LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge changes Ic6ff7a3d,Iff9b9792

Browse Source 
* changes:
  Refactor code and improve tests for VPN filtering
  Remove LOCKDOWN from FirewallChain IntDef
This commit is contained in:
Motomu Utsumi
2022-06-16 01:32:20 +00:00
committed by Gerrit Code Review
parent 929368eb1a f8bd82cd67
commit 5d787feef0
11 changed files with 185 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
service/native/TrafficController.cpp
View File

@@ -340,8 +340,6 @@ FirewallType TrafficController::getFirewallType(ChildChain chain) {
return ALLOWLIST;
case LOW_POWER_STANDBY:
return ALLOWLIST;
case LOCKDOWN:
return DENYLIST;
case OEM_DENY_1:
return DENYLIST;
case OEM_DENY_2:
@@ -373,9 +371,6 @@ int TrafficController::changeUidOwnerRule(ChildChain chain, uid_t uid, FirewallR
case LOW_POWER_STANDBY:
res = updateOwnerMapEntry(LOW_POWER_STANDBY_MATCH, uid, rule, type);
break;
case LOCKDOWN:
res = updateOwnerMapEntry(LOCKDOWN_VPN_MATCH, uid, rule, type);
break;
case OEM_DENY_1:
res = updateOwnerMapEntry(OEM_DENY_1_MATCH, uid, rule, type);
break;
@@ -447,6 +442,18 @@ Status TrafficController::removeUidInterfaceRules(const std::vector<int32_t>& ui
return netdutils::status::ok;
}
Status TrafficController::updateUidLockdownRule(const uid_t uid, const bool add) {
std::lock_guard guard(mMutex);
netdutils::Status result = add ? addRule(uid, LOCKDOWN_VPN_MATCH)
: removeRule(uid, LOCKDOWN_VPN_MATCH);
if (!isOk(result)) {
ALOGW("%s Lockdown rule failed(%d): uid=%d",
(add ? "add": "remove"), result.code(), uid);
}
return result;
}
int TrafficController::replaceUidOwnerMap(const std::string& name, bool isAllowlist __unused,
const std::vector<int32_t>& uids) {
// FirewallRule rule = isAllowlist ? ALLOW : DENY;