1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef NET_FIREWALL_RULES_MANAGER_H
17 #define NET_FIREWALL_RULES_MANAGER_H
18 
19 #include <string>
20 #include <shared_mutex>
21 
22 #include "netfirewall_common.h"
23 
24 namespace OHOS {
25 namespace NetManagerStandard {
26 class NetFirewallRuleManager {
27 public:
28     static NetFirewallRuleManager &GetInstance();
29     NetFirewallRuleManager();
30     ~NetFirewallRuleManager();
31 
32     /**
33      * Add firewall rules
34      *
35      * @param rule Firewall rules
36      * @param ruleId Rule id genarated by database
37      * @return Returns 0 success. Otherwise fail
38      */
39     int32_t AddNetFirewallRule(const sptr<NetFirewallRule> &rule, int32_t &ruleId);
40 
41     /**
42      * Modify firewall rules
43      *
44      * @param rule Firewall rules
45      * @return Returns 0 success. Otherwise fail
46      */
47     int32_t UpdateNetFirewallRule(const sptr<NetFirewallRule> &rule);
48 
49     /**
50      * Delete firewall rules
51      *
52      * @param userId User ID
53      * @param ruleId Rule ID
54      * @return Returns 0 success. Otherwise fail
55      */
56     int32_t DeleteNetFirewallRule(const int32_t userId, const int32_t ruleId);
57 
58     /**
59      * Get all firewall rules
60      *
61      * @param userId User ID
62      * @param requestParam Paging in parameter information
63      * @param info Paging data information
64      * @return Returns 0 success. Otherwise fail
65      */
66     int32_t GetNetFirewallRules(const int32_t userId, const sptr<RequestParam> &requestParam,
67         sptr<FirewallRulePage> &info);
68 
69     /**
70      * Get information about the specified rule ID
71      *
72      * @param ruleId Rule ID
73      * @param rule Return to firewall rules
74      * @return Returns 0 success. Otherwise fail
75      */
76     int32_t GetNetFirewallRule(const int32_t userId, const int32_t ruleId, sptr<NetFirewallRule> &rule);
77 
78     int32_t DeleteNetFirewallRuleByUserId(const int32_t userId);
79 
80     int32_t DeleteNetFirewallRuleByAppId(const int32_t appUid);
81 
82     int32_t GetEnabledNetFirewallRules(const int32_t userId, std::vector<NetFirewallRule> &ruleList,
83         NetFirewallRuleType type = NetFirewallRuleType::RULE_ALL);
84 
85     int32_t AddDefaultNetFirewallRule(int32_t userId);
86 
87     void DeleteUserRuleSize(const int32_t userId);
88 
89     int32_t OpenOrCloseNativeFirewall(bool isOpen);
90 
91     uint64_t GetCurrentSetRuleSecond();
92 
93     int64_t GetLastRulePushResult();
94 
95 private:
96     int32_t AddNetFirewallRule(const sptr<NetFirewallRule> &rule, bool isNotify, int32_t &ruleId);
97 
98     int32_t CheckUserExist(const int32_t userId);
99 
100     int32_t CheckRuleExist(const int32_t ruleId, NetFirewallRule &oldRule);
101 
102     int32_t GetAllRuleConstraint(const int32_t userId);
103 
104     int32_t CheckRuleConstraint(const sptr<NetFirewallRule> &rule);
105 
106     bool CheckAccountExist(int32_t userId);
107 
108     bool ExtractIpRules(const std::vector<NetFirewallRule> &rules, std::vector<sptr<NetFirewallIpRule>> &ipRules);
109 
110     bool ExtractDomainRules(const std::vector<NetFirewallRule> &rules,
111         std::vector<sptr<NetFirewallDomainRule>> &domainRules);
112 
113     bool ExtractDnsRules(const std::vector<NetFirewallRule> &rules, std::vector<sptr<NetFirewallDnsRule>> &dnsRules);
114 
115     int32_t HandleIpTypeForDistributeRules(std::vector<NetFirewallRule> &rules);
116 
117     int32_t HandleDnsTypeForDistributeRules(std::vector<NetFirewallRule> &rules);
118 
119     int32_t HandleDomainTypeForDistributeRules(std::vector<NetFirewallRule> &rules);
120 
121     int32_t GetCurrentAccountId();
122 
123     int32_t SetRulesToNativeByType(const int32_t userId, const NetFirewallRuleType type);
124 
125     int32_t DistributeRulesToNative(NetFirewallRuleType type = NetFirewallRuleType::RULE_ALL);
126 
127     void SetNetFirewallDumpMessage(const int32_t result);
128 
129     void UpdateUserRuleSize(const int32_t userId, bool isInc);
130 
131 private:
132     // Cache the current state
133     std::atomic<int64_t> allUserRule_ = 0;
134     int32_t allUserDomain_ = 0;
135     int64_t maxDefaultRuleSize_ = 0;
136     std::shared_mutex setFirewallRuleMutex_;
137     std::map<int32_t, int64_t> userRuleSize_;
138     std::atomic<uint64_t> currentSetRuleSecond_ = 0;
139     std::atomic<int64_t> lastRulePushResult_ = -1;
140 };
141 } // namespace NetManagerStandard
142 } // namespace OHOS
143 #endif /* NET_FIREWALL_RULES_MANAGER_H */
144