1 /*
2  * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef NET_POLICY_FIREWALL_H
17 #define NET_POLICY_FIREWALL_H
18 
19 #include "firewall_rule.h"
20 #include "net_policy_base.h"
21 #include "net_policy_file.h"
22 
23 namespace OHOS {
24 namespace NetManagerStandard {
25 class NetPolicyFirewall : public NetPolicyBase {
26 public:
NetPolicyFirewall()27     NetPolicyFirewall() : deviceIdleMode_(false) {}
28     void Init();
29 
30     /**
31      * Set the UID into device idle allow list.
32      *
33      * @param uid The specified UID of application.
34      * @param isAllowed The UID is into allow list or not.
35      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
36      */
37     int32_t SetDeviceIdleTrustlist(const std::vector<uint32_t> &uids, bool isAllowed);
38 
39     /**
40      * Get the allow list of UID in device idle mode.
41      *
42      * @param uids The list of UIDs
43      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
44      */
45     int32_t GetDeviceIdleTrustlist(std::vector<uint32_t> &uids);
46 
47     /**
48      * Process network policy in device idle mode.
49      *
50      * @param enable Device idle mode is open or not.
51      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
52      */
53     int32_t UpdateDeviceIdlePolicy(bool enable);
54 
55     /**
56      * Reset network firewall rules.
57      *
58      */
59     void ResetPolicies();
60 
61     /**
62      * Set the Power Save Allowed List object.
63      *
64      * @param uid The specified UID of application.
65      * @param isAllowed The UID is into allow list or not.
66      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
67      */
68     int32_t SetPowerSaveTrustlist(const std::vector<uint32_t> &uids, bool isAllowed);
69 
70     /**
71      * Get the Power Save Allowed List object.
72      *
73      * @param uids The list of UIDs.
74      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
75      */
76     int32_t GetPowerSaveTrustlist(std::vector<uint32_t> &uids);
77 
78     /**
79      * Process network policy in device idle mode.
80      *
81      * @param enable Power save mode is open or not.
82      * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
83      */
84     int32_t UpdatePowerSavePolicy(bool enable);
85 
86     /**
87      * Handle the event from NetPolicyCore
88      *
89      * @param eventId The event id
90      * @param policyEvent The informations passed from other core
91      */
92     void HandleEvent(int32_t eventId, const std::shared_ptr<PolicyEvent> &policyEvent);
93 
94 private:
95     void UpdateFirewallPolicyList(uint32_t chainType, const std::vector<uint32_t> &uids, bool isAllowed);
96     void DeleteUid(uint32_t uid);
97 
98 private:
99     std::shared_ptr<FirewallRule> deviceIdleFirewallRule_;
100     std::shared_ptr<FirewallRule> powerSaveFirewallRule_;
101     bool deviceIdleMode_ = false;
102     bool powerSaveMode_ = false;
103     std::set<uint32_t> deviceIdleAllowedList_;
104     std::set<uint32_t> deviceIdleDeniedList_;
105     std::set<uint32_t> powerSaveAllowedList_;
106     std::set<uint32_t> powerSaveDeniedList_;
107 };
108 } // namespace NetManagerStandard
109 } // namespace OHOS
110 #endif // NET_POLICY_FIREWALL_H
111