commit e64fa3865054f40d150891e22aa6f7633fa9afee
author Luke Huang <huangluke@google.com> Tue Jul 24 16:38:22 2018 +0800
committer Luke Huang <huangluke@google.com> Wed Oct 24 15:16:15 2018 +0900
tree f9a2f5349c3af71aae692234bd1b0405804334f6
parent 82ad648ccc29e743450103dd5b6d513a035ff3d8

Firewall-related commands porting

Test: built, flashed, booted
      system/netd/tests/runtests.sh passes

Change-Id: I0fcf6ac4e5d96cbf63d6752bee7202cdef940e82

server/FirewallController.cpp

diff --git a/server/FirewallController.cpp b/server/FirewallController.cpp
index 4e5e3e5..890ab5b 100644
--- a/server/FirewallController.cpp
+++ b/server/FirewallController.cpp
@@ -59,6 +59,9 @@
 
 }  // namespace
 
+namespace android {
+namespace net {
+
 auto FirewallController::execIptablesRestore = ::execIptablesRestore;
 
 const char* FirewallController::TABLE = "filter";
@@ -101,11 +104,11 @@
     return res;
 }
 
-int FirewallController::enableFirewall(FirewallType ftype) {
+int FirewallController::setFirewallType(FirewallType ftype) {
     int res = 0;
     if (mFirewallType != ftype) {
         // flush any existing rules
-        disableFirewall();
+        resetFirewall();
 
         if (ftype == WHITELIST) {
             // create default rule to drop all traffic
@@ -121,10 +124,10 @@
         // Set this after calling disableFirewall(), since it defaults to WHITELIST there
         mFirewallType = ftype;
     }
-    return res;
+    return res ? -EREMOTEIO : 0;
 }
 
-int FirewallController::disableFirewall(void) {
+int FirewallController::resetFirewall(void) {
     mFirewallType = WHITELIST;
     mIfaceRules.clear();
 
@@ -136,7 +139,7 @@
         ":fw_FORWARD -\n"
         "COMMIT\n";
 
-    return execIptablesRestore(V4V6, command.c_str());
+    return (execIptablesRestore(V4V6, command.c_str()) == 0) ? 0 : -EREMOTEIO;
 }
 
 int FirewallController::enableChildChains(ChildChain chain, bool enable) {
@@ -177,12 +180,12 @@
 int FirewallController::setInterfaceRule(const char* iface, FirewallRule rule) {
     if (mFirewallType == BLACKLIST) {
         // Unsupported in BLACKLIST mode
-        return -1;
+        return -EINVAL;
     }
 
     if (!isIfaceName(iface)) {
         errno = ENOENT;
-        return -1;
+        return -ENOENT;
     }
 
     // Only delete rules if we actually added them, because otherwise our iptables-restore
@@ -205,7 +208,7 @@
         StringPrintf("%s fw_OUTPUT -o %s -j RETURN", op, iface),
         "COMMIT\n"
     }, "\n");
-    return execIptablesRestore(V4V6, command);
+    return (execIptablesRestore(V4V6, command) == 0) ? 0 : -EREMOTEIO;
 }
 
 FirewallType FirewallController::getFirewallType(ChildChain chain) {
@@ -253,7 +256,7 @@
             break;
         default:
             ALOGW("Unknown child chain: %d", chain);
-            return -1;
+            return -EINVAL;
     }
     if (mUseBpfOwnerMatch) {
         return gCtls->trafficCtrl.changeUidOwnerRule(chain, uid, rule, firewallType);
@@ -266,7 +269,7 @@
     }
     StringAppendF(&command, "COMMIT\n");
 
-    return execIptablesRestore(V4V6, command);
+    return (execIptablesRestore(V4V6, command) == 0) ? 0 : -EREMOTEIO;
 }
 
 int FirewallController::createChain(const char* chain, FirewallType type) {
@@ -393,3 +396,6 @@
 
     return maxUid;
 }
+
+}  // namespace net
+}  // namespace android
\ No newline at end of file