1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef FIREWALL_RULE_H 17 #define FIREWALL_RULE_H 18 19 #include <string> 20 #include <vector> 21 22 #include "refbase.h" 23 24 #include "netmanager_hitrace.h" 25 #include "netsys_policy_wrapper.h" 26 27 namespace OHOS { 28 namespace NetManagerStandard { 29 class FirewallRule : public std::enable_shared_from_this<FirewallRule> { 30 public: 31 /** 32 * Creare firewall rule 33 * 34 * @param chain The chain type 35 * @return std::shared_ptr<FirewallRule> The firewall rule, such as DeviceIdleFirewallRule 36 */ 37 static std::shared_ptr<FirewallRule> CreateFirewallRule(uint32_t chain); 38 39 /** 40 * Get the firewall allow list. 41 * 42 * @return const std::vector<uint32_t>& The firewall allow list 43 */ 44 virtual const std::vector<uint32_t> &GetAllowedList() const; 45 46 /** 47 * Set the firewall allow list 48 * 49 * @param uid The UID of application 50 * @param rule The firewall rull, see {@link FIREWALL_RULE_ALLOW and FIREWALL_RULE_DENY} 51 */ 52 virtual void SetAllowedList(uint32_t uid, uint32_t rule); 53 54 /** 55 * Set the firewall allow list 56 * 57 * @param uids The vector of UID 58 */ 59 virtual void SetAllowedList(const std::vector<uint32_t> &uids); 60 61 /** 62 * Set the firewall allow list 63 * 64 */ 65 virtual void SetAllowedList(); 66 67 /** 68 * Get the firewall reject list 69 * 70 * @return const std::vector<uint32_t>& The firewall reject list 71 */ 72 virtual const std::vector<uint32_t> &GetDeniedList() const; 73 74 /** 75 * Set the firewall reject list 76 * 77 * @param uid The UID of application 78 * @param rule The firewall rull, see {@link FIREWALL_RULE_ALLOW} and {@link FIREWALL_RULE_DENY} 79 */ 80 virtual void SetDeniedList(uint32_t uid, uint32_t rule); 81 82 /** 83 * Set the firewall reject list 84 * 85 * @param uids The vector of UID 86 */ 87 virtual void SetDeniedList(const std::vector<uint32_t> &uids); 88 89 /** 90 * Set the firewall reject list 91 * 92 */ 93 virtual void SetDeniedList(); 94 95 /** 96 * Clear the firewall allow list 97 * 98 */ 99 void ClearAllowedList(); 100 101 /** 102 * Clear the firewall reject list 103 * 104 */ 105 void ClearDeniedList(); 106 107 /** 108 * Set the firewall rule for the specified UID 109 * 110 * @param uid The UID of application 111 * @param isAllow allow the firewall rule or not 112 */ 113 virtual void SetUidFirewallRule(uint32_t uid, bool isAllow); 114 115 /** 116 * Enable the firewall rule 117 * 118 * @param enable true: enable the firewall rule; false: disable the firewall rule 119 */ 120 virtual void EnableFirewall(bool enable); 121 122 /** 123 * Remove the UID from the firewall allow list 124 * 125 * @param uid The UID of application 126 */ 127 virtual void RemoveFromAllowedList(uint32_t uid); 128 129 /** 130 * Remove the UID from the firewall reject list 131 * 132 * @param uid The UID of application 133 */ 134 virtual void RemoveFromDeniedList(uint32_t uid); 135 136 protected: 137 explicit FirewallRule(uint32_t chainType); 138 virtual ~FirewallRule(); 139 140 protected: 141 uint32_t chainType_ = 0; 142 std::string chainName_; 143 std::vector<uint32_t> allowedList_; 144 std::vector<uint32_t> deniedList_; 145 bool modeEnable_ = false; 146 147 private: 148 std::shared_ptr<NetsysPolicyWrapper> netsys_ = nullptr; 149 }; 150 } // namespace NetManagerStandard 151 } // namespace OHOS 152 #endif // FIREWALL_RULE_H 153