1 /*
2  * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef NET_POLICY_SERVICE_H
17 #define NET_POLICY_SERVICE_H
18 
19 #include <atomic>
20 #include <mutex>
21 
22 #include "event_runner.h"
23 #include "singleton.h"
24 #include "system_ability.h"
25 #include "system_ability_definition.h"
26 
27 #include "net_policy_callback.h"
28 #include "net_policy_event_handler.h"
29 #include "net_policy_firewall.h"
30 #include "net_policy_rule.h"
31 #include "net_policy_service_common.h"
32 #include "net_policy_service_stub.h"
33 #include "net_policy_traffic.h"
34 #include "net_access_policy.h"
35 #include "net_access_policy_rdb.h"
36 #include "common_event_subscriber.h"
37 #include "common_event_support.h"
38 
39 namespace OHOS {
40 namespace NetManagerStandard {
41 #define NET_SYMBOL_VISIBLE __attribute__ ((visibility("default")))
42 class NET_SYMBOL_VISIBLE NetPolicyService : public SystemAbility,
43                          public NetPolicyServiceStub,
44                          public std::enable_shared_from_this<NetPolicyService> {
45     DECLARE_DELAYED_SINGLETON(NetPolicyService)
46     DECLARE_SYSTEM_ABILITY(NetPolicyService)
47 
48 public:
49     void OnStart() override;
50     void OnStop() override;
51     int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override;
52 
53     /**
54      * Set the network policy for the specified UID.
55      * @param uid The specified UID of app.
56      * @param policy The network policy for application.
57      *      For details, see {@link NetUidPolicy}.
58      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
59      */
60     int32_t SetPolicyByUid(uint32_t uid, uint32_t policy) override;
61 
62     /**
63      * Get the network policy of the specified UID.
64      * @param uid The specified UID of app.
65      * @param policy Return this uid's policy.
66      *      For details, see {@link NetUidPolicy}.
67      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
68      */
69     int32_t GetPolicyByUid(uint32_t uid, uint32_t &policy) override;
70 
71     /**
72      * Get the application UIDs of the specified policy.
73      * @param policy the network policy of the current UID of application.
74      *      For details, see {@link NetUidPolicy}.
75      * @param uids The list of UIDs
76      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
77      */
78     int32_t GetUidsByPolicy(uint32_t policy, std::vector<uint32_t> &uids) override;
79 
80     /**
81      * Get the status whether the specified uid app can access the metered network or non-metered network.
82      * @param uid The specified UID of application.
83      * @param metered Indicates metered network or non-metered network.
84      * @param isAllowed Return true means it's allowed to access the network.
85      *      Return false means it's not allowed to access the network.
86      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
87      */
88     int32_t IsUidNetAllowed(uint32_t uid, bool metered, bool &isAllowed) override;
89 
90     /**
91      * Get the status whether the specified uid app can access the specified iface network.
92      * @param uid The specified UID of application.
93      * @param ifaceName Iface name.
94      * @param isAllowed Return true means it's allowed to access the network.
95      *      Return false means it's not allowed to access the network.
96      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
97      */
98     int32_t IsUidNetAllowed(uint32_t uid, const std::string &ifaceName, bool &isAllowed) override;
99 
100     /**
101      * Register network policy change callback.
102      * @param callback Interface type pointer.
103      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
104      */
105     int32_t RegisterNetPolicyCallback(const sptr<INetPolicyCallback> &callback) override;
106 
107     /**
108      * Unregister network policy change callback.
109      * @param callback Interface type pointer.
110      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
111      */
112     int32_t UnregisterNetPolicyCallback(const sptr<INetPolicyCallback> &callback) override;
113 
114     /**
115      * Set policies by NetPolicyQuotaPolicy.
116      * @param quotaPolicies The list of network quota policy, {@link NetQuotaPolicy}.
117      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
118      */
119     int32_t SetNetQuotaPolicies(const std::vector<NetQuotaPolicy> &quotaPolicies) override;
120 
121     /**
122      * Get network policies.
123      * @param quotaPolicies The list of network quota policy, {@link NetQuotaPolicy}.
124      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
125      */
126     int32_t GetNetQuotaPolicies(std::vector<NetQuotaPolicy> &quotaPolicies) override;
127 
128     /**
129      * Reset network policies\rules\quota policies\firewall rules.
130      * @param simId Specify the matched simId of quota policy.
131      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
132      */
133     int32_t ResetPolicies(const std::string &simId) override;
134 
135     /**
136      * Control if apps can use data on background.
137      * @param allowBackground Allow apps to use data on background.
138      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
139      */
140     int32_t SetBackgroundPolicy(bool allowBackground) override;
141 
142     /**
143      * Get the status if apps can use data on background.
144      * @param backgroundPolicy True is allowed to use data on background.
145      *      False is not allowed to use data on background.
146      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
147      */
148     int32_t GetBackgroundPolicy(bool &backgroundPolicy) override;
149 
150     /**
151      * Get the background network restriction policy for the specified uid.
152      * @param uid uid The specified UID of application.
153      * @param backgroundPolicyOfUid The specified UID of backgroundPolicy.
154      *      For details, see {@link NetBackgroundPolicy}.
155      * @return uint32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
156      */
157     int32_t GetBackgroundPolicyByUid(uint32_t uid, uint32_t &backgroundPolicyOfUid) override;
158 
159     /**
160      * Update the limit or warning remind time of quota policy.
161      * @param netType {@link NetBearType}.
162      * @param simId Specify the matched simId of quota policy when netType is cellular.
163      * @param remindType {@link RemindType}.
164      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
165      */
166     int32_t UpdateRemindPolicy(int32_t netType, const std::string &simId, uint32_t remindType) override;
167 
168     /**
169      * Set the UID into device idle allow list.
170      * @param uid The specified UID of application.
171      * @param isAllowed The UID is into allowed list or not.
172      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
173      */
174     int32_t SetDeviceIdleTrustlist(const std::vector<uint32_t> &uids, bool isAllowed) override;
175 
176     /**
177      * Get the allow list of UID in device idle mode.
178      * @param uids The list of UIDs
179      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
180      */
181     int32_t GetDeviceIdleTrustlist(std::vector<uint32_t> &uids) override;
182 
183     /**
184      * Process network policy in device idle mode.
185      * @param enable Device idle mode is open or not.
186      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
187      */
188     int32_t SetDeviceIdlePolicy(bool enable) override;
189 
190     /**
191      * Get the allow list of UID in power save mode.
192      *
193      * @param uids The list of UIDs.
194      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
195      */
196     int32_t GetPowerSaveTrustlist(std::vector<uint32_t> &uids) override;
197 
198     /**
199      * Set the UID into power save allow list.
200      * @param uid The specified UID of application.
201      * @param isAllowed The UID is into allowed list or not.
202      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
203      */
204     int32_t SetPowerSaveTrustlist(const std::vector<uint32_t> &uids, bool isAllowed) override;
205 
206     /**
207      * Process network policy in Power Save mode.
208      *
209      * @param enable Power save mode is open or not.
210      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
211      */
212     int32_t SetPowerSavePolicy(bool enable) override;
213 
214     /**
215      * Check if you have permission
216      *
217      * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
218      */
219     int32_t CheckPermission() override;
220 
221 	/**
222      * factory reset net policies
223      *
224      * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
225      */
226     int32_t FactoryResetPolicies() override;
227 
228     /**
229      * Set the policy to access the network of the specified application.
230      *
231      * @param uid The specified UID of application.
232      * @param policy The network access policy of application, {@link NetworkAccessPolicy}.
233      * @param reconfirmFlag true means a reconfirm diaglog trigger while policy deny network access.
234      * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
235      */
236     int32_t SetNetworkAccessPolicy(uint32_t uid, NetworkAccessPolicy policy, bool reconfirmFlag) override;
237 
238     /**
239      * Query the network access policy of the specified application or all applications.
240      *
241      * @param parameter Indicate to get all or an application network access policy, {@link AccessPolicyParameter}.
242      * @param policy The network access policy of application, {@link AccessPolicySave}.
243      * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
244      */
245     int32_t GetNetworkAccessPolicy(AccessPolicyParameter parameter, AccessPolicySave& policy) override;
246 
GetNetAccessPolicyDBHandler()247     NetAccessPolicyRDB GetNetAccessPolicyDBHandler()
248     {
249         return netAccessPolicy_;
250     }
251     int32_t DeleteNetworkAccessPolicy(uint32_t uid);
252     int32_t NotifyNetAccessPolicyDiag(uint32_t uid) override;
253 
254     /**
255      * Set NIC Traffic allowed or disallowed
256      *
257      * @param ifaceNames ifaceNames
258      * @param status true for allowed, false for disallowed
259      * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
260      */
261     int32_t SetNicTrafficAllowed(const std::vector<std::string> &ifaceNames, bool status) override;
262 
263 protected:
264     void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
265     void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
266 
267 private:
268     void Init();
269     int32_t GetDumpMessage(std::string &message);
270 
271     void OnNetSysRestart();
272     void UpdateNetAccessPolicyToMapFromDB();
273     bool CheckNetworkAccessIsBroker(uint32_t uid);
274 
275 private:
276     enum ServiceRunningState {
277         STATE_STOPPED = 0,
278         STATE_RUNNING,
279     };
280 
281     std::shared_ptr<NetPolicyTraffic> netPolicyTraffic_ = nullptr;
282     std::shared_ptr<NetPolicyFirewall> netPolicyFirewall_ = nullptr;
283     std::shared_ptr<NetPolicyRule> netPolicyRule_ = nullptr;
284     std::shared_ptr<NetPolicyFile> netPolicyFile_ = nullptr;
285     ServiceRunningState state_ = ServiceRunningState::STATE_STOPPED;
286     std::shared_ptr<NetPolicyCore> netPolicyCore_ = nullptr;
287     std::shared_ptr<NetPolicyCallback> netPolicyCallback_ = nullptr;
288     sptr<NetPolicyServiceCommon> serviceComm_ = nullptr;
289     std::mutex mutex_;
290     std::vector<uint16_t> monthDay_;
291 
292     bool hasSARemoved_ = false;
293 
294 private:
295     void RegisterFactoryResetCallback();
296 
297     class FactoryResetCallBack : public IRemoteStub<INetFactoryResetCallback> {
298     public:
FactoryResetCallBack(std::shared_ptr<NetPolicyService> netPolicy)299         FactoryResetCallBack(std::shared_ptr<NetPolicyService> netPolicy)
300         {
301             netPolicy_ = netPolicy;
302         }
303 
OnNetFactoryReset()304         int32_t OnNetFactoryReset()
305         {
306             if (netPolicy_ != nullptr) {
307                 netPolicy_->FactoryResetPolicies();
308                 return NETMANAGER_SUCCESS;
309             } else {
310                 return NETMANAGER_ERR_LOCAL_PTR_NULL;
311             }
312         }
313     private:
314         std::shared_ptr<NetPolicyService> netPolicy_ = nullptr;
315     };
316     sptr<INetFactoryResetCallback> netFactoryResetCallback_ = nullptr;
317     NetAccessPolicyRDB netAccessPolicy_;
318 };
319 } // namespace NetManagerStandard
320 } // namespace OHOS
321 #endif // NET_POLICY_SERVICE_H
322