Move enableChildChains to iptables-restore.
This saves 100-200ms on boot.
(cherry picked from commit 0b64071d1326214b83e7dfb90701a4ee14ab6036)
Bug: 37641280
Test: marlin builds and boots
Test: new unit test passes
Test: netd_{unit,integration}_test pass
Test: fw_dozable added/removed from fw_INPUT/fw_OUTPUT on "adb shell dumpsys deviceidle <force-idle|unforce>"
Change-Id: Iaa8daba011cf187d07526b2b85f9e9aba83adf4f
Merged-In: Iabd2fa6ea260495feee3335b1605f3699b1722c5
diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp
index 1c3944a..7f6f0ae 100644
--- a/server/FirewallControllerTest.cpp
+++ b/server/FirewallControllerTest.cpp
@@ -196,16 +196,20 @@
TEST_F(FirewallControllerTest, TestEnableChildChains) {
std::vector<std::string> expected = {
- "-t filter -A fw_INPUT -j fw_dozable",
- "-t filter -A fw_OUTPUT -j fw_dozable",
+ "*filter\n"
+ "-A fw_INPUT -j fw_dozable\n"
+ "-A fw_OUTPUT -j fw_dozable\n"
+ "COMMIT\n"
};
EXPECT_EQ(0, mFw.enableChildChains(DOZABLE, true));
- expectIptablesCommands(expected);
+ expectIptablesRestoreCommands(expected);
expected = {
- "-t filter -D fw_INPUT -j fw_powersave",
- "-t filter -D fw_OUTPUT -j fw_powersave",
+ "*filter\n"
+ "-D fw_INPUT -j fw_powersave\n"
+ "-D fw_OUTPUT -j fw_powersave\n"
+ "COMMIT\n"
};
EXPECT_EQ(0, mFw.enableChildChains(POWERSAVE, false));
- expectIptablesCommands(expected);
+ expectIptablesRestoreCommands(expected);
}