Home
last modified time | relevance | path

Searched refs:rule (Results 1 – 25 of 98) sorted by relevance

1234

/system/core/logd/
DPruneList.cpp176 for (const auto& rule : low_priority_prune_) { in Format() local
177 prune_rules.emplace_back(rule.Format()); in Format()
179 for (const auto& rule : high_priority_prune_) { in Format() local
180 prune_rules.emplace_back("~" + rule.Format()); in Format()
186 for (const auto& rule : high_priority_prune_) { in IsHighPriority() local
187 if (rule.Matches(element)) { in IsHighPriority()
195 for (const auto& rule : low_priority_prune_) { in IsLowPriority() local
196 if (rule.Matches(element)) { in IsLowPriority()
/system/sepolicy/build/soong/
Dselinux_contexts.go281 rule := android.NewRuleBuilder()
283 rule.Command().
291 rule.Temporary(ret)
295 rule.Command().
304 rule.Temporary(ret)
308 rule.Command().
316 rule.Build(pctx, ctx, "selinux_contexts", "building contexts: "+m.Name())
318 rule.DeleteTemporaryFiles()
328 rule := android.NewRuleBuilder()
343 rule.Command().
[all …]
/system/netd/server/
DTetherController.cpp826 Result<void> validateOffloadRule(const TetherOffloadRuleParcel& rule) { in validateOffloadRule() argument
829 if (rule.inputInterfaceIndex <= 0) { in validateOffloadRule()
830 return Error(ENODEV) << "Invalid input interface " << rule.inputInterfaceIndex; in validateOffloadRule()
832 if (rule.outputInterfaceIndex <= 0) { in validateOffloadRule()
833 return Error(ENODEV) << "Invalid output interface " << rule.inputInterfaceIndex; in validateOffloadRule()
835 if (rule.prefixLength != 128) { in validateOffloadRule()
836 return Error(EINVAL) << "Prefix length must be 128, not " << rule.prefixLength; in validateOffloadRule()
838 if (rule.destination.size() != sizeof(in6_addr)) { in validateOffloadRule()
839 return Error(EAFNOSUPPORT) << "Invalid IP address length " << rule.destination.size(); in validateOffloadRule()
841 if (rule.srcL2Address.size() != sizeof(hdr.h_source)) { in validateOffloadRule()
[all …]
DFirewallController.cpp180 int FirewallController::setInterfaceRule(const char* iface, FirewallRule rule) { in setInterfaceRule() argument
195 if (rule == ALLOW && mIfaceRules.find(iface) == mIfaceRules.end()) { in setInterfaceRule()
198 } else if (rule == DENY && mIfaceRules.find(iface) != mIfaceRules.end()) { in setInterfaceRule()
229 int FirewallController::setUidRule(ChildChain chain, int uid, FirewallRule rule) { in setUidRule() argument
236 op = (rule == ALLOW)? "-I" : "-D"; in setUidRule()
240 op = (rule == DENY)? "-A" : "-D"; in setUidRule()
262 return gCtls->trafficCtrl.changeUidOwnerRule(chain, uid, rule, firewallType); in setUidRule()
DTrafficController.cpp521 Status TrafficController::updateOwnerMapEntry(UidOwnerMatchType match, uid_t uid, FirewallRule rule, in updateOwnerMapEntry() argument
524 if ((rule == ALLOW && type == ALLOWLIST) || (rule == DENY && type == DENYLIST)) { in updateOwnerMapEntry()
526 } else if ((rule == ALLOW && type == DENYLIST) || (rule == DENY && type == ALLOWLIST)) { in updateOwnerMapEntry()
551 .rule = static_cast<uint8_t>(oldMatch.value().rule & ~match), in removeRule()
553 if (newMatch.rule == 0) { in removeRule()
575 .rule = static_cast<uint8_t>(oldMatch.value().rule | match), in addRule()
581 .rule = static_cast<uint8_t>(match), in addRule()
617 int TrafficController::changeUidOwnerRule(ChildChain chain, uid_t uid, FirewallRule rule, in changeUidOwnerRule() argument
626 res = updateOwnerMapEntry(DOZABLE_MATCH, uid, rule, type); in changeUidOwnerRule()
629 res = updateOwnerMapEntry(STANDBY_MATCH, uid, rule, type); in changeUidOwnerRule()
[all …]
DNetlinkCommands.cpp193 rtmsg rule = { in rtNetlinkFlush() local
198 { &rule, sizeof(rule) }, in rtNetlinkFlush()
DControllers.cpp143 std::string rule; in findExistingChildChains() local
144 while (std::getline(stream, rule, '\n')) { in findExistingChildChains()
145 if (std::regex_search(rule, matches, CHILD_CHAIN_REGEX) && matches[1] == parentChain) { in findExistingChildChains()
DTrafficController.h96 int changeUidOwnerRule(ChildChain chain, const uid_t uid, FirewallRule rule, FirewallType type);
103 netdutils::Status updateOwnerMapEntry(UidOwnerMatchType match, uid_t uid, FirewallRule rule,
DTetherController.h108 base::Result<void> addOffloadRule(const TetherOffloadRuleParcel& rule);
109 base::Result<void> removeOffloadRule(const TetherOffloadRuleParcel& rule);
DBandwidthController.cpp832 std::string rule; in parseAndFlushCostlyTables() local
837 while (std::getline(stream, rule, '\n')) { in parseAndFlushCostlyTables()
838 if (rule.find(NEW_CHAIN_COMMAND) != 0) continue; in parseAndFlushCostlyTables()
839 chainName = rule.substr(NEW_CHAIN_COMMAND.size()); in parseAndFlushCostlyTables()
840 ALOGV("parse chainName=<%s> orig line=<%s>", chainName.c_str(), rule.c_str()); in parseAndFlushCostlyTables()
/system/core/adb/proto/
Djarjar-rules.txt1 rule com.google.protobuf.** com.android.framework.protobuf.@1
/system/netd/tests/
Dtest_utils.cpp78 for (const auto& rule : rules) { in iptablesRuleExists() local
79 if (rule.find(expectedRule) != std::string::npos) { in iptablesRuleExists()
Dbinder_test.cpp1080 for (const auto& rule : rules) { in iptablesIdleTimerInterfaceRuleExists() local
1081 if (rule.find(expectedInterface) != std::string::npos) { in iptablesIdleTimerInterfaceRuleExists()
1082 if (rule.find(expectedRule) != std::string::npos) { in iptablesIdleTimerInterfaceRuleExists()
1339 for (const auto& rule : rules) { in ipRuleIpfwdExists() local
1340 if (rule.find(ipfwdRule) != std::string::npos) { in ipRuleIpfwdExists()
1451 for (const auto& rule : rules) { in iptablesTargetsExists() local
1452 if (rule.find(expectedTargetA) != std::string::npos) { in iptablesTargetsExists()
1453 if (rule.find(expectedTargetB) != std::string::npos) { in iptablesTargetsExists()
1688 for (const auto& rule : rules) { in ipRuleExists() local
1689 if (rule.find(ipRule) != std::string::npos) { in ipRuleExists()
[all …]
/system/hardware/interfaces/net/netd/testutils/
DVtsHalNetNetdTestUtils.cpp79 for (const auto& rule : rules) { in countMatchingIpRules() local
80 if (std::regex_search(rule, regex)) { in countMatchingIpRules()
/system/sepolicy/prebuilts/api/30.0/private/
Dstoraged.te33 # b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own doma…
34 # Remove after no logs are seen for this rule.
Dmigrate_legacy_obb_data.te26 # This rule is required to let this process read /proc/{parent_pid}/mount.
/system/sepolicy/private/
Dstoraged.te33 # b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own doma…
34 # Remove after no logs are seen for this rule.
Dmigrate_legacy_obb_data.te26 # This rule is required to let this process read /proc/{parent_pid}/mount.
/system/sepolicy/tools/sepolicy-analyze/
DREADME38 grant the same permissions where one allow rule is written
40 terms of attributes associated with those same types. The rule
41 with individual types is a candidate for removal. The rule with
87 quickly checking an individual expanded rule or group of rules. If there are
93 classes, or permissions from a neverallow rule that could not be resolved
/system/sepolicy/prebuilts/api/28.0/private/
Dnetd.te14 # give netd permission to setup iptables rule with xt_bpf
/system/netd/bpf_progs/
Dnetd.c193 uint8_t uidRules = uidEntry ? uidEntry->rule : 0; in bpf_owner_match()
331 if (allowlistMatch) return allowlistMatch->rule & HAPPY_BOX_MATCH ? BPF_MATCH : BPF_NOMATCH;
339 if (denylistMatch) return denylistMatch->rule & PENALTY_BOX_MATCH ? BPF_MATCH : BPF_NOMATCH;
/system/sepolicy/prebuilts/api/29.0/private/
Dmigrate_legacy_obb_data.te26 # This rule is required to let this process read /proc/{parent_pid}/mount.
Dnetd.te11 # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
/system/sepolicy/tests/
Dpolicy.py36 def __init__(self, rule): argument
37 data = rule.split(',')
43 self.rule = rule
/system/sepolicy/tools/
DREADME8 This is useful for quickly testing a new test or neverallow rule
64 A tool for auditing a sepolicy file for any allow rule that grants

1234