Age | Commit message (Collapse) | Author |
|
libfirewalld-binder-client includes headers from libbinderwrapper so it
needs to include the library.
Bug: None
Test: It builds.
Change-Id: I2c1b7cc79b09f5755b8f35c73d5b95e44f9b9ca8
|
|
am: 4e6f5bb216
Change-Id: Ie312d8dce9bd51ab5be4b24f85a2961500c3e724
|
|
Replaced with PRODUCT_PACKAGES_DEBUG in brillo_base.mk
Change-Id: Id4480715fdeea1e89154889c23ae023194cea6ec
|
|
am: 9c418d8540
* commit '9c418d8540c9b8a90888a03ef97b3f0686db5e40':
firewalld: Update libchrome APIs to r395517
Change-Id: Ib42318ed011367c662833dc4ba38891600637e59
|
|
am: c0413cc291
* commit 'c0413cc291345e498ee7d9f8eb478de7fedc8e51':
firewalld: Update libchrome APIs to r395517
Change-Id: I3fd6029fffcd4d84445f3e0ee338a36bb6b836e5
|
|
The new libchrome has been ported from Chromium and some APIs have
changed. Make necessary changes at call sites.
Change-Id: I8a9d29713657c2791049de21e98ad15d1ed358ad
|
|
am: 55e4007
* commit '55e40078eaa8adb25fc7c6af44b5033eca2645c9':
Include header for DISALLOW_COPY_AND_ASSIGN
Change-Id: Ia2cb9e96bed8e2da3b84556eed44513b29b21528
|
|
am: 3a84e4d
* commit '3a84e4d300ed4f09dd519c452d8b3d3bd110f442':
Include header for DISALLOW_COPY_AND_ASSIGN
Change-Id: I75d171470bc6fa1433c0c49e6d4b891e76494f41
|
|
This is not guaranteed to be included as part of the generated header.
Bug: 27804373
Change-Id: I1db77fb8acd0837a86dbeded83cb0d461f103d19
|
|
am: 1b022ef
* commit '1b022ef9dbf146b2355809cb68ef5ba84fc47e69':
Fix google-explicit-constructor warnings.
Change-Id: Ic8bc7c49e0948cecbdc057384685b2e95d6ef3a9
|
|
am: 6bda44a
* commit '6bda44a1f3477d66fff2f3ba6d6b3953872ce1f5':
Fix google-explicit-constructor warnings.
Change-Id: Ic4de66b3d374dcd23b9173f6302b238c87fef627
|
|
Bug: 28341362
Change-Id: I558551c6ab408e0b9bf278310857af4631769ec1
|
|
This prevents us exposing our AIDL headers.
Change-Id: I86999c440ab1c6fc23de1574e2143c8acc0b0230
Test: Binder webservd can open its ports successfully
Bug: 25932807
|
|
This should have the same functionality as the DBus interface. It should
also be perfectly safe to use both.
Change-Id: I42945941cb6e87d4fbee4797cb3d2286bcaa0267
Test: webservd can still open its ports via firewalld
Bug: 25932807
|
|
This isn't a library for a test, use BUILD_STATIC_LIBRARY instead.
Change-Id: Ib22f9ac6ed28eb065efeb1b2a824ed9ebe226542
|
|
Bug: 27365581
Change-Id: I7389d57457fd709a9d00956bc44a404ca1a5c67a
|
|
This CL tries to remove as much duplicated code from the IpTables class
as possible. The basic construct of running the same command with
different executables/options is extracted into a helper function.
Moreover, the unit tests are simplified by mocking one function call
higher and removing a lot of set-up duplication.
Bug: 26911013
Change-Id: Iecdacab2ef6ffa5631c877835bdfb0bf7191536c
|
|
Looks like IPv6 is working correctly, so re-enable that too.
Bug: 26911013
Change-Id: Iad0390e3a41a429460794b7c243ebca59cf64146
|
|
Currently only IPv4 traffic is handled by third party VPNs. Extend
the UID_MATCH and route setup to IPv6.
Bug: chromium:522003
TEST=`FEATURES=test emerge-link firewalld`
TEST=manual
Change-Id: I9352506e98e1fdcace093d443e2fa2b95887d720
|
|
The new libchrome has been ported from Chromium and some APIs have
changed. Make necessary changes at call sites.
Change-Id: Ib36ec8f828bfafcdaa57399cc1be12b00161b7ed
|
|
There is no longer a reliance on RTTI in libbrillo, so disable RTTI
in the rest of Brillo codebase.
Bug: 26292405
Change-Id: I9ef4ac224141dcabb69f79e076286ee711ad0b00
|
|
BUG: 24872993
Change-Id: I24f57bbed2d5f7f543d18d05e66a33cebce364d0
|
|
libchromeos is transitioning to libbrillo and chromeos namespaces
and include directory is changing to brillo.
Bug: 24872993
Change-Id: Icc70ef99c10acc983a9c261faaa983e26536ad04
|
|
It's unneeded since the executable is labelled in the filesystem.
Bug: 24571067
Change-Id: I336894cb4d18ee3ea8f77b15dd95938e3426f0b7
|
|
BUG=24073089
TEST=mm on Mac host
Change-Id: Iea411b01cfa25f73ced5bde5f0c4fabdfb2f3f56
|
|
Android is using <service>.rc instead of init.<service>.rc.
Bug: 24465893
Change-Id: I87809e0f9b176b8cb605e90e3e3ef0e6e9a1a0a5
|
|
Interface name that starts or ends with period is still not allowed.
Bug: 24382217
TEST=Manual test using apmanager
TEST=Unittests on Chrome OS
Change-Id: Iac5a7febd8b365759c4a21ccb8dc60c1ded60bbb
|
|
Now there is a better way to install the init scripts using LOCAL_INIT_RC
instead of manually copying the file with PREBUILT rule.
Change-Id: Ie0f23ec30890dc163063e1592eb3388669f3dfbf
|
|
Our gyp build rules now support building from .dbus-xml files.
BUG=b/23380180
TEST=Built on ChromeOS with this change.
Change-Id: I689a75b478de1410f59a56d242d001e41d62124d
|
|
Now the DBus header generation in AOSP has stabilized, we should resolve
these differences.
Bug: 23426296
Change-Id: I7de2d63efdc3a5f5d2479a3a9d6f08fc8ce9b7bb
|
|
This is not needed since chromeos-base/firewalld now depends on
chromeos-base/permission_broker-client for that.
[This landed in CrOS but was not ported to AOSP; builds successfully.]
Change-Id: I3e759c222ca65242931de4c42afeeaa18393bad5
|
|
Bug: 23380180
Change-Id: I112a65d225e5a7192cccd43f39b89e38b52116f5
|
|
This puts firewalld back in the 'main' class, but initially disabled. It
is only enabled once initial firewall setup is completed.
Bug: 23064386
Change-Id: I1d8a530153c5dc624a7d499cc10b840b46294af0
|
|
We now want firewalld to launch only after the base firewall setup has
been configured, so we need to use a special trigger for that.
Bug: 23064386
Change-Id: Ic07cea72b91ccd9913bf7cfa744a2fc911b8e4c2
|
|
__ANDROID__ is defined automatically by the toolchain.
Bug: 23358460
Change-Id: I7487625802deb48ff31da8410125fa910a88ca74
|
|
Bug: 22388998
Change-Id: I425c44b931be9965493a874cb1f386d0f188e9b0
|
|
Bug: 22608897
Change-Id: Ic9131ca64383a96cab47807daeb8257693e5eaa2
|
|
The assumes everything up to the .xml suffix is part of the interface
name, so we should be using the .dbus.xml variant here.
Bug: 23193215
Change-Id: I098b78b3fcff42f6b752bf0fd2d2f284ee7503a2
|
|
Bug: 23313270
Change-Id: Ia6beb7398e7dddfcf799acb00dc0d899f2b82003
|
|
This better matches the suggested practice.
Change-Id: I7f12c1f0da9730d0aa83ceabb2841ae415a20b3c
|
|
This will cause DBus proxies to be generated, along with corresponding
pkg_config files. An upcoming ebuild change will actually install them
to the sysroot.
[Copied over from https://chromium-review.googlesource.com/293616/]
Bug: 22827985
Change-Id: I4a5140b985d73a817e36c26b38871ef8b114288d
|
|
There's code in Chrome OS platform2 (such as permission_broker) that
depends on firewalld's DBus interface definition XML file. To avoid
build woes once we migrate Chrome OS to build firewalld from AOSP, this
adds a symlink to ensure that those dependent packages won't break. This
should be removed once all dependent packages are upgraded accordingly.
Bug: 22827985
Change-Id: Ib9a5e574db5d63526a6ebd3814095864d2eb4b9e
|
|
Building of firewalld depends on DBus bindings generator, which
currently isn't available on other hosts (notably, Darwin).
Bug: 22827985
Change-Id: I39e7b41658752090e684885bec2c905fad33aa98
|
|
* Drop firewalld/ prefix from #include paths.
* Rename the DBus interface definition to have a .dbus.xml suffix;
needed for it to be picked up by the build infrastructure.
* Add __BRILLO__ preprocessor symbol for conditionally:
1) Removing support for Permission Broker (currently not available and
no concrete porting plan yet).
2) Disable dropping privileges in minijail invocations (yet to be
figured out).
3) Adapting DBus bindings header paths (slightly different).
4) Adapting helper utility paths (iptables, iproute2).
5) Making punching of IPv6 firewall rules optional and autodetected.
* Re-license everything to AOSP and add NOTICE and
MODULE_LICENSE_APACHE2.
* Added Android.mk for building all the targets we need, including
init.firewalld.rc with proper SELinux attributes (when supported).
Bug: 22827985
Change-Id: I05f74f80f95f689b4bbf60a2708e76ef5495b96e
|
|
BUG=None
TEST=Package builds fine.
Change-Id: I2ac510b748302fdaf93ecbd8c1b6a8af6ec23376
Reviewed-on: https://chromium-review.googlesource.com/291375
Tested-by: Gilad Arnold <garnold@chromium.org>
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>
|
|
When multiple processes use `iptables` to modify the firewall, the
command grabs an exclusive lock for the table being modified. If the
lock cannot be obtained (another instance of iptables is running),
the current instance fails with an error.
By adding -w we make it wait for the other lock to be released before
proceeding.
BUG=brillo:1240
TEST=`FEATURES=test emerge-gizmo firewalld`
test_that -b gizmo <ip> security_Firewall
Change-Id: If147f6869d2df0e8f355323a265718f1cb8d617f
Reviewed-on: https://chromium-review.googlesource.com/285512
Reviewed-by: Vitaly Buka <vitalybuka@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Alex Vakulenko <avakulenko@chromium.org>
Commit-Queue: Alex Vakulenko <avakulenko@chromium.org>
|
|
Added ObjectManager to firewalld to allow permission_broker to track the
lifetime of the top D-Bus service object and restart permission_broker
if firewall crashes/restarts.
This will also allow to wait for Firewalld to come up and finish initialization
before permission_broker D-Bus appears on the bus, which would eliminate
weird race condiftions when web server asks permission_broker to open
TCP ports too early (before firewalld is up and running).
BUG=brillo:1240
TEST=`FEATURES=test emerge-link firewalld permission_broker apmanager webserver`
Change-Id: I1f575b74c6a1e8e75cd4d33b6b70dda5b95f5339
Reviewed-on: https://chromium-review.googlesource.com/284975
Tested-by: Alex Vakulenko <avakulenko@chromium.org>
Reviewed-by: Vitaly Buka <vitalybuka@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Alex Vakulenko <avakulenko@chromium.org>
|
|
This header pulls in glib dependencies which aren't used in these
codebases.
BUG=chromium:508218
TEST=trybots
Change-Id: Iecf8dfcdd8064b1feb694382eea55c3f0df572d3
Reviewed-on: https://chromium-review.googlesource.com/284053
Tested-by: Christopher Wiley <wiley@chromium.org>
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Commit-Queue: Christopher Wiley <wiley@chromium.org>
Trybot-Ready: Christopher Wiley <wiley@chromium.org>
|
|
permission_broker uses firewalld to modify firewall rules. The firewall
rules must be modified only once the global firewall rules have been
configured at system startup.
Made firewalld wait till both iptables and ip6tables upstart jobs
finish and made permission_broker upstart job to be fully dependent
on firewalld.
BUG=brillo:1240
TEST=`USE="wifi_bootstrapping peerd buffet" ./build_packages && \
./build_image --noenable_rootfs_verification test && \
cros flash <link-ip-address>`
TEST=`./build_packages --board=gizmo && \
./build_image --noenable_rootfs_verification test && \
cros flash 100.96.49.59`
TEST=`test_that -b link 100.96.49.59 security_Firewall`
Change-Id: Ia4cc5f156182ceebcc4eb35da1a32ea5b376823c
Reviewed-on: https://chromium-review.googlesource.com/284818
Trybot-Ready: Alex Vakulenko <avakulenko@chromium.org>
Tested-by: Alex Vakulenko <avakulenko@chromium.org>
Reviewed-by: Vitaly Buka <vitalybuka@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Alex Vakulenko <avakulenko@chromium.org>
|
|
libchrome r334380 has the following breaking changes that need to be fixed:
- base::JSONWriter::Write() and base::JSONWriter::WriteWithOptions() take
"const base::Value&" instead of "const base::Value*"
- base::JSONReader::Read() and base::JSONReader::ReadAndReturnError()
return a scoped_ptr<base::Value> instead of base::Value*
- base/safe_strerror_posix.h is moved to base/posix/safe_strerror.h
- safe_strerror() is now in "base" namespace
- StartsWithASCII(), EndsWith(), StringToUpperASCII(), LowerCaseEqualsASCII()
are now in "base" namespace
- ObserverList<T> is now in "base" namespace
- base::PrintTo(base::FilePath) used in gtest is now moved to libchrome-test
library and as such, unit test runners need to link to this library now.
- crypto::RSAPrivateKey::CreateSensitive() is now removed from //crypto, so
some of tests in chromeos-login that used that function had to be changed
to use crypto::GenerateRSAKeyPairNSS() directly.
- UnixDomanSocket class is now in "base" namespace
- Pickle class is now in "base" namespace
BUG=chromium:496469
TEST=`./build_packages`
CQ-DEPEND=CL:277662
Change-Id: I36e5fbf2e36a92068873ffbd44020c862a3ed9e3
Reviewed-on: https://chromium-review.googlesource.com/277671
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Commit-Queue: Alex Vakulenko <avakulenko@chromium.org>
Trybot-Ready: Alex Vakulenko <avakulenko@chromium.org>
Tested-by: Alex Vakulenko <avakulenko@chromium.org>
|