diff options
| author | Benedict Wong <benedictwong@google.com> | 2017-12-06 22:05:46 -0800 |
|---|---|---|
| committer | Benedict Wong <benedictwong@google.com> | 2017-12-18 15:56:49 -0800 |
| commit | b2daefb0fd5eb1e6ed4ff2149e13a09ee5748711 (patch) | |
| tree | e0eb183f036a0dff44be2ecc60db908dd2b0fd09 /server/FirewallControllerTest.cpp | |
| parent | 164c8966c6bce401907c2f140e8c69452a89d227 (diff) | |
[ipsec-doze] Add fchown capabilities, and fw rules
Add some firewall rules to allow doze mode packets to be sent/received
on ESP & no-socket packets. No-socket packets are no security risk
because they are either forwarded, going to be forwarded, or will be
dropped at routing tables (unless they are ESP).
Bug: 62994731
Test: New tests added, run
Change-Id: I2d8704498b564403d94123e4938091dee8fb98c1
Diffstat (limited to 'server/FirewallControllerTest.cpp')
| -rw-r--r-- | server/FirewallControllerTest.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp index 74dbbadb..c1f43eb7 100644 --- a/server/FirewallControllerTest.cpp +++ b/server/FirewallControllerTest.cpp @@ -54,6 +54,8 @@ TEST_F(FirewallControllerTest, TestCreateWhitelistChain) { "*filter", ":fw_whitelist -", "-A fw_whitelist -m owner --uid-owner 0-9999 -j RETURN", + "-A fw_whitelist -m owner ! --uid-owner 0-4294967294 -j RETURN", + "-A fw_whitelist -p esp -j RETURN", "-A fw_whitelist -i lo -j RETURN", "-A fw_whitelist -o lo -j RETURN", "-A fw_whitelist -p tcp --tcp-flags RST RST -j RETURN", @@ -64,6 +66,8 @@ TEST_F(FirewallControllerTest, TestCreateWhitelistChain) { "*filter", ":fw_whitelist -", "-A fw_whitelist -m owner --uid-owner 0-9999 -j RETURN", + "-A fw_whitelist -m owner ! --uid-owner 0-4294967294 -j RETURN", + "-A fw_whitelist -p esp -j RETURN", "-A fw_whitelist -i lo -j RETURN", "-A fw_whitelist -o lo -j RETURN", "-A fw_whitelist -p tcp --tcp-flags RST RST -j RETURN", @@ -163,6 +167,8 @@ TEST_F(FirewallControllerTest, TestReplaceWhitelistUidRule) { "-A FW_whitechain -m owner --uid-owner 210153 -j RETURN\n" "-A FW_whitechain -m owner --uid-owner 210024 -j RETURN\n" "-A FW_whitechain -m owner --uid-owner 0-9999 -j RETURN\n" + "-A FW_whitechain -m owner ! --uid-owner 0-4294967294 -j RETURN\n" + "-A FW_whitechain -p esp -j RETURN\n" "-A FW_whitechain -i lo -j RETURN\n" "-A FW_whitechain -o lo -j RETURN\n" "-A FW_whitechain -p tcp --tcp-flags RST RST -j RETURN\n" |