summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-09-16Add dependency to libbinderwrapper.HEADandroid-n-mr2-preview-2android-n-mr2-preview-1android-n-mr1-preview-2android-n-mr1-preview-1mastermainAlex Deymo
libfirewalld-binder-client includes headers from libbinderwrapper so it needs to include the library. Bug: None Test: It builds. Change-Id: I2c1b7cc79b09f5755b8f35c73d5b95e44f9b9ca8
2016-08-02Remove Brillo-specific LOCAL_MODULE_TAGSDan Willemsen
am: 4e6f5bb216 Change-Id: Ie312d8dce9bd51ab5be4b24f85a2961500c3e724
2016-08-01Remove Brillo-specific LOCAL_MODULE_TAGSDan Willemsen
Replaced with PRODUCT_PACKAGES_DEBUG in brillo_base.mk Change-Id: Id4480715fdeea1e89154889c23ae023194cea6ec
2016-06-01firewalld: Update libchrome APIs to r395517 am: c0413cc291Luis Hector Chavez
am: 9c418d8540 * commit '9c418d8540c9b8a90888a03ef97b3f0686db5e40': firewalld: Update libchrome APIs to r395517 Change-Id: Ib42318ed011367c662833dc4ba38891600637e59
2016-06-01firewalld: Update libchrome APIs to r395517Luis Hector Chavez
am: c0413cc291 * commit 'c0413cc291345e498ee7d9f8eb478de7fedc8e51': firewalld: Update libchrome APIs to r395517 Change-Id: I3fd6029fffcd4d84445f3e0ee338a36bb6b836e5
2016-05-26firewalld: Update libchrome APIs to r395517android-wear-n-preview-2android-wear-7.1.1_r1android-n-preview-5android-n-preview-4android-n-iot-preview-2nougat-mr1-wear-releasen-iot-preview-2Luis Hector Chavez
The new libchrome has been ported from Chromium and some APIs have changed. Make necessary changes at call sites. Change-Id: I8a9d29713657c2791049de21e98ad15d1ed358ad
2016-04-26Include header for DISALLOW_COPY_AND_ASSIGN am: 3a84e4dChristopher Wiley
am: 55e4007 * commit '55e40078eaa8adb25fc7c6af44b5033eca2645c9': Include header for DISALLOW_COPY_AND_ASSIGN Change-Id: Ia2cb9e96bed8e2da3b84556eed44513b29b21528
2016-04-26Include header for DISALLOW_COPY_AND_ASSIGNChristopher Wiley
am: 3a84e4d * commit '3a84e4d300ed4f09dd519c452d8b3d3bd110f442': Include header for DISALLOW_COPY_AND_ASSIGN Change-Id: I75d171470bc6fa1433c0c49e6d4b891e76494f41
2016-04-26Include header for DISALLOW_COPY_AND_ASSIGNandroid-wear-n-preview-3android-wear-n-preview-1android-n-preview-3Christopher Wiley
This is not guaranteed to be included as part of the generated header. Bug: 27804373 Change-Id: I1db77fb8acd0837a86dbeded83cb0d461f103d19
2016-04-25Fix google-explicit-constructor warnings. am: 6bda44aChih-Hung Hsieh
am: 1b022ef * commit '1b022ef9dbf146b2355809cb68ef5ba84fc47e69': Fix google-explicit-constructor warnings. Change-Id: Ic8bc7c49e0948cecbdc057384685b2e95d6ef3a9
2016-04-25Fix google-explicit-constructor warnings.Chih-Hung Hsieh
am: 6bda44a * commit '6bda44a1f3477d66fff2f3ba6d6b3953872ce1f5': Fix google-explicit-constructor warnings. Change-Id: Ic4de66b3d374dcd23b9173f6302b238c87fef627
2016-04-25Fix google-explicit-constructor warnings.Chih-Hung Hsieh
Bug: 28341362 Change-Id: I558551c6ab408e0b9bf278310857af4631769ec1
2016-03-10Add a binder client libraryandroid-n-preview-2Casey Dahlin
This prevents us exposing our AIDL headers. Change-Id: I86999c440ab1c6fc23de1574e2143c8acc0b0230 Test: Binder webservd can open its ports successfully Bug: 25932807
2016-03-08Publish a binder interfaceCasey Dahlin
This should have the same functionality as the DBus interface. It should also be perfectly safe to use both. Change-Id: I42945941cb6e87d4fbee4797cb3d2286bcaa0267 Test: webservd can still open its ports via firewalld Bug: 25932807
2016-03-02Stop using BUILD_STATIC_TEST_LIBRARYandroid-n-preview-1Dan Willemsen
This isn't a library for a test, use BUILD_STATIC_LIBRARY instead. Change-Id: Ib22f9ac6ed28eb065efeb1b2a824ed9ebe226542
2016-02-25Run Firewalld as the 'firewall' user.Jorge Lucangeli Obes
Bug: 27365581 Change-Id: I7389d57457fd709a9d00956bc44a404ca1a5c67a
2016-02-02Refactor IpTables class to remove duplication.android-cts_7.1_r1android-cts-7.1_r9android-cts-7.1_r8android-cts-7.1_r7android-cts-7.1_r6android-cts-7.1_r5android-cts-7.1_r4android-cts-7.1_r3android-cts-7.1_r29android-cts-7.1_r28android-cts-7.1_r27android-cts-7.1_r26android-cts-7.1_r25android-cts-7.1_r24android-cts-7.1_r23android-cts-7.1_r22android-cts-7.1_r21android-cts-7.1_r20android-cts-7.1_r2android-cts-7.1_r19android-cts-7.1_r18android-cts-7.1_r17android-cts-7.1_r16android-cts-7.1_r15android-cts-7.1_r14android-cts-7.1_r13android-cts-7.1_r12android-cts-7.1_r11android-cts-7.1_r10android-cts-7.1_r1android-7.1.2_r9android-7.1.2_r8android-7.1.2_r6android-7.1.2_r5android-7.1.2_r4android-7.1.2_r39android-7.1.2_r38android-7.1.2_r37android-7.1.2_r36android-7.1.2_r33android-7.1.2_r32android-7.1.2_r30android-7.1.2_r3android-7.1.2_r29android-7.1.2_r28android-7.1.2_r27android-7.1.2_r25android-7.1.2_r24android-7.1.2_r23android-7.1.2_r2android-7.1.2_r19android-7.1.2_r18android-7.1.2_r17android-7.1.2_r16android-7.1.2_r15android-7.1.2_r14android-7.1.2_r13android-7.1.2_r12android-7.1.2_r11android-7.1.2_r10android-7.1.2_r1android-7.1.1_r9android-7.1.1_r8android-7.1.1_r7android-7.1.1_r61android-7.1.1_r60android-7.1.1_r6android-7.1.1_r59android-7.1.1_r58android-7.1.1_r57android-7.1.1_r56android-7.1.1_r55android-7.1.1_r54android-7.1.1_r53android-7.1.1_r52android-7.1.1_r51android-7.1.1_r50android-7.1.1_r49android-7.1.1_r48android-7.1.1_r47android-7.1.1_r46android-7.1.1_r45android-7.1.1_r44android-7.1.1_r43android-7.1.1_r42android-7.1.1_r41android-7.1.1_r40android-7.1.1_r4android-7.1.1_r39android-7.1.1_r38android-7.1.1_r35android-7.1.1_r33android-7.1.1_r32android-7.1.1_r31android-7.1.1_r3android-7.1.1_r28android-7.1.1_r27android-7.1.1_r26android-7.1.1_r25android-7.1.1_r24android-7.1.1_r23android-7.1.1_r22android-7.1.1_r21android-7.1.1_r20android-7.1.1_r2android-7.1.1_r17android-7.1.1_r16android-7.1.1_r15android-7.1.1_r14android-7.1.1_r13android-7.1.1_r12android-7.1.1_r11android-7.1.1_r10android-7.1.1_r1android-7.1.0_r7android-7.1.0_r6android-7.1.0_r5android-7.1.0_r4android-7.1.0_r3android-7.1.0_r2android-7.1.0_r1nougat-mr2.3-releasenougat-mr2.2-releasenougat-mr2.1-releasenougat-mr2-security-releasenougat-mr2-releasenougat-mr2-pixel-releasenougat-mr2-devnougat-mr1.8-releasenougat-mr1.7-releasenougat-mr1.6-releasenougat-mr1.5-releasenougat-mr1.4-releasenougat-mr1.3-releasenougat-mr1.2-releasenougat-mr1.1-releasenougat-mr1-volantis-releasenougat-mr1-security-releasenougat-mr1-releasenougat-mr1-flounder-releasenougat-mr1-devnougat-mr1-cts-releasenougat-dr1-releasenougat-devbrillo-m10-releasebrillo-m10-devJorge Lucangeli Obes
This CL tries to remove as much duplicated code from the IpTables class as possible. The basic construct of running the same command with different executables/options is extracted into a helper function. Moreover, the unit tests are simplified by mocking one function call higher and removing a lot of set-up duplication. Bug: 26911013 Change-Id: Iecdacab2ef6ffa5631c877835bdfb0bf7191536c
2016-02-01Run unit tests on Brillo.Jorge Lucangeli Obes
Looks like IPv6 is working correctly, so re-enable that too. Bug: 26911013 Change-Id: Iad0390e3a41a429460794b7c243ebca59cf64146
2016-01-26Add rules to route IPv6 third party VPN trafficKevin Cernekee
Currently only IPv4 traffic is handled by third party VPNs. Extend the UID_MATCH and route setup to IPv6. Bug: chromium:522003 TEST=`FEATURES=test emerge-link firewalld` TEST=manual Change-Id: I9352506e98e1fdcace093d443e2fa2b95887d720
2016-01-20firewalld: Update libchrome APIs to r369476Alex Vakulenko
The new libchrome has been ported from Chromium and some APIs have changed. Make necessary changes at call sites. Change-Id: Ib36ec8f828bfafcdaa57399cc1be12b00161b7ed
2015-12-21firewalld: Disable RTTIbrillo-m9-releasebrillo-m9-devAlex Vakulenko
There is no longer a reliance on RTTI in libbrillo, so disable RTTI in the rest of Brillo codebase. Bug: 26292405 Change-Id: I9ef4ac224141dcabb69f79e076286ee711ad0b00
2015-10-27firewalld: Rename libchromeos into libbrillobrillo-m8-releasebrillo-m8-devbrillo-m7-releasebrillo-m7-mr-devbrillo-m7-devAlex Vakulenko
BUG: 24872993 Change-Id: I24f57bbed2d5f7f543d18d05e66a33cebce364d0
2015-10-13firewalld: Rename "chromeos" -> "brillo" in include paths and namespacesAlex Vakulenko
libchromeos is transitioning to libbrillo and chromeos namespaces and include directory is changing to brillo. Bug: 24872993 Change-Id: Icc70ef99c10acc983a9c261faaa983e26536ad04
2015-10-01Remove 'seclabel' option.Jorge Lucangeli Obes
It's unneeded since the executable is labelled in the filesystem. Bug: 24571067 Change-Id: I336894cb4d18ee3ea8f77b15dd95938e3426f0b7
2015-09-29firewalld: build on non-Linux hostsScott James Remnant
BUG=24073089 TEST=mm on Mac host Change-Id: Iea411b01cfa25f73ced5bde5f0c4fabdfb2f3f56
2015-09-28Fix init filename.Jorge Lucangeli Obes
Android is using <service>.rc instead of init.<service>.rc. Bug: 24465893 Change-Id: I87809e0f9b176b8cb605e90e3e3ef0e6e9a1a0a5
2015-09-25Allow interface name to contain periodsPeter Qiu
Interface name that starts or ends with period is still not allowed. Bug: 24382217 TEST=Manual test using apmanager TEST=Unittests on Chrome OS Change-Id: Iac5a7febd8b365759c4a21ccb8dc60c1ded60bbb
2015-09-10Use LOCAL_INIT_RC to install the init script for firewalldAlex Vakulenko
Now there is a better way to install the init scripts using LOCAL_INIT_RC instead of manually copying the file with PREBUILT rule. Change-Id: Ie0f23ec30890dc163063e1592eb3388669f3dfbf
2015-08-21Remove duplicate DBus interface filesChristopher Wiley
Our gyp build rules now support building from .dbus-xml files. BUG=b/23380180 TEST=Built on ChromeOS with this change. Change-Id: I689a75b478de1410f59a56d242d001e41d62124d
2015-08-21Unify DBus adaptor include paths.Gilad Arnold
Now the DBus header generation in AOSP has stabilized, we should resolve these differences. Bug: 23426296 Change-Id: I7de2d63efdc3a5f5d2479a3a9d6f08fc8ce9b7bb
2015-08-21Stop generating permission_broker DBus proxies.Gilad Arnold
This is not needed since chromeos-base/firewalld now depends on chromeos-base/permission_broker-client for that. [This landed in CrOS but was not ported to AOSP; builds successfully.] Change-Id: I3e759c222ca65242931de4c42afeeaa18393bad5
2015-08-21Rename firewalld DBus definitions to .dbus-xmlChristopher Wiley
Bug: 23380180 Change-Id: I112a65d225e5a7192cccd43f39b89e38b52116f5
2015-08-20Change how we start firewalld, again.Gilad Arnold
This puts firewalld back in the 'main' class, but initially disabled. It is only enabled once initial firewall setup is completed. Bug: 23064386 Change-Id: I1d8a530153c5dc624a7d499cc10b840b46294af0
2015-08-20Add a custom init.firewall.rc file.Gilad Arnold
We now want firewalld to launch only after the base firewall setup has been configured, so we need to use a special trigger for that. Bug: 23064386 Change-Id: Ic07cea72b91ccd9913bf7cfa744a2fc911b8e4c2
2015-08-19Use __ANDROID__ instead of __BRILLO__.Daniel Erat
__ANDROID__ is defined automatically by the toolchain. Bug: 23358460 Change-Id: I7487625802deb48ff31da8410125fa910a88ca74
2015-08-19Compile client libraryChristopher Wiley
Bug: 22388998 Change-Id: I425c44b931be9965493a874cb1f386d0f188e9b0
2015-08-19Update with new DBus generated adaptor header files.Ying Wang
Bug: 22608897 Change-Id: Ic9131ca64383a96cab47807daeb8257693e5eaa2
2015-08-18Use old interface definition filename when building with gyp.Gilad Arnold
The assumes everything up to the .xml suffix is part of the interface name, so we should be using the .dbus.xml variant here. Bug: 23193215 Change-Id: I098b78b3fcff42f6b752bf0fd2d2f284ee7503a2
2015-08-18Fix initrc generation.Gilad Arnold
Bug: 23313270 Change-Id: Ia6beb7398e7dddfcf799acb00dc0d899f2b82003
2015-08-17Adjust initc generation rule.Gilad Arnold
This better matches the suggested practice. Change-Id: I7f12c1f0da9730d0aa83ceabb2841ae415a20b3c
2015-08-16firewalld: Build own DBus proxies.Gilad Arnold
This will cause DBus proxies to be generated, along with corresponding pkg_config files. An upcoming ebuild change will actually install them to the sysroot. [Copied over from https://chromium-review.googlesource.com/293616/] Bug: 22827985 Change-Id: I4a5140b985d73a817e36c26b38871ef8b114288d
2015-08-13Add a symlink for backward compatibility with dependent Chrome OS code.Gilad Arnold
There's code in Chrome OS platform2 (such as permission_broker) that depends on firewalld's DBus interface definition XML file. To avoid build woes once we migrate Chrome OS to build firewalld from AOSP, this adds a symlink to ensure that those dependent packages won't break. This should be removed once all dependent packages are upgraded accordingly. Bug: 22827985 Change-Id: Ib9a5e574db5d63526a6ebd3814095864d2eb4b9e
2015-08-13Only define build targets if building in Linux.Gilad Arnold
Building of firewalld depends on DBus bindings generator, which currently isn't available on other hosts (notably, Darwin). Bug: 22827985 Change-Id: I39e7b41658752090e684885bec2c905fad33aa98
2015-08-13Build firewalld in Android.Gilad Arnold
* Drop firewalld/ prefix from #include paths. * Rename the DBus interface definition to have a .dbus.xml suffix; needed for it to be picked up by the build infrastructure. * Add __BRILLO__ preprocessor symbol for conditionally: 1) Removing support for Permission Broker (currently not available and no concrete porting plan yet). 2) Disable dropping privileges in minijail invocations (yet to be figured out). 3) Adapting DBus bindings header paths (slightly different). 4) Adapting helper utility paths (iptables, iproute2). 5) Making punching of IPv6 firewall rules optional and autodetected. * Re-license everything to AOSP and add NOTICE and MODULE_LICENSE_APACHE2. * Added Android.mk for building all the targets we need, including init.firewalld.rc with proper SELinux attributes (when supported). Bug: 22827985 Change-Id: I05f74f80f95f689b4bbf60a2708e76ef5495b96e
2015-08-10firewalld: Remove unneeded #include.Gilad Arnold
BUG=None TEST=Package builds fine. Change-Id: I2ac510b748302fdaf93ecbd8c1b6a8af6ec23376 Reviewed-on: https://chromium-review.googlesource.com/291375 Tested-by: Gilad Arnold <garnold@chromium.org> Reviewed-by: Alex Vakulenko <avakulenko@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Gilad Arnold <garnold@chromium.org>
2015-08-10firewalld: Add -w option to invocation of `iptables` commandAlex Vakulenko
When multiple processes use `iptables` to modify the firewall, the command grabs an exclusive lock for the table being modified. If the lock cannot be obtained (another instance of iptables is running), the current instance fails with an error. By adding -w we make it wait for the other lock to be released before proceeding. BUG=brillo:1240 TEST=`FEATURES=test emerge-gizmo firewalld` test_that -b gizmo <ip> security_Firewall Change-Id: If147f6869d2df0e8f355323a265718f1cb8d617f Reviewed-on: https://chromium-review.googlesource.com/285512 Reviewed-by: Vitaly Buka <vitalybuka@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Tested-by: Alex Vakulenko <avakulenko@chromium.org> Commit-Queue: Alex Vakulenko <avakulenko@chromium.org>
2015-08-10firewalld: Add D-Bus ObjectManager to track the Firewalld service lifetimeAlex Vakulenko
Added ObjectManager to firewalld to allow permission_broker to track the lifetime of the top D-Bus service object and restart permission_broker if firewall crashes/restarts. This will also allow to wait for Firewalld to come up and finish initialization before permission_broker D-Bus appears on the bus, which would eliminate weird race condiftions when web server asks permission_broker to open TCP ports too early (before firewalld is up and running). BUG=brillo:1240 TEST=`FEATURES=test emerge-link firewalld permission_broker apmanager webserver` Change-Id: I1f575b74c6a1e8e75cd4d33b6b70dda5b95f5339 Reviewed-on: https://chromium-review.googlesource.com/284975 Tested-by: Alex Vakulenko <avakulenko@chromium.org> Reviewed-by: Vitaly Buka <vitalybuka@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Alex Vakulenko <avakulenko@chromium.org>
2015-08-10Remove superfluous legacy DBus includesChristopher Wiley
This header pulls in glib dependencies which aren't used in these codebases. BUG=chromium:508218 TEST=trybots Change-Id: Iecf8dfcdd8064b1feb694382eea55c3f0df572d3 Reviewed-on: https://chromium-review.googlesource.com/284053 Tested-by: Christopher Wiley <wiley@chromium.org> Reviewed-by: Alex Vakulenko <avakulenko@chromium.org> Commit-Queue: Christopher Wiley <wiley@chromium.org> Trybot-Ready: Christopher Wiley <wiley@chromium.org>
2015-08-10platform2: Start deps between permission_broker, firewalld and iptablesAlex Vakulenko
permission_broker uses firewalld to modify firewall rules. The firewall rules must be modified only once the global firewall rules have been configured at system startup. Made firewalld wait till both iptables and ip6tables upstart jobs finish and made permission_broker upstart job to be fully dependent on firewalld. BUG=brillo:1240 TEST=`USE="wifi_bootstrapping peerd buffet" ./build_packages && \ ./build_image --noenable_rootfs_verification test && \ cros flash <link-ip-address>` TEST=`./build_packages --board=gizmo && \ ./build_image --noenable_rootfs_verification test && \ cros flash 100.96.49.59` TEST=`test_that -b link 100.96.49.59 security_Firewall` Change-Id: Ia4cc5f156182ceebcc4eb35da1a32ea5b376823c Reviewed-on: https://chromium-review.googlesource.com/284818 Trybot-Ready: Alex Vakulenko <avakulenko@chromium.org> Tested-by: Alex Vakulenko <avakulenko@chromium.org> Reviewed-by: Vitaly Buka <vitalybuka@chromium.org> Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Alex Vakulenko <avakulenko@chromium.org>
2015-08-10platform2: Fix issues with new version of libchromeAlex Vakulenko
libchrome r334380 has the following breaking changes that need to be fixed: - base::JSONWriter::Write() and base::JSONWriter::WriteWithOptions() take "const base::Value&" instead of "const base::Value*" - base::JSONReader::Read() and base::JSONReader::ReadAndReturnError() return a scoped_ptr<base::Value> instead of base::Value* - base/safe_strerror_posix.h is moved to base/posix/safe_strerror.h - safe_strerror() is now in "base" namespace - StartsWithASCII(), EndsWith(), StringToUpperASCII(), LowerCaseEqualsASCII() are now in "base" namespace - ObserverList<T> is now in "base" namespace - base::PrintTo(base::FilePath) used in gtest is now moved to libchrome-test library and as such, unit test runners need to link to this library now. - crypto::RSAPrivateKey::CreateSensitive() is now removed from //crypto, so some of tests in chromeos-login that used that function had to be changed to use crypto::GenerateRSAKeyPairNSS() directly. - UnixDomanSocket class is now in "base" namespace - Pickle class is now in "base" namespace BUG=chromium:496469 TEST=`./build_packages` CQ-DEPEND=CL:277662 Change-Id: I36e5fbf2e36a92068873ffbd44020c862a3ed9e3 Reviewed-on: https://chromium-review.googlesource.com/277671 Reviewed-by: Alex Vakulenko <avakulenko@chromium.org> Commit-Queue: Alex Vakulenko <avakulenko@chromium.org> Trybot-Ready: Alex Vakulenko <avakulenko@chromium.org> Tested-by: Alex Vakulenko <avakulenko@chromium.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-08 19:37:51 +0000