From 690f18a5648e292c29f17b248644e7b887c1f52c Mon Sep 17 00:00:00 2001
From: Xiaohui Chen <xiaohuic@google.com>
Date: Tue, 20 Oct 2015 13:53:45 -0700
Subject: ignore initial request to disable iptable chain

iptable child chains are disabled by default.  Ignore the initial
disable request so netd won't throw errors when it cannot detach chains
that do not exist.

Bug: 22800189
Change-Id: I70b4b8b9e6a5dbffe32841941922b7fd92dcd3d6
Original-Change-Id: I9312dd558ba6d59dc6aa394afeb66a222daafcf9
[cernekee: backported from master branch]
---
 services/core/java/com/android/server/NetworkManagementService.java | 6 +++---
 .../java/com/android/server/net/NetworkPolicyManagerService.java    | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/services/core/java/com/android/server/NetworkManagementService.java b/services/core/java/com/android/server/NetworkManagementService.java
index 433f70753f65..ba9279c53d72 100644
--- a/services/core/java/com/android/server/NetworkManagementService.java
+++ b/services/core/java/com/android/server/NetworkManagementService.java
@@ -2023,9 +2023,9 @@ public class NetworkManagementService extends INetworkManagementService.Stub
     public void setFirewallChainEnabled(int chain, boolean enable) {
         enforceSystemUid();
         synchronized (mQuotaLock) {
-            if (mFirewallChainStates.indexOfKey(chain) >= 0 &&
-                    mFirewallChainStates.get(chain) == enable) {
-                // All is the same, nothing to do.
+            if (mFirewallChainStates.get(chain, false) == enable) {
+                // All is the same, nothing to do.  This relies on the fact that netd has child
+                // chains default detached.
                 return;
             }
             mFirewallChainStates.put(chain, enable);
diff --git a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
index 88e86e7404d6..bc8957fb763b 100644
--- a/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
+++ b/services/core/java/com/android/server/net/NetworkPolicyManagerService.java
@@ -2511,9 +2511,9 @@ public class NetworkPolicyManagerService extends INetworkPolicyManager.Stub {
      * Add or remove a uid to the firewall blacklist for all network ifaces.
      */
     private void enableFirewallChainLocked(int chain, boolean enable) {
-        if (mFirewallChainStates.indexOfKey(chain) >= 0 &&
-                mFirewallChainStates.get(chain) == enable) {
-            // All is the same, nothing to do.
+        if (mFirewallChainStates.get(chain, false) == enable) {
+            // All is the same, nothing to do.  This relies on the fact that netd has child
+            // chains default detached.
             return;
         }
         mFirewallChainStates.put(chain, enable);
-- 
cgit v1.2.3-59-g8ed1b