Home
last modified time | relevance | path

Searched refs:rule (Results 1 – 25 of 68) sorted by relevance

123

/system/netd/server/
DFirewallController.cpp181 int FirewallController::setInterfaceRule(const char* iface, FirewallRule rule) { in setInterfaceRule() argument
196 if (rule == ALLOW && mIfaceRules.find(iface) == mIfaceRules.end()) { in setInterfaceRule()
199 } else if (rule == DENY && mIfaceRules.find(iface) != mIfaceRules.end()) { in setInterfaceRule()
230 int FirewallController::setUidRule(ChildChain chain, int uid, FirewallRule rule) { in setUidRule() argument
237 op = (rule == ALLOW)? "-I" : "-D"; in setUidRule()
241 op = (rule == DENY)? "-A" : "-D"; in setUidRule()
263 return gCtls->trafficCtrl.changeUidOwnerRule(chain, uid, rule, firewallType); in setUidRule()
DTrafficController.cpp552 Status TrafficController::updateOwnerMapEntry(UidOwnerMatchType match, uid_t uid, FirewallRule rule, in updateOwnerMapEntry() argument
555 if ((rule == ALLOW && type == WHITELIST) || (rule == DENY && type == BLACKLIST)) { in updateOwnerMapEntry()
557 } else if ((rule == ALLOW && type == BLACKLIST) || (rule == DENY && type == WHITELIST)) { in updateOwnerMapEntry()
581 UidOwnerValue newMatch = {.rule = static_cast<uint8_t>(oldMatch.value().rule & ~match), in removeRule()
583 if (newMatch.rule == 0) { in removeRule()
604 UidOwnerValue newMatch = {.rule = static_cast<uint8_t>(oldMatch.value().rule | match), in addRule()
608 UidOwnerValue newMatch = {.rule = static_cast<uint8_t>(match), .iif = iif}; in addRule()
643 int TrafficController::changeUidOwnerRule(ChildChain chain, uid_t uid, FirewallRule rule, in changeUidOwnerRule() argument
652 res = updateOwnerMapEntry(DOZABLE_MATCH, uid, rule, type); in changeUidOwnerRule()
655 res = updateOwnerMapEntry(STANDBY_MATCH, uid, rule, type); in changeUidOwnerRule()
[all …]
DNetlinkCommands.cpp185 rtmsg rule = { in rtNetlinkFlush() local
190 { &rule, sizeof(rule) }, in rtNetlinkFlush()
DControllers.cpp142 std::string rule; in findExistingChildChains() local
143 while (std::getline(stream, rule, '\n')) { in findExistingChildChains()
144 if (std::regex_search(rule, matches, CHILD_CHAIN_REGEX) && matches[1] == parentChain) { in findExistingChildChains()
DTrafficController.h100 int changeUidOwnerRule(ChildChain chain, const uid_t uid, FirewallRule rule, FirewallType type);
107 netdutils::Status updateOwnerMapEntry(UidOwnerMatchType match, uid_t uid, FirewallRule rule,
DBandwidthController.cpp815 std::string rule; in parseAndFlushCostlyTables() local
820 while (std::getline(stream, rule, '\n')) { in parseAndFlushCostlyTables()
821 if (rule.find(NEW_CHAIN_COMMAND) != 0) continue; in parseAndFlushCostlyTables()
822 chainName = rule.substr(NEW_CHAIN_COMMAND.size()); in parseAndFlushCostlyTables()
823 ALOGV("parse chainName=<%s> orig line=<%s>", chainName.c_str(), rule.c_str()); in parseAndFlushCostlyTables()
DRouteController.cpp264 fib_rule_hdr rule = { in modifyIpRule() local
273 if (table == RT_TABLE_UNSPEC && rule.action == FR_ACT_TO_TBL && action != RTM_DELRULE) { in modifyIpRule()
284 { &rule, sizeof(rule) }, in modifyIpRule()
305 rule.family = AF_FAMILIES[i]; in modifyIpRule()
310 ALOGE("Error %s %s rule: %s", actionName(action), familyName(rule.family), in modifyIpRule()
DTrafficControllerTest.cpp172 EXPECT_TRUE(value.value().rule & match); in checkUidOwnerRuleForChain()
178 EXPECT_TRUE(value.value().rule & match); in checkUidOwnerRuleForChain()
202 EXPECT_TRUE(value.value().rule & match); in checkEachUidValue()
229 EXPECT_EQ(expectedRule, value.value().rule) in expectUidOwnerMapValues()
231 << value.value().rule; in expectUidOwnerMapValues()
612 ASSERT_TRUE(value.value().rule & STANDBY_MATCH); in TEST_F()
617 ASSERT_TRUE(value.value().rule & DOZABLE_MATCH); in TEST_F()
622 ASSERT_FALSE(value.value().rule & DOZABLE_MATCH); in TEST_F()
/system/netd/bpf_progs/
Dnetd.c49 if (whitelistMatch) return whitelistMatch->rule & HAPPY_BOX_MATCH; in xt_bpf_whitelist_prog()
57 if (blacklistMatch) return blacklistMatch->rule & PENALTY_BOX_MATCH; in xt_bpf_blacklist_prog()
/system/hardware/interfaces/net/netd/testutils/
DVtsHalNetNetdTestUtils.cpp79 for (const auto& rule : rules) { in countMatchingIpRules() local
80 if (std::regex_search(rule, regex)) { in countMatchingIpRules()
/system/sepolicy/tools/sepolicy-analyze/
DREADME38 grant the same permissions where one allow rule is written
40 terms of attributes associated with those same types. The rule
41 with individual types is a candidate for removal. The rule with
87 quickly checking an individual expanded rule or group of rules. If there are
93 classes, or permissions from a neverallow rule that could not be resolved
/system/apex/apexd/sysprop/
DAndroid.bp2 // filegroup rule to be used when including the sysprop within the framework
/system/sepolicy/prebuilts/api/28.0/private/
Dnetd.te14 # give netd permission to setup iptables rule with xt_bpf
Dnetutils_wrapper.te23 # program when reloading the rule.
/system/netd/libnetdbpf/include/netdbpf/
Dbpf_shared.h111 uint8_t rule; member
/system/sepolicy/private/
Dmigrate_legacy_obb_data.te26 # This rule is required to let this process read /proc/{parent_pid}/mount.
Dnetd.te11 # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
Dnetutils_wrapper.te25 # program when reloading the rule.
/system/sepolicy/prebuilts/api/29.0/private/
Dmigrate_legacy_obb_data.te26 # This rule is required to let this process read /proc/{parent_pid}/mount.
Dnetd.te11 # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
Dnetutils_wrapper.te25 # program when reloading the rule.
/system/sepolicy/tests/
Dpolicy.py36 def __init__(self, rule): argument
37 data = rule.split(',')
43 self.rule = rule
/system/sepolicy/tools/
DREADME8 This is useful for quickly testing a new test or neverallow rule
64 A tool for auditing a sepolicy file for any allow rule that grants
/system/timezone/tzlookup_generator/src/main/java/com/android/libcore/timezone/tzlookup/
DTzLookupGenerator.java387 for (TimeZoneRule rule : rules) { in anyZonesUseUtc()
388 int utcOffset = rule.getRawOffset() + rule.getDSTSavings(); in anyZonesUseUtc()
/system/sepolicy/prebuilts/api/29.0/public/
Dhealthd.te28 # TODO: added to match above sysfs rule. Remove me?

123