Blacklist uids for network access
FirewallController can now be in blacklist mode (aka disabled)
or whitelist mode (aka enabled).
Some of the methods don't do anything when in blacklist mode.
Uid rules updated to allow dropping packets to uids that
shouldn't get any network access, usually for idle apps.
Added a wait option to iptables calls to make sure it doesn't
fail if there's contention. Fixes a flakiness I was seeing in
removing rules.
Bug:
20066058
Change-Id: I815bcb45aa06d04020e902df8c67bb3894e98f40