1 /* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NETWORK_VPN_SERVICE_H 17 #define NETWORK_VPN_SERVICE_H 18 19 #include <memory> 20 #include <string> 21 #include "event_handler.h" 22 #include "i_vpn_conn_state_cb.h" 23 #include "net_vpn_impl.h" 24 #include "networkvpn_service_stub.h" 25 #include "os_account_manager.h" 26 #include "singleton.h" 27 #include "system_ability.h" 28 #include "common_event_manager.h" 29 #include "common_event_subscriber.h" 30 #include "common_event_support.h" 31 #include "application_state_observer_stub.h" 32 #include "app_mgr_client.h" 33 #include "cJSON.h" 34 #include "ffrt.h" 35 #ifdef SUPPORT_SYSVPN 36 #include "ipsec_vpn_ctl.h" 37 #include "vpn_database_helper.h" 38 #endif // SUPPORT_SYSVPN 39 40 namespace OHOS { 41 namespace NetManagerStandard { 42 namespace { 43 constexpr const char *ALWAYS_ON_VPN_URI = 44 "datashare:///com.ohos.settingsdata/entry/settingsdata/SETTINGSDATA?Proxy=true&key=sharing_always_on_vpn"; 45 constexpr const char *KEY_ALWAYS_ON_VPN = "settings.netmanager.always_on_vpn"; 46 47 } // namespace 48 using namespace OHOS::EventFwk; 49 class NetworkVpnService : public SystemAbility, public NetworkVpnServiceStub, protected NoCopyable, 50 public std::enable_shared_from_this<NetworkVpnService> { 51 DECLARE_DELAYED_SINGLETON(NetworkVpnService) 52 DECLARE_SYSTEM_ABILITY(NetworkVpnService) 53 54 enum ServiceRunningState { 55 STATE_STOPPED = 0, 56 STATE_RUNNING, 57 }; 58 59 enum { 60 POWER_MODE_MIN = 600, 61 NORMAL_MODE = POWER_MODE_MIN, 62 SAVE_MODE, 63 EXTREME_MODE, 64 LOWPOWER_MODE, 65 POWER_MODE_MAX = LOWPOWER_MODE 66 }; 67 class VpnConnStateCb : public IVpnConnStateCb { 68 public: VpnConnStateCb(const NetworkVpnService & vpnService)69 explicit VpnConnStateCb(const NetworkVpnService &vpnService) : vpnService_(vpnService){}; 70 virtual ~VpnConnStateCb() = default; 71 void OnVpnConnStateChanged(const VpnConnectState &state) override; 72 73 private: 74 const NetworkVpnService &vpnService_; 75 }; 76 77 class ReceiveMessage : public OHOS::EventFwk::CommonEventSubscriber { 78 public: ReceiveMessage(const EventFwk::CommonEventSubscribeInfo & subscriberInfo,std::weak_ptr<NetworkVpnService> vpnService)79 ReceiveMessage(const EventFwk::CommonEventSubscribeInfo &subscriberInfo, 80 std::weak_ptr<NetworkVpnService> vpnService) 81 : EventFwk::CommonEventSubscriber(subscriberInfo), vpnService_(vpnService){}; 82 83 virtual void OnReceiveEvent(const EventFwk::CommonEventData &eventData) override; 84 85 private: 86 std::weak_ptr<NetworkVpnService> vpnService_; 87 }; 88 89 public: 90 /** 91 * service start 92 */ 93 void OnStart() override; 94 95 /** 96 * service stop 97 */ 98 void OnStop() override; 99 100 /** 101 * check current whether has vpn is running 102 */ 103 int32_t Prepare(bool &isExistVpn, bool &isRun, std::string &pkg) override; 104 105 /** 106 * This function is called when the three-party vpn application negotiation ends 107 */ 108 int32_t SetUpVpn(const sptr<VpnConfig> &config, bool isVpnExtCall = false) override; 109 110 /** 111 * protect vpn tunnel 112 */ 113 int32_t Protect(bool isVpnExtCall = false) override; 114 115 /** 116 * stop the vpn connection 117 */ 118 int32_t DestroyVpn(bool isVpnExtCall = false) override; 119 120 #ifdef SUPPORT_SYSVPN 121 /** 122 * This function is called when the system vpn application negotiation ends 123 */ 124 int32_t SetUpVpn(const sptr<SysVpnConfig> &config) override; 125 126 /** 127 * save the vpn config 128 */ 129 int32_t AddSysVpnConfig(sptr<SysVpnConfig> &config) override; 130 131 /** 132 * get the vpn config list 133 */ 134 int32_t DeleteSysVpnConfig(const std::string &vpnId) override; 135 136 /** 137 * get the vpn config listGetConnectedSysVpnConfig 138 */ 139 int32_t GetSysVpnConfigList(std::vector<SysVpnConfig> &vpnList) override; 140 141 /** 142 * get the vpn config 143 */ 144 int32_t GetSysVpnConfig(sptr<SysVpnConfig> &config, const std::string &vpnId) override; 145 146 /** 147 * get the vpn connection state 148 */ 149 int32_t GetConnectedSysVpnConfig(sptr<SysVpnConfig> &config) override; 150 151 /** 152 * notify the vpn connection stage and result 153 */ 154 int32_t NotifyConnectStage(const std::string &stage, const int32_t &result) override; 155 156 int32_t GetSysVpnCertUri(const int32_t certType, std::string &certUri) override; 157 #endif // SUPPORT_SYSVPN 158 159 /** 160 * register callback 161 */ 162 int32_t RegisterVpnEvent(const sptr<IVpnEventCallback> callback) override; 163 164 /** 165 * unregister callback 166 */ 167 int32_t UnregisterVpnEvent(const sptr<IVpnEventCallback> callback) override; 168 169 /** 170 * create the vpn connection 171 */ 172 int32_t CreateVpnConnection(bool isVpnExtCall = false) override; 173 174 /** 175 * dump function 176 */ 177 int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override; 178 179 /** 180 * factory reset vpn , such as always on vpn 181 * 182 * @return Returns 0 success. Otherwise fail 183 */ 184 int32_t FactoryResetVpn() override; 185 186 /** 187 * persist the always on vpn's package 188 * pass empty will disable always on VPN 189 */ 190 int32_t SetAlwaysOnVpn(std::string &pkg, bool &enable); 191 192 /** 193 * read the persisted always on vpn's package 194 */ 195 int32_t GetAlwaysOnVpn(std::string &pkg); 196 197 int32_t GetSelfAppName(std::string &selfAppName, std::string &selfBundleName) override; 198 199 int32_t SetSelfVpnPid() override; 200 201 protected: 202 void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 203 void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 204 205 private: 206 bool Init(); 207 void GetDumpMessage(std::string &message); 208 int32_t CheckCurrentAccountType(int32_t &userId, std::vector<int32_t> &activeUserIds); 209 210 void OnVpnMultiUserSetUp(); 211 int32_t SyncRegisterVpnEvent(const sptr<IVpnEventCallback> callback); 212 int32_t SyncUnregisterVpnEvent(const sptr<IVpnEventCallback> callback); 213 214 void OnNetSysRestart(); 215 void ConvertVecRouteToJson(const std::vector<Route>& routes, cJSON* jVecRoutes); 216 void ConvertNetAddrToJson(const INetAddr& netAddr, cJSON* jInetAddr); 217 void ParseConfigToJson(const sptr<VpnConfig> &vpnCfg, std::string& jsonString); 218 void SaveVpnConfig(const sptr<VpnConfig> &vpnCfg); 219 220 void ConvertRouteToConfig(Route& tmp, const cJSON* const mem); 221 void ConvertVecRouteToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc); 222 void ConvertNetAddrToConfig(INetAddr& tmp, const cJSON* const mem); 223 void ConvertVecAddrToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc); 224 void ConvertStringToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc); 225 void ParseJsonToConfig(sptr<VpnConfig> &vpnCfg, const std::string& jsonString); 226 void RecoverVpnConfig(); 227 228 void StartAlwaysOnVpn(); 229 void SubscribeCommonEvent(); 230 bool PublishEvent(const OHOS::AAFwk::Want &want, int eventCode, 231 bool isOrdered, bool isSticky, const std::vector<std::string> &permissions) const; 232 void PublishVpnConnectionStateEvent(const VpnConnectState &state) const; 233 #ifdef SUPPORT_SYSVPN 234 std::shared_ptr<NetVpnImpl> CreateSysVpnCtl(const sptr<SysVpnConfig> &config, int32_t userId, 235 std::vector<int32_t> &activeUserIds); 236 std::shared_ptr<NetVpnImpl> CreateOpenvpnCtl(sptr<VpnDataBean> vpnBean, int32_t userId, 237 std::vector<int32_t> &activeUserIds); 238 std::shared_ptr<IpsecVpnCtl> CreateIpsecVpnCtl(sptr<VpnDataBean> vpnBean, int32_t userId, 239 std::vector<int32_t> &activeUserIds); 240 int32_t QueryVpnData(const sptr<SysVpnConfig> config, sptr<VpnDataBean> &vpnBean); 241 std::shared_ptr<IpsecVpnCtl> CreateL2tpCtl(sptr<VpnDataBean> vpnBean, int32_t userId, 242 std::vector<int32_t> &activeUserIds); 243 #endif // SUPPORT_SYSVPN 244 std::string GetBundleName(); 245 std::string GetCurrentVpnBundleName(); 246 std::vector<std::string> GetCurrentVpnAbilityName(); 247 void ClearCurrentVpnUserInfo(); 248 void UnregVpnHpObserver(); 249 bool IsCurrentVpnPid(int32_t uid, int32_t pid); 250 bool CheckVpnPermission(const std::string &bundleName); 251 252 private: 253 ServiceRunningState state_ = ServiceRunningState::STATE_STOPPED; 254 bool isServicePublished_ = false; 255 std::shared_ptr<IVpnConnStateCb> vpnConnCallback_; 256 std::shared_ptr<NetVpnImpl> vpnObj_; 257 std::vector<sptr<IVpnEventCallback>> vpnEventCallbacks_; 258 std::shared_ptr<ffrt::queue> networkVpnServiceFfrtQueue_ = nullptr; 259 std::mutex netVpnMutex_; 260 bool hasSARemoved_ = false; 261 int32_t userId_ = -1; 262 263 std::shared_ptr<ReceiveMessage> subscriber_ = nullptr; 264 265 private: 266 void RegisterFactoryResetCallback(); 267 class FactoryResetCallBack : public IRemoteStub<INetFactoryResetCallback> { 268 public: FactoryResetCallBack(NetworkVpnService & vpnService)269 explicit FactoryResetCallBack(NetworkVpnService& vpnService):vpnService_(vpnService){}; 270 OnNetFactoryReset()271 int32_t OnNetFactoryReset() 272 { 273 return vpnService_.FactoryResetVpn(); 274 } 275 private: 276 NetworkVpnService& vpnService_; 277 }; 278 279 sptr<INetFactoryResetCallback> netFactoryResetCallback_ = nullptr; 280 281 public: 282 int32_t RegisterBundleName(const std::string &bundleName, const std::string &abilityName) override; 283 class VpnHapObserver : public AppExecFwk::ApplicationStateObserverStub { 284 public: VpnHapObserver(NetworkVpnService & vpnService)285 explicit VpnHapObserver(NetworkVpnService &vpnService) : vpnService_(vpnService){}; 286 virtual ~VpnHapObserver() = default; 287 void OnExtensionStateChanged(const AppExecFwk::AbilityStateData &abilityStateData) override ; 288 void OnProcessCreated(const AppExecFwk::ProcessData &processData) override ; 289 void OnProcessStateChanged(const AppExecFwk::ProcessData &processData) override ; 290 void OnProcessDied(const AppExecFwk::ProcessData &processData) override ; 291 private: 292 NetworkVpnService& vpnService_; 293 }; 294 private: 295 class VpnAppDeathRecipient : public IRemoteObject::DeathRecipient { 296 public: VpnAppDeathRecipient(NetworkVpnService & client)297 explicit VpnAppDeathRecipient(NetworkVpnService &client) : client_(client) {} 298 ~VpnAppDeathRecipient() override = default; OnRemoteDied(const wptr<IRemoteObject> & remote)299 void OnRemoteDied(const wptr<IRemoteObject> &remote) override 300 { 301 client_.OnRemoteDied(remote); 302 } 303 304 private: 305 NetworkVpnService &client_; 306 }; 307 void OnRemoteDied(const wptr<IRemoteObject> &remoteObject); 308 bool AddClientDeathRecipient(const sptr<IVpnEventCallback> &callback); 309 void RemoveClientDeathRecipient(const sptr<IVpnEventCallback> &callback); 310 void RemoveALLClientDeathRecipient(); 311 312 std::mutex vpnNameMutex_; 313 std::mutex remoteMutex_; 314 std::mutex cesMutex_; 315 sptr<IRemoteObject::DeathRecipient> deathRecipient_ = nullptr; 316 sptr<VpnHapObserver> vpnHapObserver_ = nullptr; 317 bool registeredCommonEvent_ = false; 318 int32_t hasOpenedVpnUid_ = 0; 319 std::string currentVpnBundleName_; 320 std::map<int32_t, int32_t> setVpnPidMap_; 321 int32_t currSetUpVpnPid_ = 0; 322 std::vector<std::string> currentVpnAbilityName_; 323 }; 324 } // namespace NetManagerStandard 325 } // namespace OHOS 326 #endif // NETWORK_VPN_SERVICE_H 327