1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "firewall_rule.h"
17
18 #include "device_idle_firewall_rule.h"
19 #include "net_policy_inner_define.h"
20 #include "power_save_firewall_rule.h"
21
22 namespace OHOS {
23 namespace NetManagerStandard {
CreateFirewallRule(uint32_t chain)24 std::shared_ptr<FirewallRule> FirewallRule::CreateFirewallRule(uint32_t chain)
25 {
26 switch (chain) {
27 case FIREWALL_CHAIN_DEVICE_IDLE:
28 return DelayedSingleton<DeviceIdleFirewallRule>::GetInstance();
29 case FIREWALL_CHAIN_POWER_SAVE:
30 return DelayedSingleton<PowerSaveFirewallRule>::GetInstance();
31 default:
32 break;
33 }
34 return nullptr;
35 }
36
FirewallRule(uint32_t chainType)37 FirewallRule::FirewallRule(uint32_t chainType)
38 {
39 chainType_ = chainType;
40 netsys_ = DelayedSingleton<NetsysPolicyWrapper>::GetInstance();
41 }
42
43 FirewallRule::~FirewallRule() = default;
44
GetAllowedList() const45 const std::vector<uint32_t> &FirewallRule::GetAllowedList() const
46 {
47 return allowedList_;
48 }
49
SetAllowedList(const std::vector<uint32_t> & uids,uint32_t rule)50 void FirewallRule::SetAllowedList(const std::vector<uint32_t> &uids, uint32_t rule)
51 {
52 for (auto &uid : uids) {
53 SetAllowedList(uid, rule);
54 }
55 netsys_->FirewallSetUidRule(chainType_, uids, rule);
56 }
57
SetAllowedList(uint32_t uid,uint32_t rule)58 void FirewallRule::SetAllowedList(uint32_t uid, uint32_t rule)
59 {
60 if (rule == FIREWALL_RULE_ALLOW) {
61 allowedList_.emplace_back(uid);
62 } else {
63 for (auto iter = allowedList_.begin(); iter != allowedList_.end();) {
64 if (uid == *iter) {
65 allowedList_.erase(iter);
66 break;
67 } else {
68 iter++;
69 }
70 }
71 }
72 }
73
SetAllowedList(const std::set<uint32_t> & uids)74 void FirewallRule::SetAllowedList(const std::set<uint32_t> &uids)
75 {
76 for (const auto &it : uids) {
77 if (std::find(allowedList_.begin(), allowedList_.end(), it) == allowedList_.end()) {
78 allowedList_.push_back(it);
79 }
80 }
81
82 SetAllowedList();
83 }
84
SetAllowedList()85 void FirewallRule::SetAllowedList()
86 {
87 NetmanagerHiTrace::NetmanagerStartSyncTrace("Set allowed list start");
88 netsys_->FirewallSetUidsAllowedListChain(chainType_, allowedList_);
89 NetmanagerHiTrace::NetmanagerFinishSyncTrace("Set allowed list end");
90 }
91
ClearAllowedList()92 void FirewallRule::ClearAllowedList()
93 {
94 allowedList_.clear();
95 netsys_->FirewallSetUidsAllowedListChain(chainType_, allowedList_);
96 }
97
GetDeniedList() const98 const std::vector<uint32_t> &FirewallRule::GetDeniedList() const
99 {
100 return deniedList_;
101 }
102
SetDeniedList(uint32_t uid,uint32_t rule)103 void FirewallRule::SetDeniedList(uint32_t uid, uint32_t rule)
104 {
105 if (rule == FIREWALL_RULE_DENY) {
106 deniedList_.emplace_back(uid);
107 } else {
108 for (auto iter = deniedList_.begin(); iter != deniedList_.end();) {
109 if (uid == *iter) {
110 iter = deniedList_.erase(iter);
111 } else {
112 iter++;
113 }
114 }
115 }
116 netsys_->FirewallSetUidRule(chainType_, {uid}, rule);
117 }
118
SetDeniedList(const std::vector<uint32_t> & uids)119 void FirewallRule::SetDeniedList(const std::vector<uint32_t> &uids)
120 {
121 for (const auto &it : uids) {
122 if (std::find(deniedList_.begin(), deniedList_.end(), it) == deniedList_.end()) {
123 deniedList_.push_back(it);
124 }
125 }
126
127 SetDeniedList();
128 }
129
SetDeniedList()130 void FirewallRule::SetDeniedList()
131 {
132 netsys_->FirewallSetUidsDeniedListChain(chainType_, deniedList_);
133 }
134
ClearDeniedList()135 void FirewallRule::ClearDeniedList()
136 {
137 deniedList_.clear();
138 netsys_->FirewallSetUidsAllowedListChain(chainType_, deniedList_);
139 }
140
SetUidFirewallRule(uint uid,bool isAllowed)141 void FirewallRule::SetUidFirewallRule(uint uid, bool isAllowed)
142 {
143 netsys_->FirewallSetUidRule(chainType_, {uid}, isAllowed ? FIREWALL_RULE_ALLOW : FIREWALL_RULE_DENY);
144 }
145
EnableFirewall(bool enable)146 void FirewallRule::EnableFirewall(bool enable)
147 {
148 netsys_->FirewallEnableChain(chainType_, enable);
149 }
150
RemoveFromAllowedList(uint32_t uid)151 void FirewallRule::RemoveFromAllowedList(uint32_t uid)
152 {
153 for (auto iter = allowedList_.begin(); iter != allowedList_.end(); ++iter) {
154 if (*iter == uid) {
155 allowedList_.erase(iter);
156 break;
157 }
158 }
159 netsys_->FirewallSetUidsAllowedListChain(chainType_, allowedList_);
160 }
161
ClearFirewallAllRules()162 int32_t FirewallRule::ClearFirewallAllRules()
163 {
164 return netsys_->ClearFirewallAllRules();
165 }
166
RemoveFromDeniedList(uint32_t uid)167 void FirewallRule::RemoveFromDeniedList(uint32_t uid)
168 {
169 for (auto iter = deniedList_.begin(); iter != deniedList_.end(); ++iter) {
170 if (*iter == uid) {
171 deniedList_.erase(iter);
172 break;
173 }
174 }
175 netsys_->FirewallSetUidsDeniedListChain(chainType_, deniedList_);
176 }
177 } // namespace NetManagerStandard
178 } // namespace OHOS
179