BandwidthController - consistently use -j not --jump throughout

There's already uses of -j in places, and that's the output from
iptables-save and it's shorter.

Generated via:
  sed -i -r 's@--jump@-j@g' server/BandwidthControllerTest.cpp
  sed -i -r 's@--jump@-j@g' server/BandwidthController.cpp
Test:
  git grep '[-]-jump'   -- now comes up empty

  atest bpf_module_test clatd_test libbpf_android_test libnetdbpf_test
    netd_integration_test netd_unit_test netdutils_test
    resolv_integration_test resolv_unit_test
Bug: 136696213
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I06b8ea544f681911472c9b60336b31532c408a6f

1 files changed, 53 insertions, 56 deletions

diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp
index 3efc8a34..363cba01 100644
--- a/server/BandwidthController.cpp
+++ b/server/BandwidthController.cpp
@@ -90,7 +90,7 @@ const char NICE_CHAIN[] = "bw_happy_box";
  * Some comments about the rules:
  *  * Ordering
  *    - when an interface is marked as costly it should be INSERTED into the INPUT/OUTPUT chains.
- *      E.g. "-I bw_INPUT -i rmnet0 --jump costly"
+ *      E.g. "-I bw_INPUT -i rmnet0 -j costly"
  *    - quota'd rules in the costly chain should be before bw_penalty_box lookups.
  *    - the qtaguid counting is done at the end of the bw_INPUT/bw_OUTPUT user chains.
  *
@@ -98,26 +98,26 @@ const char NICE_CHAIN[] = "bw_happy_box";
  *   - global quota for all costly interfaces uses a single costly chain:
  *    . initial rules
  *      iptables -N bw_costly_shared
- *      iptables -I bw_INPUT -i iface0 --jump bw_costly_shared
- *      iptables -I bw_OUTPUT -o iface0 --jump bw_costly_shared
+ *      iptables -I bw_INPUT -i iface0 -j bw_costly_shared
+ *      iptables -I bw_OUTPUT -o iface0 -j bw_costly_shared
  *      iptables -I bw_costly_shared -m quota \! --quota 500000 \
- *          --jump REJECT --reject-with icmp-net-prohibited
- *      iptables -A bw_costly_shared --jump bw_penalty_box
- *      iptables -A bw_penalty_box --jump bw_happy_box
- *      iptables -A bw_happy_box --jump bw_data_saver
+ *          -j REJECT --reject-with icmp-net-prohibited
+ *      iptables -A bw_costly_shared -j bw_penalty_box
+ *      iptables -A bw_penalty_box -j bw_happy_box
+ *      iptables -A bw_happy_box -j bw_data_saver
  *
  *    . adding a new iface to this, E.g.:
- *      iptables -I bw_INPUT -i iface1 --jump bw_costly_shared
- *      iptables -I bw_OUTPUT -o iface1 --jump bw_costly_shared
+ *      iptables -I bw_INPUT -i iface1 -j bw_costly_shared
+ *      iptables -I bw_OUTPUT -o iface1 -j bw_costly_shared
  *
  *   - quota per interface. This is achieve by having "costly" chains per quota.
  *     E.g. adding a new costly interface iface0 with its own quota:
  *      iptables -N bw_costly_iface0
- *      iptables -I bw_INPUT -i iface0 --jump bw_costly_iface0
- *      iptables -I bw_OUTPUT -o iface0 --jump bw_costly_iface0
+ *      iptables -I bw_INPUT -i iface0 -j bw_costly_iface0
+ *      iptables -I bw_OUTPUT -o iface0 -j bw_costly_iface0
  *      iptables -A bw_costly_iface0 -m quota \! --quota 500000 \
- *          --jump REJECT --reject-with icmp-port-unreachable
- *      iptables -A bw_costly_iface0 --jump bw_penalty_box
+ *          -j REJECT --reject-with icmp-port-unreachable
+ *      iptables -A bw_costly_iface0 -j bw_penalty_box
  *
  * * Penalty box, happy box and data saver.
  *   - bw_penalty box is a blacklist of apps that are rejected.
@@ -132,25 +132,25 @@ const char NICE_CHAIN[] = "bw_happy_box";
  *  - only one bw_penalty_box for all interfaces
  *   E.g  Adding an app:
  *    iptables -I bw_penalty_box -m owner --uid-owner app_3 \
- *        --jump REJECT --reject-with icmp-port-unreachable
+ *        -j REJECT --reject-with icmp-port-unreachable
  *
  * * bw_happy_box handling:
  *  - The bw_happy_box comes after the penalty box.
  *   E.g  Adding a happy app,
  *    iptables -I bw_happy_box -m owner --uid-owner app_3 \
- *        --jump RETURN
+ *        -j RETURN
  *
  * * bw_data_saver handling:
  *  - The bw_data_saver comes after the happy box.
  *    Enable data saver:
- *      iptables -R 1 bw_data_saver --jump REJECT --reject-with icmp-port-unreachable
+ *      iptables -R 1 bw_data_saver -j REJECT --reject-with icmp-port-unreachable
  *    Disable data saver:
- *      iptables -R 1 bw_data_saver --jump RETURN
+ *      iptables -R 1 bw_data_saver -j RETURN
  */
 
 const std::string COMMIT_AND_CLOSE = "COMMIT\n";
 const std::string HAPPY_BOX_MATCH_WHITELIST_COMMAND =
-        StringPrintf("-I bw_happy_box -m owner --uid-owner %d-%d --jump RETURN", 0, MAX_SYSTEM_UID);
+        StringPrintf("-I bw_happy_box -m owner --uid-owner %d-%d -j RETURN", 0, MAX_SYSTEM_UID);
 const std::string BPF_HAPPY_BOX_MATCH_WHITELIST_COMMAND = StringPrintf(
         "-I bw_happy_box -m bpf --object-pinned %s -j RETURN", XT_BPF_WHITELIST_PROG_PATH);
 const std::string BPF_PENALTY_BOX_MATCH_BLACKLIST_COMMAND = StringPrintf(
@@ -231,9 +231,9 @@ const std::vector<std::string> getBasicAccountingCommands(const bool useBpf) {
             "-A bw_OUTPUT -m policy --pol ipsec --dir out -j RETURN",
             useBpf ? "" : "-A bw_OUTPUT -m owner --socket-exists",
 
-            "-A bw_costly_shared --jump bw_penalty_box",
+            "-A bw_costly_shared -j bw_penalty_box",
             useBpf ? BPF_PENALTY_BOX_MATCH_BLACKLIST_COMMAND : "",
-            "-A bw_penalty_box --jump bw_happy_box", "-A bw_happy_box --jump bw_data_saver",
+            "-A bw_penalty_box -j bw_happy_box", "-A bw_happy_box -j bw_data_saver",
             "-A bw_data_saver -j RETURN",
             useBpf ? BPF_HAPPY_BOX_MATCH_WHITELIST_COMMAND : HAPPY_BOX_MATCH_WHITELIST_COMMAND,
             "COMMIT",
@@ -413,15 +413,14 @@ int BandwidthController::setInterfaceSharedQuota(const std::string& iface, int64
     if (it == mSharedQuotaIfaces.end()) {
         const int ruleInsertPos = (mGlobalAlertBytes) ? 2 : 1;
         std::vector<std::string> cmds = {
-            "*filter",
-            StringPrintf("-I bw_INPUT %d -i %s --jump %s", ruleInsertPos, iface.c_str(), chain),
-            StringPrintf("-I bw_OUTPUT %d -o %s --jump %s", ruleInsertPos, iface.c_str(), chain),
-            StringPrintf("-A bw_FORWARD -i %s --jump %s", iface.c_str(), chain),
-            StringPrintf("-A bw_FORWARD -o %s --jump %s", iface.c_str(), chain),
+                "*filter",
+                StringPrintf("-I bw_INPUT %d -i %s -j %s", ruleInsertPos, iface.c_str(), chain),
+                StringPrintf("-I bw_OUTPUT %d -o %s -j %s", ruleInsertPos, iface.c_str(), chain),
+                StringPrintf("-A bw_FORWARD -i %s -j %s", iface.c_str(), chain),
+                StringPrintf("-A bw_FORWARD -o %s -j %s", iface.c_str(), chain),
         };
         if (mSharedQuotaIfaces.empty()) {
-            cmds.push_back(StringPrintf("-I %s -m quota2 ! --quota %" PRId64
-                                        " --name %s --jump REJECT",
+            cmds.push_back(StringPrintf("-I %s -m quota2 ! --quota %" PRId64 " --name %s -j REJECT",
                                         chain, maxBytes, cost));
         }
         cmds.push_back("COMMIT\n");
@@ -464,15 +463,14 @@ int BandwidthController::removeInterfaceSharedQuota(const std::string& iface) {
     }
 
     std::vector<std::string> cmds = {
-        "*filter",
-        StringPrintf("-D bw_INPUT -i %s --jump %s", iface.c_str(), chain),
-        StringPrintf("-D bw_OUTPUT -o %s --jump %s", iface.c_str(), chain),
-        StringPrintf("-D bw_FORWARD -i %s --jump %s", iface.c_str(), chain),
-        StringPrintf("-D bw_FORWARD -o %s --jump %s", iface.c_str(), chain),
+            "*filter",
+            StringPrintf("-D bw_INPUT -i %s -j %s", iface.c_str(), chain),
+            StringPrintf("-D bw_OUTPUT -o %s -j %s", iface.c_str(), chain),
+            StringPrintf("-D bw_FORWARD -i %s -j %s", iface.c_str(), chain),
+            StringPrintf("-D bw_FORWARD -o %s -j %s", iface.c_str(), chain),
     };
     if (mSharedQuotaIfaces.size() == 1) {
-        cmds.push_back(StringPrintf("-D %s -m quota2 ! --quota %" PRIu64
-                                    " --name %s --jump REJECT",
+        cmds.push_back(StringPrintf("-D %s -m quota2 ! --quota %" PRIu64 " --name %s -j REJECT",
                                     chain, mSharedQuotaBytes, cost));
     }
     cmds.push_back("COMMIT\n");
@@ -527,18 +525,17 @@ int BandwidthController::setInterfaceQuota(const std::string& iface, int64_t max
     const std::string chain = "bw_costly_" + iface;
     const int ruleInsertPos = (mGlobalAlertBytes) ? 2 : 1;
     std::vector<std::string> cmds = {
-        "*filter",
-        StringPrintf(":%s -", chain.c_str()),
-        StringPrintf("-A %s -j bw_penalty_box", chain.c_str()),
-        StringPrintf("-I bw_INPUT %d -i %s --jump %s", ruleInsertPos, iface.c_str(),
-                     chain.c_str()),
-        StringPrintf("-I bw_OUTPUT %d -o %s --jump %s", ruleInsertPos, iface.c_str(),
-                     chain.c_str()),
-        StringPrintf("-A bw_FORWARD -i %s --jump %s", iface.c_str(), chain.c_str()),
-        StringPrintf("-A bw_FORWARD -o %s --jump %s", iface.c_str(), chain.c_str()),
-        StringPrintf("-A %s -m quota2 ! --quota %" PRId64 " --name %s --jump REJECT",
-                     chain.c_str(), maxBytes, cost.c_str()),
-        "COMMIT\n",
+            "*filter",
+            StringPrintf(":%s -", chain.c_str()),
+            StringPrintf("-A %s -j bw_penalty_box", chain.c_str()),
+            StringPrintf("-I bw_INPUT %d -i %s -j %s", ruleInsertPos, iface.c_str(), chain.c_str()),
+            StringPrintf("-I bw_OUTPUT %d -o %s -j %s", ruleInsertPos, iface.c_str(),
+                         chain.c_str()),
+            StringPrintf("-A bw_FORWARD -i %s -j %s", iface.c_str(), chain.c_str()),
+            StringPrintf("-A bw_FORWARD -o %s -j %s", iface.c_str(), chain.c_str()),
+            StringPrintf("-A %s -m quota2 ! --quota %" PRId64 " --name %s -j REJECT", chain.c_str(),
+                         maxBytes, cost.c_str()),
+            "COMMIT\n",
     };
     if (iptablesRestoreFunction(V4V6, Join(cmds, "\n"), nullptr) != 0) {
         ALOGE("Failed set quota rule");
@@ -586,14 +583,14 @@ int BandwidthController::removeInterfaceQuota(const std::string& iface) {
 
     const std::string chain = "bw_costly_" + iface;
     std::vector<std::string> cmds = {
-        "*filter",
-        StringPrintf("-D bw_INPUT -i %s --jump %s", iface.c_str(), chain.c_str()),
-        StringPrintf("-D bw_OUTPUT -o %s --jump %s", iface.c_str(), chain.c_str()),
-        StringPrintf("-D bw_FORWARD -i %s --jump %s", iface.c_str(), chain.c_str()),
-        StringPrintf("-D bw_FORWARD -o %s --jump %s", iface.c_str(), chain.c_str()),
-        StringPrintf("-F %s", chain.c_str()),
-        StringPrintf("-X %s", chain.c_str()),
-        "COMMIT\n",
+            "*filter",
+            StringPrintf("-D bw_INPUT -i %s -j %s", iface.c_str(), chain.c_str()),
+            StringPrintf("-D bw_OUTPUT -o %s -j %s", iface.c_str(), chain.c_str()),
+            StringPrintf("-D bw_FORWARD -i %s -j %s", iface.c_str(), chain.c_str()),
+            StringPrintf("-D bw_FORWARD -o %s -j %s", iface.c_str(), chain.c_str()),
+            StringPrintf("-F %s", chain.c_str()),
+            StringPrintf("-X %s", chain.c_str()),
+            "COMMIT\n",
     };
 
     const int res = iptablesRestoreFunction(V4V6, Join(cmds, "\n"), nullptr);
@@ -859,8 +856,8 @@ inline const char *BandwidthController::jumpToString(IptJumpOp jumpHandling) {
     case IptJumpNoAdd:
         return "";
     case IptJumpReject:
-        return " --jump REJECT";
+        return " -j REJECT";
     case IptJumpReturn:
-        return " --jump RETURN";
+        return " -j RETURN";
     }
 }