1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "networkvpn_service.h"
17
18 #include <cerrno>
19 #include <ctime>
20 #include <fcntl.h>
21 #include <sys/socket.h>
22 #include <sys/stat.h>
23 #include <sys/types.h>
24 #include <sys/un.h>
25 #include <unistd.h>
26 #include <nlohmann/json.hpp>
27 #include <string>
28 #include <fstream>
29 #include <thread>
30 #include <nlohmann/json.hpp>
31 #include <string>
32 #include <fstream>
33
34 #include "ipc_skeleton.h"
35 #include "securec.h"
36 #include "system_ability_definition.h"
37
38 #include "extended_vpn_ctl.h"
39 #include "net_event_report.h"
40 #include "net_manager_center.h"
41 #include "net_manager_constants.h"
42 #include "net_manager_ext_constants.h"
43 #include "netmanager_base_permission.h"
44 #include "netmgr_ext_log_wrapper.h"
45 #include "netsys_controller.h"
46 #include "networkvpn_hisysevent.h"
47 #include "net_datashare_utils_iface.h"
48
49 namespace OHOS {
50 namespace NetManagerStandard {
51 constexpr int32_t MAX_CALLBACK_COUNT = 128;
52 constexpr const char *NET_ACTIVATE_WORK_THREAD = "VPN_CALLBACK_WORK_THREAD";
53 constexpr const char* VPN_CONFIG_FILE = "/data/service/el1/public/netmanager/vpn_config.json";
54 constexpr uint32_t MAX_GET_SERVICE_COUNT = 30;
55 constexpr uint32_t WAIT_FOR_SERVICE_TIME_S = 1;
56 constexpr uint32_t AGAIN_REGISTER_CALLBACK_INTERVAL = 500;
57 constexpr uint32_t MAX_RETRY_TIMES = 10;
58
59 const bool REGISTER_LOCAL_RESULT_NETVPN =
60 SystemAbility::MakeAndRegisterAbility(&Singleton<NetworkVpnService>::GetInstance());
61
NetworkVpnService()62 NetworkVpnService::NetworkVpnService() : SystemAbility(COMM_VPN_MANAGER_SYS_ABILITY_ID, true) {}
63 NetworkVpnService::~NetworkVpnService() = default;
64
OnStart()65 void NetworkVpnService::OnStart()
66 {
67 if (state_ == STATE_RUNNING) {
68 NETMGR_EXT_LOG_D("OnStart Vpn Service state is already running");
69 return;
70 }
71 if (!Init()) {
72 NETMGR_EXT_LOG_E("OnStart Vpn init failed");
73 VpnHisysEvent::SendFaultEvent(VpnEventType::TYPE_UNKNOWN, VpnEventOperator::OPERATION_START_SA,
74 VpnEventErrorType::ERROR_INTERNAL_ERROR, "Start Vpn Service failed");
75 return;
76 }
77 state_ = STATE_RUNNING;
78 NETMGR_EXT_LOG_I("OnStart vpn successful");
79 }
80
OnStop()81 void NetworkVpnService::OnStop()
82 {
83 state_ = STATE_STOPPED;
84 isServicePublished_ = false;
85
86 if (policyCallRunner_) {
87 policyCallRunner_->Stop();
88 }
89 NETMGR_EXT_LOG_I("OnStop vpn successful");
90 }
91
Dump(int32_t fd,const std::vector<std::u16string> & args)92 int32_t NetworkVpnService::Dump(int32_t fd, const std::vector<std::u16string> &args)
93 {
94 std::string result;
95 GetDumpMessage(result);
96 NETMGR_EXT_LOG_I("Vpn dump fd: %{public}d, content: %{public}s", fd, result.c_str());
97 int32_t ret = dprintf(fd, "%s\n", result.c_str());
98 if (ret < 0) {
99 NETMGR_EXT_LOG_E("dprintf failed, errno[%{public}d]", errno);
100 return NETMANAGER_EXT_ERR_INTERNAL;
101 }
102 return NETMANAGER_EXT_SUCCESS;
103 }
104
Init()105 bool NetworkVpnService::Init()
106 {
107 if (!REGISTER_LOCAL_RESULT_NETVPN) {
108 NETMGR_EXT_LOG_E("Register to local sa manager failed");
109 return false;
110 }
111 if (!isServicePublished_) {
112 if (!Publish(&Singleton<NetworkVpnService>::GetInstance())) {
113 NETMGR_EXT_LOG_E("Register to sa manager failed");
114 return false;
115 }
116 isServicePublished_ = true;
117 }
118
119 AddSystemAbilityListener(COMM_NETSYS_NATIVE_SYS_ABILITY_ID);
120
121 SubscribeCommonEvent();
122 if (!vpnConnCallback_) {
123 vpnConnCallback_ = std::make_shared<VpnConnStateCb>(*this);
124 }
125
126 if (!policyCallHandler_) {
127 policyCallRunner_ = AppExecFwk::EventRunner::Create(NET_ACTIVATE_WORK_THREAD);
128 policyCallHandler_ = std::make_shared<AppExecFwk::EventHandler>(policyCallRunner_);
129 }
130
131 RegisterFactoryResetCallback();
132 return true;
133 }
134
GetDumpMessage(std::string & message)135 void NetworkVpnService::GetDumpMessage(std::string &message)
136 {
137 std::unique_lock<std::mutex> locker(netVpnMutex_);
138 message.append("Net Vpn Info:\n");
139 if (vpnObj_ != nullptr) {
140 const auto &config = vpnObj_->GetVpnConfig();
141 std::string isLegacy = (config->isLegacy_) ? "true" : "false";
142 message.append("\tisLegacy: " + isLegacy + "\n");
143 message.append("\tPackageName: " + vpnObj_->GetVpnPkg() + "\n");
144 message.append("\tinterface: " + vpnObj_->GetInterfaceName() + "\n");
145 message.append("\tstate: connected\n");
146 } else {
147 message.append("\tstate: disconnected\n");
148 }
149 message.append("\tend.\n");
150 }
151
OnVpnConnStateChanged(const VpnConnectState & state)152 void NetworkVpnService::VpnConnStateCb::OnVpnConnStateChanged(const VpnConnectState &state)
153 {
154 NETMGR_EXT_LOG_I("receive new vpn connect state[%{public}d].", static_cast<uint32_t>(state));
155 if (vpnService_.policyCallHandler_) {
156 vpnService_.policyCallHandler_->PostSyncTask([this, &state]() {
157 std::for_each(vpnService_.vpnEventCallbacks_.begin(), vpnService_.vpnEventCallbacks_.end(),
158 [&state](const auto &callback) {
159 callback->OnVpnStateChanged((VpnConnectState::VPN_CONNECTED == state) ? true : false);
160 });
161 });
162 }
163 }
164
OnVpnMultiUserSetUp()165 void NetworkVpnService::OnVpnMultiUserSetUp()
166 {
167 NETMGR_EXT_LOG_I("user multiple execute set up.");
168 if (policyCallHandler_) {
169 policyCallHandler_->PostSyncTask([this]() {
170 std::for_each(vpnEventCallbacks_.begin(), vpnEventCallbacks_.end(),
171 [](const auto &callback) { callback->OnVpnMultiUserSetUp(); });
172 });
173 }
174 }
175
Prepare(bool & isExistVpn,bool & isRun,std::string & pkg)176 int32_t NetworkVpnService::Prepare(bool &isExistVpn, bool &isRun, std::string &pkg)
177 {
178 std::unique_lock<std::mutex> locker(netVpnMutex_);
179 isRun = false;
180 isExistVpn = false;
181 if (vpnObj_ != nullptr) {
182 isExistVpn = true;
183 isRun = vpnObj_->IsVpnConnecting();
184 pkg = vpnObj_->GetVpnPkg();
185 }
186 NETMGR_EXT_LOG_I("NetworkVpnService Prepare successfully");
187 return NETMANAGER_EXT_SUCCESS;
188 }
189
ConvertStringToConfig(sptr<VpnConfig> & vpnCfg,const nlohmann::json & doc)190 void NetworkVpnService::ConvertStringToConfig(sptr<VpnConfig> &vpnCfg, const nlohmann::json& doc)
191 {
192 if (doc.contains("dnsAddresses") && doc.at("dnsAddresses").is_array()) {
193 nlohmann::json jDnsAddrs = doc.at("dnsAddresses");
194 for (const auto& mem : jDnsAddrs) {
195 if (mem.is_string()) {
196 vpnCfg->dnsAddresses_.push_back(mem);
197 }
198 }
199 }
200 if (doc.contains("searchDomains") && doc.at("searchDomains").is_array()) {
201 nlohmann::json jDomains = doc.at("searchDomains");
202 for (const auto& mem : jDomains) {
203 if (mem.is_string()) {
204 vpnCfg->searchDomains_.push_back(mem);
205 }
206 }
207 }
208 if (doc.contains("acceptedApplications") && doc.at("acceptedApplications").is_array()) {
209 nlohmann::json jAcceptApp = doc.at("acceptedApplications");
210 for (const auto& mem : jAcceptApp) {
211 if (mem.is_string()) {
212 vpnCfg->acceptedApplications_.push_back(mem);
213 }
214 }
215 }
216 if (doc.contains("refusedApplications") && doc.at("refusedApplications").is_array()) {
217 nlohmann::json jRefuseApp = doc.at("refusedApplications");
218 for (const auto& mem : jRefuseApp) {
219 if (mem.is_string()) {
220 vpnCfg->refusedApplications_.push_back(mem);
221 }
222 }
223 }
224 }
225
ConvertNetAddrToConfig(INetAddr & tmp,const nlohmann::json & mem)226 void NetworkVpnService::ConvertNetAddrToConfig(INetAddr& tmp, const nlohmann::json& mem)
227 {
228 if (mem.contains("type") && mem.at("type").is_number()) {
229 tmp.type_ = static_cast<int32_t>(mem.at("type"));
230 }
231 if (mem.contains("family") && mem.at("family").is_number()) {
232 tmp.family_ = static_cast<int32_t>(mem.at("family"));
233 }
234 if (mem.contains("prefixlen") && mem.at("prefixlen").is_number()) {
235 tmp.prefixlen_ = static_cast<int32_t>(mem.at("prefixlen"));
236 }
237 if (mem.contains("address") && mem.at("address").is_string()) {
238 tmp.address_ = mem.at("address");
239 }
240 if (mem.contains("netMask") && mem.at("netMask").is_string()) {
241 tmp.netMask_ = mem.at("netMask");
242 }
243 if (mem.contains("hostName") && mem.at("hostName").is_string()) {
244 tmp.hostName_ = mem.at("hostName");
245 }
246 if (mem.contains("port") && mem.at("port").is_number()) {
247 tmp.port_ = static_cast<int32_t>(mem.at("port"));
248 }
249 }
250
ConvertVecAddrToConfig(sptr<VpnConfig> & vpnCfg,const nlohmann::json & doc)251 void NetworkVpnService::ConvertVecAddrToConfig(sptr<VpnConfig> &vpnCfg, const nlohmann::json& doc)
252 {
253 if (doc.contains("addresses") && doc.at("addresses").is_array()) {
254 nlohmann::json jAddrs = doc.at("addresses");
255 for (const auto& mem : jAddrs) {
256 if (mem.is_object()) {
257 INetAddr tmp;
258 ConvertNetAddrToConfig(tmp, mem);
259 vpnCfg->addresses_.push_back(tmp);
260 }
261 }
262 }
263 }
264
ConvertRouteToConfig(Route & tmp,const nlohmann::json & mem)265 void NetworkVpnService::ConvertRouteToConfig(Route& tmp, const nlohmann::json& mem)
266 {
267 if (mem.contains("iface") && mem.at("iface").is_string()) {
268 tmp.iface_ = mem.at("iface");
269 }
270 if (mem.contains("rtnType") && mem.at("rtnType").is_number()) {
271 tmp.rtnType_ = mem.at("rtnType");
272 }
273 if (mem.contains("mtu") && mem.at("mtu").is_number()) {
274 tmp.mtu_ = mem.at("mtu");
275 }
276 if (mem.contains("isHost") && mem.at("isHost").is_boolean()) {
277 tmp.isHost_ = mem.at("isHost");
278 }
279 if (mem.contains("hasGateway") && mem.at("hasGateway").is_boolean()) {
280 tmp.hasGateway_ = mem.at("hasGateway");
281 }
282 if (mem.contains("isDefaultRoute") && mem.at("isDefaultRoute").is_boolean()) {
283 tmp.isDefaultRoute_ = mem.at("isDefaultRoute");
284 }
285 if (mem.contains("destination") && mem.at("destination").is_object()) {
286 nlohmann::json elem = mem.at("destination");
287 INetAddr tmpINet;
288 ConvertNetAddrToConfig(tmpINet, elem);
289 tmp.destination_ = tmpINet;
290 }
291 if (mem.contains("gateway") && mem.at("gateway").is_object()) {
292 nlohmann::json elem = mem.at("gateway");
293 INetAddr tmpINet;
294 ConvertNetAddrToConfig(tmpINet, elem);
295 tmp.gateway_ = tmpINet;
296 }
297 }
298
ConvertVecRouteToConfig(sptr<VpnConfig> & vpnCfg,const nlohmann::json & doc)299 void NetworkVpnService::ConvertVecRouteToConfig(sptr<VpnConfig> &vpnCfg, const nlohmann::json& doc)
300 {
301 if (doc.contains("routes") && doc.at("routes").is_array()) {
302 nlohmann::json jRoutes = doc.at("routes");
303 for (const auto& mem : jRoutes) {
304 if (mem.is_object()) {
305 Route tmp;
306 ConvertRouteToConfig(tmp, mem);
307 vpnCfg->routes_.push_back(tmp);
308 }
309 }
310 }
311 }
312
ParseJsonToConfig(sptr<VpnConfig> & vpnCfg,const std::string & jsonString)313 void NetworkVpnService::ParseJsonToConfig(sptr<VpnConfig> &vpnCfg, const std::string& jsonString)
314 {
315 if (jsonString.empty() || !nlohmann::json::accept(jsonString)) {
316 return;
317 }
318 nlohmann::json doc = nlohmann::json::parse(jsonString);
319 if (doc.contains("mtu") && doc.at("mtu").is_number()) {
320 vpnCfg->mtu_ = doc.at("mtu");
321 }
322 if (doc.contains("isAcceptIPv4") && doc.at("isAcceptIPv4").is_boolean()) {
323 vpnCfg->isAcceptIPv4_ = doc.at("isAcceptIPv4");
324 }
325 if (doc.contains("isAcceptIPv6") && doc.at("isAcceptIPv6").is_boolean()) {
326 vpnCfg->isAcceptIPv6_ = doc.at("isAcceptIPv6");
327 }
328 if (doc.contains("isLegacy") && doc.at("isLegacy").is_boolean()) {
329 vpnCfg->isLegacy_ = doc.at("isLegacy");
330 }
331 if (doc.contains("isMetered") && doc.at("isMetered").is_boolean()) {
332 vpnCfg->isMetered_ = doc.at("isMetered");
333 }
334 if (doc.contains("isBlocking") && doc.at("isBlocking").is_boolean()) {
335 vpnCfg->isBlocking_ = doc.at("isBlocking");
336 }
337 ConvertStringToConfig(vpnCfg, doc);
338
339 ConvertVecAddrToConfig(vpnCfg, doc);
340
341 ConvertVecRouteToConfig(vpnCfg, doc);
342 }
343
RecoverVpnConfig()344 void NetworkVpnService::RecoverVpnConfig()
345 {
346 sptr<VpnConfig> vpnCfg = new VpnConfig();
347 std::ifstream ifs(VPN_CONFIG_FILE);
348 if (!ifs) {
349 NETMGR_EXT_LOG_D("file don't exist, don't need recover");
350 return;
351 }
352 std::string jsonString;
353 std::getline(ifs, jsonString);
354 ParseJsonToConfig(vpnCfg, jsonString);
355 SetUpVpn(vpnCfg);
356 }
357
ConvertNetAddrToJson(const INetAddr & netAddr,nlohmann::json & jInetAddr)358 void NetworkVpnService::ConvertNetAddrToJson(const INetAddr& netAddr, nlohmann::json& jInetAddr)
359 {
360 jInetAddr["type"] = netAddr.type_;
361 jInetAddr["family"] = netAddr.family_;
362 jInetAddr["prefixlen"] = netAddr.prefixlen_;
363 jInetAddr["address"] = netAddr.address_;
364 jInetAddr["netMask"] = netAddr.netMask_;
365 jInetAddr["hostName"] = netAddr.hostName_;
366 jInetAddr["port"] = netAddr.port_;
367 }
368
ConvertVecRouteToJson(const std::vector<Route> & routes,nlohmann::json & jVecRoutes)369 void NetworkVpnService::ConvertVecRouteToJson(const std::vector<Route>& routes, nlohmann::json& jVecRoutes)
370 {
371 for (const auto& mem : routes) {
372 nlohmann::json jRoute;
373 jRoute["iface"] = mem.iface_;
374 nlohmann::json jDestination;
375 ConvertNetAddrToJson(mem.destination_, jDestination);
376 jRoute["destination"] = jDestination;
377 nlohmann::json jGateway;
378 ConvertNetAddrToJson(mem.gateway_, jGateway);
379 jRoute["gateway"] = jGateway;
380 jRoute["rtnType"] = mem.rtnType_;
381 jRoute["mtu"] = mem.mtu_;
382 jRoute["isHost"] = mem.isHost_;
383 jRoute["hasGateway"] = mem.hasGateway_;
384 jRoute["isDefaultRoute"] = mem.isDefaultRoute_;
385 jVecRoutes.push_back(jRoute);
386 }
387 }
388
ParseConfigToJson(const sptr<VpnConfig> & vpnCfg,std::string & jsonString)389 void NetworkVpnService::ParseConfigToJson(const sptr<VpnConfig> &vpnCfg, std::string& jsonString)
390 {
391 nlohmann::json jVpnCfg;
392 nlohmann::json jVecAddrs = nlohmann::json::array();
393 for (const auto& mem : vpnCfg->addresses_) {
394 nlohmann::json jInetAddr;
395 ConvertNetAddrToJson(mem, jInetAddr);
396 jVecAddrs.push_back(jInetAddr);
397 }
398 jVpnCfg["addresses"] = jVecAddrs;
399
400 nlohmann::json jVecRoutes = nlohmann::json::array();
401 ConvertVecRouteToJson(vpnCfg->routes_, jVecRoutes);
402 jVpnCfg["routes"] = jVecRoutes;
403
404 jVpnCfg["mtu"] = vpnCfg->mtu_;
405 jVpnCfg["isAcceptIPv4"] = vpnCfg->isAcceptIPv4_;
406 jVpnCfg["isAcceptIPv6"] = vpnCfg->isAcceptIPv6_;
407 jVpnCfg["isLegacy"] = vpnCfg->isLegacy_;
408 jVpnCfg["isMetered"] = vpnCfg->isMetered_;
409 jVpnCfg["isBlocking"] = vpnCfg->isBlocking_;
410
411 nlohmann::json jVecDnsAddrs = nlohmann::json::array();
412 for (const auto& mem : vpnCfg->dnsAddresses_) {
413 jVecDnsAddrs.push_back(mem);
414 }
415 jVpnCfg["dnsAddresses"] = jVecDnsAddrs;
416
417 nlohmann::json jVecDomains = nlohmann::json::array();
418 for (const auto& mem : vpnCfg->searchDomains_) {
419 jVecDomains.push_back(mem);
420 }
421 jVpnCfg["searchDomains"] = jVecDomains;
422
423 nlohmann::json jVecAcceptApp = nlohmann::json::array();
424 for (const auto& mem : vpnCfg->acceptedApplications_) {
425 jVecAcceptApp.push_back(mem);
426 }
427 jVpnCfg["acceptedApplications"] = jVecAcceptApp;
428
429 nlohmann::json jVecRefuseApp = nlohmann::json::array();
430 for (const auto& mem : vpnCfg->refusedApplications_) {
431 jVecRefuseApp.push_back(mem);
432 }
433 jVpnCfg["refusedApplications"] = jVecRefuseApp;
434
435 jsonString = jVpnCfg.dump();
436 }
437
SaveVpnConfig(const sptr<VpnConfig> & vpnCfg)438 void NetworkVpnService::SaveVpnConfig(const sptr<VpnConfig> &vpnCfg)
439 {
440 std::string jsonString;
441 ParseConfigToJson(vpnCfg, jsonString);
442 std::ofstream ofs(VPN_CONFIG_FILE);
443 ofs << jsonString;
444 }
445
SetUpVpn(const sptr<VpnConfig> & config,bool isVpnExtCall)446 int32_t NetworkVpnService::SetUpVpn(const sptr<VpnConfig> &config, bool isVpnExtCall)
447 {
448 std::unique_lock<std::mutex> locker(netVpnMutex_);
449 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
450 std::vector<int32_t> activeUserIds;
451 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
452 if (NETMANAGER_EXT_SUCCESS != ret) {
453 return ret;
454 }
455
456 if (vpnObj_ != nullptr) {
457 if (vpnObj_->GetUserId() == userId) {
458 NETMGR_EXT_LOG_W("vpn exist already, please execute destory first");
459 return NETWORKVPN_ERROR_VPN_EXIST;
460 } else {
461 OnVpnMultiUserSetUp();
462 vpnObj_->Destroy();
463 }
464 }
465
466 vpnObj_ = std::make_shared<ExtendedVpnCtl>(config, "", userId, activeUserIds);
467 if (vpnObj_->RegisterConnectStateChangedCb(vpnConnCallback_) != NETMANAGER_EXT_SUCCESS) {
468 NETMGR_EXT_LOG_E("SetUpVpn register internal callback fail.");
469 return NETMANAGER_EXT_ERR_INTERNAL;
470 }
471 NETMGR_EXT_LOG_I("NetworkVpnService SetUp");
472 ret = vpnObj_->SetUp();
473 return ret;
474 }
475
Protect(bool isVpnExtCall)476 int32_t NetworkVpnService::Protect(bool isVpnExtCall)
477 {
478 /*
479 * Only permission verification is performed and
480 * the protected socket implements fwmark_service in the netsys process.
481 */
482 NETMGR_EXT_LOG_I("Protect vpn tunnel successfully.");
483 return NETMANAGER_EXT_SUCCESS;
484 }
485
DestroyVpn(bool isVpnExtCall)486 int32_t NetworkVpnService::DestroyVpn(bool isVpnExtCall)
487 {
488 std::unique_lock<std::mutex> locker(netVpnMutex_);
489 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
490 std::vector<int32_t> activeUserIds;
491 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
492 if (NETMANAGER_EXT_SUCCESS != ret) {
493 return ret;
494 }
495
496 if ((vpnObj_ != nullptr) && (vpnObj_->Destroy() != NETMANAGER_EXT_SUCCESS)) {
497 NETMGR_EXT_LOG_E("destroy vpn is failed");
498 return NETMANAGER_EXT_ERR_INTERNAL;
499 }
500 vpnObj_ = nullptr;
501 // remove vpn config
502 remove(VPN_CONFIG_FILE);
503 NETMGR_EXT_LOG_I("Destroy vpn successfully.");
504 return NETMANAGER_EXT_SUCCESS;
505 }
506
RegisterVpnEvent(const sptr<IVpnEventCallback> callback)507 int32_t NetworkVpnService::RegisterVpnEvent(const sptr<IVpnEventCallback> callback)
508 {
509 int32_t ret = NETMANAGER_EXT_ERR_OPERATION_FAILED;
510 if (policyCallHandler_) {
511 policyCallHandler_->PostSyncTask([this, &callback, &ret]() { ret = SyncRegisterVpnEvent(callback); });
512 }
513 return ret;
514 }
515
UnregisterVpnEvent(const sptr<IVpnEventCallback> callback)516 int32_t NetworkVpnService::UnregisterVpnEvent(const sptr<IVpnEventCallback> callback)
517 {
518 int32_t ret = NETMANAGER_EXT_ERR_OPERATION_FAILED;
519 if (policyCallHandler_) {
520 policyCallHandler_->PostSyncTask([this, &callback, &ret]() { ret = SyncUnregisterVpnEvent(callback); });
521 }
522 return ret;
523 }
524
CreateVpnConnection(bool isVpnExtCall)525 int32_t NetworkVpnService::CreateVpnConnection(bool isVpnExtCall)
526 {
527 /*
528 * Only permission verification is performed
529 */
530 NETMGR_EXT_LOG_I("CreateVpnConnection successfully.");
531 return NETMANAGER_EXT_SUCCESS;
532 }
533
CheckCurrentAccountType(int32_t & userId,std::vector<int32_t> & activeUserIds)534 int32_t NetworkVpnService::CheckCurrentAccountType(int32_t &userId, std::vector<int32_t> &activeUserIds)
535 {
536 int32_t uid = IPCSkeleton::GetCallingUid();
537 int32_t userId_Max = 99;
538 if (AccountSA::OsAccountManager::GetOsAccountLocalIdFromUid(uid, userId) != ERR_OK) {
539 NETMGR_EXT_LOG_E("GetOsAccountLocalIdFromUid error, uid: %{public}d.", uid);
540 return NETMANAGER_EXT_ERR_INTERNAL;
541 }
542
543 if (AccountSA::OsAccountManager::QueryActiveOsAccountIds(activeUserIds) != ERR_OK) {
544 NETMGR_EXT_LOG_E("QueryActiveOsAccountIds error.");
545 }
546
547 if (userId >= 0 && userId <= userId_Max) {
548 return NETMANAGER_EXT_SUCCESS;
549 }
550
551 auto itr = std::find_if(activeUserIds.begin(), activeUserIds.end(),
552 [userId](const int32_t &elem) { return (elem == userId) ? true : false; });
553 if (itr == activeUserIds.end()) {
554 NETMGR_EXT_LOG_E("userId: %{public}d is not active user. activeUserIds.size: %{public}zd", userId,
555 activeUserIds.size());
556 return NETWORKVPN_ERROR_REFUSE_CREATE_VPN;
557 }
558
559 activeUserIds.clear();
560
561 AccountSA::OsAccountInfo accountInfo;
562 if (AccountSA::OsAccountManager::QueryOsAccountById(userId, accountInfo) != ERR_OK) {
563 NETMGR_EXT_LOG_E("QueryOsAccountById error, userId: %{public}d.", userId);
564 return NETMANAGER_EXT_ERR_INTERNAL;
565 }
566
567 if (accountInfo.GetType() == AccountSA::OsAccountType::GUEST) {
568 NETMGR_EXT_LOG_E("The guest user cannot execute the VPN interface.");
569 return NETWORKVPN_ERROR_REFUSE_CREATE_VPN;
570 }
571 return NETMANAGER_EXT_SUCCESS;
572 }
573
SyncRegisterVpnEvent(const sptr<IVpnEventCallback> callback)574 int32_t NetworkVpnService::SyncRegisterVpnEvent(const sptr<IVpnEventCallback> callback)
575 {
576 for (auto iterCb = vpnEventCallbacks_.begin(); iterCb != vpnEventCallbacks_.end(); iterCb++) {
577 if ((*iterCb)->AsObject().GetRefPtr() == callback->AsObject().GetRefPtr()) {
578 NETMGR_EXT_LOG_E("Register vpn event callback failed, callback already exists");
579 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
580 }
581 }
582
583 if (vpnEventCallbacks_.size() >= MAX_CALLBACK_COUNT) {
584 NETMGR_EXT_LOG_E("callback above max count, return error.");
585 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
586 }
587
588 vpnEventCallbacks_.push_back(callback);
589 NETMGR_EXT_LOG_I("Register vpn event callback successfully");
590 return NETMANAGER_EXT_SUCCESS;
591 }
592
SyncUnregisterVpnEvent(const sptr<IVpnEventCallback> callback)593 int32_t NetworkVpnService::SyncUnregisterVpnEvent(const sptr<IVpnEventCallback> callback)
594 {
595 for (auto iter = vpnEventCallbacks_.begin(); iter != vpnEventCallbacks_.end(); ++iter) {
596 if (callback->AsObject().GetRefPtr() == (*iter)->AsObject().GetRefPtr()) {
597 vpnEventCallbacks_.erase(iter);
598 NETMGR_EXT_LOG_I("Unregister vpn event successfully.");
599 return NETMANAGER_EXT_SUCCESS;
600 }
601 }
602 NETMGR_EXT_LOG_E("Unregister vpn event callback is does not exist.");
603 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
604 }
605
OnAddSystemAbility(int32_t systemAbilityId,const std::string & deviceId)606 void NetworkVpnService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId)
607 {
608 NETMGR_EXT_LOG_D("NetworkVpnService::OnAddSystemAbility systemAbilityId[%{public}d]", systemAbilityId);
609 if (systemAbilityId == COMM_NETSYS_NATIVE_SYS_ABILITY_ID) {
610 if (hasSARemoved_) {
611 OnNetSysRestart();
612 hasSARemoved_ = false;
613 }
614 }
615 }
616
OnRemoveSystemAbility(int32_t systemAbilityId,const std::string & deviceId)617 void NetworkVpnService::OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId)
618 {
619 NETMGR_EXT_LOG_D("NetworkVpnService::OnRemoveSystemAbility systemAbilityId[%{public}d]", systemAbilityId);
620 if (systemAbilityId == COMM_NETSYS_NATIVE_SYS_ABILITY_ID) {
621 hasSARemoved_ = true;
622 }
623 }
624
OnNetSysRestart()625 void NetworkVpnService::OnNetSysRestart()
626 {
627 NETMGR_EXT_LOG_I("NetworkVpnService::OnNetSysRestart");
628
629 if (vpnObj_ != nullptr) {
630 vpnObj_->ResumeUids();
631 }
632 }
633
FactoryResetVpn()634 int32_t NetworkVpnService::FactoryResetVpn()
635 {
636 NETMGR_EXT_LOG_I("factory reset Vpn enter.");
637
638 return NETMANAGER_EXT_SUCCESS;
639 }
640
RegisterFactoryResetCallback()641 void NetworkVpnService::RegisterFactoryResetCallback()
642 {
643 std::thread t([this]() {
644 uint32_t count = 0;
645 while (NetConnClient::GetInstance().SystemReady() != NETMANAGER_SUCCESS && count < MAX_GET_SERVICE_COUNT) {
646 std::this_thread::sleep_for(std::chrono::seconds(WAIT_FOR_SERVICE_TIME_S));
647 count++;
648 }
649 NETMGR_EXT_LOG_W("NetConnClient Get SystemReady count: %{public}u", count);
650 if (count > MAX_GET_SERVICE_COUNT) {
651 NETMGR_EXT_LOG_E("Connect netconn service fail.");
652 } else {
653 netFactoryResetCallback_ = (std::make_unique<FactoryResetCallBack>(*this)).release();
654 if (netFactoryResetCallback_ != nullptr) {
655 int ret = NetConnClient::GetInstance().RegisterNetFactoryResetCallback(netFactoryResetCallback_);
656 if (ret != NETMANAGER_SUCCESS) {
657 NETMGR_EXT_LOG_E("RegisterNetFactoryResetCallback ret: %{public}d.", ret);
658 }
659 } else {
660 NETMGR_EXT_LOG_E("netFactoryResetCallback_ is null.");
661 }
662 }
663 });
664 std::string threadName = "vpnRegisterFactoryResetCallback";
665 pthread_setname_np(t.native_handle(), threadName.c_str());
666 t.detach();
667 }
668
SetAlwaysOnVpn(std::string & pkg,bool & enable)669 int32_t NetworkVpnService::SetAlwaysOnVpn(std::string &pkg, bool &enable)
670 {
671 int32_t ret = NetDataShareHelperUtilsIface::Update(ALWAYS_ON_VPN_URI, KEY_ALWAYS_ON_VPN, (enable ? pkg:""));
672 if (ret != NETMANAGER_EXT_SUCCESS) {
673 NETMGR_EXT_LOG_E("SetAlwaysOnVpn fail: %{public}d", ret);
674 return NETMANAGER_ERR_INTERNAL;
675 }
676 NETMGR_EXT_LOG_I("SetAlwaysOnVpn success: %{public}s", pkg.c_str());
677
678 StartAlwaysOnVpn();
679
680 return NETMANAGER_EXT_SUCCESS;
681 }
682
GetAlwaysOnVpn(std::string & pkg)683 int32_t NetworkVpnService::GetAlwaysOnVpn(std::string &pkg)
684 {
685 std::string value = "";
686 int32_t ret = NetDataShareHelperUtilsIface::Query(ALWAYS_ON_VPN_URI, KEY_ALWAYS_ON_VPN, value);
687 if (ret != NETMANAGER_EXT_SUCCESS) {
688 NETMGR_EXT_LOG_E("GetAlwaysOnVpn fail: %{public}d", ret);
689 return NETMANAGER_ERR_INTERNAL;
690 }
691 pkg = value;
692 NETMGR_EXT_LOG_I("GetAlwaysOnVpn success: %{public}s", pkg.c_str());
693 return NETMANAGER_EXT_SUCCESS;
694 }
695
StartAlwaysOnVpn()696 void NetworkVpnService::StartAlwaysOnVpn()
697 {
698 //first, according the uerId, query local vpn config, if exist apply
699 //the config as VPN, if the local VPN is null, query the local kept
700 //package if exist will call up the target app to provide the VPN
701 std::string alwaysOnBundleName = "";
702 int32_t ret = GetAlwaysOnVpn(alwaysOnBundleName);
703 if (ret != NETMANAGER_EXT_SUCCESS) {
704 NETMGR_EXT_LOG_E("StartAlwaysOnVpn fail: %{public}d", ret);
705 return;
706 }
707
708 if (alwaysOnBundleName != "") {
709 if (vpnObj_ != nullptr) {
710 std::string pkg = vpnObj_->GetVpnPkg();
711 if (pkg != alwaysOnBundleName) {
712 NETMGR_EXT_LOG_W("vpn [ %{public}s] exist, destroy vpn first", pkg.c_str());
713 DestroyVpn();
714 }
715 }
716 // recover vpn config
717 RecoverVpnConfig();
718 }
719 }
720
SubscribeCommonEvent()721 void NetworkVpnService::SubscribeCommonEvent()
722 {
723 EventFwk::MatchingSkills matchingSkills;
724 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_USER_UNLOCKED);
725 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_POWER_SAVE_MODE_CHANGED);
726 EventFwk::CommonEventSubscribeInfo subscribeInfo(matchingSkills);
727 // 1 means CORE_EVENT_PRIORITY
728 subscribeInfo.SetPriority(1);
729 subscriber_ = std::make_shared<ReceiveMessage>(subscribeInfo, *this);
730 uint32_t tryCount = 0;
731 bool subscribeResult = false;
732 while (!subscribeResult && tryCount <= MAX_RETRY_TIMES) {
733 std::this_thread::sleep_for(std::chrono::milliseconds(AGAIN_REGISTER_CALLBACK_INTERVAL));
734 subscribeResult = EventFwk::CommonEventManager::SubscribeCommonEvent(subscriber_);
735 tryCount++;
736 NETMGR_EXT_LOG_E("SubscribeCommonEvent try %{public}d", tryCount);
737 }
738
739 if (!subscribeResult) {
740 NETMGR_EXT_LOG_E("SubscribeCommonEvent fail: %{public}d", subscribeResult);
741 }
742 }
743
OnReceiveEvent(const EventFwk::CommonEventData & eventData)744 void NetworkVpnService::ReceiveMessage::OnReceiveEvent(const EventFwk::CommonEventData &eventData)
745 {
746 const auto &action = eventData.GetWant().GetAction();
747 const auto &data = eventData.GetData();
748 const auto &code = eventData.GetCode();
749 NETMGR_EXT_LOG_I("NetVReceiveMessage::OnReceiveEvent(), event:[%{public}s], data:[%{public}s], code:[%{public}d]",
750 action.c_str(), data.c_str(), code);
751 if (action == EventFwk::CommonEventSupport::COMMON_EVENT_POWER_SAVE_MODE_CHANGED) {
752 bool isPowerSave = (code == SAVE_MODE || code == LOWPOWER_MODE);
753 if (isPowerSave) {
754 vpnService_.StartAlwaysOnVpn();
755 }
756 return;
757 }
758
759 if (action == EventFwk::CommonEventSupport::COMMON_EVENT_USER_UNLOCKED) {
760 vpnService_.StartAlwaysOnVpn();
761 }
762 }
763 } // namespace NetManagerStandard
764 } // namespace OHOS
765