Skip to content

GitLab

Switch branch/tag
  1. 04 Dec, 2015 2 commits
  3. 05 Nov, 2015 2 commits
  5. 02 Nov, 2015 3 commits
  7. 03 Sep, 2015 1 commit
  9. 02 Sep, 2015 1 commit
    • Lorenzo Colitti's avatar
      Don't break IPv6 connectivity when in doze mode. · c8683d7e
      Lorenzo Colitti authored 
      Working IPv6 connectivity relies on the kernel being able to
receive certain ICMPv6 packets (router advertisements, neighbour
solicitations, neighbour advertisements) at all times. Allow
these packets when in doze mode.

This is not necessary for IPv4 because in IPv4 these functions
use ARP, which is invisible to iptables.

Bug: 23158230
Change-Id: I29ed77561db9688486cf58cd14ac3bce7fce4b40
      c8683d7e
  11. 27 Aug, 2015 3 commits
  13. 21 Aug, 2015 5 commits
  15. 20 Aug, 2015 5 commits
  17. 19 Aug, 2015 1 commit
  19. 18 Aug, 2015 1 commit
    • Stephen Hines's avatar
      Move local union such that it doesn't escape (and get optimized out). · f86df558
      Stephen Hines authored 
      Bug: 23239997

The Clang update exposed a latent bug in the code here, where a pointer
to a local variable escaped the encapsulating block. Clang noticed the
end of this object's lifetime, and removed assignments to its original
storage (because they are now dead assignments). By moving the union out
of the block, it will survive until the sendmsg() call, and the expected
writes will be restored.

Change-Id: If2106d2f53d761ddca6dd26ab2648244d737dcd9
      f86df558
  21. 04 Aug, 2015 2 commits
  23. 28 Jul, 2015 1 commit
  25. 06 Jul, 2015 1 commit
    • Erik Kline's avatar
      Use struct android_net_context when interfacing with bionic · cea2d345
      Erik Kline authored 
      Add a new NetworkController::getNetworkContext() that builds the
contents of a struct net_context out of getNetworkForConnect()
and getNetworkForDns().

Bug: 19470192
Bug: 20733156
Bug: 21832279
Change-Id: I5a69b0413a83d33be28b78c0a99359b109517a8f
      cea2d345
  27. 26 Jun, 2015 1 commit
    • Xiaohui Chen's avatar
      netd: add default fw white list for system uids · feb2b61d
      Xiaohui Chen authored 
      In uid firewall white list, we white list the system uid range
by default to make sure system processes will always have network
access.

BUG:22094135
Change-Id: I8f472a98a9fd93591a2887982cec1458d7683613
      feb2b61d
  29. 15 Jun, 2015 1 commit
    • Xiaohui Chen's avatar
      netd: add two child chains to firewall · 1cdfa9ad
      Xiaohui Chen authored 
      This is an attempt to speed up getting out of device idle.  It groups
uid firewall rules in these child chains so we can attach/detach a whole
chain instead of individual uid rules.

BUG:21446713
Change-Id: I61dc7d14110e633c5994e466481b9cac633a7a4f
      1cdfa9ad
  31. 03 Jun, 2015 1 commit
  33. 13 May, 2015 4 commits
  35. 06 May, 2015 1 commit
  37. 29 Apr, 2015 1 commit
    • Amith Yamasani's avatar
      Blacklist uids for network access · 390e4ea8
      Amith Yamasani authored 
      FirewallController can now be in blacklist mode (aka disabled)
or whitelist mode (aka enabled).

Some of the methods don't do anything when in blacklist mode.

Uid rules updated to allow dropping packets to uids that
shouldn't get any network access, usually for idle apps.

Added a wait option to iptables calls to make sure it doesn't
fail if there's contention. Fixes a flakiness I was seeing in
removing rules.

Bug: 20066058
Change-Id: I815bcb45aa06d04020e902df8c67bb3894e98f40
      390e4ea8
  39. 28 Apr, 2015 1 commit
  41. 01 Apr, 2015 1 commit
  43. 27 Mar, 2015 1 commit