Allow finer-grained locking, and use it in FirewallCmd.
FirewallController is stateless and FirewallCmd does not access
any other controllers, so it is safe not to take the big netd
lock.
Bug: 27239233
Change-Id: I246696c4b17fa005c7d6b38ecd627747aa608831
diff --git a/server/FirewallController.h b/server/FirewallController.h
index 34a8b9c..d3ef777 100644
--- a/server/FirewallController.h
+++ b/server/FirewallController.h
@@ -19,6 +19,8 @@
#include <string>
+#include <utils/RWLock.h>
+
enum FirewallRule { DENY, ALLOW };
// WHITELIST means the firewall denies all by default, uids must be explicitly ALLOWed
@@ -34,6 +36,10 @@
/*
* Simple firewall that drops all packets except those matching explicitly
* defined ALLOW rules.
+ *
+ * Methods in this class must be called when holding a write lock on |lock|, and may not call
+ * any other controller without explicitly managing that controller's lock. There are currently
+ * no such methods.
*/
class FirewallController {
public:
@@ -67,6 +73,8 @@
static const char* ICMPV6_TYPES[];
+ android::RWLock lock;
+
private:
FirewallType mFirewallType;
int attachChain(const char*, const char*);