Speed up FirewallController startup. FirewallController::createChain runs iptables commands to remove the newly-created chain from fw_INPUT. This is not necessary, because createChain is only called from setupIptablesHooks, which is only called immediately after initIptablesRules, which clears fw_INPUT. So there is nothing to delete. Removing these unnecessary commands speeds up netd startup by ~150ms. Before: 02-03 18:51:40.075 492 492 I Netd : Setting up FirewallController hooks: 159.9ms After: 02-03 18:45:22.005 489 489 I Netd : Setting up FirewallController hooks: 11.3ms Bug: 34873832 Test: unit tests continue to pass Change-Id: I651d96a71c98d6aba989927cd23036d5cc371dd7

commit: 03b23fe8f8af40194572b3ce37f79bece35e092c [log] [tgz]
author: Lorenzo Colitti <lorenzo@google.com> Fri Feb 03 18:46:53 2017 +0900
committer: Lorenzo Colitti <lorenzo@google.com> Fri Feb 10 11:41:14 2017 +0900
tree: 24f4c6cc047ee31e7d6731c63c6944df50302cd1
parent: 4fcb4a0d90be5e00b16b558089bd69d3c414d382 [diff] [blame]
diff --git a/server/FirewallController.h b/server/FirewallController.h
index d78b461..67d632c 100644
--- a/server/FirewallController.h
+++ b/server/FirewallController.h

@@ -93,7 +93,7 @@
     FirewallType mFirewallType;
     int attachChain(const char*, const char*);
     int detachChain(const char*, const char*);
-    int createChain(const char*, const char*, FirewallType);
+    int createChain(const char*, FirewallType);
     FirewallType getFirewallType(ChildChain);
 };
commit	03b23fe8f8af40194572b3ce37f79bece35e092c	[log] [tgz]
author	Lorenzo Colitti <lorenzo@google.com>	Fri Feb 03 18:46:53 2017 +0900
committer	Lorenzo Colitti <lorenzo@google.com>	Fri Feb 10 11:41:14 2017 +0900
tree	24f4c6cc047ee31e7d6731c63c6944df50302cd1
parent	4fcb4a0d90be5e00b16b558089bd69d3c414d382 [diff] [blame]