1 /* 2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef FIREWALL_RULE_H 17 #define FIREWALL_RULE_H 18 19 #include <set> 20 #include <string> 21 #include <vector> 22 23 #include "refbase.h" 24 25 #include "netmanager_hitrace.h" 26 #include "netsys_policy_wrapper.h" 27 28 namespace OHOS { 29 namespace NetManagerStandard { 30 class FirewallRule : public std::enable_shared_from_this<FirewallRule> { 31 public: 32 /** 33 * Creare firewall rule 34 * 35 * @param chain The chain type 36 * @return std::shared_ptr<FirewallRule> The firewall rule, such as DeviceIdleFirewallRule 37 */ 38 static std::shared_ptr<FirewallRule> CreateFirewallRule(uint32_t chain); 39 40 /** 41 * Get the firewall allow list. 42 * 43 * @return const std::vector<uint32_t>& The firewall allow list 44 */ 45 virtual const std::vector<uint32_t> &GetAllowedList() const; 46 47 /** 48 * Set the firewall allow list 49 * 50 * @param uid The UID of application 51 * @param rule The firewall rull, see {@link FIREWALL_RULE_ALLOW and FIREWALL_RULE_DENY} 52 */ 53 virtual void SetAllowedList(const std::vector<uint32_t> &uids, uint32_t rule); 54 55 /** 56 * Set the firewall allow list 57 * 58 * @param uids The aggregate of UID 59 */ 60 virtual void SetAllowedList(const std::set<uint32_t> &uids); 61 62 /** 63 * Set the firewall allow list 64 * 65 */ 66 virtual void SetAllowedList(); 67 68 /** 69 * Get the firewall reject list 70 * 71 * @return const std::vector<uint32_t>& The firewall reject list 72 */ 73 virtual const std::vector<uint32_t> &GetDeniedList() const; 74 75 /** 76 * Set the firewall reject list 77 * 78 * @param uid The UID of application 79 * @param rule The firewall rull, see {@link FIREWALL_RULE_ALLOW} and {@link FIREWALL_RULE_DENY} 80 */ 81 virtual void SetDeniedList(uint32_t uid, uint32_t rule); 82 83 /** 84 * Set the firewall reject list 85 * 86 * @param uids The vector of UID 87 */ 88 virtual void SetDeniedList(const std::vector<uint32_t> &uids); 89 90 /** 91 * Set the firewall reject list 92 * 93 */ 94 virtual void SetDeniedList(); 95 96 /** 97 * Clear the firewall allow list 98 * 99 */ 100 void ClearAllowedList(); 101 102 /** 103 * Clear the firewall reject list 104 * 105 */ 106 void ClearDeniedList(); 107 108 /** 109 * Set the firewall rule for the specified UID 110 * 111 * @param uid The UID of application 112 * @param isAllow allow the firewall rule or not 113 */ 114 virtual void SetUidFirewallRule(uint32_t uid, bool isAllow); 115 116 /** 117 * Enable the firewall rule 118 * 119 * @param enable true: enable the firewall rule; false: disable the firewall rule 120 */ 121 virtual void EnableFirewall(bool enable); 122 123 /** 124 * Remove the UID from the firewall allow list 125 * 126 * @param uid The UID of application 127 */ 128 virtual void RemoveFromAllowedList(uint32_t uid); 129 130 /** 131 * Remove the UID from the firewall reject list 132 * 133 * @param uid The UID of application 134 */ 135 virtual void RemoveFromDeniedList(uint32_t uid); 136 137 /** 138 * Clear Firewall All Rules 139 */ 140 virtual int32_t ClearFirewallAllRules(); 141 142 protected: 143 explicit FirewallRule(uint32_t chainType); 144 virtual ~FirewallRule(); 145 146 protected: 147 uint32_t chainType_ = 0; 148 std::string chainName_; 149 std::vector<uint32_t> allowedList_; 150 std::vector<uint32_t> deniedList_; 151 bool modeEnable_ = false; 152 153 private: 154 void SetAllowedList(uint32_t uid, uint32_t rule); 155 std::shared_ptr<NetsysPolicyWrapper> netsys_ = nullptr; 156 }; 157 } // namespace NetManagerStandard 158 } // namespace OHOS 159 #endif // FIREWALL_RULE_H 160