Whitelist system apps when using bw_happy_box.
BUG: 27506285
BUG: 26685616
Change-Id: I8352ebbab1778c85e0a1da79a0acede5aea144a1
diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp
index b674ee5..84b1914 100644
--- a/server/BandwidthController.cpp
+++ b/server/BandwidthController.cpp
@@ -351,9 +351,12 @@
snprintf(cmd, sizeof(cmd), "-A bw_penalty_box -j bw_happy_box");
res |= runIpxtablesCmd(cmd, IptJumpNoAdd);
+ /* Whitelist all system apps. */
+ snprintf(cmd, sizeof(cmd),
+ "-A bw_happy_box -m owner --uid-owner %d-%d -j RETURN", 0, MAX_SYSTEM_UID);
+ res |= runIpxtablesCmd(cmd, IptJumpNoAdd);
+
/* Reject. Defaulting to prot-unreachable */
- snprintf(cmd, sizeof(cmd), "-D bw_happy_box -j REJECT");
- runIpxtablesCmd(cmd, IptJumpNoAdd);
snprintf(cmd, sizeof(cmd), "-A bw_happy_box -j REJECT");
res |= runIpxtablesCmd(cmd, IptJumpNoAdd);
diff --git a/server/FirewallController.cpp b/server/FirewallController.cpp
index c0c5230..8f07a56 100644
--- a/server/FirewallController.cpp
+++ b/server/FirewallController.cpp
@@ -24,7 +24,6 @@
#include <android-base/stringprintf.h>
#include <cutils/log.h>
-#include <private/android_filesystem_config.h>
#include "NetdConstants.h"
#include "FirewallController.h"
@@ -53,8 +52,6 @@
"redirect",
};
-const int MAX_SYSTEM_UID = AID_APP - 1;
-
FirewallController::FirewallController(void) {
// If no rules are set, it's in BLACKLIST mode
mFirewallType = BLACKLIST;
diff --git a/server/NetdConstants.h b/server/NetdConstants.h
index 165b19e..1d8ae34 100644
--- a/server/NetdConstants.h
+++ b/server/NetdConstants.h
@@ -20,10 +20,12 @@
#include <string>
#include <list>
#include <stdarg.h>
+#include <private/android_filesystem_config.h>
#include "utils/RWLock.h"
const int PROTECT_MARK = 0x1;
+const int MAX_SYSTEM_UID = AID_APP - 1;
extern const char * const IPTABLES_PATH;
extern const char * const IP6TABLES_PATH;