Merge "Refine firewall-related commands"
This commit is contained in:
Luke Huang
@@ -2032,8 +2032,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub
|
||||
setFirewallChainState(chain, enable);
|
||||
}
|
||||
|
||||
final String chainName = getFirewallChainName(chain);
|
||||
if (chain == FIREWALL_CHAIN_NONE) {
|
||||
throw new IllegalArgumentException("Bad child chain: " + chain);
|
||||
throw new IllegalArgumentException("Bad child chain: " + chainName);
|
||||
}
|
||||
|
||||
try {
|
||||
@@ -2047,7 +2048,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
|
||||
// the connection and race with the iptables commands that enable the firewall. All
|
||||
// whitelist and blacklist chains allow RSTs through.
|
||||
if (enable) {
|
||||
closeSocketsForFirewallChainLocked(chain, getFirewallChainName(chain));
|
||||
closeSocketsForFirewallChainLocked(chain, chainName);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -2208,19 +2209,11 @@ public class NetworkManagementService extends INetworkManagementService.Stub
|
||||
}
|
||||
|
||||
private int getFirewallRuleType(int chain, int rule) {
|
||||
if (getFirewallType(chain) == FIREWALL_TYPE_WHITELIST) {
|
||||
if (rule == NetworkPolicyManager.FIREWALL_RULE_ALLOW) {
|
||||
return INetd.FIREWALL_RULE_ALLOW;
|
||||
} else {
|
||||
return INetd.FIREWALL_RULE_DENY;
|
||||
}
|
||||
} else { // Blacklist mode
|
||||
if (rule == NetworkPolicyManager.FIREWALL_RULE_DENY) {
|
||||
return INetd.FIREWALL_RULE_DENY;
|
||||
} else {
|
||||
return INetd.FIREWALL_RULE_ALLOW;
|
||||
}
|
||||
if (rule == NetworkPolicyManager.FIREWALL_RULE_DEFAULT) {
|
||||
return getFirewallType(chain) == FIREWALL_TYPE_WHITELIST
|
||||
? INetd.FIREWALL_RULE_DENY : INetd.FIREWALL_RULE_ALLOW;
|
||||
}
|
||||
return rule;
|
||||
}
|
||||
|
||||
private static void enforceSystemUid() {
|
||||
|
||||
Reference in New Issue
Block a user