1 /* 2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NET_POLICY_RULE_H 17 #define NET_POLICY_RULE_H 18 19 #include <map> 20 21 #include "net_policy_base.h" 22 #include "netmanager_base_common_utils.h" 23 #include "net_access_policy.h" 24 25 namespace OHOS { 26 namespace NetManagerStandard { 27 constexpr uint32_t POLICY_TRANS_CONDITION_MASK = 0b11111111110000000000; 28 constexpr uint32_t POLICY_TRANS_RULE_MASK = 0b00000000001111111000; 29 constexpr uint32_t POLICY_TRANS_NET_CTRL_MASK = 0b00000000000000000111; 30 constexpr u_int8_t CONDITION_START_BIT = 10; 31 constexpr u_int8_t RULE_START_BIT = 3; 32 33 enum PolicyTransCtrl { 34 POLICY_TRANS_CTRL_NONE = 0b000, 35 POLICY_TRANS_CTRL_ADD_DENIEDLIST = 0b010, 36 POLICY_TRANS_CTRL_ADD_ALLOWEDLIST = 0b100, 37 POLICY_TRANS_CTRL_REMOVE_ALL = 0b001, 38 }; 39 40 struct UidPolicyRule { 41 uint32_t policy_ = 0; 42 uint32_t rule_ = 1 << 7; 43 uint32_t netsys_ = 7; 44 }; 45 46 class NetPolicyRule : public NetPolicyBase { 47 public: 48 NetPolicyRule(); 49 void Init(); 50 void HandleEvent(int32_t eventId, const std::shared_ptr<PolicyEvent> &policyEvent); 51 52 /** 53 * Transform policy to rule and netsys-control. 54 * 55 * @param uid The UID of application. 56 * @param policy See {@link NetUidPolicy}. 57 * @return Returns 0 success. Otherwise fail. 58 * @permission ohos.permission.CONNECTIVITY_INTERNAL 59 * @systemapi Hide this for inner system use. 60 */ 61 int32_t TransPolicyToRule(uint32_t uid, uint32_t policy); 62 63 /** 64 * Get the status whether the specified uid app can access the metered network or non-metered network. 65 * 66 * @param uid The specified UID of application. 67 * @param metered Indicates meterd network or non-metered network. 68 * @param isAllowed Return true means it's allowed to access the network. 69 * Return false means it's not allowed to access the network. 70 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 71 * @permission ohos.permission.CONNECTIVITY_INTERNAL 72 * @systemapi Hide this for inner system use. 73 */ 74 int32_t IsUidNetAllowed(uint32_t uid, bool metered, bool &isAllowed); 75 76 /** 77 * Get the network policy of the specified UID. 78 * 79 * @param uid The specified UID of app. 80 * @param policy Return this uid's policy. 81 * For details, see {@link NetUidPolicy}. 82 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 83 * @permission ohos.permission.CONNECTIVITY_INTERNAL 84 * @systemapi Hide this for inner system use. 85 */ 86 int32_t GetPolicyByUid(uint32_t uid, uint32_t &policy); 87 88 /** 89 * Get the application UIDs of the specified policy. 90 * 91 * @param policy the network policy of the current UID of application. 92 * @param uids The list of UIDs. 93 * For details, see {@link NetUidPolicy}. 94 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 95 * @permission ohos.permission.CONNECTIVITY_INTERNAL 96 * @systemapi Hide this for inner system use. 97 */ 98 int32_t GetUidsByPolicy(uint32_t policy, std::vector<uint32_t> &uids); 99 100 /** 101 * Reset network policies and rules. 102 * 103 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 104 * @permission ohos.permission.CONNECTIVITY_INTERNAL 105 * @systemapi Hide this for inner system use. 106 */ 107 int32_t ResetPolicies(); 108 109 /** 110 * Control if apps can use data on background. 111 * 112 * @param allow Allow apps to use data on background. 113 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 114 * @permission ohos.permission.CONNECTIVITY_INTERNAL 115 * @systemapi Hide this for inner system use. 116 */ 117 int32_t SetBackgroundPolicy(bool allow); 118 119 /** 120 * Get the background network restriction policy for the specified uid. 121 * 122 * @param uid The specified UID of application. 123 * @param backgroundPolicyOfUid The specified UID of backgroundPolicy. 124 * For details, see {@link NetBackgroundPolicy}. 125 * @return uint32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 126 * @permission ohos.permission.CONNECTIVITY_INTERNAL 127 * @systemapi Hide this for inner system use. 128 */ 129 int32_t GetBackgroundPolicyByUid(uint32_t uid, uint32_t &backgroundPolicyOfUid); 130 131 /** 132 * Get the status if apps can use data on background. 133 * @param backgroundPolicy True is allowed to use data on background. 134 * False is not allowed to use data on background. 135 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 136 * @permission ohos.permission.CONNECTIVITY_INTERNAL 137 * @systemapi Hide this for inner system use. 138 */ 139 int32_t GetBackgroundPolicy(bool &backgroundPolicy); 140 141 /** 142 * Get the Dump Message object. 143 */ 144 void GetDumpMessage(std::string &message); 145 146 // When system's mode status is changed, do this function. 147 void TransPolicyToRule(); 148 149 /** 150 * Set the policy to access the network of the specified application. 151 * 152 * @param uid The specified UID of application. 153 * @param policy The network access policy of application, {@link NetworkAccessPolicy}. 154 * @param reconfirmFlag true means a reconfirm diaglog trigger while policy deny network access. 155 * @param isBroker true means the broker application. 156 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 157 * @permission ohos.permission.CONNECTIVITY_INTERNAL 158 * @systemapi Hide this for inner system use. 159 */ 160 int32_t SetNetworkAccessPolicy(uint32_t uid, NetworkAccessPolicy Policy, bool reconfirmFlag, bool isBroker); 161 162 /** 163 * Delete the policy to access the network of the specified application from map. 164 * 165 * @param uid The specified UID of application. 166 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 167 * @permission ohos.permission.CONNECTIVITY_INTERNAL 168 * @systemapi Hide this for inner system use. 169 */ 170 int32_t DeleteNetworkAccessPolicy(uint32_t uid); 171 172 /** 173 * Set NIC Traffic allowed or disallowed 174 * 175 * @param ifaceNames ifaceNames 176 * @param status true for allowed, false for disallowed 177 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 178 */ 179 int32_t PolicySetNicTrafficAllowed(const std::vector<std::string> &ifaceNames, bool status); 180 181 private: 182 void NetsysCtrl(uint32_t uid, uint32_t netsysCtrl); 183 void TransConditionToRuleAndNetsys(uint32_t policyCondition, uint32_t uid, uint32_t policy); 184 uint32_t MoveToConditionBit(uint32_t value); 185 uint32_t MoveToRuleBit(uint32_t value); 186 uint32_t ChangePolicyToPolicyTransitionCondition(uint32_t policy); 187 uint32_t BuildTransCondition(uint32_t uid, uint32_t policy); 188 uint32_t GetMatchTransCondition(uint32_t policyCondition); 189 void ProcessCtrlNone(uint32_t uid); 190 void ProcessCtrlAddAllowedList(uint32_t uid); 191 192 // When a uid add into some forbidden list, do this function. 193 void TransPolicyToRule(uint32_t uid); 194 bool IsIdleMode(); 195 bool InIdleAllowedList(uint32_t uid); 196 bool IsLimitByAdmin(); 197 bool IsForeground(uint32_t uid); 198 bool IsPowerSave(); 199 bool InPowerSaveAllowedList(uint32_t uid); 200 bool IsLimitedBackground(); 201 void DeleteUid(uint32_t uid); 202 bool IsValidNetPolicy(uint32_t policy); 203 void UpdateForegroundUidList(uint32_t uid, bool isForeground); 204 205 private: 206 std::map<uint32_t, UidPolicyRule> uidPolicyRules_; 207 bool backgroundAllow_ = true; 208 bool deviceIdleMode_ = false; 209 bool powerSaveMode_ = false; 210 std::set<uint32_t> deviceIdleAllowedList_; 211 std::set<uint32_t> powerSaveAllowedList_; 212 std::set<uint32_t> foregroundUidList_; 213 std::mutex foregroundUidListMutex_; 214 215 private: 216 /** 217 * The map for transforming conditions to net rule and netsys control. 218 * 219 * Example: 220 * bit 11~20 bit 4~10 bit 1~3 221 * 0000001100 0010000 110 222 * Condition Rule Netsys control 223 * 224 * Condition: see {@link enum PolicyTransCondition} 225 * Rule: see {@link enum NetUidRule} 226 * Netsys control: see {@link enum NetsysOperation} 227 * 228 * Transform Flow: 229 * 1. According to the status of system(such as device idle mode or power save mode) 230 * and the net policy of uid, construct the Condition by bit operations. 231 * 2. Find the matched Condition in this map. 232 * 3. Get the rule bits and netsys-control bits from the matched Condition. 233 * 4. Process the corresponding operations. 234 */ 235 static inline const std::vector<uint32_t> POLICY_TRANS_MAP = { 236 0b00011000000100000000, 0b10000000000000100010, 0b00010000001000000000, 0b00000010100000010100, 237 0b00000011000000001100, 0b00000010010000001100, 0b01000000001000000000, 0b00000100100000010100, 238 0b00000100010000100010, 0b00000000010000000001, 0b00000001000000100010, 0b00000000000000000001, 239 }; 240 }; 241 } // namespace NetManagerStandard 242 } // namespace OHOS 243 #endif // NET_POLICY_RULE_H 244