diff options
| author | Lorenzo Colitti <lorenzo@google.com> | 2016-07-26 17:59:41 +0900 |
|---|---|---|
| committer | Lorenzo Colitti <lorenzo@google.com> | 2016-07-28 18:43:22 +0900 |
| commit | 238e81894de39fe7c5ed74f297c36a4798008247 (patch) | |
| tree | f231bfd290323be65cc096862e4447b121a720b2 /server/FirewallControllerTest.cpp | |
| parent | 0726fec82842883a2332318aa675f7f04670db51 (diff) | |
Allow networking on loopback in doze, standby, and powersave.
Restricting networking on loopback is needlessly restrictive
because it doesn't have substantial power impact.
Bug: 30186506
Change-Id: Ibe31aff7c43ae02821fdf4a00b600fb5f5f5bc30
Diffstat (limited to 'server/FirewallControllerTest.cpp')
| -rw-r--r-- | server/FirewallControllerTest.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp index c1226b28..7d96c61c 100644 --- a/server/FirewallControllerTest.cpp +++ b/server/FirewallControllerTest.cpp @@ -56,6 +56,7 @@ TEST_F(FirewallControllerTest, TestCreateWhitelistChain) { std::vector<std::string> expectedRestore4 = { "*filter", ":fw_whitelist -", + "-A fw_whitelist -i lo -o lo -j RETURN", "-A fw_whitelist -p tcp --tcp-flags RST RST -j RETURN", "-A fw_whitelist -m owner --uid-owner 0-9999 -j RETURN", "-A fw_whitelist -j DROP", @@ -64,6 +65,7 @@ TEST_F(FirewallControllerTest, TestCreateWhitelistChain) { std::vector<std::string> expectedRestore6 = { "*filter", ":fw_whitelist -", + "-A fw_whitelist -i lo -o lo -j RETURN", "-A fw_whitelist -p tcp --tcp-flags RST RST -j RETURN", "-A fw_whitelist -p icmpv6 --icmpv6-type packet-too-big -j RETURN", "-A fw_whitelist -p icmpv6 --icmpv6-type router-solicitation -j RETURN", @@ -93,6 +95,7 @@ TEST_F(FirewallControllerTest, TestCreateBlacklistChain) { std::vector<std::string> expectedRestore = { "*filter", ":fw_blacklist -", + "-A fw_blacklist -i lo -o lo -j RETURN", "-A fw_blacklist -p tcp --tcp-flags RST RST -j RETURN", "COMMIT\n\x04" }; @@ -138,6 +141,7 @@ TEST_F(FirewallControllerTest, TestReplaceWhitelistUidRule) { std::string expected = "*filter\n" ":FW_whitechain -\n" + "-A FW_whitechain -i lo -o lo -j RETURN\n" "-A FW_whitechain -p tcp --tcp-flags RST RST -j RETURN\n" "-A FW_whitechain -p icmpv6 --icmpv6-type packet-too-big -j RETURN\n" "-A FW_whitechain -p icmpv6 --icmpv6-type router-solicitation -j RETURN\n" @@ -164,6 +168,7 @@ TEST_F(FirewallControllerTest, TestReplaceBlacklistUidRule) { std::string expected = "*filter\n" ":FW_blackchain -\n" + "-A FW_blackchain -i lo -o lo -j RETURN\n" "-A FW_blackchain -p tcp --tcp-flags RST RST -j RETURN\n" "-A FW_blackchain -m owner --uid-owner 10023 -j DROP\n" "-A FW_blackchain -m owner --uid-owner 10059 -j DROP\n" |