1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef FIREWALL_DB_HELPER_H
17 #define FIREWALL_DB_HELPER_H
18 
19 #include <string>
20 
21 #include "netfirewall_database.h"
22 #include "netfirewall_common.h"
23 #include "rdb_common.h"
24 #include "rdb_errno.h"
25 #include "rdb_helper.h"
26 #include "rdb_open_callback.h"
27 #include "rdb_predicates.h"
28 #include "rdb_store.h"
29 #include "result_set.h"
30 #include "system_ability.h"
31 #include "value_object.h"
32 
33 namespace OHOS {
34 namespace NetManagerStandard {
35 // The data index of NetFirewallRule
36 struct NetFirewallRuleInfo {
37     int32_t rowCount;
38     int32_t ruleIdIndex;
39     int32_t ruleNameIndex;
40     int32_t ruleDescriptionIndex;
41     int32_t ruleDirectionIndex;
42     int32_t ruleActionIndex;
43     int32_t ruleTypeIndex;
44     int32_t isEnabledIndex;
45     int32_t appUidIndex;
46     int32_t protocolIndex;
47     int32_t primaryDnsIndex;
48     int32_t standbyDnsIndex;
49     int32_t localIpsIndex;
50     int32_t remoteIpsIndex;
51     int32_t localPortsIndex;
52     int32_t remotePortsIndex;
53     int32_t domainsIndex;
54     int32_t userIdIndex;
55 };
56 
57 // Intercept the structure of records in the database
58 struct NetInterceptRecordInfo {
59     int32_t rowCount;
60     int32_t idIndex;
61     int32_t timeIndex;
62     int32_t localIpIndex;
63     int32_t remoteIpIndex;
64     int32_t localPortIndex;
65     int32_t remotePortIndex;
66     int32_t protocolIndex;
67     int32_t appUidIndex;
68     int32_t domainIndex;
69 };
70 
71 // save to database @see NetFirewallIpParam
72 struct DataBaseIp {
73     uint8_t family;
74     uint8_t type;
75     uint8_t mask;
76     union {
77         struct {
78             in_addr startIp;
79             in_addr endIp;
80         } ipv4;
81         struct {
82             in6_addr startIp;
83             in6_addr endIp;
84         } ipv6;
85     };
86 };
87 
88 // save to database @see NetFirewallPortParam
89 struct DataBasePort {
90     uint16_t startPort;
91     uint16_t endPort;
92 };
93 
94 class NetFirewallDbHelper : public NoCopyable {
95 public:
96     static NetFirewallDbHelper &GetInstance();
97 
98     /**
99      * add NetFirewallRule data record
100      *
101      * @param rule net firewall rule
102      * @return Returns 0 success. Otherwise fail
103      */
104     int32_t AddFirewallRuleRecord(const NetFirewallRule &rule);
105 
106     /**
107      * Add interception logs
108      *
109      * @param userId User id
110      * @param records intercept records
111      * @return Returns 0 success. Otherwise fail
112      */
113     int32_t AddInterceptRecord(const int32_t userId, std::vector<sptr<InterceptRecord>> &records);
114 
115     /**
116      * Query enabled rule set
117      *
118      * @param rules List of rules obtained from query
119      * @return Returns 0 success. Otherwise fail
120      */
121     int32_t QueryAllUserEnabledFirewallRules(std::vector<NetFirewallRule> &rules,
122         NetFirewallRuleType type = NetFirewallRuleType::RULE_ALL);
123 
124     /**
125      * Query enabled rule set
126      *
127      * @param userId User id
128      * @param appUid The UID of an application or service
129      * @param rules List of rules obtained from query
130      * @return Returns 0 success. Otherwise fail
131      */
132     int32_t QueryEnabledFirewallRules(int32_t userId, int32_t appUid, std::vector<NetFirewallRule> &rules);
133 
134     /**
135      * Query all rules
136      *
137      * @param rules List of rules obtained from query
138      * @return Returns 0 success. Otherwise fail
139      */
140     int32_t QueryAllFirewallRuleRecord(std::vector<NetFirewallRule> &rules);
141 
142     /**
143      * Query firewall rule
144      *
145      * @param ruleId Rule id
146      * @param userId User id
147      * @param rules List of rules obtained from query
148      * @return Returns 0 success. Otherwise fail
149      */
150     int32_t QueryFirewallRuleRecord(int32_t ruleId, int32_t userId, std::vector<NetFirewallRule> &rules);
151 
152     /**
153      * Paging query firewall rules
154      *
155      * @param userId User id
156      * @param requestParam Pagination query input
157      * @param rules List of rules obtained from query
158      * @return Returns 0 success. Otherwise fail
159      */
160     int32_t QueryFirewallRule(const int32_t userId, const sptr<RequestParam> &requestParam,
161         sptr<FirewallRulePage> &info);
162 
163     /**
164      * Paging query interception records
165      *
166      * @param userId User id
167      * @param requestParam Pagination query input
168      * @param rules List of record obtained from query
169      * @return Returns 0 success. Otherwise fail
170      */
171     int32_t QueryInterceptRecord(const int32_t userId, const sptr<RequestParam> &requestParam,
172         sptr<InterceptRecordPage> &info);
173 
174     /**
175      * Query the number of firewall rules for a specified user
176      *
177      * @param userId User id
178      * @param rowCount Number of queries found
179      * @return Returns 0 success. Otherwise fail
180      */
181     int32_t QueryFirewallRuleByUserIdCount(const int32_t userId, int64_t &rowCount);
182 
183     /**
184      * Query the number of all firewall rules
185      *
186      * @param rowCount Number of queries found
187      * @return Returns 0 success. Otherwise fail
188      */
189     int32_t QueryFirewallRuleAllCount(int64_t &rowCount);
190 
191     /**
192      * Query the number of all domain rules
193      *
194      * @return Number of queries found
195      */
196     int32_t QueryFirewallRuleAllDomainCount();
197 
198     /**
199      * Query the number of ambiguous domain names
200      *
201      * @return Number of queries found
202      */
203     int32_t QueryFirewallRuleAllFuzzyDomainCount();
204 
205     /**
206      * Query the number of domain rules by userId
207      *
208      * @param userId User id
209      * @return Number of queries found
210      */
211     int32_t QueryFirewallRuleDomainByUserIdCount(int32_t userId);
212 
213     /**
214      * Update firewall rule
215      *
216      * @param rule firewall ruele
217      * @return Returns 0 success. Otherwise fail
218      */
219     int32_t UpdateFirewallRuleRecord(const NetFirewallRule &rule);
220 
221     /**
222      * Delete firewall rule
223      *
224      * @param userId User id
225      * @param ruleId Rule id
226      * @return Returns 0 success. Otherwise fail
227      */
228     int32_t DeleteFirewallRuleRecord(int32_t userId, int32_t ruleId);
229 
230     /**
231      * Delete firewall rule by user id
232      *
233      * @param userId User id
234      * @return Returns 0 success. Otherwise fail
235      */
236     int32_t DeleteFirewallRuleRecordByUserId(int32_t userId);
237 
238     /**
239      * Delete firewall rule by app uid
240      *
241      * @param appUid The UID of an application or service
242      * @return Returns 0 success. Otherwise fail
243      */
244     int32_t DeleteFirewallRuleRecordByAppId(int32_t appUid);
245 
246     /**
247      * Delete intercept record by user id
248      *
249      * @param userId User id
250      * @return Returns 0 success. Otherwise fail
251      */
252     int32_t DeleteInterceptRecord(int32_t userId);
253 
254     /**
255      * Does the specified firewall rule exist
256      *
257      * @param oldRule Current existing rules
258      * @return If there is a return to true, otherwise it will be false
259      */
260     bool IsFirewallRuleExist(int32_t ruleId, NetFirewallRule &oldRule);
261 
262     /**
263      * Does the specified dns rule exist
264      *
265      * @param oldRule Current existing rules
266      * @return If there is a return to true, otherwise it will be false
267      */
268     bool IsDnsRuleExist(const sptr<NetFirewallRule> &rule);
269 
270     /**
271      * Query the number of query databases
272      *
273      * @param outValue Number of queries found
274      * @param predicates Matching criteria
275      * @return Returns 0 success. Otherwise fail
276      */
277     int32_t Count(int64_t &outValue, const OHOS::NativeRdb::AbsRdbPredicates &predicates);
278 
279     int32_t QuerySql(const std::string &sql);
280 
281 private:
282     NetFirewallDbHelper();
283     ~NetFirewallDbHelper();
284 
285     // Fill in firewall rule data
286     int32_t FillValuesOfFirewallRule(NativeRdb::ValuesBucket &values, const NetFirewallRule &rule);
287 
288     // Check if data needs to be updated
289     int32_t CheckIfNeedUpdateEx(const std::string &tableName, bool &isUpdate, int32_t ruleId, NetFirewallRule &oldRule);
290 
291     int32_t QueryFirewallRuleRecord(const NativeRdb::RdbPredicates &rdbPredicates,
292         const std::vector<std::string> &columns, std::vector<NetFirewallRule> &rules);
293 
294     int32_t DeleteAndNoOtherOperation(const std::string &whereClause, const std::vector<std::string> &whereArgs);
295 
296     template <typename T>
297     int32_t QueryAndGetResult(const NativeRdb::RdbPredicates &rdbPredicates, const std::vector<std::string> &columns,
298         std::vector<T> &rules);
299 
300     void GetParamRuleInfoFormResultSet(std::string &columnName, int32_t index, NetFirewallRuleInfo &table);
301 
302     int32_t GetResultSetTableInfo(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
303         struct NetFirewallRuleInfo &table);
304 
305     int32_t GetResultSetTableInfo(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
306         NetInterceptRecordInfo &table);
307 
308     // Convert query result ResultSet
309     int32_t GetResultRightRecordEx(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
310         std::vector<NetFirewallRule> &rules);
311 
312     int32_t GetResultRightRecordEx(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
313         std::vector<InterceptRecord> &rules);
314 
315     int32_t AddFirewallRule(NativeRdb::ValuesBucket &values, const NetFirewallRule &rule);
316 
317     void GetRuleDataFromResultSet(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
318         const NetFirewallRuleInfo &table, NetFirewallRule &info);
319     void GetRuleListParamFromResultSet(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
320         const NetFirewallRuleInfo &table, NetFirewallRule &info);
321     static bool DomainListToBlob(const std::vector<NetFirewallDomainParam> &vec, std::vector<uint8_t> &blob,
322         uint32_t &fuzzyNum);
323     static bool BlobToDomainList(const std::vector<uint8_t> &blob, std::vector<NetFirewallDomainParam> &vec);
324     template <typename T> static void ListToBlob(const std::vector<T> &vec, std::vector<uint8_t> &blob);
325     template <typename T> static void BlobToList(const std::vector<uint8_t> &blob, std::vector<T> &vec);
326 
327     void FirewallIpToDbIp(const std::vector<NetFirewallIpParam> &ips, std::vector<DataBaseIp> &dbips);
328     void DbIpToFirewallIp(const std::vector<DataBaseIp> &dbips, std::vector<NetFirewallIpParam> &ips);
329     void FirewallPortToDbPort(const std::vector<NetFirewallPortParam> &ports, std::vector<DataBasePort> &dbports);
330     void DbPortToFirewallPort(const std::vector<DataBasePort> &dbports, std::vector<NetFirewallPortParam> &ports);
331 
332 private:
333     static std::shared_ptr<NetFirewallDbHelper> instance_;
334     std::mutex databaseMutex_;
335     std::shared_ptr<NetFirewallDataBase> firewallDatabase_;
336 };
337 } // namespace NetManagerStandard
338 } // namespace OHOS
339 
340 #endif // FIREWALL_DB_HELPER_H