1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "firewall_rule.h"
17
18 #include "device_idle_firewall_rule.h"
19 #include "net_policy_inner_define.h"
20
21 namespace OHOS {
22 namespace NetManagerStandard {
CreateFirewallRule(uint32_t chain)23 std::shared_ptr<FirewallRule> FirewallRule::CreateFirewallRule(uint32_t chain)
24 {
25 switch (chain) {
26 case FIREWALL_CHAIN_DEVICE_IDLE:
27 return DelayedSingleton<DeviceIdleFirewallRule>::GetInstance();
28 default:
29 break;
30 }
31 return nullptr;
32 }
33
FirewallRule(uint32_t chainType)34 FirewallRule::FirewallRule(uint32_t chainType)
35 {
36 chainType_ = chainType;
37 netsys_ = DelayedSingleton<NetsysPolicyWrapper>::GetInstance();
38 }
39
40 FirewallRule::~FirewallRule() = default;
41
GetAllowedList() const42 const std::vector<uint32_t> &FirewallRule::GetAllowedList() const
43 {
44 return allowedList_;
45 }
46
SetAllowedList(uint32_t uid,uint32_t rule)47 void FirewallRule::SetAllowedList(uint32_t uid, uint32_t rule)
48 {
49 if (rule == FIREWALL_RULE_ALLOW) {
50 allowedList_.emplace_back(uid);
51 } else {
52 for (auto iter = allowedList_.begin(); iter != allowedList_.end();) {
53 if (uid == *iter) {
54 allowedList_.erase(iter);
55 break;
56 } else {
57 iter++;
58 }
59 }
60 }
61 netsys_->FirewallSetUidRule(chainType_, uid, rule);
62 }
63
SetAllowedList(const std::vector<uint32_t> & uids)64 void FirewallRule::SetAllowedList(const std::vector<uint32_t> &uids)
65 {
66 for (const auto &it : uids) {
67 if (std::find(allowedList_.begin(), allowedList_.end(), it) == allowedList_.end()) {
68 allowedList_.push_back(it);
69 }
70 }
71
72 SetAllowedList();
73 }
74
SetAllowedList()75 void FirewallRule::SetAllowedList()
76 {
77 NetmanagerHiTrace::NetmanagerStartSyncTrace("Set allowed list start");
78 netsys_->FirewallSetUidsAllowedListChain(chainType_, allowedList_);
79 NetmanagerHiTrace::NetmanagerFinishSyncTrace("Set allowed list end");
80 }
81
ClearAllowedList()82 void FirewallRule::ClearAllowedList()
83 {
84 allowedList_.clear();
85 netsys_->FirewallSetUidsAllowedListChain(chainType_, allowedList_);
86 }
87
GetDeniedList() const88 const std::vector<uint32_t> &FirewallRule::GetDeniedList() const
89 {
90 return deniedList_;
91 }
92
SetDeniedList(uint32_t uid,uint32_t rule)93 void FirewallRule::SetDeniedList(uint32_t uid, uint32_t rule)
94 {
95 if (rule == FIREWALL_RULE_DENY) {
96 deniedList_.emplace_back(uid);
97 } else {
98 for (auto iter = deniedList_.begin(); iter != deniedList_.end();) {
99 if (uid == *iter) {
100 iter = deniedList_.erase(iter);
101 } else {
102 iter++;
103 }
104 }
105 }
106 netsys_->FirewallSetUidRule(chainType_, uid, rule);
107 }
108
SetDeniedList(const std::vector<uint32_t> & uids)109 void FirewallRule::SetDeniedList(const std::vector<uint32_t> &uids)
110 {
111 for (const auto &it : uids) {
112 if (std::find(deniedList_.begin(), deniedList_.end(), it) == deniedList_.end()) {
113 deniedList_.push_back(it);
114 }
115 }
116
117 SetDeniedList();
118 }
119
SetDeniedList()120 void FirewallRule::SetDeniedList()
121 {
122 netsys_->FirewallSetUidsDeniedListChain(chainType_, deniedList_);
123 }
124
ClearDeniedList()125 void FirewallRule::ClearDeniedList()
126 {
127 deniedList_.clear();
128 netsys_->FirewallSetUidsAllowedListChain(chainType_, deniedList_);
129 }
130
SetUidFirewallRule(uint uid,bool isAllowed)131 void FirewallRule::SetUidFirewallRule(uint uid, bool isAllowed)
132 {
133 netsys_->FirewallSetUidRule(chainType_, uid, isAllowed ? FIREWALL_RULE_ALLOW : FIREWALL_RULE_DENY);
134 }
135
EnableFirewall(bool enable)136 void FirewallRule::EnableFirewall(bool enable)
137 {
138 netsys_->FirewallEnableChain(chainType_, enable);
139 }
140
RemoveFromAllowedList(uint32_t uid)141 void FirewallRule::RemoveFromAllowedList(uint32_t uid)
142 {
143 for (auto iter = allowedList_.begin(); iter != allowedList_.end(); ++iter) {
144 if (*iter == uid) {
145 allowedList_.erase(iter);
146 break;
147 }
148 }
149 netsys_->FirewallSetUidsAllowedListChain(chainType_, allowedList_);
150 }
151
RemoveFromDeniedList(uint32_t uid)152 void FirewallRule::RemoveFromDeniedList(uint32_t uid)
153 {
154 for (auto iter = deniedList_.begin(); iter != deniedList_.end(); ++iter) {
155 if (*iter == uid) {
156 deniedList_.erase(iter);
157 break;
158 }
159 }
160 netsys_->FirewallSetUidsDeniedListChain(chainType_, deniedList_);
161 }
162 } // namespace NetManagerStandard
163 } // namespace OHOS
164