Add a unit test for FirewallController::{enable,disable}Firewall
Bug: 28362720
Test: new unit test passes
Change-Id: If15a46e98318d8f10acd860f00547048027c7d0a
diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp
index 7f6f0ae..65576a7 100644
--- a/server/FirewallControllerTest.cpp
+++ b/server/FirewallControllerTest.cpp
@@ -213,3 +213,49 @@
EXPECT_EQ(0, mFw.enableChildChains(POWERSAVE, false));
expectIptablesRestoreCommands(expected);
}
+
+TEST_F(FirewallControllerTest, TestEnableDisableFirewall) {
+ std::vector<std::string> enableCommands = {
+ "-A fw_INPUT -j DROP",
+ "-A fw_OUTPUT -j REJECT",
+ "-A fw_FORWARD -j REJECT",
+ };
+ std::vector<std::string> disableCommands = {
+ "-F fw_INPUT",
+ "-F fw_OUTPUT",
+ "-F fw_FORWARD",
+ };
+ std::vector<std::string> noCommands = {};
+
+ EXPECT_EQ(0, mFw.disableFirewall());
+ expectIptablesCommands(disableCommands);
+
+ EXPECT_EQ(0, mFw.disableFirewall());
+ expectIptablesCommands(disableCommands);
+
+ EXPECT_EQ(0, mFw.enableFirewall(BLACKLIST));
+ expectIptablesCommands(disableCommands);
+
+ EXPECT_EQ(0, mFw.enableFirewall(BLACKLIST));
+ expectIptablesCommands(noCommands);
+
+ std::vector<std::string> disableEnableCommands;
+ disableEnableCommands.insert(
+ disableEnableCommands.end(), disableCommands.begin(), disableCommands.end());
+ disableEnableCommands.insert(
+ disableEnableCommands.end(), enableCommands.begin(), enableCommands.end());
+
+ EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
+ expectIptablesCommands(disableEnableCommands);
+
+ EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
+ expectIptablesCommands(noCommands);
+
+ EXPECT_EQ(0, mFw.disableFirewall());
+ expectIptablesCommands(disableCommands);
+
+ // TODO: calling disableFirewall and then enableFirewall(WHITELIST) does
+ // nothing. This seems like a clear bug.
+ EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
+ expectIptablesCommands(noCommands);
+}