Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / 1411d45669a31c2fad5c3bd1f67bad7c1808c173^! / . / server / FirewallControllerTest.cpp
commit1411d45669a31c2fad5c3bd1f67bad7c1808c173[log] [tgz]
authorLorenzo Colitti <lorenzo@google.com>Mon Jul 17 22:12:15 2017 +0900
committerLorenzo Colitti <lorenzo@google.com>Tue Jul 18 18:29:23 2017 +0900
treed0aaf1be94a8ba838babcf545bc2d7d48089cdcb
parent6324b18c1a7dddfc44a1f5f9e6bc79026e7daafc [diff] [blame]
Convert last FirewallController command to iptables-restore.

This code currently has no callers, but it is the only remaining
user of iptables in FirewallController. Move it to
iptables-restore and delete support for iptables commands from
the class.

Bug: 28362720
Test: unit tests pass
Test: adb shell ndc firewall set_interface_rule rmnet_data0 <allow|deny>
Change-Id: I0a934283ca4479f870139d1ecf90096ae59eb19d

diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp
index 0805580..74dbbad 100644
--- a/server/FirewallControllerTest.cpp
+++ b/server/FirewallControllerTest.cpp

@@ -34,8 +34,6 @@
 class FirewallControllerTest : public IptablesBaseTest {
 protected:
     FirewallControllerTest() {
-        FirewallController::execIptables = fakeExecIptables;
-        FirewallController::execIptablesSilently = fakeExecIptables;
         FirewallController::execIptablesRestore = fakeExecIptablesRestore;
     }
     FirewallController mFw;
@@ -256,18 +254,28 @@
     expectIptablesRestoreCommands(disableEnableCommands);
 
     std::vector<std::string> ifaceCommands = {
-        "-I fw_INPUT -i rmnet_data0 -j RETURN",
-        "-I fw_OUTPUT -o rmnet_data0 -j RETURN",
+        "*filter\n"
+        "-I fw_INPUT -i rmnet_data0 -j RETURN\n"
+        "-I fw_OUTPUT -o rmnet_data0 -j RETURN\n"
+        "COMMIT\n"
     };
     EXPECT_EQ(0, mFw.setInterfaceRule("rmnet_data0", ALLOW));
-    expectIptablesCommands(ifaceCommands);
+    expectIptablesRestoreCommands(ifaceCommands);
+
+    EXPECT_EQ(0, mFw.setInterfaceRule("rmnet_data0", ALLOW));
+    expectIptablesRestoreCommands(noCommands);
 
     ifaceCommands = {
-        "-D fw_INPUT -i rmnet_data0 -j RETURN",
-        "-D fw_OUTPUT -o rmnet_data0 -j RETURN",
+        "*filter\n"
+        "-D fw_INPUT -i rmnet_data0 -j RETURN\n"
+        "-D fw_OUTPUT -o rmnet_data0 -j RETURN\n"
+        "COMMIT\n"
     };
     EXPECT_EQ(0, mFw.setInterfaceRule("rmnet_data0", DENY));
-    expectIptablesCommands(ifaceCommands);
+    expectIptablesRestoreCommands(ifaceCommands);
+
+    EXPECT_EQ(0, mFw.setInterfaceRule("rmnet_data0", DENY));
+    expectIptablesRestoreCommands(noCommands);
 
     EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
     expectIptablesRestoreCommands(noCommands);