1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef SERVICES_EDM_PLUGIN_INCLUDE_IPTABLES_IPTABLES_MANAGER_H
17 #define SERVICES_EDM_PLUGIN_INCLUDE_IPTABLES_IPTABLES_MANAGER_H
18 
19 #include <memory>
20 #include <thread>
21 #include <mutex>
22 #include <unistd.h>
23 #include <string>
24 #include <vector>
25 
26 #include "chain_rule.h"
27 #include "domain_filter_rule.h"
28 #include "edm_errors.h"
29 #include "firewall_rule.h"
30 
31 namespace OHOS {
32 namespace EDM {
33 namespace IPTABLES {
34 
35 class IptablesManager {
36 public:
37     static std::shared_ptr<IptablesManager> GetInstance();
38     ErrCode AddFirewallRule(const FirewallRuleParcel &firewall);
39     ErrCode RemoveFirewallRule(const FirewallRuleParcel &firewall);
40     ErrCode GetFirewallRules(std::vector<FirewallRuleParcel> &list);
41 
42     ErrCode AddDomainFilterRule(const DomainFilterRuleParcel &DomainFilter);
43     ErrCode RemoveDomainFilterRules(const DomainFilterRuleParcel &DomainFilter);
44     ErrCode GetDomainFilterRules(std::vector<DomainFilterRuleParcel> &list);
45 
46     static void Init();
47     static bool HasInit();
48 
49 private:
50     ErrCode GetRemoveChainName(Direction direction, Action action, std::vector<std::string> &chainNameList);
51 
52     bool ExistAllowFirewallRule();
53     bool ExistAllowDomainRule();
54 
55     bool ChainExistRule(const std::vector<std::string> &chainNames);
56 
57     static void SetDefaultFirewallDenyChain();
58     static void ClearDefaultFirewallDenyChain();
59     static void SetDefaultDomainDenyChain();
60     static void ClearDefaultDomainDenyChain();
61 
62     static bool g_chainInit;
63     static bool g_defaultFirewallChainInit;
64     static bool g_defaultDomainChainInit;
65 
66     static std::shared_ptr<IptablesManager> instance_;
67     static std::mutex mutexLock_;
68 };
69 } // namespace IPTABLES
70 } // namespace EDM
71 } // namespace OHOS
72 #endif // SERVICES_EDM_PLUGIN_INCLUDE_IPTABLES_IPTABLES_MANAGER_H
73