Use IptablesRestoreController for UID rule updates.

Bug: 32073253 Test: netd_{unit,integration}_test passes Test: bullhead builds, boots Test: fw_powersave chain correctly updated when updating battery optimization whitelist Test: fw_powersave chain correctly updated when bringing apps into foreground Change-Id: I964b7664718f353057047c66e69351169b5cf453
author: Lorenzo Colitti <lorenzo@google.com> 2017-04-25 00:16:36 +0900
committer: Lorenzo Colitti <lorenzo@google.com> 2017-04-25 16:20:54 +0900
commit: a73576568ec540edc247f9bb7ef80f0301d8b71b (patch)
tree: 1c28db7c558dc50c47e6fcb8cd60d64ab95ec022 /server/FirewallControllerTest.cpp
parent: 018e4a94bd38c09dc8d5cb678ec114de32203fa2 (diff)
1 files changed, 28 insertions, 8 deletions
diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp
index f709cda7..3f8ce125 100644
--- a/server/FirewallControllerTest.cpp
+++ b/server/FirewallControllerTest.cpp
@@ -104,30 +104,50 @@ TEST_F(FirewallControllerTest, TestCreateBlacklistChain) {
 
 TEST_F(FirewallControllerTest, TestSetStandbyRule) {
     ExpectedIptablesCommands expected = {
-        { V4V6, "-D fw_standby -m owner --uid-owner 12345 -j DROP" }
+        { V4V6, "*filter\n-D fw_standby -m owner --uid-owner 12345 -j DROP\nCOMMIT\n" }
     };
     mFw.setUidRule(STANDBY, 12345, ALLOW);
-    expectIptablesCommands(expected);
+    expectIptablesRestoreCommands(expected);
 
     expected = {
-        { V4V6, "-A fw_standby -m owner --uid-owner 12345 -j DROP" }
+        { V4V6, "*filter\n-A fw_standby -m owner --uid-owner 12345 -j DROP\nCOMMIT\n" }
     };
     mFw.setUidRule(STANDBY, 12345, DENY);
-    expectIptablesCommands(expected);
+    expectIptablesRestoreCommands(expected);
 }
 
 TEST_F(FirewallControllerTest, TestSetDozeRule) {
     ExpectedIptablesCommands expected = {
-        { V4V6, "-I fw_dozable -m owner --uid-owner 54321 -j RETURN" }
+        { V4V6, "*filter\n-I fw_dozable -m owner --uid-owner 54321 -j RETURN\nCOMMIT\n" }
     };
     mFw.setUidRule(DOZABLE, 54321, ALLOW);
-    expectIptablesCommands(expected);
+    expectIptablesRestoreCommands(expected);
 
     expected = {
-        { V4V6, "-D fw_dozable -m owner --uid-owner 54321 -j RETURN" }
+        { V4V6, "*filter\n-D fw_dozable -m owner --uid-owner 54321 -j RETURN\nCOMMIT\n" }
     };
     mFw.setUidRule(DOZABLE, 54321, DENY);
-    expectIptablesCommands(expected);
+    expectIptablesRestoreCommands(expected);
+}
+
+TEST_F(FirewallControllerTest, TestSetFirewallRule) {
+    ExpectedIptablesCommands expected = {
+        { V4V6, "*filter\n"
+                "-A fw_INPUT -m owner --uid-owner 54321 -j DROP\n"
+                "-A fw_OUTPUT -m owner --uid-owner 54321 -j DROP\n"
+                "COMMIT\n" }
+    };
+    mFw.setUidRule(NONE, 54321, DENY);
+    expectIptablesRestoreCommands(expected);
+
+    expected = {
+        { V4V6, "*filter\n"
+                "-D fw_INPUT -m owner --uid-owner 54321 -j DROP\n"
+                "-D fw_OUTPUT -m owner --uid-owner 54321 -j DROP\n"
+                "COMMIT\n" }
+    };
+    mFw.setUidRule(NONE, 54321, ALLOW);
+    expectIptablesRestoreCommands(expected);
 }
 
 TEST_F(FirewallControllerTest, TestReplaceWhitelistUidRule) {
author	Lorenzo Colitti <lorenzo@google.com>	2017-04-25 00:16:36 +0900
committer	Lorenzo Colitti <lorenzo@google.com>	2017-04-25 16:20:54 +0900
commit	a73576568ec540edc247f9bb7ef80f0301d8b71b (patch)
tree	1c28db7c558dc50c47e6fcb8cd60d64ab95ec022 /server/FirewallControllerTest.cpp
parent	018e4a94bd38c09dc8d5cb678ec114de32203fa2 (diff)