Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / netd / a73576568ec540edc247f9bb7ef80f0301d8b71b^! / . / server / FirewallControllerTest.cpp
commita73576568ec540edc247f9bb7ef80f0301d8b71b[log] [tgz]
authorLorenzo Colitti <lorenzo@google.com>Tue Apr 25 00:16:36 2017 +0900
committerLorenzo Colitti <lorenzo@google.com>Tue Apr 25 16:20:54 2017 +0900
tree1c28db7c558dc50c47e6fcb8cd60d64ab95ec022
parent018e4a94bd38c09dc8d5cb678ec114de32203fa2 [diff] [blame]
Use IptablesRestoreController for UID rule updates.

Bug: 32073253
Test: netd_{unit,integration}_test passes
Test: bullhead builds, boots
Test: fw_powersave chain correctly updated when updating battery optimization whitelist
Test: fw_powersave chain correctly updated when bringing apps into foreground
Change-Id: I964b7664718f353057047c66e69351169b5cf453

diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp
index f709cda..3f8ce12 100644
--- a/server/FirewallControllerTest.cpp
+++ b/server/FirewallControllerTest.cpp

@@ -104,30 +104,50 @@
 
 TEST_F(FirewallControllerTest, TestSetStandbyRule) {
     ExpectedIptablesCommands expected = {
-        { V4V6, "-D fw_standby -m owner --uid-owner 12345 -j DROP" }
+        { V4V6, "*filter\n-D fw_standby -m owner --uid-owner 12345 -j DROP\nCOMMIT\n" }
     };
     mFw.setUidRule(STANDBY, 12345, ALLOW);
-    expectIptablesCommands(expected);
+    expectIptablesRestoreCommands(expected);
 
     expected = {
-        { V4V6, "-A fw_standby -m owner --uid-owner 12345 -j DROP" }
+        { V4V6, "*filter\n-A fw_standby -m owner --uid-owner 12345 -j DROP\nCOMMIT\n" }
     };
     mFw.setUidRule(STANDBY, 12345, DENY);
-    expectIptablesCommands(expected);
+    expectIptablesRestoreCommands(expected);
 }
 
 TEST_F(FirewallControllerTest, TestSetDozeRule) {
     ExpectedIptablesCommands expected = {
-        { V4V6, "-I fw_dozable -m owner --uid-owner 54321 -j RETURN" }
+        { V4V6, "*filter\n-I fw_dozable -m owner --uid-owner 54321 -j RETURN\nCOMMIT\n" }
     };
     mFw.setUidRule(DOZABLE, 54321, ALLOW);
-    expectIptablesCommands(expected);
+    expectIptablesRestoreCommands(expected);
 
     expected = {
-        { V4V6, "-D fw_dozable -m owner --uid-owner 54321 -j RETURN" }
+        { V4V6, "*filter\n-D fw_dozable -m owner --uid-owner 54321 -j RETURN\nCOMMIT\n" }
     };
     mFw.setUidRule(DOZABLE, 54321, DENY);
-    expectIptablesCommands(expected);
+    expectIptablesRestoreCommands(expected);
+}
+
+TEST_F(FirewallControllerTest, TestSetFirewallRule) {
+    ExpectedIptablesCommands expected = {
+        { V4V6, "*filter\n"
+                "-A fw_INPUT -m owner --uid-owner 54321 -j DROP\n"
+                "-A fw_OUTPUT -m owner --uid-owner 54321 -j DROP\n"
+                "COMMIT\n" }
+    };
+    mFw.setUidRule(NONE, 54321, DENY);
+    expectIptablesRestoreCommands(expected);
+
+    expected = {
+        { V4V6, "*filter\n"
+                "-D fw_INPUT -m owner --uid-owner 54321 -j DROP\n"
+                "-D fw_OUTPUT -m owner --uid-owner 54321 -j DROP\n"
+                "COMMIT\n" }
+    };
+    mFw.setUidRule(NONE, 54321, ALLOW);
+    expectIptablesRestoreCommands(expected);
 }
 
 TEST_F(FirewallControllerTest, TestReplaceWhitelistUidRule) {