diff options
author | Lorenzo Colitti <lorenzo@google.com> | 2016-07-26 17:59:41 +0900 |
---|---|---|
committer | Lorenzo Colitti <lorenzo@google.com> | 2016-07-28 18:43:22 +0900 |
commit | 238e81894de39fe7c5ed74f297c36a4798008247 (patch) | |
tree | f231bfd290323be65cc096862e4447b121a720b2 /server/FirewallController.cpp | |
parent | 0726fec82842883a2332318aa675f7f04670db51 (diff) | |
download | netd-238e81894de39fe7c5ed74f297c36a4798008247.tar.gz |
Allow networking on loopback in doze, standby, and powersave.
Restricting networking on loopback is needlessly restrictive
because it doesn't have substantial power impact.
Bug: 30186506
Change-Id: Ibe31aff7c43ae02821fdf4a00b600fb5f5f5bc30
Diffstat (limited to 'server/FirewallController.cpp')
-rw-r--r-- | server/FirewallController.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/server/FirewallController.cpp b/server/FirewallController.cpp index 839312d2..826cf758 100644 --- a/server/FirewallController.cpp +++ b/server/FirewallController.cpp @@ -300,6 +300,9 @@ std::string FirewallController::makeUidRules(IptablesTarget target, const char * std::string commands; StringAppendF(&commands, "*filter\n:%s -\n", name); + // Always allow networking on loopback. + StringAppendF(&commands, "-A %s -i lo -o lo -j RETURN\n", name); + // Allow TCP RSTs so we can cleanly close TCP connections of apps that no longer have network // access. Both incoming and outgoing RSTs are allowed. StringAppendF(&commands, "-A %s -p tcp --tcp-flags RST RST -j RETURN\n", name); |