1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include <arpa/inet.h>
17 #include <sys/socket.h>
18 
19 #include "errors.h"
20 #include "hilog/log.h"
21 #include "ipc_object_stub.h"
22 #include "ipc_types.h"
23 #include "message_parcel.h"
24 #include "netfirewall_hisysevent.h"
25 #include "netmanager_base_common_utils.h"
26 #include "netmanager_base_permission.h"
27 #include "netmgr_ext_log_wrapper.h"
28 #include "netfirewall_stub.h"
29 
30 namespace OHOS {
31 namespace NetManagerStandard {
NetFirewallStub()32 NetFirewallStub::NetFirewallStub()
33 {
34     memberFuncMap_[static_cast<uint32_t>(SET_NET_FIREWALL_STATUS)] = {Permission::MANAGE_NET_STRATEGY,
35                                                                       &NetFirewallStub::OnSetNetFirewallPolicy};
36     memberFuncMap_[static_cast<uint32_t>(GET_NET_FIREWALL_STATUS)] = {Permission::MANAGE_NET_STRATEGY,
37                                                                       &NetFirewallStub::OnGetNetFirewallPolicy};
38     memberFuncMap_[static_cast<uint32_t>(ADD_NET_FIREWALL_RULE)] = {Permission::MANAGE_NET_STRATEGY,
39                                                                     &NetFirewallStub::OnAddNetFirewallRule};
40     memberFuncMap_[static_cast<uint32_t>(UPDATE_NET_FIREWALL_RULE)] = {Permission::MANAGE_NET_STRATEGY,
41                                                                        &NetFirewallStub::OnUpdateNetFirewallRule};
42     memberFuncMap_[static_cast<uint32_t>(DELETE_NET_FIREWALL_RULE)] = {Permission::MANAGE_NET_STRATEGY,
43                                                                        &NetFirewallStub::OnDeleteNetFirewallRule};
44     memberFuncMap_[static_cast<uint32_t>(GET_ALL_NET_FIREWALL_RULES)] = {Permission::MANAGE_NET_STRATEGY,
45                                                                         &NetFirewallStub::OnGetNetFirewallRules};
46     memberFuncMap_[static_cast<uint32_t>(GET_NET_FIREWALL_RULE)] = {Permission::MANAGE_NET_STRATEGY,
47                                                                     &NetFirewallStub::OnGetNetFirewallRule};
48     memberFuncMap_[static_cast<uint32_t>(GET_ALL_INTERCEPT_RECORDS)] = {Permission::MANAGE_NET_STRATEGY,
49                                                                        &NetFirewallStub::OnGetInterceptRecords};
50 }
51 
CheckFirewallPermission(std::string & strPermission)52 int32_t NetFirewallStub::CheckFirewallPermission(std::string &strPermission)
53 {
54     if (!strPermission.empty() && !NetManagerPermission::CheckPermission(strPermission)) {
55         NETMGR_EXT_LOG_E("Permission denied permission: %{public}s", strPermission.c_str());
56         return FIREWALL_ERR_PERMISSION_DENIED;
57     }
58     return FIREWALL_SUCCESS;
59 }
60 
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)61 int32_t NetFirewallStub::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply,
62     MessageOption &option)
63 {
64     std::u16string myDescripter = NetFirewallStub::GetDescriptor();
65     std::u16string remoteDescripter = data.ReadInterfaceToken();
66     if (myDescripter != remoteDescripter) {
67         NETMGR_EXT_LOG_E("descriptor checked fail");
68         return NETMANAGER_EXT_ERR_DESCRIPTOR_MISMATCH;
69     }
70     auto itFunc = memberFuncMap_.find(code);
71     if (itFunc != memberFuncMap_.end()) {
72         NETMGR_EXT_LOG_I("enter OnRemoteRequest code %{public}d:", code);
73         int32_t checkResult = CheckFirewallPermission(itFunc->second.strPermission);
74         if (checkResult != FIREWALL_SUCCESS) {
75             return checkResult;
76         }
77         auto serviceFunc = itFunc->second.serviceFunc;
78         if (serviceFunc != nullptr) {
79             return (this->*serviceFunc)(data, reply);
80         }
81     }
82     return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
83 }
84 
OnSetNetFirewallPolicy(MessageParcel & data,MessageParcel & reply)85 int32_t NetFirewallStub::OnSetNetFirewallPolicy(MessageParcel &data, MessageParcel &reply)
86 {
87     int32_t userId;
88     if (!data.ReadInt32(userId)) {
89         return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
90     }
91 
92     sptr<NetFirewallPolicy> status = NetFirewallPolicy::Unmarshalling(data);
93     if (status == nullptr) {
94         NETMGR_EXT_LOG_E("status is nullptr.");
95         return FIREWALL_ERR_INTERNAL;
96     }
97 
98     return SetNetFirewallPolicy(userId, status);
99 }
100 
OnGetNetFirewallPolicy(MessageParcel & data,MessageParcel & reply)101 int32_t NetFirewallStub::OnGetNetFirewallPolicy(MessageParcel &data, MessageParcel &reply)
102 {
103     int32_t userId;
104     if (!data.ReadInt32(userId)) {
105         return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
106     }
107     sptr<NetFirewallPolicy> status = new (std::nothrow) NetFirewallPolicy();
108     int32_t ret = GetNetFirewallPolicy(userId, status);
109     if (ret == FIREWALL_SUCCESS) {
110         if (!status->Marshalling(reply)) {
111             return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
112         }
113     }
114     return ret;
115 }
116 
OnAddNetFirewallRule(MessageParcel & data,MessageParcel & reply)117 int32_t NetFirewallStub::OnAddNetFirewallRule(MessageParcel &data, MessageParcel &reply)
118 {
119     sptr<NetFirewallRule> rule = NetFirewallRule::Unmarshalling(data);
120     if (rule == nullptr) {
121         NETMGR_EXT_LOG_E("rule is nullptr.");
122         return FIREWALL_ERR_INTERNAL;
123     }
124 
125     if (rule->localIps.size() > MAX_RULE_IP_COUNT || rule->remoteIps.size() > MAX_RULE_IP_COUNT) {
126         NETMGR_EXT_LOG_E("ip invalid, size is too long.");
127         return FIREWALL_ERR_EXCEED_MAX_IP;
128     }
129 
130     if (rule->localPorts.size() > MAX_RULE_PORT_COUNT || rule->remotePorts.size() > MAX_RULE_PORT_COUNT) {
131         NETMGR_EXT_LOG_E("port invalid, size is too long.");
132         return FIREWALL_ERR_EXCEED_MAX_PORT;
133     }
134 
135     if (rule->domains.size() > MAX_RULE_DOMAIN_COUNT) {
136         NETMGR_EXT_LOG_E("domain invalid, size is too long.");
137         return FIREWALL_ERR_EXCEED_MAX_DOMAIN;
138     }
139 
140     int32_t result = 0;
141     int32_t ret = AddNetFirewallRule(rule, result);
142     if (ret == FIREWALL_SUCCESS) {
143         if (!reply.WriteUint32(result)) {
144             ret = NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
145         }
146     }
147     NetFirewallHisysEvent::SendFirewallConfigReport(rule->userId, ret);
148     return ret;
149 }
150 
OnUpdateNetFirewallRule(MessageParcel & data,MessageParcel & reply)151 int32_t NetFirewallStub::OnUpdateNetFirewallRule(MessageParcel &data, MessageParcel &reply)
152 {
153     sptr<NetFirewallRule> rule = NetFirewallRule::Unmarshalling(data);
154     if (rule == nullptr) {
155         NETMGR_EXT_LOG_E("rule is nullptr.");
156         return FIREWALL_ERR_INTERNAL;
157     }
158 
159     if (rule->localIps.size() > MAX_RULE_IP_COUNT || rule->remoteIps.size() > MAX_RULE_IP_COUNT) {
160         NETMGR_EXT_LOG_E("ip invalid, size is too long.");
161         return FIREWALL_ERR_EXCEED_MAX_IP;
162     }
163 
164     if (rule->localPorts.size() > MAX_RULE_PORT_COUNT || rule->remotePorts.size() > MAX_RULE_PORT_COUNT) {
165         NETMGR_EXT_LOG_E("port invalid, size is too long.");
166         return FIREWALL_ERR_EXCEED_MAX_PORT;
167     }
168 
169     if (rule->domains.size() > MAX_RULE_DOMAIN_COUNT) {
170         NETMGR_EXT_LOG_E("domain invalid, size is too long.");
171         return FIREWALL_ERR_EXCEED_MAX_DOMAIN;
172     }
173 
174     int32_t ret = UpdateNetFirewallRule(rule);
175     NetFirewallHisysEvent::SendFirewallConfigReport(rule->userId, ret);
176     return ret;
177 }
178 
OnDeleteNetFirewallRule(MessageParcel & data,MessageParcel & reply)179 int32_t NetFirewallStub::OnDeleteNetFirewallRule(MessageParcel &data, MessageParcel &reply)
180 {
181     int32_t userId;
182     if (!data.ReadInt32(userId)) {
183         return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
184     }
185     if (userId <= 0) {
186         NETMGR_EXT_LOG_E("Parameter error.");
187         return FIREWALL_ERR_INVALID_PARAMETER;
188     }
189     int32_t ruleId;
190     if (!data.ReadInt32(ruleId)) {
191         return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
192     }
193     if (ruleId <= 0) {
194         NETMGR_EXT_LOG_E("Parameter error.");
195         return FIREWALL_ERR_INVALID_PARAMETER;
196     }
197     int32_t ret = DeleteNetFirewallRule(userId, ruleId);
198     NetFirewallHisysEvent::SendFirewallRequestReport(userId, ret);
199     return ret;
200 }
201 
OnGetNetFirewallRules(MessageParcel & data,MessageParcel & reply)202 int32_t NetFirewallStub::OnGetNetFirewallRules(MessageParcel &data, MessageParcel &reply)
203 {
204     int32_t userId;
205     if (!data.ReadInt32(userId)) {
206         return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
207     }
208     if (userId <= 0) {
209         NETMGR_EXT_LOG_E("Parameter error.");
210         return FIREWALL_ERR_INVALID_PARAMETER;
211     }
212     sptr<RequestParam> param = RequestParam::Unmarshalling(data);
213     if (param == nullptr) {
214         NETMGR_EXT_LOG_E("param is nullptr.");
215         return FIREWALL_ERR_INTERNAL;
216     }
217     sptr<FirewallRulePage> info = new (std::nothrow) FirewallRulePage();
218     int32_t ret = GetNetFirewallRules(userId, param, info);
219     if (ret == FIREWALL_SUCCESS) {
220         if (!info->Marshalling(reply)) {
221             return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
222         }
223     }
224     NetFirewallHisysEvent::SendFirewallRequestReport(userId, ret);
225     return ret;
226 }
227 
OnGetNetFirewallRule(MessageParcel & data,MessageParcel & reply)228 int32_t NetFirewallStub::OnGetNetFirewallRule(MessageParcel &data, MessageParcel &reply)
229 {
230     int32_t userId;
231     if (!data.ReadInt32(userId)) {
232         return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
233     }
234     int32_t ruleId;
235     if (!data.ReadInt32(ruleId)) {
236         return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
237     }
238 
239     sptr<NetFirewallRule> rule = new (std::nothrow) NetFirewallRule();
240     int32_t ret = GetNetFirewallRule(userId, ruleId, rule);
241     if (ret == FIREWALL_SUCCESS) {
242         if (!rule->Marshalling(reply)) {
243             return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
244         }
245     }
246     NetFirewallHisysEvent::SendFirewallRequestReport(userId, ret);
247     return ret;
248 }
249 
OnGetInterceptRecords(MessageParcel & data,MessageParcel & reply)250 int32_t NetFirewallStub::OnGetInterceptRecords(MessageParcel &data, MessageParcel &reply)
251 {
252     int32_t userId;
253     if (!data.ReadInt32(userId)) {
254         return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
255     }
256 
257     sptr<RequestParam> param = RequestParam::Unmarshalling(data);
258     if (param == nullptr) {
259         NETMGR_EXT_LOG_E("param is nullptr.");
260         return FIREWALL_ERR_INTERNAL;
261     }
262     sptr<InterceptRecordPage> info = new (std::nothrow) InterceptRecordPage();
263     int32_t ret = GetInterceptRecords(userId, param, info);
264     if (ret == FIREWALL_SUCCESS) {
265         if (!info->Marshalling(reply)) {
266             return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
267         }
268     }
269     NetFirewallHisysEvent::SendRecordRequestReport(userId, ret);
270     return ret;
271 }
272 } // namespace NetManagerStandard
273 } // namespace OHOS
274