{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":75638529,"defaultBranch":"lineage-21.0","name":"android_system_netd","ownerLogin":"LineageOS","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2016-12-05T15:31:06.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/24304779?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1710028518.0","currentOid":""},"activityList":{"items":[{"before":"da3e01187543c5557b232de69d8f0513ce90dd47","after":"c218bebb9785c345e58a9dd84006cd2427e28132","ref":"refs/heads/lineage-21.0","pushedAt":"2024-03-20T18:52:08.000Z","pushType":"push","commitsCount":664,"pusher":{"login":"lineageos-gerrit","name":null,"path":"/lineageos-gerrit","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/24783018?s=80&v=4"},"commit":{"message":"Merge tag 'android-14.0.0_r29' into staging/lineage-21.0_merge-android-14.0.0_r29\n\nAndroid 14.0.0 release 29\n\n# -----BEGIN PGP SIGNATURE-----\n#\n# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZeZW5wAKCRDorT+BmrEO\n# eHYaAJ4yc2HPbjqreLpqZo0VdaItn7WrjACeOFAoStm5ZQ0uzbkADz8BohQ5yOs=\n# =/vPV\n# -----END PGP SIGNATURE-----\n# gpg: Signature made Tue Mar 5 01:19:03 2024 EET\n# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78\n# gpg: Good signature from \"The Android Open Source Project \" [marginal]\n# gpg: initial-contribution@android.com: Verified 2367 signatures in the past\n# 2 years. Encrypted 4 messages in the past 2 years.\n# gpg: WARNING: This key is not certified with sufficiently trusted signatures!\n# gpg: It is not certain that the signature belongs to the owner.\n# Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78\n\n# By Maciej Żenczykowski (36) and others\n# Via Automerger Merge Worker (535) and others\n* tag 'android-14.0.0_r29': (80 commits)\n Return EX_SERVICE_SPECIFIC from MDnsService::startDaemon\n Add startDaemon and stopDaemon back in MDnsService\n Return ServiceSpecificException from Netd mdns service\n Delete MDnsEventReporter .cpp and .h\n Delete MDnsSdListener.h\n Delete MDnsSdListener.cpp\n [Test] Delete duplicate functions from binder_test.cpp\n Add 1 line log to sync MDnsSdListener.cpp code\n Add 1 line log to sync MDnsSdListener.cpp code\n Delete mdns_service_fuzzer\n Stop supporting MDNS netd binder service.\n Delete spurious MDNS code\n Delete @deprecated annotation related TODOs\n Delete MDNS binder test\n fix DUTs local network table name display incorrectly\n Use correct language for cgroups\n networking actually requires netbpfload not bpfloader\n adjust for iptables v1.8.9 use of '--' for IPv6 'fragments' to match IPv4\n binder_test: fix endianness bug\n binder_test: fix some compiler warnings\n ...\n\nChange-Id: I7ca983fdefc9fda30aead9b1ac11f61146bbd497","shortMessageHtmlLink":"Merge tag 'android-14.0.0_r29' into staging/lineage-21.0_merge-androi…"}},{"before":"a2a0cf9a9f659fcee8535ed570fcf91a598a56a6","after":"da3e01187543c5557b232de69d8f0513ce90dd47","ref":"refs/heads/lineage-21.0","pushedAt":"2023-12-24T20:06:34.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"lineageos-gerrit","name":null,"path":"/lineageos-gerrit","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/24783018?s=80&v=4"},"commit":{"message":"Firewall: Transport-based toggle support (2/3)\n\nNeeds corresponding fw/b and Connectivity changes.\n\nSquash of:\n\nAuthor: Tommy Webb \nDate: Tue Feb 28 10:46:05 2023 -0500\n\n Do not add VPN local exclusion rules\n\n Prevent UIDs on a VPN from accessing the private IP ranges of networks\n that they are not allowed to access. Without this, when connected to a\n VPN, apps that are disallowed from accessing a Wi-Fi network will\n become able to access the Wi-Fi network's LAN despite not being able\n to access the Wi-Fi network whatsoever before connecting to a VPN.\n\n Stop adding the local exclusion rule that makes this bypass possible.\n\n Change-Id: I9975b5ab1306ee86863979d1fe73203799cce648\n\nAuthor: Tommy Webb \nDate: Thu Apr 27 18:01:41 2023 -0400\n\n Stop setting netId for bypassable VPNs\n\n Code comments claim that a socket's netId needs to be specified for\n bypassable VPNs in order for them to have any traffic at all, but this\n does not appear to reflect reality today -- at least with our firewall\n changes -- as a simple test will show that such VPNs are still usable\n even when we don't set the netId to that of the bypassable VPN.\n (The comments and code were added in 2014 and may be out-of-date.)\n\n This change resolves an issue resulting from recent firewall changes\n that prevents UIDs of bypassable VPNs from accessing other networks,\n even when they are allowed to do so.\n\n Issue: calyxos#1650\n Change-Id: I18edc8659750044534c9bea5ed49eddbcea89378\n\nAuthor: Tommy Webb \nDate: Thu Apr 27 15:57:54 2023 -0400\n\n Adjust IP rules to accommodate UID-based firewall\n\n * No default implicit network rule. We have UID-based implicit rules.\n * Can only use VPN fallthrough with system permission. It is not\n UID-based, and other rules fulfill our needs.\n * Binding to output interfaces arbitrarily requires system permission.\n Other rules cover this where it should be allowed for UIDs.\n\n The behavior resulting from these changes is *almost* identical to\n the recently-changed firewall behavior, but it resolves the issue of\n default network rules being unusable without system-level permission.\n\n Also includes squashed change:\n\n Author: Tommy Webb \n Date: Mon Jul 10 12:27:01 2023 -0400\n\n fixup! Adjust IP rules to accommodate UID-based firewall\n\n * Require system permission for RULE_PRIORITY_DEFAULT_NETWORK rule.\n Default network access is already allowed for UIDs permitted on the\n network via RULE_PRIORITY_UID_DEFAULT_NETWORK rules.\n\n Change-Id: I8771b012fc90263b2aa7c68fdf3ccebde6670b79\n\n Change-Id: Icd64aa530e8d202abb97d8325160a5d4c0b4c490\n\nChange-Id: I1b89587a54c3178dcbf0a78927392bb8fb36294f","shortMessageHtmlLink":"Firewall: Transport-based toggle support (2/3)"}},{"before":"3e15420d43632309ed84aceee866282f70ad5419","after":"c013516ff3b78598cbab7e1d0b86583732273b8f","ref":"refs/heads/lineage-18.1","pushedAt":"2023-12-14T14:37:25.000Z","pushType":"push","commitsCount":180,"pusher":{"login":"lineageos-gerrit","name":null,"path":"/lineageos-gerrit","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/24783018?s=80&v=4"},"commit":{"message":"Merge tag 'android-security-11.0.0_r74' into staging/lineage-18.1_android-security-11.0.0_r74\n\nAndroid Security 11.0.0 Release 74 (10993236)\n\n* tag 'android-security-11.0.0_r74':\n Fix Heap-use-after-free in MDnsSdListener::Monitor::run\n bpf_progs/clatd - do not tx offload ipv4/udp packets with 0 checksum\n\nChange-Id: I310b11c159bcee34ccddab97944aae4b2d690a8b","shortMessageHtmlLink":"Merge tag 'android-security-11.0.0_r74' into staging/lineage-18.1_and…"}},{"before":"6c78055a60d55f5ef0e04587146cef15e66345a1","after":"bb0df47d330bed1f1bfa59ffa54834da4c87b043","ref":"refs/heads/lineage-19.1","pushedAt":"2023-12-14T14:21:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"lineageos-gerrit","name":null,"path":"/lineageos-gerrit","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/24783018?s=80&v=4"},"commit":{"message":"Fix Heap-use-after-free in MDnsSdListener::Monitor::run\n\nUse thread join to avoid thread exiting after instance\nrecycled.\n\nPrior to implementing this patch, fuzzing would lead to a segmentation fault after approximately 500 rounds. With the addition of the patch, the fuzzing process can now be repeated for over 30,000 rounds.\n\nTest: m, fuzzing\nFuzzing: mma mdns_service_fuzzer && adb sync data && adb shell /data/fuzz/arm64/mdns_service_fuzzer/mdns_service_fuzzer\n\nBug: 272382770\nIgnore-AOSP-First: Security Issue\n(cherry picked from commit 9c0c15f80cffb98b36284dd169a2e62e059dbbe3)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:75e5e2e1faec7aa2812fc6fba30d6fe80558bacd)\nMerged-In: I5bc85451b4e6539bad45ceb672924a37952cc138\nChange-Id: I5bc85451b4e6539bad45ceb672924a37952cc138","shortMessageHtmlLink":"Fix Heap-use-after-free in MDnsSdListener::Monitor::run"}},{"before":"5c89ab94a797fce13bf858be0f96541bf9f3bfe7","after":"43d137e94717639b96f5020607920f734433be92","ref":"refs/heads/lineage-20.0","pushedAt":"2023-12-11T16:45:42.000Z","pushType":"push","commitsCount":147,"pusher":{"login":"lineageos-gerrit","name":null,"path":"/lineageos-gerrit","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/24783018?s=80&v=4"},"commit":{"message":"Merge tag 'android-security-13.0.0_r12' into staging/lineage-20.0_merge-android-security-13.0.0_r12\n\nAndroid Security 13.0.0 Release 12 (10993242)\n\n# -----BEGIN PGP SIGNATURE-----\n#\n# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZW4X0wAKCRDorT+BmrEO\n# eEOTAJoCYTXsIKS2FgPwU+2JHs5ijfH+4ACgh5Gtx2rXBCcnMsx0GlVxy9C4wEk=\n# =AYC7\n# -----END PGP SIGNATURE-----\n# gpg: Signature made Mon Dec 4 20:17:55 2023 EET\n# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78\n# gpg: Good signature from \"The Android Open Source Project \" [marginal]\n# gpg: initial-contribution@android.com: Verified 2104 signatures in the past\n# 2 years. Encrypted 4 messages in the past 23 months.\n# gpg: WARNING: This key is not certified with sufficiently trusted signatures!\n# gpg: It is not certain that the signature belongs to the owner.\n# Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78\n\n# By Lin Lee\n# Via Android Build Coastguard Worker (83) and android-build-team Robot (63)\n* tag 'android-security-13.0.0_r12':\n Fix Heap-use-after-free in MDnsSdListener::Monitor::run\n\nChange-Id: I2f32563cc2c7172399b57b0287a60bf44198d3b8","shortMessageHtmlLink":"Merge tag 'android-security-13.0.0_r12' into staging/lineage-20.0_mer…"}},{"before":"0b149da0e1ca74a753ba92dae7a479769fe61593","after":"a2a0cf9a9f659fcee8535ed570fcf91a598a56a6","ref":"refs/heads/lineage-21.0","pushedAt":"2023-12-11T01:48:16.000Z","pushType":"push","commitsCount":48,"pusher":{"login":"lineageos-gerrit","name":null,"path":"/lineageos-gerrit","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/24783018?s=80&v=4"},"commit":{"message":"Merge tag 'android-14.0.0_r17' into staging/lineage-21.0_merge-android-14.0.0_r17\n\nAndroid 14.0.0 Release 17 (UQ1A.231205.015)\n\n# -----BEGIN PGP SIGNATURE-----\n#\n# iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZXDPNwAKCRDorT+BmrEO\n# eNzcAJ0ZAZktRo6GasCilWmIIU6y8pn4RgCeJt9n4bUfSJOR+a+p9BVRnO7YECk=\n# =Qm0O\n# -----END PGP SIGNATURE-----\n# gpg: Signature made Wed Dec 6 21:44:55 2023 EET\n# gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78\n# gpg: Good signature from \"The Android Open Source Project \" [marginal]\n# gpg: initial-contribution@android.com: Verified 2193 signatures in the past\n# 2 years. Encrypted 4 messages in the past 23 months.\n# gpg: WARNING: This key is not certified with sufficiently trusted signatures!\n# gpg: It is not certain that the signature belongs to the owner.\n# Primary key fingerprint: 4340 D135 70EF 945E 8381 0964 E8AD 3F81 9AB1 0E78\n\n# By Ken Chen (3) and others\n# Via Automerger Merge Worker (34) and others\n* tag 'android-14.0.0_r17':\n Mark V6 link-local sockets correctly\n Add NetworkController::getNetworkForInterface taking an IF index\n Pass connectInfo to FwmarkServer unconditionally in netdClientConnect()\n Fix Heap-use-after-free in MDnsSdListener::Monitor::run\n [NFC] Move MTE mode settings to a product variable.\n\nChange-Id: I49334c4d5f202747d9492e96e0e46454e8811650","shortMessageHtmlLink":"Merge tag 'android-14.0.0_r17' into staging/lineage-21.0_merge-androi…"}},{"before":null,"after":"dc899f0cb19238a10b70b8c80f4353a31efbde3e","ref":"refs/heads/backup/lineage-19.1_20231209","pushedAt":"2023-12-09T16:51:02.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"lineageos-gerrit","name":null,"path":"/lineageos-gerrit","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/24783018?s=80&v=4"},"commit":{"message":"Snap for 7829119 from 6c78055a60d55f5ef0e04587146cef15e66345a1 to sc-v2-release\n\nChange-Id: I5d9d2b1f33bc2a59b9b2f0c7718d50f811c62be6","shortMessageHtmlLink":"Snap for 7829119 from 6c78055 to sc-v2-release"}},{"before":"dc899f0cb19238a10b70b8c80f4353a31efbde3e","after":"6c78055a60d55f5ef0e04587146cef15e66345a1","ref":"refs/heads/lineage-19.1","pushedAt":"2023-12-09T16:47:25.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"lineageos-gerrit","name":null,"path":"/lineageos-gerrit","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/24783018?s=80&v=4"},"commit":{"message":"Never send packets with a source of ::1 on the wire. am: 350dbdb697 am: 20a3392230\n\nOriginal change: https://googleplex-android-review.googlesource.com/c/platform/system/netd/+/16057885\n\nChange-Id: Ic59ba256ac37b5848924bc4139f130f6cd2e8de4","shortMessageHtmlLink":"Never send packets with a source of ::1 on the wire. am: 350dbdb am: 2…"}},{"before":null,"after":"0b149da0e1ca74a753ba92dae7a479769fe61593","ref":"refs/heads/lineage-21.0","pushedAt":"2023-10-08T19:55:36.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"lineageos-gerrit","name":null,"path":"/lineageos-gerrit","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/24783018?s=80&v=4"},"commit":{"message":"Snap for 10338099 from ea2001b4ca25164eebb00cb9d6c90f321849c7a5 to udc-release\n\nChange-Id: If549641f0786d824d9cf8d5552cc07a153f1f6c9","shortMessageHtmlLink":"Snap for 10338099 from ea2001b to udc-release"}},{"before":"da6ec1870c2ebe56723a4b69df4935048971fdee","after":"5c89ab94a797fce13bf858be0f96541bf9f3bfe7","ref":"refs/heads/lineage-20.0","pushedAt":"2023-07-17T13:22:29.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"lineageos-gerrit","name":null,"path":"/lineageos-gerrit","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/24783018?s=80&v=4"},"commit":{"message":"Adjust IP rules to accommodate UID-based firewall\n\n* No default implicit network rule. We have UID-based implicit rules.\n* Can only use VPN fallthrough with system permission. It is not\n UID-based, and other rules fulfill our needs.\n* Binding to output interfaces arbitrarily requires system permission.\n Other rules cover this where it should be allowed for UIDs.\n* Require system permission for RULE_PRIORITY_DEFAULT_NETWORK rule.\n Default network access is already allowed for UIDs permitted on the\n network via RULE_PRIORITY_UID_DEFAULT_NETWORK rules.\n\nChange-Id: Icd64aa530e8d202abb97d8325160a5d4c0b4c490","shortMessageHtmlLink":"Adjust IP rules to accommodate UID-based firewall"}},{"before":null,"after":"da6ec1870c2ebe56723a4b69df4935048971fdee","ref":"refs/heads/lineage-20.0","pushedAt":"2023-07-05T16:08:07.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"lineageos-gerrit","name":null,"path":"/lineageos-gerrit","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/24783018?s=80&v=4"},"commit":{"message":"Snap for 9470583 from b7a6099aff35e8b2f7a88272e67a7feeb2b9f0c0 to tm-qpr3-release\n\nChange-Id: I8e625a1ccb28e04440927d39ca3f2f6c66985abb","shortMessageHtmlLink":"Snap for 9470583 from b7a6099 to tm-qpr3-release"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEGwKZVwA","startCursor":null,"endCursor":null}},"title":"Activity · LineageOS/android_system_netd"}