Mostly remove "blacklist" and "whitelist" from netd.

Rename these to allowlist and denylist. This change is mostly automatically generated with: sed -i 's/WHITE/ALLOW/g' server/*.{cpp,h} libnetdbpf/{*.cpp,/include/netdbpf/*.h} bpf_progs/*.[ch] sed -i 's/white/allow/g' server/*.{cpp,h} libnetdbpf/{*.cpp,/include/netdbpf/*.h} bpf_progs/*.[ch] sed -i 's/BLACK/DENY/g' server/*.{cpp,h} libnetdbpf/{*.cpp,/include/netdbpf/*.h} bpf_progs/*.[ch] sed -i 's/black/deny/g' server/*.{cpp,h} libnetdbpf/{*.cpp,/include/netdbpf/*.h} bpf_progs/*.[ch] sed -i 's/White/Allow/g' server/*.{cpp,h} libnetdbpf/{*.cpp,/include/netdbpf/*.h} bpf_progs/*.[ch] sed -i 's/Black/Deny/g' server/*.{cpp,h} libnetdbpf/{*.cpp,/include/netdbpf/*.h} bpf_progs/*.[ch] plus manual changes to FirewallController.h and NdcDispatcher.cpp to make them continue to use INetd::FIREWALL_WHITELIST and INetd::FIREWALL_BLACKLIST. INetd (and FIREWALL_WHITELIST and FIREWALL_BLACKLIST) are not being fixed in this change because doing so would require changing frozen AIDL files, which is a more complex undertaking. Also manually change occurrences in the test. Finally, fix some formatting errors found by clang-format, and some errors such as "a allowlist" (should be "an allowlist") or` "allowspace" (should be "whitespace"). Bug: 161896447 Test: atest netd_unit_test netd_integration_test Test: crosshatch builds, boots, no IptablesRestoreController errors in logs Change-Id: I3f5b864686651134a50e90b28fc9914bfa3f9a8e
author: Lorenzo Colitti <lorenzo@google.com> 2020-07-30 12:03:40 +0900
committer: Lorenzo Colitti <lorenzo@google.com> 2020-07-30 23:13:40 +0900
commit: cdd79f13c670605819333de2d7b67d7f8a42210c (patch)
tree: 7e45bb560bfdf10340ecd95b6d9c8ff4c11611b3 /server/BandwidthController.cpp
parent: 16a23705a18ee4839442598bb6f075b1bfacfbe8 (diff)
1 files changed, 12 insertions, 12 deletions
diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp
index e1ce56f2..a81aa551 100644
--- a/server/BandwidthController.cpp
+++ b/server/BandwidthController.cpp
@@ -120,12 +120,12 @@ const char NICE_CHAIN[] = "bw_happy_box";
  *      iptables -A bw_costly_iface0 -j bw_penalty_box
  *
  * * Penalty box, happy box and data saver.
- *   - bw_penalty box is a blacklist of apps that are rejected.
- *   - bw_happy_box is a whitelist of apps. It always includes all system apps
+ *   - bw_penalty box is a denylist of apps that are rejected.
+ *   - bw_happy_box is an allowlist of apps. It always includes all system apps
  *   - bw_data_saver implements data usage restrictions.
- *   - Via the UI the user can add and remove apps from the whitelist and
- *     blacklist, and turn on/off data saver.
- *   - The blacklist takes precedence over the whitelist and the whitelist
+ *   - Via the UI the user can add and remove apps from the allowlist and
+ *     denylist, and turn on/off data saver.
+ *   - The denylist takes precedence over the allowlist and the allowlist
  *     takes precedence over data saver.
  *
  * * bw_penalty_box handling:
@@ -149,12 +149,12 @@ const char NICE_CHAIN[] = "bw_happy_box";
  */
 
 const std::string COMMIT_AND_CLOSE = "COMMIT\n";
-const std::string HAPPY_BOX_MATCH_WHITELIST_COMMAND =
+const std::string HAPPY_BOX_MATCH_ALLOWLIST_COMMAND =
         StringPrintf("-I bw_happy_box -m owner --uid-owner %d-%d -j RETURN", 0, MAX_SYSTEM_UID);
-const std::string BPF_HAPPY_BOX_MATCH_WHITELIST_COMMAND = StringPrintf(
-        "-I bw_happy_box -m bpf --object-pinned %s -j RETURN", XT_BPF_WHITELIST_PROG_PATH);
-const std::string BPF_PENALTY_BOX_MATCH_BLACKLIST_COMMAND = StringPrintf(
-        "-I bw_penalty_box -m bpf --object-pinned %s -j REJECT", XT_BPF_BLACKLIST_PROG_PATH);
+const std::string BPF_HAPPY_BOX_MATCH_ALLOWLIST_COMMAND = StringPrintf(
+        "-I bw_happy_box -m bpf --object-pinned %s -j RETURN", XT_BPF_ALLOWLIST_PROG_PATH);
+const std::string BPF_PENALTY_BOX_MATCH_DENYLIST_COMMAND = StringPrintf(
+        "-I bw_penalty_box -m bpf --object-pinned %s -j REJECT", XT_BPF_DENYLIST_PROG_PATH);
 
 static const std::vector<std::string> IPT_FLUSH_COMMANDS = {
         /*
@@ -240,10 +240,10 @@ std::vector<std::string> getBasicAccountingCommands(const bool useBpf) {
             useBpf ? "" : "-A bw_OUTPUT -m owner --socket-exists",
 
             "-A bw_costly_shared -j bw_penalty_box",
-            useBpf ? BPF_PENALTY_BOX_MATCH_BLACKLIST_COMMAND : "",
+            useBpf ? BPF_PENALTY_BOX_MATCH_DENYLIST_COMMAND : "",
             "-A bw_penalty_box -j bw_happy_box", "-A bw_happy_box -j bw_data_saver",
             "-A bw_data_saver -j RETURN",
-            useBpf ? BPF_HAPPY_BOX_MATCH_WHITELIST_COMMAND : HAPPY_BOX_MATCH_WHITELIST_COMMAND,
+            useBpf ? BPF_HAPPY_BOX_MATCH_ALLOWLIST_COMMAND : HAPPY_BOX_MATCH_ALLOWLIST_COMMAND,
             "COMMIT",
 
             "*raw",
author	Lorenzo Colitti <lorenzo@google.com>	2020-07-30 12:03:40 +0900
committer	Lorenzo Colitti <lorenzo@google.com>	2020-07-30 23:13:40 +0900
commit	cdd79f13c670605819333de2d7b67d7f8a42210c (patch)
tree	7e45bb560bfdf10340ecd95b6d9c8ff4c11611b3 /server/BandwidthController.cpp
parent	16a23705a18ee4839442598bb6f075b1bfacfbe8 (diff)