1 /* 2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NET_POLICY_RULE_H 17 #define NET_POLICY_RULE_H 18 19 #include <map> 20 21 #include "net_policy_base.h" 22 #include "netmanager_base_common_utils.h" 23 24 namespace OHOS { 25 namespace NetManagerStandard { 26 constexpr uint32_t POLICY_TRANS_CONDITION_MASK = 0b11111111110000000000; 27 constexpr uint32_t POLICY_TRANS_RULE_MASK = 0b00000000001111111000; 28 constexpr uint32_t POLICY_TRANS_NET_CTRL_MASK = 0b00000000000000000111; 29 constexpr u_int8_t CONDITION_START_BIT = 10; 30 constexpr u_int8_t RULE_START_BIT = 3; 31 32 enum PolicyTransCtrl { 33 POLICY_TRANS_CTRL_NONE = 0b000, 34 POLICY_TRANS_CTRL_ADD_DENIEDLIST = 0b010, 35 POLICY_TRANS_CTRL_ADD_ALLOWEDLIST = 0b100, 36 POLICY_TRANS_CTRL_REMOVE_ALL = 0b001, 37 }; 38 39 struct UidPolicyRule { 40 uint32_t policy_ = 0; 41 uint32_t rule_ = 1 << 7; 42 uint32_t netsys_ = 7; 43 }; 44 45 class NetPolicyRule : public NetPolicyBase { 46 public: 47 NetPolicyRule(); 48 void Init(); 49 void HandleEvent(int32_t eventId, const std::shared_ptr<PolicyEvent> &policyEvent); 50 51 /** 52 * Transform policy to rule and netsys-control. 53 * 54 * @param uid The UID of application. 55 * @param policy See {@link NetUidPolicy}. 56 * @return Returns 0 success. Otherwise fail. 57 * @permission ohos.permission.CONNECTIVITY_INTERNAL 58 * @systemapi Hide this for inner system use. 59 */ 60 int32_t TransPolicyToRule(uint32_t uid, uint32_t policy); 61 62 /** 63 * Get the status whether the specified uid app can access the metered network or non-metered network. 64 * 65 * @param uid The specified UID of application. 66 * @param metered Indicates meterd network or non-metered network. 67 * @param isAllowed Return true means it's allowed to access the network. 68 * Return false means it's not allowed to access the network. 69 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 70 * @permission ohos.permission.CONNECTIVITY_INTERNAL 71 * @systemapi Hide this for inner system use. 72 */ 73 int32_t IsUidNetAllowed(uint32_t uid, bool metered, bool &isAllowed); 74 75 /** 76 * Get the network policy of the specified UID. 77 * 78 * @param uid The specified UID of app. 79 * @param policy Return this uid's policy. 80 * For details, see {@link NetUidPolicy}. 81 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 82 * @permission ohos.permission.CONNECTIVITY_INTERNAL 83 * @systemapi Hide this for inner system use. 84 */ 85 int32_t GetPolicyByUid(uint32_t uid, uint32_t &policy); 86 87 /** 88 * Get the application UIDs of the specified policy. 89 * 90 * @param policy the network policy of the current UID of application. 91 * @param uids The list of UIDs. 92 * For details, see {@link NetUidPolicy}. 93 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 94 * @permission ohos.permission.CONNECTIVITY_INTERNAL 95 * @systemapi Hide this for inner system use. 96 */ 97 int32_t GetUidsByPolicy(uint32_t policy, std::vector<uint32_t> &uids); 98 99 /** 100 * Reset network policies and rules. 101 * 102 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 103 * @permission ohos.permission.CONNECTIVITY_INTERNAL 104 * @systemapi Hide this for inner system use. 105 */ 106 int32_t ResetPolicies(); 107 108 /** 109 * Control if apps can use data on background. 110 * 111 * @param allow Allow apps to use data on background. 112 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 113 * @permission ohos.permission.CONNECTIVITY_INTERNAL 114 * @systemapi Hide this for inner system use. 115 */ 116 int32_t SetBackgroundPolicy(bool allow); 117 118 /** 119 * Get the background network restriction policy for the specified uid. 120 * 121 * @param uid The specified UID of application. 122 * @param backgroundPolicyOfUid The specified UID of backgroundPolicy. 123 * For details, see {@link NetBackgroundPolicy}. 124 * @return uint32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 125 * @permission ohos.permission.CONNECTIVITY_INTERNAL 126 * @systemapi Hide this for inner system use. 127 */ 128 int32_t GetBackgroundPolicyByUid(uint32_t uid, uint32_t &backgroundPolicyOfUid); 129 130 /** 131 * Get the status if apps can use data on background. 132 * @param backgroundPolicy True is allowed to use data on background. 133 * False is not allowed to use data on background. 134 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 135 * @permission ohos.permission.CONNECTIVITY_INTERNAL 136 * @systemapi Hide this for inner system use. 137 */ 138 int32_t GetBackgroundPolicy(bool &backgroundPolicy); 139 140 /** 141 * Get the Dump Message object. 142 */ 143 void GetDumpMessage(std::string &message); 144 145 // When system's mode status is changed, do this function. 146 void TransPolicyToRule(); 147 148 private: 149 void NetsysCtrl(uint32_t uid, uint32_t netsysCtrl); 150 void TransConditionToRuleAndNetsys(uint32_t policyCondition, uint32_t uid, uint32_t policy); 151 uint32_t MoveToConditionBit(uint32_t value); 152 uint32_t MoveToRuleBit(uint32_t value); 153 uint32_t ChangePolicyToPolicyTransitionCondition(uint32_t policy); 154 uint32_t BuildTransCondition(uint32_t uid, uint32_t policy); 155 uint32_t GetMatchTransCondition(uint32_t policyCondition); 156 157 // When a uid add into some forbidden list, do this function. 158 void TransPolicyToRule(uint32_t uid); 159 bool IsIdleMode(); 160 bool InIdleAllowedList(uint32_t uid); 161 bool IsLimitByAdmin(); 162 bool IsForeground(uint32_t uid); 163 bool IsPowerSave(); 164 bool InPowerSaveAllowedList(uint32_t uid); 165 bool IsLimitedBackground(); 166 void DeleteUid(uint32_t uid); 167 bool IsValidNetPolicy(uint32_t policy); 168 void UpdateForegroundUidList(uint32_t uid, bool isForeground); 169 170 private: 171 std::map<uint32_t, UidPolicyRule> uidPolicyRules_; 172 bool backgroundAllow_ = true; 173 bool deviceIdleMode_ = false; 174 bool powerSaveMode_ = false; 175 std::set<uint32_t> deviceIdleAllowedList_; 176 std::set<uint32_t> powerSaveAllowedList_; 177 std::set<uint32_t> foregroundUidList_; 178 179 private: 180 /** 181 * The map for transforming conditions to net rule and netsys control. 182 * 183 * Example: 184 * bit 11~20 bit 4~10 bit 1~3 185 * 0000001100 0010000 110 186 * Condition Rule Netsys control 187 * 188 * Condition: see {@link enum PolicyTransCondition} 189 * Rule: see {@link enum NetUidRule} 190 * Netsys control: see {@link enum NetsysOperation} 191 * 192 * Transform Flow: 193 * 1. According to the status of system(such as device idle mode or power save mode) 194 * and the net policy of uid, construct the Condition by bit operations. 195 * 2. Find the matched Condition in this map. 196 * 3. Get the rule bits and netsys-control bits from the matched Condition. 197 * 4. Process the corresponding operations. 198 */ 199 static inline const std::vector<uint32_t> POLICY_TRANS_MAP = { 200 0b00011000000100000000, 0b10000000000000100010, 0b00010000001000000000, 0b00000010100000010100, 201 0b00000011000000001100, 0b00000010010000001100, 0b01000000001000000000, 0b00000100100000010100, 202 0b00000100010000100010, 0b00000000010000000001, 0b00000001000000100010, 0b00000000000000000001, 203 }; 204 }; 205 } // namespace NetManagerStandard 206 } // namespace OHOS 207 #endif // NET_POLICY_RULE_H 208