BandwidthController - consistently use -j not --jump throughout
There's already uses of -j in places, and that's the output from
iptables-save and it's shorter.
Generated via:
sed -i -r 's@--jump@-j@g' server/BandwidthControllerTest.cpp
sed -i -r 's@--jump@-j@g' server/BandwidthController.cpp
Test:
git grep '[-]-jump' -- now comes up empty
atest bpf_module_test clatd_test libbpf_android_test libnetdbpf_test
netd_integration_test netd_unit_test netdutils_test
resolv_integration_test resolv_unit_test
Bug: 136696213
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I06b8ea544f681911472c9b60336b31532c408a6f
diff --git a/server/BandwidthController.cpp b/server/BandwidthController.cpp
index 3efc8a3..363cba0 100644
--- a/server/BandwidthController.cpp
+++ b/server/BandwidthController.cpp
@@ -90,7 +90,7 @@
* Some comments about the rules:
* * Ordering
* - when an interface is marked as costly it should be INSERTED into the INPUT/OUTPUT chains.
- * E.g. "-I bw_INPUT -i rmnet0 --jump costly"
+ * E.g. "-I bw_INPUT -i rmnet0 -j costly"
* - quota'd rules in the costly chain should be before bw_penalty_box lookups.
* - the qtaguid counting is done at the end of the bw_INPUT/bw_OUTPUT user chains.
*
@@ -98,26 +98,26 @@
* - global quota for all costly interfaces uses a single costly chain:
* . initial rules
* iptables -N bw_costly_shared
- * iptables -I bw_INPUT -i iface0 --jump bw_costly_shared
- * iptables -I bw_OUTPUT -o iface0 --jump bw_costly_shared
+ * iptables -I bw_INPUT -i iface0 -j bw_costly_shared
+ * iptables -I bw_OUTPUT -o iface0 -j bw_costly_shared
* iptables -I bw_costly_shared -m quota \! --quota 500000 \
- * --jump REJECT --reject-with icmp-net-prohibited
- * iptables -A bw_costly_shared --jump bw_penalty_box
- * iptables -A bw_penalty_box --jump bw_happy_box
- * iptables -A bw_happy_box --jump bw_data_saver
+ * -j REJECT --reject-with icmp-net-prohibited
+ * iptables -A bw_costly_shared -j bw_penalty_box
+ * iptables -A bw_penalty_box -j bw_happy_box
+ * iptables -A bw_happy_box -j bw_data_saver
*
* . adding a new iface to this, E.g.:
- * iptables -I bw_INPUT -i iface1 --jump bw_costly_shared
- * iptables -I bw_OUTPUT -o iface1 --jump bw_costly_shared
+ * iptables -I bw_INPUT -i iface1 -j bw_costly_shared
+ * iptables -I bw_OUTPUT -o iface1 -j bw_costly_shared
*
* - quota per interface. This is achieve by having "costly" chains per quota.
* E.g. adding a new costly interface iface0 with its own quota:
* iptables -N bw_costly_iface0
- * iptables -I bw_INPUT -i iface0 --jump bw_costly_iface0
- * iptables -I bw_OUTPUT -o iface0 --jump bw_costly_iface0
+ * iptables -I bw_INPUT -i iface0 -j bw_costly_iface0
+ * iptables -I bw_OUTPUT -o iface0 -j bw_costly_iface0
* iptables -A bw_costly_iface0 -m quota \! --quota 500000 \
- * --jump REJECT --reject-with icmp-port-unreachable
- * iptables -A bw_costly_iface0 --jump bw_penalty_box
+ * -j REJECT --reject-with icmp-port-unreachable
+ * iptables -A bw_costly_iface0 -j bw_penalty_box
*
* * Penalty box, happy box and data saver.
* - bw_penalty box is a blacklist of apps that are rejected.
@@ -132,25 +132,25 @@
* - only one bw_penalty_box for all interfaces
* E.g Adding an app:
* iptables -I bw_penalty_box -m owner --uid-owner app_3 \
- * --jump REJECT --reject-with icmp-port-unreachable
+ * -j REJECT --reject-with icmp-port-unreachable
*
* * bw_happy_box handling:
* - The bw_happy_box comes after the penalty box.
* E.g Adding a happy app,
* iptables -I bw_happy_box -m owner --uid-owner app_3 \
- * --jump RETURN
+ * -j RETURN
*
* * bw_data_saver handling:
* - The bw_data_saver comes after the happy box.
* Enable data saver:
- * iptables -R 1 bw_data_saver --jump REJECT --reject-with icmp-port-unreachable
+ * iptables -R 1 bw_data_saver -j REJECT --reject-with icmp-port-unreachable
* Disable data saver:
- * iptables -R 1 bw_data_saver --jump RETURN
+ * iptables -R 1 bw_data_saver -j RETURN
*/
const std::string COMMIT_AND_CLOSE = "COMMIT\n";
const std::string HAPPY_BOX_MATCH_WHITELIST_COMMAND =
- StringPrintf("-I bw_happy_box -m owner --uid-owner %d-%d --jump RETURN", 0, MAX_SYSTEM_UID);
+ StringPrintf("-I bw_happy_box -m owner --uid-owner %d-%d -j RETURN", 0, MAX_SYSTEM_UID);
const std::string BPF_HAPPY_BOX_MATCH_WHITELIST_COMMAND = StringPrintf(
"-I bw_happy_box -m bpf --object-pinned %s -j RETURN", XT_BPF_WHITELIST_PROG_PATH);
const std::string BPF_PENALTY_BOX_MATCH_BLACKLIST_COMMAND = StringPrintf(
@@ -231,9 +231,9 @@
"-A bw_OUTPUT -m policy --pol ipsec --dir out -j RETURN",
useBpf ? "" : "-A bw_OUTPUT -m owner --socket-exists",
- "-A bw_costly_shared --jump bw_penalty_box",
+ "-A bw_costly_shared -j bw_penalty_box",
useBpf ? BPF_PENALTY_BOX_MATCH_BLACKLIST_COMMAND : "",
- "-A bw_penalty_box --jump bw_happy_box", "-A bw_happy_box --jump bw_data_saver",
+ "-A bw_penalty_box -j bw_happy_box", "-A bw_happy_box -j bw_data_saver",
"-A bw_data_saver -j RETURN",
useBpf ? BPF_HAPPY_BOX_MATCH_WHITELIST_COMMAND : HAPPY_BOX_MATCH_WHITELIST_COMMAND,
"COMMIT",
@@ -413,15 +413,14 @@
if (it == mSharedQuotaIfaces.end()) {
const int ruleInsertPos = (mGlobalAlertBytes) ? 2 : 1;
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf("-I bw_INPUT %d -i %s --jump %s", ruleInsertPos, iface.c_str(), chain),
- StringPrintf("-I bw_OUTPUT %d -o %s --jump %s", ruleInsertPos, iface.c_str(), chain),
- StringPrintf("-A bw_FORWARD -i %s --jump %s", iface.c_str(), chain),
- StringPrintf("-A bw_FORWARD -o %s --jump %s", iface.c_str(), chain),
+ "*filter",
+ StringPrintf("-I bw_INPUT %d -i %s -j %s", ruleInsertPos, iface.c_str(), chain),
+ StringPrintf("-I bw_OUTPUT %d -o %s -j %s", ruleInsertPos, iface.c_str(), chain),
+ StringPrintf("-A bw_FORWARD -i %s -j %s", iface.c_str(), chain),
+ StringPrintf("-A bw_FORWARD -o %s -j %s", iface.c_str(), chain),
};
if (mSharedQuotaIfaces.empty()) {
- cmds.push_back(StringPrintf("-I %s -m quota2 ! --quota %" PRId64
- " --name %s --jump REJECT",
+ cmds.push_back(StringPrintf("-I %s -m quota2 ! --quota %" PRId64 " --name %s -j REJECT",
chain, maxBytes, cost));
}
cmds.push_back("COMMIT\n");
@@ -464,15 +463,14 @@
}
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf("-D bw_INPUT -i %s --jump %s", iface.c_str(), chain),
- StringPrintf("-D bw_OUTPUT -o %s --jump %s", iface.c_str(), chain),
- StringPrintf("-D bw_FORWARD -i %s --jump %s", iface.c_str(), chain),
- StringPrintf("-D bw_FORWARD -o %s --jump %s", iface.c_str(), chain),
+ "*filter",
+ StringPrintf("-D bw_INPUT -i %s -j %s", iface.c_str(), chain),
+ StringPrintf("-D bw_OUTPUT -o %s -j %s", iface.c_str(), chain),
+ StringPrintf("-D bw_FORWARD -i %s -j %s", iface.c_str(), chain),
+ StringPrintf("-D bw_FORWARD -o %s -j %s", iface.c_str(), chain),
};
if (mSharedQuotaIfaces.size() == 1) {
- cmds.push_back(StringPrintf("-D %s -m quota2 ! --quota %" PRIu64
- " --name %s --jump REJECT",
+ cmds.push_back(StringPrintf("-D %s -m quota2 ! --quota %" PRIu64 " --name %s -j REJECT",
chain, mSharedQuotaBytes, cost));
}
cmds.push_back("COMMIT\n");
@@ -527,18 +525,17 @@
const std::string chain = "bw_costly_" + iface;
const int ruleInsertPos = (mGlobalAlertBytes) ? 2 : 1;
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf(":%s -", chain.c_str()),
- StringPrintf("-A %s -j bw_penalty_box", chain.c_str()),
- StringPrintf("-I bw_INPUT %d -i %s --jump %s", ruleInsertPos, iface.c_str(),
- chain.c_str()),
- StringPrintf("-I bw_OUTPUT %d -o %s --jump %s", ruleInsertPos, iface.c_str(),
- chain.c_str()),
- StringPrintf("-A bw_FORWARD -i %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-A bw_FORWARD -o %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-A %s -m quota2 ! --quota %" PRId64 " --name %s --jump REJECT",
- chain.c_str(), maxBytes, cost.c_str()),
- "COMMIT\n",
+ "*filter",
+ StringPrintf(":%s -", chain.c_str()),
+ StringPrintf("-A %s -j bw_penalty_box", chain.c_str()),
+ StringPrintf("-I bw_INPUT %d -i %s -j %s", ruleInsertPos, iface.c_str(), chain.c_str()),
+ StringPrintf("-I bw_OUTPUT %d -o %s -j %s", ruleInsertPos, iface.c_str(),
+ chain.c_str()),
+ StringPrintf("-A bw_FORWARD -i %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-A bw_FORWARD -o %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-A %s -m quota2 ! --quota %" PRId64 " --name %s -j REJECT", chain.c_str(),
+ maxBytes, cost.c_str()),
+ "COMMIT\n",
};
if (iptablesRestoreFunction(V4V6, Join(cmds, "\n"), nullptr) != 0) {
ALOGE("Failed set quota rule");
@@ -586,14 +583,14 @@
const std::string chain = "bw_costly_" + iface;
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf("-D bw_INPUT -i %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-D bw_OUTPUT -o %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-D bw_FORWARD -i %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-D bw_FORWARD -o %s --jump %s", iface.c_str(), chain.c_str()),
- StringPrintf("-F %s", chain.c_str()),
- StringPrintf("-X %s", chain.c_str()),
- "COMMIT\n",
+ "*filter",
+ StringPrintf("-D bw_INPUT -i %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-D bw_OUTPUT -o %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-D bw_FORWARD -i %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-D bw_FORWARD -o %s -j %s", iface.c_str(), chain.c_str()),
+ StringPrintf("-F %s", chain.c_str()),
+ StringPrintf("-X %s", chain.c_str()),
+ "COMMIT\n",
};
const int res = iptablesRestoreFunction(V4V6, Join(cmds, "\n"), nullptr);
@@ -859,8 +856,8 @@
case IptJumpNoAdd:
return "";
case IptJumpReject:
- return " --jump REJECT";
+ return " -j REJECT";
case IptJumpReturn:
- return " --jump RETURN";
+ return " -j RETURN";
}
}
diff --git a/server/BandwidthControllerTest.cpp b/server/BandwidthControllerTest.cpp
index 9337ac5..0966b7f 100644
--- a/server/BandwidthControllerTest.cpp
+++ b/server/BandwidthControllerTest.cpp
@@ -61,12 +61,12 @@
"-A bw_OUTPUT -o ipsec+ -j RETURN\n"
"-A bw_OUTPUT -m policy --pol ipsec --dir out -j RETURN\n"
"-A bw_OUTPUT -m owner --socket-exists\n"
- "-A bw_costly_shared --jump bw_penalty_box\n"
+ "-A bw_costly_shared -j bw_penalty_box\n"
"\n"
- "-A bw_penalty_box --jump bw_happy_box\n"
- "-A bw_happy_box --jump bw_data_saver\n"
+ "-A bw_penalty_box -j bw_happy_box\n"
+ "-A bw_happy_box -j bw_data_saver\n"
"-A bw_data_saver -j RETURN\n"
- "-I bw_happy_box -m owner --uid-owner 0-9999 --jump RETURN\n"
+ "-I bw_happy_box -m owner --uid-owner 0-9999 -j RETURN\n"
"COMMIT\n"
"*raw\n"
"-A bw_raw_PREROUTING -i ipsec+ -j RETURN\n"
@@ -92,11 +92,11 @@
"-A bw_OUTPUT -o ipsec+ -j RETURN\n"
"-A bw_OUTPUT -m policy --pol ipsec --dir out -j RETURN\n"
"\n"
- "-A bw_costly_shared --jump bw_penalty_box\n" +
+ "-A bw_costly_shared -j bw_penalty_box\n" +
StringPrintf("-I bw_penalty_box -m bpf --object-pinned %s -j REJECT\n",
XT_BPF_BLACKLIST_PROG_PATH) +
- "-A bw_penalty_box --jump bw_happy_box\n"
- "-A bw_happy_box --jump bw_data_saver\n"
+ "-A bw_penalty_box -j bw_happy_box\n"
+ "-A bw_happy_box -j bw_data_saver\n"
"-A bw_data_saver -j RETURN\n" +
StringPrintf("-I bw_happy_box -m bpf --object-pinned %s -j RETURN\n",
XT_BPF_WHITELIST_PROG_PATH) +
@@ -276,21 +276,21 @@
TEST_F(BandwidthControllerTest, TestEnableDataSaver) {
mBw.enableDataSaver(true);
std::string expected4 =
- "*filter\n"
- ":bw_data_saver -\n"
- "-A bw_data_saver --jump REJECT\n"
- "COMMIT\n";
+ "*filter\n"
+ ":bw_data_saver -\n"
+ "-A bw_data_saver -j REJECT\n"
+ "COMMIT\n";
std::string expected6 =
- "*filter\n"
- ":bw_data_saver -\n"
- "-A bw_data_saver -p icmpv6 --icmpv6-type packet-too-big -j RETURN\n"
- "-A bw_data_saver -p icmpv6 --icmpv6-type router-solicitation -j RETURN\n"
- "-A bw_data_saver -p icmpv6 --icmpv6-type router-advertisement -j RETURN\n"
- "-A bw_data_saver -p icmpv6 --icmpv6-type neighbour-solicitation -j RETURN\n"
- "-A bw_data_saver -p icmpv6 --icmpv6-type neighbour-advertisement -j RETURN\n"
- "-A bw_data_saver -p icmpv6 --icmpv6-type redirect -j RETURN\n"
- "-A bw_data_saver --jump REJECT\n"
- "COMMIT\n";
+ "*filter\n"
+ ":bw_data_saver -\n"
+ "-A bw_data_saver -p icmpv6 --icmpv6-type packet-too-big -j RETURN\n"
+ "-A bw_data_saver -p icmpv6 --icmpv6-type router-solicitation -j RETURN\n"
+ "-A bw_data_saver -p icmpv6 --icmpv6-type router-advertisement -j RETURN\n"
+ "-A bw_data_saver -p icmpv6 --icmpv6-type neighbour-solicitation -j RETURN\n"
+ "-A bw_data_saver -p icmpv6 --icmpv6-type neighbour-advertisement -j RETURN\n"
+ "-A bw_data_saver -p icmpv6 --icmpv6-type redirect -j RETURN\n"
+ "-A bw_data_saver -j REJECT\n"
+ "COMMIT\n";
expectIptablesRestoreCommands({
{V4, expected4},
{V6, expected6},
@@ -298,11 +298,10 @@
mBw.enableDataSaver(false);
std::string expected = {
- "*filter\n"
- ":bw_data_saver -\n"
- "-A bw_data_saver --jump RETURN\n"
- "COMMIT\n"
- };
+ "*filter\n"
+ ":bw_data_saver -\n"
+ "-A bw_data_saver -j RETURN\n"
+ "COMMIT\n"};
expectIptablesRestoreCommands({
{V4, expected},
{V6, expected},
@@ -315,16 +314,16 @@
const char* c_chain = chain.c_str();
const char* c_iface = iface.c_str();
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf(":%s -", c_chain),
- StringPrintf("-A %s -j bw_penalty_box", c_chain),
- StringPrintf("-I bw_INPUT %d -i %s --jump %s", ruleIndex, c_iface, c_chain),
- StringPrintf("-I bw_OUTPUT %d -o %s --jump %s", ruleIndex, c_iface, c_chain),
- StringPrintf("-A bw_FORWARD -i %s --jump %s", c_iface, c_chain),
- StringPrintf("-A bw_FORWARD -o %s --jump %s", c_iface, c_chain),
- StringPrintf("-A %s -m quota2 ! --quota %" PRIu64 " --name %s --jump REJECT", c_chain,
- quota, c_iface),
- "COMMIT\n",
+ "*filter",
+ StringPrintf(":%s -", c_chain),
+ StringPrintf("-A %s -j bw_penalty_box", c_chain),
+ StringPrintf("-I bw_INPUT %d -i %s -j %s", ruleIndex, c_iface, c_chain),
+ StringPrintf("-I bw_OUTPUT %d -o %s -j %s", ruleIndex, c_iface, c_chain),
+ StringPrintf("-A bw_FORWARD -i %s -j %s", c_iface, c_chain),
+ StringPrintf("-A bw_FORWARD -o %s -j %s", c_iface, c_chain),
+ StringPrintf("-A %s -m quota2 ! --quota %" PRIu64 " --name %s -j REJECT", c_chain,
+ quota, c_iface),
+ "COMMIT\n",
};
return {Join(cmds, "\n")};
}
@@ -334,14 +333,14 @@
const char* c_chain = chain.c_str();
const char* c_iface = iface.c_str();
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf("-D bw_INPUT -i %s --jump %s", c_iface, c_chain),
- StringPrintf("-D bw_OUTPUT -o %s --jump %s", c_iface, c_chain),
- StringPrintf("-D bw_FORWARD -i %s --jump %s", c_iface, c_chain),
- StringPrintf("-D bw_FORWARD -o %s --jump %s", c_iface, c_chain),
- StringPrintf("-F %s", c_chain),
- StringPrintf("-X %s", c_chain),
- "COMMIT\n",
+ "*filter",
+ StringPrintf("-D bw_INPUT -i %s -j %s", c_iface, c_chain),
+ StringPrintf("-D bw_OUTPUT -o %s -j %s", c_iface, c_chain),
+ StringPrintf("-D bw_FORWARD -i %s -j %s", c_iface, c_chain),
+ StringPrintf("-D bw_FORWARD -o %s -j %s", c_iface, c_chain),
+ StringPrintf("-F %s", c_chain),
+ StringPrintf("-X %s", c_chain),
+ "COMMIT\n",
};
return {Join(cmds, "\n")};
}
@@ -372,15 +371,15 @@
const char* c_chain = chain.c_str();
const char* c_iface = iface.c_str();
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf("-I bw_INPUT %d -i %s --jump %s", ruleIndex, c_iface, c_chain),
- StringPrintf("-I bw_OUTPUT %d -o %s --jump %s", ruleIndex, c_iface, c_chain),
- StringPrintf("-A bw_FORWARD -i %s --jump %s", c_iface, c_chain),
- StringPrintf("-A bw_FORWARD -o %s --jump %s", c_iface, c_chain),
+ "*filter",
+ StringPrintf("-I bw_INPUT %d -i %s -j %s", ruleIndex, c_iface, c_chain),
+ StringPrintf("-I bw_OUTPUT %d -o %s -j %s", ruleIndex, c_iface, c_chain),
+ StringPrintf("-A bw_FORWARD -i %s -j %s", c_iface, c_chain),
+ StringPrintf("-A bw_FORWARD -o %s -j %s", c_iface, c_chain),
};
if (insertQuota) {
- cmds.push_back(StringPrintf(
- "-I %s -m quota2 ! --quota %" PRIu64 " --name shared --jump REJECT", c_chain, quota));
+ cmds.push_back(StringPrintf("-I %s -m quota2 ! --quota %" PRIu64 " --name shared -j REJECT",
+ c_chain, quota));
}
cmds.push_back("COMMIT\n");
return {Join(cmds, "\n")};
@@ -392,15 +391,15 @@
const char* c_chain = chain.c_str();
const char* c_iface = iface.c_str();
std::vector<std::string> cmds = {
- "*filter",
- StringPrintf("-D bw_INPUT -i %s --jump %s", c_iface, c_chain),
- StringPrintf("-D bw_OUTPUT -o %s --jump %s", c_iface, c_chain),
- StringPrintf("-D bw_FORWARD -i %s --jump %s", c_iface, c_chain),
- StringPrintf("-D bw_FORWARD -o %s --jump %s", c_iface, c_chain),
+ "*filter",
+ StringPrintf("-D bw_INPUT -i %s -j %s", c_iface, c_chain),
+ StringPrintf("-D bw_OUTPUT -o %s -j %s", c_iface, c_chain),
+ StringPrintf("-D bw_FORWARD -i %s -j %s", c_iface, c_chain),
+ StringPrintf("-D bw_FORWARD -o %s -j %s", c_iface, c_chain),
};
if (deleteQuota) {
- cmds.push_back(StringPrintf(
- "-D %s -m quota2 ! --quota %" PRIu64 " --name shared --jump REJECT", c_chain, quota));
+ cmds.push_back(StringPrintf("-D %s -m quota2 ! --quota %" PRIu64 " --name shared -j REJECT",
+ c_chain, quota));
}
cmds.push_back("COMMIT\n");
return {Join(cmds, "\n")};
@@ -515,22 +514,20 @@
std::vector<const char *> appUids = { "1000", "1001", "10012" };
std::vector<std::string> expected = {
- "*filter\n"
- "-I bw_happy_box -m owner --uid-owner 1000 --jump RETURN\n"
- "-I bw_happy_box -m owner --uid-owner 1001 --jump RETURN\n"
- "-I bw_happy_box -m owner --uid-owner 10012 --jump RETURN\n"
- "COMMIT\n"
- };
+ "*filter\n"
+ "-I bw_happy_box -m owner --uid-owner 1000 -j RETURN\n"
+ "-I bw_happy_box -m owner --uid-owner 1001 -j RETURN\n"
+ "-I bw_happy_box -m owner --uid-owner 10012 -j RETURN\n"
+ "COMMIT\n"};
EXPECT_EQ(0, mBw.addNiceApps(appUids.size(), const_cast<char**>(&appUids[0])));
expectIptablesRestoreCommands(expected);
expected = {
- "*filter\n"
- "-D bw_penalty_box -m owner --uid-owner 1000 --jump REJECT\n"
- "-D bw_penalty_box -m owner --uid-owner 1001 --jump REJECT\n"
- "-D bw_penalty_box -m owner --uid-owner 10012 --jump REJECT\n"
- "COMMIT\n"
- };
+ "*filter\n"
+ "-D bw_penalty_box -m owner --uid-owner 1000 -j REJECT\n"
+ "-D bw_penalty_box -m owner --uid-owner 1001 -j REJECT\n"
+ "-D bw_penalty_box -m owner --uid-owner 10012 -j REJECT\n"
+ "COMMIT\n"};
EXPECT_EQ(0, mBw.removeNaughtyApps(appUids.size(), const_cast<char**>(&appUids[0])));
expectIptablesRestoreCommands(expected);
}