Allow networking on loopback in doze, standby, and powersave.

Restricting networking on loopback is needlessly restrictive because it doesn't have substantial power impact. Bug: 30186506 Change-Id: Ibe31aff7c43ae02821fdf4a00b600fb5f5f5bc30
author: Lorenzo Colitti <lorenzo@google.com> 2016-07-26 17:59:41 +0900
committer: Lorenzo Colitti <lorenzo@google.com> 2016-07-28 18:43:22 +0900
commit: 238e81894de39fe7c5ed74f297c36a4798008247 (patch)
tree: f231bfd290323be65cc096862e4447b121a720b2 /server/FirewallController.cpp
parent: 0726fec82842883a2332318aa675f7f04670db51 (diff)
download: netd-238e81894de39fe7c5ed74f297c36a4798008247.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/server/FirewallController.cpp b/server/FirewallController.cpp
index 839312d2..826cf758 100644
--- a/server/FirewallController.cpp
+++ b/server/FirewallController.cpp
@@ -300,6 +300,9 @@ std::string FirewallController::makeUidRules(IptablesTarget target, const char *
     std::string commands;
     StringAppendF(&commands, "*filter\n:%s -\n", name);
 
+    // Always allow networking on loopback.
+    StringAppendF(&commands, "-A %s -i lo -o lo -j RETURN\n", name);
+
     // Allow TCP RSTs so we can cleanly close TCP connections of apps that no longer have network
     // access. Both incoming and outgoing RSTs are allowed.
     StringAppendF(&commands, "-A %s -p tcp --tcp-flags RST RST -j RETURN\n", name);
author	Lorenzo Colitti <lorenzo@google.com>	2016-07-26 17:59:41 +0900
committer	Lorenzo Colitti <lorenzo@google.com>	2016-07-28 18:43:22 +0900
commit	238e81894de39fe7c5ed74f297c36a4798008247 (patch)
tree	f231bfd290323be65cc096862e4447b121a720b2 /server/FirewallController.cpp
parent	0726fec82842883a2332318aa675f7f04670db51 (diff)
download	netd-238e81894de39fe7c5ed74f297c36a4798008247.tar.gz