Merge "Refine firewall-related commands" am: 7843e757d3 am: 985442370e

am: 7295bd9d68 Change-Id: Iabfc6ed7f634fde84bc348fae81baf9bbea001e6
author: Luke Huang <huangluke@google.com> 2018-10-28 17:57:13 -0700
committer: android-build-merger <android-build-merger@google.com> 2018-10-28 17:57:13 -0700
commit: ddc28adf0c6921a4a4dca910cd6f01eb6f2fdab3 (patch)
tree: bd5d76da479be9bab99fa34fea70edf0918891c9
parent: 0215e9930fda96639f0c9623164ad82fca12728e (diff)
parent: 7295bd9d687003aed080f85ae53d28c39f538584 (diff)
1 files changed, 7 insertions, 14 deletions
diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index d5708623c0c3..9c56ccf2a5be 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -2037,8 +2037,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub
                 setFirewallChainState(chain, enable);
             }
 
+            final String chainName = getFirewallChainName(chain);
             if (chain == FIREWALL_CHAIN_NONE) {
-                throw new IllegalArgumentException("Bad child chain: " + chain);
+                throw new IllegalArgumentException("Bad child chain: " + chainName);
             }
 
             try {
@@ -2052,7 +2053,7 @@ public class NetworkManagementService extends INetworkManagementService.Stub
             // the connection and race with the iptables commands that enable the firewall. All
             // whitelist and blacklist chains allow RSTs through.
             if (enable) {
-                closeSocketsForFirewallChainLocked(chain, getFirewallChainName(chain));
+                closeSocketsForFirewallChainLocked(chain, chainName);
             }
         }
     }
@@ -2214,19 +2215,11 @@ public class NetworkManagementService extends INetworkManagementService.Stub
     }
 
     private int getFirewallRuleType(int chain, int rule) {
-        if (getFirewallType(chain) == FIREWALL_TYPE_WHITELIST) {
-            if (rule == NetworkPolicyManager.FIREWALL_RULE_ALLOW) {
-                return INetd.FIREWALL_RULE_ALLOW;
-            } else {
-                return INetd.FIREWALL_RULE_DENY;
-            }
-        } else { // Blacklist mode
-            if (rule == NetworkPolicyManager.FIREWALL_RULE_DENY) {
-                return INetd.FIREWALL_RULE_DENY;
-            } else {
-                return INetd.FIREWALL_RULE_ALLOW;
-            }
+        if (rule == NetworkPolicyManager.FIREWALL_RULE_DEFAULT) {
+            return getFirewallType(chain) == FIREWALL_TYPE_WHITELIST
+                    ? INetd.FIREWALL_RULE_DENY : INetd.FIREWALL_RULE_ALLOW;
         }
+        return rule;
     }
 
     private static void enforceSystemUid() {
author	Luke Huang <huangluke@google.com>	2018-10-28 17:57:13 -0700
committer	android-build-merger <android-build-merger@google.com>	2018-10-28 17:57:13 -0700
commit	ddc28adf0c6921a4a4dca910cd6f01eb6f2fdab3 (patch)
tree	bd5d76da479be9bab99fa34fea70edf0918891c9
parent	0215e9930fda96639f0c9623164ad82fca12728e (diff)
parent	7295bd9d687003aed080f85ae53d28c39f538584 (diff)