Refine firewall-related commands
Test: runtest frameworks-net passes
Test: manual testing of firewall works
Change-Id: I272bb54ffcde72d04cbcf550e31dafeeb00f1ce2
diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index 4e8177b..4fb654b 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -2032,8 +2032,9 @@
setFirewallChainState(chain, enable);
}
+ final String chainName = getFirewallChainName(chain);
if (chain == FIREWALL_CHAIN_NONE) {
- throw new IllegalArgumentException("Bad child chain: " + chain);
+ throw new IllegalArgumentException("Bad child chain: " + chainName);
}
try {
@@ -2047,7 +2048,7 @@
// the connection and race with the iptables commands that enable the firewall. All
// whitelist and blacklist chains allow RSTs through.
if (enable) {
- closeSocketsForFirewallChainLocked(chain, getFirewallChainName(chain));
+ closeSocketsForFirewallChainLocked(chain, chainName);
}
}
}
@@ -2208,19 +2209,11 @@
}
private int getFirewallRuleType(int chain, int rule) {
- if (getFirewallType(chain) == FIREWALL_TYPE_WHITELIST) {
- if (rule == NetworkPolicyManager.FIREWALL_RULE_ALLOW) {
- return INetd.FIREWALL_RULE_ALLOW;
- } else {
- return INetd.FIREWALL_RULE_DENY;
- }
- } else { // Blacklist mode
- if (rule == NetworkPolicyManager.FIREWALL_RULE_DENY) {
- return INetd.FIREWALL_RULE_DENY;
- } else {
- return INetd.FIREWALL_RULE_ALLOW;
- }
+ if (rule == NetworkPolicyManager.FIREWALL_RULE_DEFAULT) {
+ return getFirewallType(chain) == FIREWALL_TYPE_WHITELIST
+ ? INetd.FIREWALL_RULE_DENY : INetd.FIREWALL_RULE_ALLOW;
}
+ return rule;
}
private static void enforceSystemUid() {