1 /*
2  * Copyright (C) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef NETMANAGER_BASE_FIREWALL_MANAGER_H
17 #define NETMANAGER_BASE_FIREWALL_MANAGER_H
18 
19 #include <iostream>
20 #include <map>
21 #include <mutex>
22 #include <vector>
23 
24 #include "iptables_type.h"
25 
26 namespace OHOS {
27 namespace nmd {
28 struct FirewallChainStatus {
29     bool enable;
30     NetManagerStandard::FirewallType type;
31     std::vector<uint32_t> uids;
32 };
33 
34 class FirewallManager {
35 public:
36     FirewallManager();
37     ~FirewallManager();
38     /**
39      * Set uids allowed list chain
40      *
41      * @param chain Chain type
42      * @param uids Allowed list uids
43      *
44      * @return NETMANAGER_SUCCESS suceess or NETMANAGER_ERROR failed
45      */
46     int32_t SetUidsAllowedListChain(NetManagerStandard::ChainType chain, const std::vector<uint32_t> &uids);
47 
48     /**
49      * Set uids denied list chain
50      *
51      * @param chain Chain type
52      * @param uids Denied list uids
53      *
54      * @return NETMANAGER_SUCCESS suceess or NETMANAGER_ERROR failed
55      */
56     int32_t SetUidsDeniedListChain(NetManagerStandard::ChainType chain, const std::vector<uint32_t> &uids);
57 
58     /**
59      * Enable chain
60      *
61      * @param chain Chain type
62      * @param enable Enable or disable
63      *
64      * @return NETMANAGER_SUCCESS suceess or NETMANAGER_ERROR failed
65      */
66     int32_t EnableChain(NetManagerStandard::ChainType chain, bool enable);
67 
68     /**
69      * Set uid rule
70      *
71      * @param chain Chain type
72      * @param uid Uid
73      * @param firewallRule Allow or deny
74      *
75      * @return NETMANAGER_SUCCESS suceess or NETMANAGER_ERROR failed
76      */
77     int32_t SetUidRule(NetManagerStandard::ChainType chain, uint32_t uid,
78                        NetManagerStandard::FirewallRule firewallRule);
79 
80     /**
81      * Clear firewall all rules
82      */
83     int32_t ClearAllRules();
84 
85 private:
86     std::string FetchChainName(NetManagerStandard::ChainType chain);
87     NetManagerStandard::FirewallType FetchChainType(NetManagerStandard::ChainType chain);
88     int32_t InitChain();
89     int32_t DeInitChain();
90     int32_t InitDefaultRules();
91     int32_t IptablesNewChain(NetManagerStandard::ChainType chain);
92     int32_t IptablesDeleteChain(NetManagerStandard::ChainType chain);
93     int32_t IptablesSetRule(const std::string &chainName, const std::string &option, const std::string &target,
94                             uint32_t uid);
95     std::string ReadMaxUidConfig();
96     int32_t IsFirewallChian(NetManagerStandard::ChainType chain);
97     inline void CheckChainInitialization();
98 
99 private:
100     bool chainInitFlag_;
101     std::string strMaxUid_;
102     std::mutex firewallMutex_;
103     NetManagerStandard::FirewallType firewallType_;
104     std::map<NetManagerStandard::ChainType, FirewallChainStatus> firewallChainStatus_;
105 };
106 } // namespace nmd
107 } // namespace OHOS
108 #endif // /* NETMANAGER_BASE */
109