Add tests for FirewallController::setInterfaceRule.
Bug: 28362720
Test: new unit test passes
Change-Id: I29c2272458b5fda46d2fc110663e01841b2e895b
diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp
index db9b31e..0805580 100644
--- a/server/FirewallControllerTest.cpp
+++ b/server/FirewallControllerTest.cpp
@@ -23,11 +23,13 @@
#include <gtest/gtest.h>
#include <android-base/strings.h>
+#include <android-base/stringprintf.h>
#include "FirewallController.h"
#include "IptablesBaseTest.h"
using android::base::Join;
+using android::base::StringPrintf;
class FirewallControllerTest : public IptablesBaseTest {
protected:
@@ -215,7 +217,7 @@
expectIptablesRestoreCommands(expected);
}
-TEST_F(FirewallControllerTest, TestEnableDisableFirewall) {
+TEST_F(FirewallControllerTest, TestFirewall) {
std::vector<std::string> enableCommands = {
"*filter\n"
"-A fw_INPUT -j DROP\n"
@@ -253,6 +255,20 @@
EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
expectIptablesRestoreCommands(disableEnableCommands);
+ std::vector<std::string> ifaceCommands = {
+ "-I fw_INPUT -i rmnet_data0 -j RETURN",
+ "-I fw_OUTPUT -o rmnet_data0 -j RETURN",
+ };
+ EXPECT_EQ(0, mFw.setInterfaceRule("rmnet_data0", ALLOW));
+ expectIptablesCommands(ifaceCommands);
+
+ ifaceCommands = {
+ "-D fw_INPUT -i rmnet_data0 -j RETURN",
+ "-D fw_OUTPUT -o rmnet_data0 -j RETURN",
+ };
+ EXPECT_EQ(0, mFw.setInterfaceRule("rmnet_data0", DENY));
+ expectIptablesCommands(ifaceCommands);
+
EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
expectIptablesRestoreCommands(noCommands);