| /system/netd/server/ |
| D | FirewallController.cpp | 164 int FirewallController::setInterfaceRule(const char* iface, FirewallRule rule) { in setInterfaceRule() argument
179 if (rule == ALLOW && mIfaceRules.find(iface) == mIfaceRules.end()) { in setInterfaceRule()
182 } else if (rule == DENY && mIfaceRules.find(iface) != mIfaceRules.end()) { in setInterfaceRule()
213 int FirewallController::setUidRule(ChildChain chain, int uid, FirewallRule rule) { in setUidRule() argument
220 op = (rule == ALLOW)? "-I" : "-D"; in setUidRule()
224 op = (rule == DENY)? "-A" : "-D"; in setUidRule()
246 return gCtls->trafficCtrl.changeUidOwnerRule(chain, uid, rule, firewallType); in setUidRule()
|
| D | TrafficController.cpp | 433 FirewallRule rule, FirewallType type) { in updateOwnerMapEntry() argument
438 if ((rule == ALLOW && type == WHITELIST) || (rule == DENY && type == BLACKLIST)) { in updateOwnerMapEntry()
441 } else if ((rule == ALLOW && type == BLACKLIST) || (rule == DENY && type == WHITELIST)) { in updateOwnerMapEntry()
450 int TrafficController::changeUidOwnerRule(ChildChain chain, uid_t uid, FirewallRule rule, in changeUidOwnerRule() argument
460 res = updateOwnerMapEntry(mDozableUidMap, uid, rule, type); in changeUidOwnerRule()
463 res = updateOwnerMapEntry(mStandbyUidMap, uid, rule, type); in changeUidOwnerRule()
466 res = updateOwnerMapEntry(mPowerSaveUidMap, uid, rule, type); in changeUidOwnerRule()
474 res.msg().c_str(), rule, type); in changeUidOwnerRule()
481 const std::vector<int32_t>& uids, FirewallRule rule, in replaceUidsInMap() argument
499 RETURN_IF_NOT_OK(updateOwnerMapEntry(map, uid, rule, type)); in replaceUidsInMap()
[all …]
|
| D | TrafficController.h | 93 int changeUidOwnerRule(ChildChain chain, const uid_t uid, FirewallRule rule, FirewallType type);
101 FirewallRule rule, FirewallType type);
106 const std::vector<int32_t>& uids, FirewallRule rule,
|
| D | NetlinkCommands.cpp | 184 rtmsg rule = { in rtNetlinkFlush() local
189 { &rule, sizeof(rule) }, in rtNetlinkFlush()
|
| D | Controllers.cpp | 138 std::string rule; in findExistingChildChains() local
139 while (std::getline(stream, rule, '\n')) { in findExistingChildChains()
140 if (std::regex_search(rule, matches, CHILD_CHAIN_REGEX) && matches[1] == parentChain) { in findExistingChildChains()
|
| D | BandwidthController.cpp | 848 std::string rule; in parseAndFlushCostlyTables() local
853 while (std::getline(stream, rule, '\n')) { in parseAndFlushCostlyTables()
854 if (rule.find(NEW_CHAIN_COMMAND) != 0) continue; in parseAndFlushCostlyTables()
855 chainName = rule.substr(NEW_CHAIN_COMMAND.size()); in parseAndFlushCostlyTables()
856 ALOGV("parse chainName=<%s> orig line=<%s>", chainName.c_str(), rule.c_str()); in parseAndFlushCostlyTables()
|
| D | RouteController.cpp | 263 fib_rule_hdr rule = { in modifyIpRule() local
272 if (table == RT_TABLE_UNSPEC && rule.action == FR_ACT_TO_TBL && action != RTM_DELRULE) { in modifyIpRule()
283 { &rule, sizeof(rule) }, in modifyIpRule()
304 rule.family = AF_FAMILIES[i]; in modifyIpRule()
309 ALOGE("Error %s %s rule: %s", actionName(action), familyName(rule.family), in modifyIpRule()
|
| D | CommandListener.cpp | 1109 FirewallRule rule = parseRule(argv[3]); in runCommand() local
1111 int res = gCtls->firewallCtrl.setInterfaceRule(iface, rule); in runCommand()
1131 FirewallRule rule = parseRule(argv[4]); in runCommand() local
1132 int res = gCtls->firewallCtrl.setUidRule(childChain, uid, rule); in runCommand()
|
| /system/hardware/interfaces/net/netd/testutils/ |
| D | VtsHalNetNetdTestUtils.cpp | 79 for (const auto& rule : rules) { in countMatchingIpRules() local
80 if (std::regex_search(rule, regex)) { in countMatchingIpRules()
|
| /system/sepolicy/tools/sepolicy-analyze/ |
| D | README | 38 grant the same permissions where one allow rule is written
40 terms of attributes associated with those same types. The rule
41 with individual types is a candidate for removal. The rule with
87 quickly checking an individual expanded rule or group of rules. If there are
93 classes, or permissions from a neverallow rule that could not be resolved
|
| /system/sepolicy/private/ |
| D | netd.te | 14 # give netd permission to setup iptables rule with xt_bpf
|
| D | netutils_wrapper.te | 23 # program when reloading the rule.
|
| /system/sepolicy/prebuilts/api/28.0/private/ |
| D | netd.te | 14 # give netd permission to setup iptables rule with xt_bpf
|
| D | netutils_wrapper.te | 23 # program when reloading the rule.
|
| /system/sepolicy/tests/ |
| D | policy.py | 36 def __init__(self, rule): argument
37 data = rule.split(',')
43 self.rule = rule
|
| /system/sepolicy/tools/ |
| D | README | 8 This is useful for quickly testing a new test or neverallow rule
64 A tool for auditing a sepolicy file for any allow rule that grants
|
| D | check_seapp.c | 652 const key_map *rule; in rule_map_validate() local
671 rule = &(rm->m[i]); in rule_map_validate()
673 if (!strcmp(rule->name, nrule->name)) { in rule_map_validate()
678 if (match_regex(nrule, rule)) { in rule_map_validate()
|
| /system/timezone/tzlookup_generator/src/main/java/com/android/libcore/timezone/tzlookup/ |
| D | TzLookupGenerator.java | 387 for (TimeZoneRule rule : rules) { in anyZonesUseUtc()
388 int utcOffset = rule.getRawOffset() + rule.getDSTSavings(); in anyZonesUseUtc()
|
| /system/sepolicy/prebuilts/api/28.0/public/ |
| D | healthd.te | 29 # TODO: added to match above sysfs rule. Remove me?
|
| D | hal_neverallows.te | 14 # NOTE: HALs for automotive devices have an exemption from this rule because in
|
| /system/sepolicy/public/ |
| D | healthd.te | 29 # TODO: added to match above sysfs rule. Remove me?
|
| D | hal_neverallows.te | 14 # NOTE: HALs for automotive devices have an exemption from this rule because in
|
| /system/sepolicy/prebuilts/api/27.0/public/ |
| D | healthd.te | 33 # TODO: added to match above sysfs rule. Remove me?
|
| /system/sepolicy/prebuilts/api/26.0/public/ |
| D | healthd.te | 33 # TODO: added to match above sysfs rule. Remove me?
|
| D | netd.te | 45 # TODO: added to match above sysfs rule. Remove me?
|