netd: add default fw white list for system uids In uid firewall white list, we white list the system uid range by default to make sure system processes will always have network access. BUG:22094135 Change-Id: I8f472a98a9fd93591a2887982cec1458d7683613

commit: feb2b61d3010d52e530357116c3b22c6d77da3cf [log] [tgz]
author: Xiaohui Chen <xiaohuic@google.com> Thu Jun 25 21:19:38 2015 -0700
committer: Xiaohui Chen <xiaohuic@google.com> Thu Jun 25 21:19:38 2015 -0700
tree: 55103e34abfce893bc2c219a74644af3616087bd
parent: 1cdfa9adfa584029cb6d9ac13a2896786001b3a1 [diff] [blame]
diff --git a/server/FirewallController.cpp b/server/FirewallController.cpp
index 4847c85..bcf7524 100644
--- a/server/FirewallController.cpp
+++ b/server/FirewallController.cpp

@@ -23,6 +23,7 @@
 #define LOG_NDEBUG 0
 
 #include <cutils/log.h>
+#include <private/android_filesystem_config.h>
 
 #include "NetdConstants.h"
 #include "FirewallController.h"
@@ -263,6 +264,11 @@
     int res = 0;
     res |= execIptables(V4V6, "-t", TABLE, "-N", childChain, NULL);
     if (type == WHITELIST) {
+        // create default white list for system uid range
+        char uidStr[16];
+        sprintf(uidStr, "0-%d", AID_APP - 1);
+        res |= execIptables(V4V6, "-A", childChain, "-m", "owner", "--uid-owner",
+                uidStr, "-j", "RETURN", NULL);
         // create default rule to drop all traffic
         res |= execIptables(V4V6, "-A", childChain, "-j", "DROP", NULL);
     }
commit	feb2b61d3010d52e530357116c3b22c6d77da3cf	[log] [tgz]
author	Xiaohui Chen <xiaohuic@google.com>	Thu Jun 25 21:19:38 2015 -0700
committer	Xiaohui Chen <xiaohuic@google.com>	Thu Jun 25 21:19:38 2015 -0700
tree	55103e34abfce893bc2c219a74644af3616087bd
parent	1cdfa9adfa584029cb6d9ac13a2896786001b3a1 [diff] [blame]