Add 3rd deny firewall chain for OEM Bug: 208371987 Test: atest CtsNetTestCases:android.net.cts.ConnectivityManagerTest#testFirewallBlocking ConnectivityServiceTest Change-Id: Ib521fa02f6a19270cb88a3d85321bda822516c78 (cherry picked from commit 1d9054ba5fbbf86c821e0a74a5a2f9d3c9865e67) Merged-In: Ib521fa02f6a19270cb88a3d85321bda822516c78

commit: 608015f24ee2ce6f240628ed09f6c14cfe39de93 [log] [tgz]
author: Motomu Utsumi <motomuman@google.com> Mon Jun 06 07:44:05 2022 +0000
committer: Cherrypicker Worker <android-build-cherrypicker-worker@google.com> Tue Jun 07 05:35:36 2022 +0000
tree: 4c7827f0199b3453f2d109166f15125d62fa5047
parent: 52f0fe0c474b20a7ac71cb1a07475feb0e70a912 [diff] [blame]
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index c1d0897..d754616 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c

@@ -222,6 +222,9 @@
         if ((enabledRules & OEM_DENY_2_MATCH) && (uidRules & OEM_DENY_2_MATCH)) {
             return BPF_DROP;
         }
+        if ((enabledRules & OEM_DENY_3_MATCH) && (uidRules & OEM_DENY_3_MATCH)) {
+            return BPF_DROP;
+        }
     }
     if (direction == BPF_INGRESS && skb->ifindex != 1) {
         if (uidRules & IIF_MATCH) {
commit	608015f24ee2ce6f240628ed09f6c14cfe39de93	[log] [tgz]
author	Motomu Utsumi <motomuman@google.com>	Mon Jun 06 07:44:05 2022 +0000
committer	Cherrypicker Worker <android-build-cherrypicker-worker@google.com>	Tue Jun 07 05:35:36 2022 +0000
tree	4c7827f0199b3453f2d109166f15125d62fa5047
parent	52f0fe0c474b20a7ac71cb1a07475feb0e70a912 [diff] [blame]