1 /* 2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NET_POLICY_SERVICE_H 17 #define NET_POLICY_SERVICE_H 18 19 #include <atomic> 20 #include <mutex> 21 22 #include "event_runner.h" 23 #include "singleton.h" 24 #include "system_ability.h" 25 #include "system_ability_definition.h" 26 27 #include "net_bundle.h" 28 #include "net_policy_callback.h" 29 #include "net_policy_event_handler.h" 30 #include "net_policy_firewall.h" 31 #include "net_policy_rule.h" 32 #include "net_policy_service_common.h" 33 #include "net_policy_service_stub.h" 34 #include "net_policy_traffic.h" 35 #include "net_access_policy.h" 36 #include "net_access_policy_rdb.h" 37 #include "common_event_subscriber.h" 38 #include "common_event_support.h" 39 40 namespace OHOS { 41 namespace NetManagerStandard { 42 #define NET_SYMBOL_VISIBLE __attribute__ ((visibility("default"))) 43 class NET_SYMBOL_VISIBLE NetPolicyService : public SystemAbility, 44 public NetPolicyServiceStub, 45 public std::enable_shared_from_this<NetPolicyService> { 46 DECLARE_DELAYED_SINGLETON(NetPolicyService) 47 DECLARE_SYSTEM_ABILITY(NetPolicyService) 48 49 public: 50 void OnStart() override; 51 void OnStop() override; 52 int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override; 53 54 /** 55 * Set the network policy for the specified UID. 56 * @param uid The specified UID of app. 57 * @param policy The network policy for application. 58 * For details, see {@link NetUidPolicy}. 59 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 60 */ 61 int32_t SetPolicyByUid(uint32_t uid, uint32_t policy) override; 62 63 /** 64 * Get the network policy of the specified UID. 65 * @param uid The specified UID of app. 66 * @param policy Return this uid's policy. 67 * For details, see {@link NetUidPolicy}. 68 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 69 */ 70 int32_t GetPolicyByUid(uint32_t uid, uint32_t &policy) override; 71 72 /** 73 * Get the application UIDs of the specified policy. 74 * @param policy the network policy of the current UID of application. 75 * For details, see {@link NetUidPolicy}. 76 * @param uids The list of UIDs 77 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 78 */ 79 int32_t GetUidsByPolicy(uint32_t policy, std::vector<uint32_t> &uids) override; 80 81 /** 82 * Get the status whether the specified uid app can access the metered network or non-metered network. 83 * @param uid The specified UID of application. 84 * @param metered Indicates metered network or non-metered network. 85 * @param isAllowed Return true means it's allowed to access the network. 86 * Return false means it's not allowed to access the network. 87 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 88 */ 89 int32_t IsUidNetAllowed(uint32_t uid, bool metered, bool &isAllowed) override; 90 91 /** 92 * Get the status whether the specified uid app can access the specified iface network. 93 * @param uid The specified UID of application. 94 * @param ifaceName Iface name. 95 * @param isAllowed Return true means it's allowed to access the network. 96 * Return false means it's not allowed to access the network. 97 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 98 */ 99 int32_t IsUidNetAllowed(uint32_t uid, const std::string &ifaceName, bool &isAllowed) override; 100 101 /** 102 * Register network policy change callback. 103 * @param callback Interface type pointer. 104 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 105 */ 106 int32_t RegisterNetPolicyCallback(const sptr<INetPolicyCallback> &callback) override; 107 108 /** 109 * Unregister network policy change callback. 110 * @param callback Interface type pointer. 111 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 112 */ 113 int32_t UnregisterNetPolicyCallback(const sptr<INetPolicyCallback> &callback) override; 114 115 /** 116 * Set policies by NetPolicyQuotaPolicy. 117 * @param quotaPolicies The list of network quota policy, {@link NetQuotaPolicy}. 118 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 119 */ 120 int32_t SetNetQuotaPolicies(const std::vector<NetQuotaPolicy> "aPolicies) override; 121 122 /** 123 * Get network policies. 124 * @param quotaPolicies The list of network quota policy, {@link NetQuotaPolicy}. 125 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 126 */ 127 int32_t GetNetQuotaPolicies(std::vector<NetQuotaPolicy> "aPolicies) override; 128 129 /** 130 * Reset network policies\rules\quota policies\firewall rules. 131 * @param simId Specify the matched simId of quota policy. 132 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 133 */ 134 int32_t ResetPolicies(const std::string &simId) override; 135 136 /** 137 * Control if apps can use data on background. 138 * @param allowBackground Allow apps to use data on background. 139 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 140 */ 141 int32_t SetBackgroundPolicy(bool allowBackground) override; 142 143 /** 144 * Get the status if apps can use data on background. 145 * @param backgroundPolicy True is allowed to use data on background. 146 * False is not allowed to use data on background. 147 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 148 */ 149 int32_t GetBackgroundPolicy(bool &backgroundPolicy) override; 150 151 /** 152 * Get the background network restriction policy for the specified uid. 153 * @param uid uid The specified UID of application. 154 * @param backgroundPolicyOfUid The specified UID of backgroundPolicy. 155 * For details, see {@link NetBackgroundPolicy}. 156 * @return uint32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 157 */ 158 int32_t GetBackgroundPolicyByUid(uint32_t uid, uint32_t &backgroundPolicyOfUid) override; 159 160 /** 161 * Update the limit or warning remind time of quota policy. 162 * @param netType {@link NetBearType}. 163 * @param simId Specify the matched simId of quota policy when netType is cellular. 164 * @param remindType {@link RemindType}. 165 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 166 */ 167 int32_t UpdateRemindPolicy(int32_t netType, const std::string &simId, uint32_t remindType) override; 168 169 /** 170 * Set the UID into device idle allow list. 171 * @param uid The specified UID of application. 172 * @param isAllowed The UID is into allowed list or not. 173 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 174 */ 175 int32_t SetDeviceIdleTrustlist(const std::vector<uint32_t> &uids, bool isAllowed) override; 176 177 /** 178 * Get the allow list of UID in device idle mode. 179 * @param uids The list of UIDs 180 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 181 */ 182 int32_t GetDeviceIdleTrustlist(std::vector<uint32_t> &uids) override; 183 184 /** 185 * Process network policy in device idle mode. 186 * @param enable Device idle mode is open or not. 187 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 188 */ 189 int32_t SetDeviceIdlePolicy(bool enable) override; 190 191 /** 192 * Get the allow list of UID in power save mode. 193 * 194 * @param uids The list of UIDs. 195 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 196 */ 197 int32_t GetPowerSaveTrustlist(std::vector<uint32_t> &uids) override; 198 199 /** 200 * Set the UID into power save allow list. 201 * @param uid The specified UID of application. 202 * @param isAllowed The UID is into allowed list or not. 203 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 204 */ 205 int32_t SetPowerSaveTrustlist(const std::vector<uint32_t> &uids, bool isAllowed) override; 206 207 /** 208 * Process network policy in Power Save mode. 209 * 210 * @param enable Power save mode is open or not. 211 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 212 */ 213 int32_t SetPowerSavePolicy(bool enable) override; 214 215 /** 216 * Check if you have permission 217 * 218 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 219 */ 220 int32_t CheckPermission() override; 221 222 /** 223 * factory reset net policies 224 * 225 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 226 */ 227 int32_t FactoryResetPolicies() override; 228 229 /** 230 * Set the policy to access the network of the specified application. 231 * 232 * @param uid The specified UID of application. 233 * @param policy The network access policy of application, {@link NetworkAccessPolicy}. 234 * @param reconfirmFlag true means a reconfirm diaglog trigger while policy deny network access. 235 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 236 */ 237 int32_t SetNetworkAccessPolicy(uint32_t uid, NetworkAccessPolicy policy, bool reconfirmFlag) override; 238 239 /** 240 * Query the network access policy of the specified application or all applications. 241 * 242 * @param parameter Indicate to get all or an application network access policy, {@link AccessPolicyParameter}. 243 * @param policy The network access policy of application, {@link AccessPolicySave}. 244 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 245 */ 246 int32_t GetNetworkAccessPolicy(AccessPolicyParameter parameter, AccessPolicySave& policy) override; 247 GetNetAccessPolicyDBHandler()248 NetAccessPolicyRDB GetNetAccessPolicyDBHandler() 249 { 250 static NetAccessPolicyRDB netAccessPolicy; 251 return netAccessPolicy; 252 } 253 int32_t DeleteNetworkAccessPolicy(uint32_t uid); 254 int32_t NotifyNetAccessPolicyDiag(uint32_t uid) override; 255 int32_t RefreshNetworkAccessPolicyFromConfig(); 256 257 /** 258 * Set NIC Traffic allowed or disallowed 259 * 260 * @param ifaceNames ifaceNames 261 * @param status true for allowed, false for disallowed 262 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 263 */ 264 int32_t SetNicTrafficAllowed(const std::vector<std::string> &ifaceNames, bool status) override; 265 266 void SetBrokerUidAccessPolicyMap(std::optional<uint32_t> uid); 267 void DelBrokerUidAccessPolicyMap(uint32_t uid); 268 269 protected: 270 void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 271 void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 272 273 private: 274 void Init(); 275 int32_t GetDumpMessage(std::string &message); 276 277 void OnNetSysRestart(); 278 void ResetNetAccessPolicy(); 279 void UpdateNetAccessPolicyToMapFromDB(); 280 void OverwriteNetAccessPolicyToDBFromConfig(); 281 void UpdateNetworkAccessPolicyFromConfig(const std::string &bundleName, NetworkAccessPolicy &policy); 282 int32_t GetActivatedOsAccountId(int32_t &userId); 283 std::unordered_map<uint32_t, SampleBundleInfo> GetSampleBundleInfosForActiveUser(); 284 285 private: 286 enum ServiceRunningState { 287 STATE_STOPPED = 0, 288 STATE_RUNNING, 289 }; 290 291 std::shared_ptr<NetPolicyTraffic> netPolicyTraffic_ = nullptr; 292 std::shared_ptr<NetPolicyFirewall> netPolicyFirewall_ = nullptr; 293 std::shared_ptr<NetPolicyRule> netPolicyRule_ = nullptr; 294 std::shared_ptr<NetPolicyFile> netPolicyFile_ = nullptr; 295 ServiceRunningState state_ = ServiceRunningState::STATE_STOPPED; 296 std::shared_ptr<NetPolicyCore> netPolicyCore_ = nullptr; 297 std::shared_ptr<NetPolicyCallback> netPolicyCallback_ = nullptr; 298 sptr<NetPolicyServiceCommon> serviceComm_ = nullptr; 299 std::mutex mutex_; 300 std::vector<uint16_t> monthDay_; 301 302 bool hasSARemoved_ = false; 303 304 private: 305 void RegisterFactoryResetCallback(); 306 307 class FactoryResetCallBack : public IRemoteStub<INetFactoryResetCallback> { 308 public: FactoryResetCallBack(std::shared_ptr<NetPolicyService> netPolicy)309 FactoryResetCallBack(std::shared_ptr<NetPolicyService> netPolicy) 310 { 311 netPolicy_ = netPolicy; 312 } 313 OnNetFactoryReset()314 int32_t OnNetFactoryReset() 315 { 316 if (netPolicy_ != nullptr) { 317 netPolicy_->FactoryResetPolicies(); 318 return NETMANAGER_SUCCESS; 319 } else { 320 return NETMANAGER_ERR_LOCAL_PTR_NULL; 321 } 322 } 323 private: 324 std::shared_ptr<NetPolicyService> netPolicy_ = nullptr; 325 }; 326 sptr<INetFactoryResetCallback> netFactoryResetCallback_ = nullptr; 327 }; 328 } // namespace NetManagerStandard 329 } // namespace OHOS 330 #endif // NET_POLICY_SERVICE_H 331