void
init_block_list()
{
// Initialize cache
#ifdef __linux__
init_firewall();
#endif
cache_create(&block_list, 256, NULL);
}
static int init_firewall_session(struct connman_session *session)
{
struct firewall_context *fw;
int err;
if (session->policy_config->id_type == CONNMAN_SESSION_ID_TYPE_UNKNOWN)
return 0;
DBG("");
err = init_firewall();
if (err < 0)
return err;
fw = __connman_firewall_create();
if (!fw)
return -ENOMEM;
switch (session->policy_config->id_type) {
case CONNMAN_SESSION_ID_TYPE_UID:
err = __connman_firewall_add_rule(fw, "mangle", "OUTPUT",
"-m owner --uid-owner %s -j MARK --set-mark %d",
session->policy_config->id,
session->mark);
break;
case CONNMAN_SESSION_ID_TYPE_GID:
err = __connman_firewall_add_rule(fw, "mangle", "OUTPUT",
"-m owner --gid-owner %s -j MARK --set-mark %d",
session->policy_config->id,
session->mark);
break;
case CONNMAN_SESSION_ID_TYPE_LSM:
default:
err = -EINVAL;
}
if (err < 0)
goto err;
session->id_type = session->policy_config->id_type;
err = __connman_firewall_enable(fw);
if (err)
goto err;
session->fw = fw;
return 0;
err:
__connman_firewall_destroy(fw);
return err;
}
void
init_block_list(int firewall)
{
// Initialize cache
#ifdef __linux__
if (firewall)
init_firewall();
else
mode = NO_FIREWALL_MODE;
cache_create(&block_list, 256, free_firewall_rule);
#else
cache_create(&block_list, 256, NULL);
#endif
}