firewalld: Monitor permission_broker lifetime.

If/when permission_broker exits, plug all firewall holes.

BUG=None
TEST=Manual: deploy to device, punch a hole.
TEST='restart permission_broker', holes are punched.

Change-Id: I3885b2338ad25f79c50a7f8c0aa4375e092ecceb
Reviewed-on: https://chromium-review.googlesource.com/253790
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org>
Trybot-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>

1 files changed, 3 insertions, 2 deletions

diff --git a/iptables.h b/iptables.h
index 92a891d..f1d0624 100644
--- a/iptables.h
+++ b/iptables.h
@@ -39,6 +39,9 @@ class IpTables : public org::chromium::FirewalldInterface {
   bool RemoveVpnSetup(const std::vector<std::string>& usernames,
                       const std::string& interface) override;
 
+  // Close all outstanding firewall holes.
+  void PlugAllHoles();
+
  protected:
   // Test-only.
   explicit IpTables(const std::string& ip4_path, const std::string& ip6_path);
@@ -55,8 +58,6 @@ class IpTables : public org::chromium::FirewalldInterface {
                 std::set<Hole>* holes,
                 ProtocolEnum protocol);
 
-  void PlugAllHoles();
-
   bool AddAcceptRules(ProtocolEnum protocol,
                       uint16_t port,
                       const std::string& interface);