diff options
| author | Lorenzo Colitti <lorenzo@google.com> | 2017-04-25 00:16:36 +0900 |
|---|---|---|
| committer | Lorenzo Colitti <lorenzo@google.com> | 2017-04-25 16:20:54 +0900 |
| commit | a73576568ec540edc247f9bb7ef80f0301d8b71b (patch) | |
| tree | 1c28db7c558dc50c47e6fcb8cd60d64ab95ec022 /server/FirewallController.cpp | |
| parent | 018e4a94bd38c09dc8d5cb678ec114de32203fa2 (diff) | |
Use IptablesRestoreController for UID rule updates.
Bug: 32073253
Test: netd_{unit,integration}_test passes
Test: bullhead builds, boots
Test: fw_powersave chain correctly updated when updating battery optimization whitelist
Test: fw_powersave chain correctly updated when bringing apps into foreground
Change-Id: I964b7664718f353057047c66e69351169b5cf453
Diffstat (limited to 'server/FirewallController.cpp')
| -rw-r--r-- | server/FirewallController.cpp | 31 |
1 files changed, 15 insertions, 16 deletions
diff --git a/server/FirewallController.cpp b/server/FirewallController.cpp index e2ddc74b..46932067 100644 --- a/server/FirewallController.cpp +++ b/server/FirewallController.cpp @@ -173,9 +173,6 @@ FirewallType FirewallController::getFirewallType(ChildChain chain) { } int FirewallController::setUidRule(ChildChain chain, int uid, FirewallRule rule) { - char uidStr[16]; - sprintf(uidStr, "%d", uid); - const char* op; const char* target; FirewallType firewallType = getFirewallType(chain); @@ -189,31 +186,33 @@ int FirewallController::setUidRule(ChildChain chain, int uid, FirewallRule rule) op = (rule == DENY)? "-A" : "-D"; } - int res = 0; + std::vector<std::string> chainNames; switch(chain) { case DOZABLE: - res |= execIptables(V4V6, op, LOCAL_DOZABLE, "-m", "owner", "--uid-owner", - uidStr, "-j", target, NULL); + chainNames = { LOCAL_DOZABLE }; break; case STANDBY: - res |= execIptables(V4V6, op, LOCAL_STANDBY, "-m", "owner", "--uid-owner", - uidStr, "-j", target, NULL); + chainNames = { LOCAL_STANDBY }; break; case POWERSAVE: - res |= execIptables(V4V6, op, LOCAL_POWERSAVE, "-m", "owner", "--uid-owner", - uidStr, "-j", target, NULL); + chainNames = { LOCAL_POWERSAVE }; break; case NONE: - res |= execIptables(V4V6, op, LOCAL_INPUT, "-m", "owner", "--uid-owner", uidStr, - "-j", target, NULL); - res |= execIptables(V4V6, op, LOCAL_OUTPUT, "-m", "owner", "--uid-owner", uidStr, - "-j", target, NULL); + chainNames = { LOCAL_INPUT, LOCAL_OUTPUT }; break; default: ALOGW("Unknown child chain: %d", chain); - break; + return -1; } - return res; + + std::string command = "*filter\n"; + for (std::string chainName : chainNames) { + StringAppendF(&command, "%s %s -m owner --uid-owner %d -j %s\n", + op, chainName.c_str(), uid, target); + } + StringAppendF(&command, "COMMIT\n"); + + return execIptablesRestore(V4V6, command); } int FirewallController::attachChain(const char* childChain, const char* parentChain) { |