platform_system_netd/server/StrictControllerTest.cpp, branch master Unnamed repository; edit this file 'description' to name the repository. Strict-related commands porting 2018-08-01T15:29:15+00:00 Luke Huang huangluke@google.com 2018-07-17T11:58:25+00:00 a67dd5612210f7b957ed35883801ed160cd46a0d Test: built, flashed, booted system/netd/tests/runtests.sh passes Change-Id: Ibff8b050915c65e44cd37bb835943b8582fc003a 
Test: built, flashed, booted
      system/netd/tests/runtests.sh passes

Change-Id: Ibff8b050915c65e44cd37bb835943b8582fc003a
Don't trip up when deleting strict iptables rules. 2017-10-03T15:04:19+00:00 Lorenzo Colitti lorenzo@google.com 2017-09-05T09:57:55+00:00 cc40ed925531f711f1b6652b12c5bf44f514cdf8 Currently, when applying a cleartext policy to a UID, StrictController will attempt to delete all possible policies that might previously have applied to this UID. Because only two of these rules can exist at any given time, at least one of these deletes is guaranteed to fail, causing the whole operation to fail. Instead of adding a log or reject rule for every UID, add a rule that sends that UID to its own chain which then contains the log or reject rule. That way, deleting the previous policy only requires deleting the chain, which is something we know exists. (cherry picked from commit 81e02f21424ebda9a314c7b9fbc31cfe2a99444f) Bug: 64988066 Test: netd_{unit,integration}_test pass Test: android.os.cts.StrictModeTest passes Change-Id: Ic9d66220a65f2ce9510c4194e7b874d3d5dca5d7 
Currently, when applying a cleartext policy to a UID,
StrictController will attempt to delete all possible policies
that might previously have applied to this UID. Because only
two of these rules can exist at any given time, at least one
of these deletes is guaranteed to fail, causing the whole
operation to fail.

Instead of adding a log or reject rule for every UID, add a
rule that sends that UID to its own chain which then contains
the log or reject rule. That way, deleting the previous policy
only requires deleting the chain, which is something we know
exists.

(cherry picked from commit 81e02f21424ebda9a314c7b9fbc31cfe2a99444f)

Bug: 64988066
Test: netd_{unit,integration}_test pass
Test: android.os.cts.StrictModeTest passes
Change-Id: Ic9d66220a65f2ce9510c4194e7b874d3d5dca5d7
Move the last StrictController command to iptables-restore 2017-07-18T12:47:33+00:00 Lorenzo Colitti lorenzo@google.com 2017-07-18T12:44:04+00:00 6ee2598e23e10a11ed98f4f23cf63638c8524104 Bug: 28362720 Test: unit tests pass Change-Id: I8a4d2b8ea66799c6c3205b00f04ee1999fc7c68b 
Bug: 28362720
Test: unit tests pass
Change-Id: I8a4d2b8ea66799c6c3205b00f04ee1999fc7c68b
Add a test for setUidCleartextPolicy. 2017-07-18T09:54:51+00:00 Lorenzo Colitti lorenzo@google.com 2017-07-18T09:28:36+00:00 a18b29b86a080f5f0bb1973925170de3a46bda55 Bug: 28362720 Test: netd_{unit,integration}_test pass Change-Id: Ie4577b29230282e0e6c9ae0ae6727af78e8b0849 
Bug: 28362720
Test: netd_{unit,integration}_test pass
Change-Id: Ie4577b29230282e0e6c9ae0ae6727af78e8b0849
Delete all EOTs in iptables commands and remove fixCommandString. 2017-02-10T02:41:27+00:00 Lorenzo Colitti lorenzo@google.com 2017-02-10T02:01:08+00:00 20b128bc0d3964b59a021043d028364ef8fa6011 Test: bullead builds and boots with no iptables errors Test: netd_{unit,integration}_test pass Bug: 32323979 Change-Id: I33ad04ee8f0562bcd4e14046352c934cd2039a5d 
Test: bullead builds and boots with no iptables errors
Test: netd_{unit,integration}_test pass
Bug: 32323979
Change-Id: I33ad04ee8f0562bcd4e14046352c934cd2039a5d
Use iptables-restore in StrictController startup. 2016-03-30T07:43:58+00:00 Lorenzo Colitti lorenzo@google.com 2016-03-28T15:53:45+00:00 e60c0a51957596788995ec57d33531cd103d8dd7 Bug: 21725996 Change-Id: I2c049a934189f3c87ee15f052abc07d35814f0c9 
Bug: 21725996
Change-Id: I2c049a934189f3c87ee15f052abc07d35814f0c9
Add a test for StrictController. 2016-03-30T07:43:53+00:00 Lorenzo Colitti lorenzo@google.com 2016-03-27T17:34:54+00:00 9028d91fd86a2d517c7ce163c1d88b41de961ba8 Bug: 21725996 Bug: 25691379 Change-Id: I24b838161eaf98dede2ae897157ba42414fc926f 
Bug: 21725996
Bug: 25691379
Change-Id: I24b838161eaf98dede2ae897157ba42414fc926f