Merge "Refine firewall-related commands"

am: 7843e757d3 Change-Id: Iea074e75c8b78e675f49350d4fe16ccee07a294a
2018-10-28 17:40:01 -07:00
parent 161b7028a4 7843e757d3
commit 985442370e
1 changed files with 7 additions and 14 deletions
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -2032,8 +2032,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub
                setFirewallChainState(chain, enable);
            }
            final String chainName = getFirewallChainName(chain);
            if (chain == FIREWALL_CHAIN_NONE) {
-                throw new IllegalArgumentException("Bad child chain: " + chain);
+                throw new IllegalArgumentException("Bad child chain: " + chainName);
            }
            try {
@@ -2047,7 +2048,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
            // the connection and race with the iptables commands that enable the firewall. All
            // whitelist and blacklist chains allow RSTs through.
            if (enable) {
-                closeSocketsForFirewallChainLocked(chain, getFirewallChainName(chain));
+                closeSocketsForFirewallChainLocked(chain, chainName);
            }
        }
    }
@@ -2208,19 +2209,11 @@ public class NetworkManagementService extends INetworkManagementService.Stub
    }
    private int getFirewallRuleType(int chain, int rule) {
-        if (getFirewallType(chain) == FIREWALL_TYPE_WHITELIST) {
+        if (rule == NetworkPolicyManager.FIREWALL_RULE_DEFAULT) {
-            if (rule == NetworkPolicyManager.FIREWALL_RULE_ALLOW) {
+            return getFirewallType(chain) == FIREWALL_TYPE_WHITELIST
-                return INetd.FIREWALL_RULE_ALLOW;
+                    ? INetd.FIREWALL_RULE_DENY : INetd.FIREWALL_RULE_ALLOW;
            } else {
                return INetd.FIREWALL_RULE_DENY;
            }
        } else { // Blacklist mode
            if (rule == NetworkPolicyManager.FIREWALL_RULE_DENY) {
                return INetd.FIREWALL_RULE_DENY;
            } else {
                return INetd.FIREWALL_RULE_ALLOW;
            }
        }
        return rule;
    }
    private static void enforceSystemUid() {