GitLab

Bug: 26685616
Bug: 27506285
Change-Id: Id11ee717cfc1c79070b6bbec397986c25947646c

* changes:
  Stop using SIOCKILLADDR in netd.
  Add a rudimentary unit test for BandwidthController.
  Slightly restructure the data saver iptables rules.
  Remove the ability to enable/disable the happy box.
  Don't keep naughty/nice app state in BandwidthController.

SOCK_DESTROY is now supported in all N device kernels.

Bug: 26976388
Change-Id: I149ccda56edacac28602daddb01b5fd0222d5fb0

Bug: 26685616
Bug: 27506285
Change-Id: I4457abd43697a0425f167b81c1432d743800abb8

1. Make bw_costly_shared jump to bw_happy_box after
   bw_penalty_box. This allows the framework to manipulate
   whitelists and blacklists independently.
2. Make bw_happy box always whitelist system apps. Because
   bw_penalty_box is consulted before bw_happy_box, the
   framework can always blacklist certain system apps (e.g.,
   the media server) by putting them in the blacklist.
3. Add a method to add/remove a reject at the end of
   bw_costly_shared. This will allow the framework to
   enable/disable data saver by changing only one rule.

Bug: 26685616
Bug: 27506285
Change-Id: I67bff7c3c9ff5eb3f84fb84550cdf49f153e1b68

This is called by "dumpsys netd".

Bug: 27239233
Change-Id: I27fb308f8067243ff241a6f8fd6a83f406087d2a

Some wlan solutions can not switch or do not need to switch FW.
In this case we don't want the function to fail and to prevent
Wifi to start in settings.

Bug: 27774657

Change-Id: I11f3cf709db6f17fc558454aa894e4a2211a9312
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

This code is unused, and the plan is to have the happy box
enabled at all times.

Bug: 26685616
Bug: 27506285
Change-Id: Ie15b0775d535df7ca94547a7d8b8a5ed536e6dbd

Copies of this state are already kept in NetworkManagementService,
NetworkPolicyManagerService, and iptables rules. A third copy of
this state is not necessary.

Bug: 26685616
Bug: 27506285
Change-Id: I8dd9fc60a28804ec95660092b13a2895f7480f56

Starting CommandListener tells NetworkManagementService that netd
is ready to accept commands. Ensure that the binder service is
started (i.e., we have called startThreadPool) before we do this.

Bug: 27239233
Change-Id: Ica89e72f51eb4752cb5cea2e4096c6a9dc5776d7

BUG: 27506285
BUG: 26685616
Change-Id: I8352ebbab1778c85e0a1da79a0acede5aea144a1

Change-Id: Ica37a812c37036ffecd45b8f078d8ed9928d01fc

Specifically: set explicitlySelected, protectedFromVpn and permissions.

Bug: 26256264
Change-Id: I1ebd2c1878fb7166ac63c061c8731e66b0050a30

* changes:
  Move SockDiagTest into system/netd/server.
  Add an RPC to replace a UID firewall rule.
  Allow finer-grained locking, and use it in FirewallCmd.

My recollection is that we decided to put unit tests next to
the corresponding code and integration tests into tests/.

Change-Id: I2dc1a074ba8d323253d9be3b2052d6b287bacc15

Also add a binder_test that exercises binder RPCs to the real
netd service running on the device

Bug: 21725996
Bug: 27239233
Change-Id: Ic83d81605021a0578d6cd32f889290be61d76125

am: 87732125

* commit '87732125':
  Remove unused costName variable

Bug: 27432583
Change-Id: Ica6f8714eb6c40a4b6a94ac5e40144d0e781155e

FirewallController is stateless and FirewallCmd does not access
any other controllers, so it is safe not to take the big netd
lock.

Bug: 27239233
Change-Id: I246696c4b17fa005c7d6b38ecd627747aa608831

Change-Id: Ibdda590b828c61caa488e959f3e596dc981a2c65

Change-Id: Icd89045c7099949ea66bd88b2ce5551301366640

Change-Id: Icb76b43e89c5a9e5806b95002d3653dd99912494

Bug: 27239233
Change-Id: I34a5554604e6d8b8a50838c6911c28503cbf4540

In this change:

1. AIDL files for a new, android.net.INetd service, and
   corresponding implementation using generated code. For now the
   interface is just a prototype: it only has one trivial method.
2. Permission checking code to check for CONNECTIVITY_INTERNAL.
3. Add a Big Netd Lock and provide a wrapper that makes it easy
   to ensure that it is taken by every CommandListener command.

Bug: 27239233
Change-Id: I448d0ac233edd0e351a7fe7f13901fb6871683a2

Change-Id: I92466868ae32ee67fb5d17c7758a7841f614e827

Bug: 26976388
Change-Id: I1965ece8ae65d78323b5a49eeebefe29677be63f

am: 397fbc05

* commit '397fbc05':
  Switch to ifc_add_address() for setcfg

This avoids the issue where, for example, 10.0.0.1/8 is added first,
then 10.0.0.1/8 is deleted, and 10.0.0.1/24 is added.  Netlink changes
observed at the wrong time would make it seem as though IPv4 had
been lost when in fact everthing was fine.

Bug: 26991160

(cherry picked from commit 397fbc05)

Change-Id: Ia5a5fcdd01e0950ac099c2054d74f0c52aa20b9c

This gives netd the ability to close sockets on a particular
source IP address using SOCK_DESTROY. It does not yet enable
this behaviour.

The microbenchmark is able to close 500 IPv6 sockets in ~30ms on
my angler. Specifically:

- Scanning 500 socketpairs: ~5ms
- Scanning 500 socketpairs and killing one half of each: ~30ms
- Scanning 500 socketpairs and killing both halves of each: ~40ms

This is about ~2.5x-3.5x slower than SIOCKILLADDR:
 - For 500 sockets, it's 9.5ms vs. 22.9ms.
 - For 4000 sockets, it's ~40ms vs ~135ms.

A large part of that is due to sending RST packets, which
SIOCKILLADDR does not do. If the kernel is modified so that
SOCK_DESTROY does not send RSTs, the time taken to kill 4000
sockets goes down to ~70ms

Batching the destroy operations does not help much. It saves
5-10%, but it complicates error handling.

Bug: 26976388
Change-Id: I2e1ac30af5dbcdb98dbb7c6e4d4d67c55b9fd00f

When power-save mode was first implemented, there were no firewall rules
on netd, so the solution was to make all network interface metered and
re-use the bw_penalty_box chain.

This change removes that workaround by creating a explicit fw_powersave
chain, whose behavior is similar to fw_dozable (in fact, it reuses some
of its code); such change not only makes network restrictions on
power-save mode simpler, but it also allows to optimze how the restrict
network rules are changed.

BUG: 27127112
Change-Id: I52aee49d80386594e3a52fea9667d580d2d944a1

This avoids the issue where, for example, 10.0.0.1/8 is added first,
then 10.0.0.1/8 is deleted, and 10.0.0.1/24 is added.  Netlink changes
observed at the wrong time would make it seem as though IPv4 had
been lost when in fact everthing was fine.

Bug: 26991160
Change-Id: If0dad2993f818686ef8a99618e779813e9c7af90

This reverts commit f1dfabed.

The 3.4 kernel does not have SO_REUSEPORT functionality but the
headers #define it, so dnsmasq tries to use it and setsockopt
duly fails.

This is not a problem on 3.10 and later kernels, but reverting anyway.

Bug: 9580643
Bug: 26301652
Change-Id: I2322a80caa76ee4b7bb290f1665081b17d86fd43

Don\'t use framework permission strings for netd permissions. am: 5c8c42e9 am: 3b61825a am: a8c46019 am: 296f2ef5
am: dccd7e51

* commit 'dccd7e51':

am: 569ec058

* commit '569ec058':
  Track rename from base/ to android-base/.

am: c4f60ec9

* commit 'c4f60ec9':
  Track rename from base/ to android-base/.