Add tests for FirewallController::setInterfaceRule.

Bug: 28362720
Test: new unit test passes
Change-Id: I29c2272458b5fda46d2fc110663e01841b2e895b

1 files changed, 17 insertions, 1 deletions

diff --git a/server/FirewallControllerTest.cpp b/server/FirewallControllerTest.cpp
index db9b31e2..0805580b 100644
--- a/server/FirewallControllerTest.cpp
+++ b/server/FirewallControllerTest.cpp
@@ -23,11 +23,13 @@
 #include <gtest/gtest.h>
 
 #include <android-base/strings.h>
+#include <android-base/stringprintf.h>
 
 #include "FirewallController.h"
 #include "IptablesBaseTest.h"
 
 using android::base::Join;
+using android::base::StringPrintf;
 
 class FirewallControllerTest : public IptablesBaseTest {
 protected:
@@ -215,7 +217,7 @@ TEST_F(FirewallControllerTest, TestEnableChildChains) {
     expectIptablesRestoreCommands(expected);
 }
 
-TEST_F(FirewallControllerTest, TestEnableDisableFirewall) {
+TEST_F(FirewallControllerTest, TestFirewall) {
     std::vector<std::string> enableCommands = {
         "*filter\n"
         "-A fw_INPUT -j DROP\n"
@@ -253,6 +255,20 @@ TEST_F(FirewallControllerTest, TestEnableDisableFirewall) {
     EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
     expectIptablesRestoreCommands(disableEnableCommands);
 
+    std::vector<std::string> ifaceCommands = {
+        "-I fw_INPUT -i rmnet_data0 -j RETURN",
+        "-I fw_OUTPUT -o rmnet_data0 -j RETURN",
+    };
+    EXPECT_EQ(0, mFw.setInterfaceRule("rmnet_data0", ALLOW));
+    expectIptablesCommands(ifaceCommands);
+
+    ifaceCommands = {
+        "-D fw_INPUT -i rmnet_data0 -j RETURN",
+        "-D fw_OUTPUT -o rmnet_data0 -j RETURN",
+    };
+    EXPECT_EQ(0, mFw.setInterfaceRule("rmnet_data0", DENY));
+    expectIptablesCommands(ifaceCommands);
+
     EXPECT_EQ(0, mFw.enableFirewall(WHITELIST));
     expectIptablesRestoreCommands(noCommands);