Age | Commit message (Collapse) | Author |
|
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: If3efe7e5dc8907a524af35515551393d37f251b2
|
|
Until now, allowProtect() protected the UID from a VPN no matter the
network. In this scenario, in order to support CCT for CaptivePortal,
Chrome would have to be granted the ability to protect itself from VPN
no matter the network it is currently using.
This change adds a netId to mProtectableUsers, so allowProtect() can
either apply globally (using NETID_UNSET), a specific network, or both.
UIDs that can protect their sockets on specific networks cannot protect
their sockets from VPNs in general. They can only bypass VPNs when
explicitly binding sockets to the specified network.
Test: TH
Change-Id: Ide7c3e76f28ce89a45673667c05b46f1e61d3f74
|
|
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Idd49b3c4b37f82e314edfdbcf4365c1ffac2fc60
|
|
|
|
Test: TH
Change-Id: Iaf33fb8e615effe9742089ab0c4ae0259e342227
|
|
This functionality is not called anywhere, so delete it.
Test: TH
Change-Id: I6c489bab6df7d7428ddab8a077e7e83e4a740d6f
|
|
Change-Id: I7967da755659e941ad714bcaf56d1ee82b886704
Test: none
|
|
Doesn't make sense to run tests for vendor provided kernel version
on GSI images, where vendor may well be ancient.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I5f2fbf936e2324cc4641873664f9eca12f0aeecc
|
|
None of our libcs need this any more.
Change-Id: I7b3f5cb911fffe25dc47520570451ecf95a0a696
|
|
Turns out this was always the case,
and has always been required...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2f63d8ad9534997a4e9a68bc83f53ff180c21a31
|
|
into main am: 15d9b5c169
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2983223
Change-Id: I0681b1ebfdd78fd22fa2fee1471ce1555e030d68
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
into main
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2986055
Change-Id: Icf908dde3190834f3d5ba06672344e598c0beae8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
On cf: 6.1.68-android14-11-ga7f647f49daf-ab11484633
x86_64 netd_integration_test
----------------------------
netd_integration_test64 (13 Tests)
[1/13] KernelTest#TestRateLimitingSupport: PASSED (11ms)
[2/13] KernelTest#TestBpfJitAlwaysOn: PASSED (0ms)
[3/13] KernelTest#TestKernel64Bit: PASSED (0ms)
[4/13] KernelTest#TestX86Kernel64Bit: PASSED (0ms)
[5/13] KernelTest#TestKernel419: PASSED (0ms)
[6/13] KernelTest#TestIsLTS: PASSED (0ms)
[7/13] KernelTest#TestMinRequiredLTS_4_19: IGNORED (0ms)
[8/13] KernelTest#TestMinRequiredLTS_5_4: IGNORED (0ms)
[9/13] KernelTest#TestMinRequiredLTS_5_10: IGNORED (0ms)
[10/13] KernelTest#TestMinRequiredLTS_5_15: IGNORED (0ms)
[11/13] KernelTest#TestMinRequiredLTS_6_1: PASSED (0ms)
[12/13] KernelTest#TestMinRequiredLTS_6_6: IGNORED (0ms)
[13/13] KernelTest#TestSupportsCommonUsbEthernetDongles: PASSED (0ms)
Summary (Test executed with 1 devices.)
-------
x86_64 netd_integration_test: Passed: 8, Failed: 0, Ignored: 5, Assumption Failed: 0
All tests passed!
Test: atest netd_integration_test:KernelTest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I5520781dfa8fccd8b17cbf635565ef3491e4a003
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2983131
Change-Id: Iba2c8a313e4722852936bfc5867d51baa14daee6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Test: TreeHugger, manually on mokey-next-userdebug
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1ddc3bafa9840b2588fc96254395a04b862cb442
|
|
(this is part of 'netd_integration_test' in VTS)
see aosp/2970616 for reasoning:
This is driven by the desire to correctly support
- XFRM_MIGRATE, which requires 4.19.236+ 5.4.186+ 5.10.107+ 5.15.30+
see xfrm_tunnel_test.py:55 HasXfrmMigrateFixes()
- IPV6 UDP ENCAP, which requires 5.10.108+ 5.15.31+
see xfrm_test.py:488 testIPv6UDPEncapRecvTransport() & testIPv6UDPEncapRecvTunnel()
- ACCEPT_MIN_RA_LFT, which requires 5.10.199+ 5.15.136+ 6.1.57+
see multinetwork_base.py:61 HAVE_ACCEPT_RA_MIN_LFT
Bug: 325828213
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I2ac2795208be37dfe45e17f8293c1b5a0c103e30
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2966803
Change-Id: I8b2884f36579bae93718f40d44a6eda06cb44917
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
We've got various issues with 32-bit x86 kernels:
- XFRM netlink UAPI is inconsistent
- there's some other (non-XFRM) netlink alignment/layout issues
- complete lack of test coverage
- eBPF ring buffers are not quite right (though it requires 5.8+)
- likely many other problems (I recall having run
into problems with iptables user vs kernel bitness
in the past as well, though those might have been fixed)
32-bit x86 kernel on cuttlefish has been non-bootable for
many many quarters (ran into it mid-way into the Android U
dev cycle IFIRC) due to AFAIK kernel bugs.
32-bit x86 in upstream Linux is *barely* getting any love,
is effectively on life support, and probably shouldn't be
relied upon to be functional (especially wrt. security issues).
AFAIK all (most?) Intel cpus have been 64-bit capable since
around the Core 2 Duo era (ie. mid-2006) and AMD is quite likely
even before that (since they came up with x86_64 architecture
in the first place).
Most other distributions are also dropping 32-bit kernel support.
For example for Fedora, IFIRC, v27 was the last one that worked
right on my Pentium III (we're now ~6 years later at v39).
[although, yes, Fedora is usually ahead of the curve]
It's entirely possible this won't actually affect anybody,
though of course we'll see...
In other words for *most* (if not all) x86 hardware out there it
should be possible to build/boot a 64-bit kernel - even if you then
run 32-bit userspace on top of that (like 32-bit cuttlefish does,
including the 'man personality' games it plays to pretend
to be 32-bit).
NOTE: this does *not* require 64-bit userspace (yet),
and doesn't affect ARM, where having a 32-bit kernel
is far less problematic, due to there being less ABI
differences between 32-bit and 64-bit (IFIRC a lot of
the really hairy issues stem from subtle differences
in 'long long' alignment inside of structs).
See also comments in:
//system/core/libsysutils/src/NetlinkEvent.cpp
where we actually try to handle this correctly
(but there's no tests for it, and who knows
how many other places we've missed...)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia6d3cb9f1e6f8687ac8cdda113c6283688313749
|
|
42f17cf688
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2959167
Change-Id: I40bcd6e2dde888a1788f707fb249bfd6020e0e4f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
Bug: 325083813
Test: atest netd_integration_test
Change-Id: I92bf66b0c6decbc523775b6172a2593df9b10c7c
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2769114
Change-Id: If4aa1d389f9561d27a643b722979d5e8f0adc71f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
On slow hardware, iptables calls may take longer than 5 seconds.
Provide a way to increase the timeout in these scenarios.
Change-Id: I759f6de705fa81ccaa910738869f69875d88b4ca
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2955915
Change-Id: I2b9f9d47ff67bc8a69bf409d9f1262d71d199374
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
The test imitates applications by changing its uids while running. We
exempt all of them so networking is not restricted and the tests are not
impacted.
Test: atest netd_integration_test
Bug: 322562125
Change-Id: I8dd0cee7717ad58fb43622f5be799eed81dfd29f
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2952325
Change-Id: I82536b8bb4d95b10e4cd44721cfb57975e7bc17d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
This reverts commit 351a46234247778a3ba31b7fd3a242cc501efbc3.
Reason for revert: main is still used for U QPR, but this should be only removed in V
Bug: 322305340
Bug: 322519244
Bug: 322519244
Change-Id: I0f1bd54e97b43a7eb7c366ae494cb4207d713888
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2936380
Change-Id: I530fd275ab8982d80f39d70965f383e32bcd3037
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
This CL is created as a best effort to migrate test targets
to the new android ownership model. If you find incorrect or unnecessary
attribution in this CL, please create a separate CL to fix that.
For more details please refer to the link below,
<add g3 doc link>
Bug: 304529413
Test: N/A
Change-Id: Ic35f74aa264f8361bbe824d239e5d902f530ce6a
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2832090
Change-Id: I0b56174144394671ccf2367b90a76981d65261ff
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
1. Stop starting MDnsService in netd.
2. Completely remove mdns code from netd.
Bug: 298594687
Test: m && boot && presubmit
Change-Id: I56c6cb57844cb954e687a5001edc1c86eb82b1b0
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2901905
Change-Id: I8d1f4109178b4a89ef489bd2d5c90f7e29c750ef
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2901905
Change-Id: I6667d649ea59a68f7223b0755bb43c5a26b1f2da
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2901905
Change-Id: I5e59ef29e5bc04106dade6f7ea1b3274b840b2fc
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Bug: 175635923
Test: m MODULES-IN-system-netd
Change-Id: Ic4345e7e9fe19f5d9b737559c9c2b338ad664dca
|
|
77fcc2194e
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2891931
Change-Id: I1d1fdd4eff08662d33705ca104d0aad07187a22e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2891931
Change-Id: I3db95959a09c8c914071d3d201a07d23e83682a1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2891931
Change-Id: Iee842456b726bc2fafa9cbb58291d13dc5019b25
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
SockDiag is emitting IPV4/6 address in log lines. Android Privacy Best
Practices are to not log any PII information in the logs. Remove the
IPV4/6 address on user build.
Change-Id: I8b82af73a60813be230a73002cee01831320884b
|
|
67dba9f5cf am: fb400d90d3
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2890639
Change-Id: Ica20b4062b4364249bc200f320f866914b54142b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
67dba9f5cf
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2890639
Change-Id: Iffe04e7f6f579ad981a400f4d32ee7b13c18078c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2890639
Change-Id: I4e69d600a26f4dd953427e245567fc3b280d9e97
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
The function should return EX_SERVICE_SPECIFIC when mdnsresponder is in
running state. The EX_SERVICE_SPECIFIC is caught by MDnsManager.
Bug: 317342400
Bug: 298594687
Test: atest CtsNetTestCasesMaxTargetSdk30 -- --abi x86_64 on
aosp_cf_x86_64_phone-trunk_staging-userdebug
Change-Id: Iab5991e9ae4d0ca32f7d7640f5d2256c03870a14
|
|
1703a8ab74 am: 74474b0ee5
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2867838
Change-Id: I1ea5fcaa3b3972e80b7c85fa67955f191db07e5a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2867838
Change-Id: Idefdb25190c6aa73c60855afe77be654bf24ed67
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://android-review.googlesource.com/c/platform/system/netd/+/2867838
Change-Id: Id1badd1b69fd5e67014a97b9c9a33a4394621667
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|