidental clashes, it's best
to store the values used in a central place.

Change-Id: I76aaba38cba6554704a5635b1e7297a144e6e2ff

Add O_CLOEXEC on open() calls, and SOCK_CLOEXEC on socket calls.
This avoids leaking file descriptors across execs.

Addresses the following SELinux denial:

  audit(1422740213.283:8): avc: denied { read write } for pid=2597 comm="clatd" path="socket:[6709]" dev="sockfs" ino=6709 scontext=u:r:clatd:s0 tcontext=u:r:netd:s0 tclass=netlink_socket

and allows the removal of some other SELinux rules which were
inappropriately added because of leaking file descriptors.

Change-Id: I9c180488ea1969d610e488f967a7276a672bb477

* commit '623e69e6':
  Don't fail when trying to add routes that already exist.

* commit 'aea68fdd':
  Don't fail when trying to add routes that already exist.