Merge "system_server: add two child chains to firewall" into mnc-dev

2 files changed, 14 insertions, 1 deletions

diff --git a/core/java/android/net/NetworkPolicyManager.java b/core/java/android/net/NetworkPolicyManager.java
index ecc3fb4..3f40484 100644
--- a/core/java/android/net/NetworkPolicyManager.java
+++ b/core/java/android/net/NetworkPolicyManager.java
@@ -61,6 +61,17 @@ public class NetworkPolicyManager {
     public static final int FIREWALL_RULE_ALLOW = 1;
     public static final int FIREWALL_RULE_DENY = 2;
 
+    public static final int FIREWALL_TYPE_WHITELIST = 0;
+    public static final int FIREWALL_TYPE_BLACKLIST = 1;
+
+    public static final int FIREWALL_CHAIN_NONE = 0;
+    public static final int FIREWALL_CHAIN_DOZABLE = 1;
+    public static final int FIREWALL_CHAIN_STANDBY = 2;
+
+    public static final String FIREWALL_CHAIN_NAME_NONE = "none";
+    public static final String FIREWALL_CHAIN_NAME_DOZABLE = "dozable";
+    public static final String FIREWALL_CHAIN_NAME_STANDBY = "standby";
+
     private static final boolean ALLOW_PLATFORM_APP_POLICY = true;
 
     /**
diff --git a/core/java/android/os/INetworkManagementService.aidl b/core/java/android/os/INetworkManagementService.aidl
index b29e8d0..8114155 100644
--- a/core/java/android/os/INetworkManagementService.aidl
+++ b/core/java/android/os/INetworkManagementService.aidl
@@ -342,7 +342,9 @@ interface INetworkManagementService
     void setFirewallInterfaceRule(String iface, boolean allow);
     void setFirewallEgressSourceRule(String addr, boolean allow);
     void setFirewallEgressDestRule(String addr, int port, boolean allow);
-    void setFirewallUidRule(int uid, int rule);
+    void setFirewallUidRule(int chain, int uid, int rule);
+    void setFirewallUidRules(int chain, in int[] uids, in int[] rules);
+    void setFirewallChainEnabled(int chain, boolean enable);
 
     /**
      * Set all packets from users in ranges to go through VPN specified by netId.