Convert {enable,disable}Firewall to iptables-restore

Bug: 28362720 Test: netd_{unit,integration}_test pass Change-Id: I7c3ddf0812f40124ac83f36d3fd3a8c595ce5472
author: Lorenzo Colitti <lorenzo@google.com> 2017-07-16 22:52:30 +0900
committer: Lorenzo Colitti <lorenzo@google.com> 2017-07-17 02:12:09 +0900
commit: d351bea99bc46011dae9291a7dc68efbf0979a12 (patch)
tree: 7a9c868173a23e3eb6bcb00ffcef1e9b263437eb /server/FirewallControllerTest.cpp
parent: cc1bb82f2e4edc987579655dc1babab5e721a126 (diff)
1 files changed, 19 insertions, 14 deletions
diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp
index 65576a71..db9b31e2 100644
--- a/server/FirewallControllerTest.cpp
+++ b/server/FirewallControllerTest.cpp
@@ -27,6 +27,7 @@
 #include "FirewallController.h"
 #include "IptablesBaseTest.h"
 
+using android::base::Join;
 
 class FirewallControllerTest : public IptablesBaseTest {
 protected:
@@ -216,28 +217,32 @@ TEST_F(FirewallControllerTest, TestEnableChildChains) {
 
 TEST_F(FirewallControllerTest, TestEnableDisableFirewall) {
     std::vector<std::string> enableCommands = {
-        "-A fw_INPUT -j DROP",
-        "-A fw_OUTPUT -j REJECT",
-        "-A fw_FORWARD -j REJECT",
+        "*filter\n"
+        "-A fw_INPUT -j DROP\n"
+        "-A fw_OUTPUT -j REJECT\n"
+        "-A fw_FORWARD -j REJECT\n"
+        "COMMIT\n"
     };
     std::vector<std::string> disableCommands = {
-        "-F fw_INPUT",
-        "-F fw_OUTPUT",
-        "-F fw_FORWARD",
+        "*filter\n"
+        ":fw_INPUT -\n"
+        ":fw_OUTPUT -\n"
+        ":fw_FORWARD -\n"
+        "COMMIT\n"
     };
     std::vector<std::string> noCommands = {};
 
     EXPECT_EQ(0, mFw.disableFirewall());
-    expectIptablesCommands(disableCommands);
+    expectIptablesRestoreCommands(disableCommands);
 
     EXPECT_EQ(0, mFw.disableFirewall());
-    expectIptablesCommands(disableCommands);
+    expectIptablesRestoreCommands(disableCommands);
 
     EXPECT_EQ(0, mFw.enableFirewall(BLACKLIST));
-    expectIptablesCommands(disableCommands);
+    expectIptablesRestoreCommands(disableCommands);
 
     EXPECT_EQ(0, mFw.enableFirewall(BLACKLIST));
-    expectIptablesCommands(noCommands);
+    expectIptablesRestoreCommands(noCommands);
 
     std::vector<std::string> disableEnableCommands;
     disableEnableCommands.insert(
@@ -246,16 +251,16 @@ TEST_F(FirewallControllerTest, TestEnableDisableFirewall) {
             disableEnableCommands.end(), enableCommands.begin(), enableCommands.end());
 
     EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
-    expectIptablesCommands(disableEnableCommands);
+    expectIptablesRestoreCommands(disableEnableCommands);
 
     EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
-    expectIptablesCommands(noCommands);
+    expectIptablesRestoreCommands(noCommands);
 
     EXPECT_EQ(0, mFw.disableFirewall());
-    expectIptablesCommands(disableCommands);
+    expectIptablesRestoreCommands(disableCommands);
 
     // TODO: calling disableFirewall and then enableFirewall(WHITELIST) does
     // nothing. This seems like a clear bug.
     EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
-    expectIptablesCommands(noCommands);
+    expectIptablesRestoreCommands(noCommands);
 }
author	Lorenzo Colitti <lorenzo@google.com>	2017-07-16 22:52:30 +0900
committer	Lorenzo Colitti <lorenzo@google.com>	2017-07-17 02:12:09 +0900
commit	d351bea99bc46011dae9291a7dc68efbf0979a12 (patch)
tree	7a9c868173a23e3eb6bcb00ffcef1e9b263437eb /server/FirewallControllerTest.cpp
parent	cc1bb82f2e4edc987579655dc1babab5e721a126 (diff)