Gitiles
Code Review Sign In
review.blissroms.org / platform_system_netd / 4497cebcae078c23cb36c9fa0e40c4b3f98f2715
commit4497cebcae078c23cb36c9fa0e40c4b3f98f2715[log] [tgz]
authorTommy Webb <tommy@calyxinstitute.org>Thu Apr 27 15:57:54 2023 -0400
committerJackeagle <jackeagle102@gmail.com>Wed Aug 30 00:58:26 2023 -0400
tree71b1d1927c3d88ac418e1b7d477a64c05eb8f920
parentebb34e9e423dcb637caed06a593709dd5c671990 [diff]
Adjust IP rules to accommodate UID-based firewall

* No default implicit network rule. We have UID-based implicit rules.
* Can only use VPN fallthrough with system permission. It is not
  UID-based, and other rules fulfill our needs.
* Binding to output interfaces arbitrarily requires system permission.
  Other rules cover this where it should be allowed for UIDs.
* Require system permission for RULE_PRIORITY_DEFAULT_NETWORK rule.
  Default network access is already allowed for UIDs permitted on the
  network via RULE_PRIORITY_UID_DEFAULT_NETWORK rules.

Change-Id: Icd64aa530e8d202abb97d8325160a5d4c0b4c490
Signed-off-by: Mohammad Hasan Keramat J <ikeramat@protonmail.com>
1 file changed
tree: 71b1d1927c3d88ac418e1b7d477a64c05eb8f920
  1. client/
  2. include/
  3. netutils_wrappers/
  4. server/
  5. tests/
  6. .clang-format ⇨ ../../build/soong/scripts/system-clang-format
  7. .editorconfig
  8. Android.bp
  9. NOTICE
  10. OWNERS
  11. PREUPLOAD.cfg
  12. TEST_MAPPING