Whitelist system apps when using bw_happy_box.

BUG: 27506285 BUG: 26685616 Change-Id: I8352ebbab1778c85e0a1da79a0acede5aea144a1
author: Felipe Leme <felipeal@google.com> 2016-03-07 09:25:50 -0800
committer: Felipe Leme <felipeal@google.com> 2016-03-14 16:36:09 -0700
commit: 5ebbbd83bb204b916a60f68221fa9ea9506e5769 (patch)
tree: 6751f04ea710998981c9ae4fc98f0d4a6c649d42 /server/BandwidthController.cpp
parent: b19fcc7c65e9715d85a40ac3c6c044a395e8b6fe (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp
index b674ee5b..84b1914a 100644
--- a/server/BandwidthController.cpp
+++ b/server/BandwidthController.cpp
@@ -351,9 +351,12 @@ int BandwidthController::enableHappyBox(void) {
     snprintf(cmd, sizeof(cmd), "-A bw_penalty_box -j bw_happy_box");
     res |= runIpxtablesCmd(cmd, IptJumpNoAdd);
 
+    /* Whitelist all system apps. */
+    snprintf(cmd, sizeof(cmd),
+            "-A bw_happy_box -m owner --uid-owner %d-%d -j RETURN", 0, MAX_SYSTEM_UID);
+    res |= runIpxtablesCmd(cmd, IptJumpNoAdd);
+
     /* Reject. Defaulting to prot-unreachable */
-    snprintf(cmd, sizeof(cmd), "-D bw_happy_box -j REJECT");
-    runIpxtablesCmd(cmd, IptJumpNoAdd);
     snprintf(cmd, sizeof(cmd), "-A bw_happy_box -j REJECT");
     res |= runIpxtablesCmd(cmd, IptJumpNoAdd);
author	Felipe Leme <felipeal@google.com>	2016-03-07 09:25:50 -0800
committer	Felipe Leme <felipeal@google.com>	2016-03-14 16:36:09 -0700
commit	5ebbbd83bb204b916a60f68221fa9ea9506e5769 (patch)
tree	6751f04ea710998981c9ae4fc98f0d4a6c649d42 /server/BandwidthController.cpp
parent	b19fcc7c65e9715d85a40ac3c6c044a395e8b6fe (diff)