• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "firewall_rule.h"
17 
18 #include "device_idle_firewall_rule.h"
19 #include "net_policy_inner_define.h"
20 #include "power_save_firewall_rule.h"
21 
22 namespace OHOS {
23 namespace NetManagerStandard {
CreateFirewallRule(uint32_t chain)24 std::shared_ptr<FirewallRule> FirewallRule::CreateFirewallRule(uint32_t chain)
25 {
26     switch (chain) {
27         case FIREWALL_CHAIN_DEVICE_IDLE:
28             return DelayedSingleton<DeviceIdleFirewallRule>::GetInstance();
29         case FIREWALL_CHAIN_POWER_SAVE:
30             return DelayedSingleton<PowerSaveFirewallRule>::GetInstance();
31         default:
32             break;
33     }
34     return nullptr;
35 }
36 
FirewallRule(uint32_t chainType)37 FirewallRule::FirewallRule(uint32_t chainType)
38 {
39     chainType_ = chainType;
40     netsys_ = DelayedSingleton<NetsysPolicyWrapper>::GetInstance();
41 }
42 
43 FirewallRule::~FirewallRule() = default;
44 
GetAllowedList()45 std::vector<uint32_t> FirewallRule::GetAllowedList()
46 {
47     std::shared_lock<std::shared_mutex> lock(allowedListMutex_);
48     return allowedList_;
49 }
50 
SetAllowedList(const std::vector<uint32_t> & uids,uint32_t rule)51 void FirewallRule::SetAllowedList(const std::vector<uint32_t> &uids, uint32_t rule)
52 {
53     for (auto &uid : uids) {
54         SetAllowedList(uid, rule);
55     }
56     netsys_->FirewallSetUidRule(chainType_, uids, rule);
57 }
58 
SetAllowedList(uint32_t uid,uint32_t rule)59 void FirewallRule::SetAllowedList(uint32_t uid, uint32_t rule)
60 {
61     std::unique_lock<std::shared_mutex> lock(allowedListMutex_);
62     if (rule == FIREWALL_RULE_ALLOW) {
63         if (std::find(allowedList_.begin(), allowedList_.end(), uid) == allowedList_.end()) {
64             allowedList_.emplace_back(uid);
65         }
66     } else {
67         for (auto iter = allowedList_.begin(); iter != allowedList_.end();) {
68             if (uid == *iter) {
69                 allowedList_.erase(iter);
70                 break;
71             } else {
72                 iter++;
73             }
74         }
75     }
76 }
77 
SetAllowedList(const std::set<uint32_t> & uids)78 void FirewallRule::SetAllowedList(const std::set<uint32_t> &uids)
79 {
80     {
81         std::unique_lock<std::shared_mutex> lock(allowedListMutex_);
82         for (const auto &it : uids) {
83             if (std::find(allowedList_.begin(), allowedList_.end(), it) == allowedList_.end()) {
84                 allowedList_.push_back(it);
85             }
86         }
87     }
88 
89     SetAllowedList();
90 }
91 
SetAllowedList()92 void FirewallRule::SetAllowedList()
93 {
94     std::shared_lock<std::shared_mutex> lock(allowedListMutex_);
95     NetmanagerHiTrace::NetmanagerStartSyncTrace("Set allowed list start");
96     netsys_->FirewallSetUidsAllowedListChain(chainType_, allowedList_);
97     NetmanagerHiTrace::NetmanagerFinishSyncTrace("Set allowed list end");
98 }
99 
ClearAllowedList()100 void FirewallRule::ClearAllowedList()
101 {
102     std::unique_lock<std::shared_mutex> lock(allowedListMutex_);
103     allowedList_.clear();
104     netsys_->FirewallSetUidsAllowedListChain(chainType_, allowedList_);
105 }
106 
GetDeniedList()107 std::vector<uint32_t> FirewallRule::GetDeniedList()
108 {
109     std::shared_lock<std::shared_mutex> lock(deniedListMutex_);
110     return deniedList_;
111 }
112 
SetDeniedList(uint32_t uid,uint32_t rule)113 void FirewallRule::SetDeniedList(uint32_t uid, uint32_t rule)
114 {
115     std::unique_lock<std::shared_mutex> lock(deniedListMutex_);
116     if (rule == FIREWALL_RULE_DENY) {
117         if (std::find(deniedList_.begin(), deniedList_.end(), uid) == deniedList_.end()) {
118             deniedList_.emplace_back(uid);
119         }
120     } else {
121         for (auto iter = deniedList_.begin(); iter != deniedList_.end();) {
122             if (uid == *iter) {
123                 iter = deniedList_.erase(iter);
124             } else {
125                 iter++;
126             }
127         }
128     }
129     lock.unlock();
130     netsys_->FirewallSetUidRule(chainType_, {uid}, rule);
131 }
132 
SetDeniedList(const std::vector<uint32_t> & uids)133 void FirewallRule::SetDeniedList(const std::vector<uint32_t> &uids)
134 {
135     {
136         std::unique_lock<std::shared_mutex> lock(deniedListMutex_);
137         for (const auto &it : uids) {
138             if (std::find(deniedList_.begin(), deniedList_.end(), it) == deniedList_.end()) {
139                 deniedList_.push_back(it);
140             }
141         }
142     }
143 
144     SetDeniedList();
145 }
146 
SetDeniedList()147 void FirewallRule::SetDeniedList()
148 {
149     std::shared_lock<std::shared_mutex> lock(deniedListMutex_);
150     netsys_->FirewallSetUidsDeniedListChain(chainType_, deniedList_);
151 }
152 
ClearDeniedList()153 void FirewallRule::ClearDeniedList()
154 {
155     std::unique_lock<std::shared_mutex> lock(deniedListMutex_);
156     deniedList_.clear();
157     netsys_->FirewallSetUidsAllowedListChain(chainType_, deniedList_);
158 }
159 
SetUidFirewallRule(uint uid,bool isAllowed)160 void FirewallRule::SetUidFirewallRule(uint uid, bool isAllowed)
161 {
162     netsys_->FirewallSetUidRule(chainType_, {uid}, isAllowed ? FIREWALL_RULE_ALLOW : FIREWALL_RULE_DENY);
163 }
164 
EnableFirewall(bool enable)165 void FirewallRule::EnableFirewall(bool enable)
166 {
167     netsys_->FirewallEnableChain(chainType_, enable);
168 }
169 
RemoveFromAllowedList(uint32_t uid)170 void FirewallRule::RemoveFromAllowedList(uint32_t uid)
171 {
172     std::unique_lock<std::shared_mutex> lock(allowedListMutex_);
173     for (auto iter = allowedList_.begin(); iter != allowedList_.end(); ++iter) {
174         if (*iter == uid) {
175             allowedList_.erase(iter);
176             break;
177         }
178     }
179 }
180 
ClearFirewallAllRules()181 int32_t FirewallRule::ClearFirewallAllRules()
182 {
183     return netsys_->ClearFirewallAllRules();
184 }
185 
RemoveFromDeniedList(uint32_t uid)186 void FirewallRule::RemoveFromDeniedList(uint32_t uid)
187 {
188     std::unique_lock<std::shared_mutex> lock(deniedListMutex_);
189     for (auto iter = deniedList_.begin(); iter != deniedList_.end(); ++iter) {
190         if (*iter == uid) {
191             deniedList_.erase(iter);
192             break;
193         }
194     }
195     netsys_->FirewallSetUidsDeniedListChain(chainType_, deniedList_);
196 }
197 } // namespace NetManagerStandard
198 } // namespace OHOS
199