summaryrefslogtreecommitdiff
path: root/server/FirewallControllerTest.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'server/FirewallControllerTest.cpp')
-rw-r--r--server/FirewallControllerTest.cpp51
1 files changed, 51 insertions, 0 deletions
diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp
index 7f6f0ae0..db9b31e2 100644
--- a/server/FirewallControllerTest.cpp
+++ b/server/FirewallControllerTest.cpp
@@ -27,6 +27,7 @@
#include "FirewallController.h"
#include "IptablesBaseTest.h"
+using android::base::Join;
class FirewallControllerTest : public IptablesBaseTest {
protected:
@@ -213,3 +214,53 @@ TEST_F(FirewallControllerTest, TestEnableChildChains) {
EXPECT_EQ(0, mFw.enableChildChains(POWERSAVE, false));
expectIptablesRestoreCommands(expected);
}
+
+TEST_F(FirewallControllerTest, TestEnableDisableFirewall) {
+ std::vector<std::string> enableCommands = {
+ "*filter\n"
+ "-A fw_INPUT -j DROP\n"
+ "-A fw_OUTPUT -j REJECT\n"
+ "-A fw_FORWARD -j REJECT\n"
+ "COMMIT\n"
+ };
+ std::vector<std::string> disableCommands = {
+ "*filter\n"
+ ":fw_INPUT -\n"
+ ":fw_OUTPUT -\n"
+ ":fw_FORWARD -\n"
+ "COMMIT\n"
+ };
+ std::vector<std::string> noCommands = {};
+
+ EXPECT_EQ(0, mFw.disableFirewall());
+ expectIptablesRestoreCommands(disableCommands);
+
+ EXPECT_EQ(0, mFw.disableFirewall());
+ expectIptablesRestoreCommands(disableCommands);
+
+ EXPECT_EQ(0, mFw.enableFirewall(BLACKLIST));
+ expectIptablesRestoreCommands(disableCommands);
+
+ EXPECT_EQ(0, mFw.enableFirewall(BLACKLIST));
+ expectIptablesRestoreCommands(noCommands);
+
+ std::vector<std::string> disableEnableCommands;
+ disableEnableCommands.insert(
+ disableEnableCommands.end(), disableCommands.begin(), disableCommands.end());
+ disableEnableCommands.insert(
+ disableEnableCommands.end(), enableCommands.begin(), enableCommands.end());
+
+ EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
+ expectIptablesRestoreCommands(disableEnableCommands);
+
+ EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
+ expectIptablesRestoreCommands(noCommands);
+
+ EXPECT_EQ(0, mFw.disableFirewall());
+ expectIptablesRestoreCommands(disableCommands);
+
+ // TODO: calling disableFirewall and then enableFirewall(WHITELIST) does
+ // nothing. This seems like a clear bug.
+ EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
+ expectIptablesRestoreCommands(noCommands);
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-22 08:14:34 +0000