1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "networkvpn_service.h"
17
18 #include <cerrno>
19 #include <ctime>
20 #include <fcntl.h>
21 #include <sys/socket.h>
22 #include <sys/stat.h>
23 #include <sys/types.h>
24 #include <sys/un.h>
25 #include <unistd.h>
26 #include <string>
27 #include <fstream>
28 #include <thread>
29
30 #include "ipc_skeleton.h"
31 #include "securec.h"
32 #include "system_ability_definition.h"
33 #include "iservice_registry.h"
34
35 #include "ability_manager_client.h"
36 #include "extended_vpn_ctl.h"
37 #include "net_event_report.h"
38 #include "net_manager_center.h"
39 #include "net_manager_constants.h"
40 #include "net_manager_ext_constants.h"
41 #include "netmanager_base_permission.h"
42 #include "netmgr_ext_log_wrapper.h"
43 #include "netsys_controller.h"
44 #include "networkvpn_hisysevent.h"
45 #include "net_datashare_utils_iface.h"
46 #ifdef SUPPORT_SYSVPN
47 #include "ipsec_vpn_ctl.h"
48 #include "l2tp_vpn_ctl.h"
49 #include "open_vpn_ctl.h"
50 #include "vpn_data_bean.h"
51 #endif // SUPPORT_SYSVPN
52
53 namespace OHOS {
54 namespace NetManagerStandard {
55 constexpr int32_t USER_ID_DIVIDOR = 200000;
56 constexpr int32_t MAX_CALLBACK_COUNT = 128;
57 constexpr const char *NET_ACTIVATE_WORK_THREAD = "VPN_CALLBACK_WORK_THREAD";
58 constexpr const char* VPN_CONFIG_FILE = "/data/service/el1/public/netmanager/vpn_config.json";
59 constexpr const char* VPN_EXTENSION_LABEL = ":vpn";
60 constexpr uint32_t MAX_GET_SERVICE_COUNT = 30;
61 constexpr uint32_t WAIT_FOR_SERVICE_TIME_S = 1;
62 constexpr uint32_t UID_NET_SYS_NATIVE = 1098;
63 constexpr const char *VPNEXT_MODE_URI =
64 "datashare:///com.ohos.settingsdata/entry/settingsdata/SETTINGSDATA?Proxy=true&key=vpnext_mode";
65
66 const bool REGISTER_LOCAL_RESULT_NETVPN =
67 SystemAbility::MakeAndRegisterAbility(DelayedSingleton<NetworkVpnService>::GetInstance().get());
68
69 constexpr const int INVALID_CODE = -1;
70 const std::vector<std::string> ACCESS_PERMISSION {"ohos.permission.GET_NETWORK_INFO"};
71 constexpr const char *const PARAM_KEY_STATE = "state";
72 constexpr const char *const COMMON_EVENT_VPN_CONNECT_STATUS_VALUE =
73 "usual.event.VPN_CONNECTION_STATUS_CHANGED";
74
NetworkVpnService()75 NetworkVpnService::NetworkVpnService() : SystemAbility(COMM_VPN_MANAGER_SYS_ABILITY_ID, true) {}
~NetworkVpnService()76 NetworkVpnService::~NetworkVpnService()
77 {
78 {
79 std::lock_guard<std::mutex> autoLock(cesMutex_);
80 if (subscriber_ != nullptr) {
81 EventFwk::CommonEventManager::UnSubscribeCommonEvent(subscriber_);
82 }
83 }
84 RemoveALLClientDeathRecipient();
85 }
86
OnStart()87 void NetworkVpnService::OnStart()
88 {
89 if (state_ == STATE_RUNNING) {
90 NETMGR_EXT_LOG_D("OnStart Vpn Service state is already running");
91 return;
92 }
93 if (!Init()) {
94 NETMGR_EXT_LOG_E("OnStart Vpn init failed");
95 VpnHisysEvent::SendFaultEvent(VpnEventType::TYPE_UNKNOWN, VpnEventOperator::OPERATION_START_SA,
96 VpnEventErrorType::ERROR_INTERNAL_ERROR, "Start Vpn Service failed");
97 return;
98 }
99 state_ = STATE_RUNNING;
100 NETMGR_EXT_LOG_I("OnStart vpn successful");
101 }
102
OnStop()103 void NetworkVpnService::OnStop()
104 {
105 state_ = STATE_STOPPED;
106 isServicePublished_ = false;
107
108 NETMGR_EXT_LOG_I("OnStop vpn successful");
109 }
110
Dump(int32_t fd,const std::vector<std::u16string> & args)111 int32_t NetworkVpnService::Dump(int32_t fd, const std::vector<std::u16string> &args)
112 {
113 std::string result;
114 GetDumpMessage(result);
115 NETMGR_EXT_LOG_I("Vpn dump fd: %{public}d, content: %{public}s", fd, result.c_str());
116 int32_t ret = dprintf(fd, "%s\n", result.c_str());
117 if (ret < 0) {
118 NETMGR_EXT_LOG_E("dprintf failed, errno[%{public}d]", errno);
119 return NETMANAGER_EXT_ERR_INTERNAL;
120 }
121 return NETMANAGER_EXT_SUCCESS;
122 }
123
Init()124 bool NetworkVpnService::Init()
125 {
126 if (!REGISTER_LOCAL_RESULT_NETVPN) {
127 NETMGR_EXT_LOG_E("Register to local sa manager failed");
128 return false;
129 }
130 networkVpnServiceFfrtQueue_ = std::make_shared<ffrt::queue>("NetworkVpnService");
131 if (!networkVpnServiceFfrtQueue_) {
132 NETMGR_EXT_LOG_E("FFRT Create Fail");
133 return false;
134 }
135 if (!isServicePublished_) {
136 if (!Publish(DelayedSingleton<NetworkVpnService>::GetInstance().get())) {
137 NETMGR_EXT_LOG_E("Register to sa manager failed");
138 return false;
139 }
140 isServicePublished_ = true;
141 }
142
143 AddSystemAbilityListener(COMM_NETSYS_NATIVE_SYS_ABILITY_ID);
144 AddSystemAbilityListener(COMMON_EVENT_SERVICE_ID);
145
146 SubscribeCommonEvent();
147 if (!vpnConnCallback_) {
148 vpnConnCallback_ = std::make_shared<VpnConnStateCb>(*this);
149 }
150
151 vpnHapObserver_ = new VpnHapObserver(*this);
152 RegisterFactoryResetCallback();
153 return true;
154 }
155
GetDumpMessage(std::string & message)156 void NetworkVpnService::GetDumpMessage(std::string &message)
157 {
158 std::unique_lock<std::mutex> locker(netVpnMutex_);
159 message.append("Net Vpn Info:\n");
160 if (vpnObj_ != nullptr) {
161 const auto &config = vpnObj_->GetVpnConfig();
162 std::string isLegacy = (config->isLegacy_) ? "true" : "false";
163 message.append("\tisLegacy: " + isLegacy + "\n");
164 message.append("\tPackageName: " + vpnObj_->GetVpnPkg() + "\n");
165 message.append("\tinterface: " + vpnObj_->GetInterfaceName() + "\n");
166 message.append("\tstate: connected\n");
167 } else {
168 message.append("\tstate: disconnected\n");
169 }
170 message.append("\tend.\n");
171 }
172
PublishEvent(const OHOS::AAFwk::Want & want,int eventCode,bool isOrdered,bool isSticky,const std::vector<std::string> & permissions) const173 bool NetworkVpnService::PublishEvent(const OHOS::AAFwk::Want &want, int eventCode,
174 bool isOrdered, bool isSticky, const std::vector<std::string> &permissions) const
175 {
176 OHOS::EventFwk::CommonEventData data;
177 data.SetWant(want);
178 if (eventCode != INVALID_CODE) {
179 data.SetCode(eventCode);
180 }
181 OHOS::EventFwk::CommonEventPublishInfo publishInfo;
182 publishInfo.SetOrdered(isOrdered);
183 // sticky tag: EventFwk would keep last event for later subscriber.
184 publishInfo.SetSticky(isSticky);
185 if (permissions.size() > 0) {
186 publishInfo.SetSubscriberPermissions(permissions);
187 }
188 bool publishResult = OHOS::EventFwk::CommonEventManager::PublishCommonEvent(data, publishInfo);
189 return publishResult;
190 }
191
PublishVpnConnectionStateEvent(const VpnConnectState & state) const192 void NetworkVpnService::PublishVpnConnectionStateEvent(const VpnConnectState &state) const
193 {
194 if (userId_ == 0) {
195 NETMGR_EXT_LOG_D("sys user0 do not notify vpn status.");
196 return;
197 }
198 OHOS::AAFwk::Want want;
199 want.SetAction(COMMON_EVENT_VPN_CONNECT_STATUS_VALUE);
200 want.SetParam(PARAM_KEY_STATE, (state == VpnConnectState::VPN_CONNECTED) ? 1 : 0);
201 if (!PublishEvent(want, INVALID_CODE, false, true, ACCESS_PERMISSION)) {
202 NETMGR_EXT_LOG_I("Publish vpn connection state fail.");
203 }
204 }
205
OnVpnConnStateChanged(const VpnConnectState & state)206 void NetworkVpnService::VpnConnStateCb::OnVpnConnStateChanged(const VpnConnectState &state)
207 {
208 NETMGR_EXT_LOG_I("receive new vpn connect state[%{public}d].", static_cast<uint32_t>(state));
209 vpnService_.PublishVpnConnectionStateEvent(state);
210 if (!vpnService_.networkVpnServiceFfrtQueue_) {
211 NETMGR_EXT_LOG_E("FFRT Create Fail");
212 return;
213 }
214 std::function<void()> OnVpnConnStateChangedFunction = [this, &state]() {
215 std::for_each(vpnService_.vpnEventCallbacks_.begin(), vpnService_.vpnEventCallbacks_.end(),
216 [&state](const auto &callback) {
217 callback->OnVpnStateChanged((VpnConnectState::VPN_CONNECTED == state) ? true : false);
218 });
219 };
220 ffrt::task_handle OnVpnConnStateTask =
221 vpnService_.networkVpnServiceFfrtQueue_->submit_h(OnVpnConnStateChangedFunction,
222 ffrt::task_attr().name("OnVpnConnStateChanged"));
223 vpnService_.networkVpnServiceFfrtQueue_->wait(OnVpnConnStateTask);
224 }
225
OnVpnMultiUserSetUp()226 void NetworkVpnService::OnVpnMultiUserSetUp()
227 {
228 NETMGR_EXT_LOG_I("user multiple execute set up.");
229 if (!networkVpnServiceFfrtQueue_) {
230 NETMGR_EXT_LOG_E("FFRT Create Fail");
231 return;
232 }
233 std::function<void()> OnVpnMultiUserSetUpFunction = [this]() {
234 std::for_each(vpnEventCallbacks_.begin(), vpnEventCallbacks_.end(),
235 [](const auto &callback) { callback->OnVpnMultiUserSetUp(); });
236 };
237 ffrt::task_handle OnVpnMultiUserSetUpTask =
238 networkVpnServiceFfrtQueue_->submit_h(OnVpnMultiUserSetUpFunction,
239 ffrt::task_attr().name("OnVpnMultiUserSetUp"));
240 networkVpnServiceFfrtQueue_->wait(OnVpnMultiUserSetUpTask);
241 }
242
Prepare(bool & isExistVpn,bool & isRun,std::string & pkg)243 int32_t NetworkVpnService::Prepare(bool &isExistVpn, bool &isRun, std::string &pkg)
244 {
245 std::unique_lock<std::mutex> locker(netVpnMutex_);
246 isRun = false;
247 isExistVpn = false;
248 if (vpnObj_ != nullptr) {
249 isExistVpn = true;
250 isRun = vpnObj_->IsVpnConnecting();
251 pkg = vpnObj_->GetVpnPkg();
252 }
253 NETMGR_EXT_LOG_I("NetworkVpnService Prepare successfully");
254 return NETMANAGER_EXT_SUCCESS;
255 }
256
ConvertStringToConfig(sptr<VpnConfig> & vpnCfg,const cJSON * const doc)257 void NetworkVpnService::ConvertStringToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)
258 {
259 cJSON *dnsAddr = cJSON_GetObjectItem(doc, "dnsAddresses");
260 if (dnsAddr != nullptr && cJSON_IsArray(dnsAddr)) {
261 for (int32_t i = 0; i < cJSON_GetArraySize(dnsAddr); i++) {
262 cJSON *item = cJSON_GetArrayItem(dnsAddr, i);
263 if (cJSON_IsString(item)) {
264 std::string mem = cJSON_GetStringValue(item);
265 vpnCfg->dnsAddresses_.push_back(mem);
266 }
267 }
268 }
269 cJSON *sDomain = cJSON_GetObjectItem(doc, "searchDomains");
270 if (sDomain != nullptr && cJSON_IsArray(sDomain)) {
271 for (int32_t i = 0; i < cJSON_GetArraySize(sDomain); i++) {
272 cJSON *item = cJSON_GetArrayItem(sDomain, i);
273 if (cJSON_IsString(item)) {
274 std::string mem = cJSON_GetStringValue(item);
275 vpnCfg->searchDomains_.push_back(mem);
276 }
277 }
278 }
279 cJSON *acceptApp = cJSON_GetObjectItem(doc, "acceptedApplications");
280 if (acceptApp != nullptr && cJSON_IsArray(acceptApp)) {
281 for (int32_t i = 0; i < cJSON_GetArraySize(acceptApp); i++) {
282 cJSON *item = cJSON_GetArrayItem(acceptApp, i);
283 if (cJSON_IsString(item)) {
284 std::string mem = cJSON_GetStringValue(item);
285 NETMGR_EXT_LOG_D("acceptApp = %{public}s", mem.c_str());
286 vpnCfg->acceptedApplications_.push_back(mem);
287 }
288 }
289 }
290 cJSON *refusedApp = cJSON_GetObjectItem(doc, "refusedApplications");
291 if (refusedApp != nullptr && cJSON_IsArray(refusedApp)) {
292 for (int32_t i = 0; i < cJSON_GetArraySize(refusedApp); i++) {
293 cJSON *item = cJSON_GetArrayItem(refusedApp, i);
294 if (cJSON_IsString(item)) {
295 std::string mem = cJSON_GetStringValue(item);
296 NETMGR_EXT_LOG_D("refusedApp = %{public}s", mem.c_str());
297 vpnCfg->refusedApplications_.push_back(mem);
298 }
299 }
300 }
301 }
302
ConvertNetAddrToConfig(INetAddr & tmp,const cJSON * const mem)303 void NetworkVpnService::ConvertNetAddrToConfig(INetAddr& tmp, const cJSON* const mem)
304 {
305 cJSON *type = cJSON_GetObjectItem(mem, "type");
306 if (type != nullptr && cJSON_IsNumber(type)) {
307 tmp.type_ = static_cast<int32_t>(cJSON_GetNumberValue(type));
308 NETMGR_EXT_LOG_D("type = %{public}d", tmp.type_);
309 }
310 cJSON *family = cJSON_GetObjectItem(mem, "family");
311 if (family != nullptr && cJSON_IsNumber(family)) {
312 tmp.family_ = static_cast<int32_t>(cJSON_GetNumberValue(family));
313 NETMGR_EXT_LOG_D("family = %{public}d", tmp.family_);
314 }
315 cJSON *prefixlen = cJSON_GetObjectItem(mem, "prefixlen");
316 if (prefixlen != nullptr && cJSON_IsNumber(prefixlen)) {
317 tmp.prefixlen_ = static_cast<int32_t>(cJSON_GetNumberValue(prefixlen));
318 NETMGR_EXT_LOG_D("prefixlen = %{public}d", tmp.prefixlen_);
319 }
320 cJSON *address = cJSON_GetObjectItem(mem, "address");
321 if (address != nullptr && cJSON_IsString(address)) {
322 tmp.address_ = cJSON_GetStringValue(address);
323 }
324 cJSON *netMask = cJSON_GetObjectItem(mem, "netMask");
325 if (netMask != nullptr && cJSON_IsString(netMask)) {
326 tmp.netMask_ = cJSON_GetStringValue(netMask);
327 NETMGR_EXT_LOG_D("netMask = %{public}s", tmp.netMask_.c_str());
328 }
329 cJSON *hostName = cJSON_GetObjectItem(mem, "hostName");
330 if (hostName != nullptr && cJSON_IsString(hostName)) {
331 tmp.hostName_ = cJSON_GetStringValue(hostName);
332 }
333 cJSON *port = cJSON_GetObjectItem(mem, "port");
334 if (port != nullptr && cJSON_IsNumber(port)) {
335 tmp.port_ = static_cast<int32_t>(cJSON_GetNumberValue(port));
336 NETMGR_EXT_LOG_D("port = %{public}d", tmp.port_);
337 }
338 }
339
ConvertVecAddrToConfig(sptr<VpnConfig> & vpnCfg,const cJSON * const doc)340 void NetworkVpnService::ConvertVecAddrToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)
341 {
342 cJSON *addresses = cJSON_GetObjectItem(doc, "addresses");
343 if (addresses != nullptr && cJSON_IsArray(addresses)) {
344 uint32_t itemSize = cJSON_GetArraySize(addresses);
345 for (uint32_t i = 0; i < itemSize; i++) {
346 cJSON *item = cJSON_GetArrayItem(addresses, i);
347 if (cJSON_IsObject(item)) {
348 INetAddr tmp;
349 ConvertNetAddrToConfig(tmp, item);
350 vpnCfg->addresses_.push_back(tmp);
351 }
352 }
353 }
354 }
355
ConvertRouteToConfig(Route & tmp,const cJSON * const mem)356 void NetworkVpnService::ConvertRouteToConfig(Route& tmp, const cJSON* const mem)
357 {
358 cJSON *iface = cJSON_GetObjectItem(mem, "iface");
359 if (iface != nullptr && cJSON_IsString(iface)) {
360 tmp.iface_ = cJSON_GetStringValue(iface);
361 NETMGR_EXT_LOG_D("iface = %{public}s", tmp.iface_.c_str());
362 }
363 cJSON *rtnType = cJSON_GetObjectItem(mem, "rtnType");
364 if (rtnType != nullptr && cJSON_IsNumber(rtnType)) {
365 tmp.rtnType_ = cJSON_GetNumberValue(rtnType);
366 NETMGR_EXT_LOG_D("rtnType = %{public}d", tmp.rtnType_);
367 }
368 cJSON *mtu = cJSON_GetObjectItem(mem, "mtu");
369 if (mtu != nullptr && cJSON_IsNumber(mtu)) {
370 tmp.mtu_ = cJSON_GetNumberValue(mtu);
371 NETMGR_EXT_LOG_D("mtu = %{public}d", tmp.mtu_);
372 }
373 cJSON *isHost = cJSON_GetObjectItem(mem, "isHost");
374 if (isHost != nullptr && cJSON_IsBool(isHost)) {
375 tmp.isHost_ = cJSON_IsTrue(isHost) ? true : false;
376 NETMGR_EXT_LOG_D("isHost = %{public}d", tmp.isHost_);
377 }
378 cJSON *hasGateway = cJSON_GetObjectItem(mem, "hasGateway");
379 if (hasGateway != nullptr && cJSON_IsBool(hasGateway)) {
380 tmp.hasGateway_ = cJSON_IsTrue(hasGateway) ? true : false;
381 NETMGR_EXT_LOG_D("hasGateway_ = %{public}d", tmp.hasGateway_);
382 }
383 cJSON *isDefaultRoute = cJSON_GetObjectItem(mem, "isDefaultRoute");
384 if (isDefaultRoute != nullptr && cJSON_IsBool(isDefaultRoute)) {
385 tmp.isDefaultRoute_ = cJSON_IsTrue(isDefaultRoute) ? true : false;
386 NETMGR_EXT_LOG_D("isDefaultRoute_ = %{public}d", tmp.isDefaultRoute_);
387 }
388 cJSON *destination = cJSON_GetObjectItem(mem, "destination");
389 if (destination != nullptr && cJSON_IsObject(destination)) {
390 INetAddr tmpINet;
391 ConvertNetAddrToConfig(tmpINet, destination);
392 tmp.destination_ = tmpINet;
393 }
394 cJSON *gateway = cJSON_GetObjectItem(mem, "gateway");
395 if (gateway != nullptr && cJSON_IsObject(gateway)) {
396 INetAddr tmpINet;
397 ConvertNetAddrToConfig(tmpINet, gateway);
398 tmp.gateway_ = tmpINet;
399 }
400 }
401
ConvertVecRouteToConfig(sptr<VpnConfig> & vpnCfg,const cJSON * const doc)402 void NetworkVpnService::ConvertVecRouteToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)
403 {
404 cJSON *routes = cJSON_GetObjectItem(doc, "routes");
405 if (routes != nullptr && cJSON_IsArray(routes)) {
406 uint32_t itemSize = cJSON_GetArraySize(routes);
407 for (uint32_t i = 0; i < itemSize; i++) {
408 cJSON *item = cJSON_GetArrayItem(routes, i);
409 if (cJSON_IsObject(item)) {
410 Route tmp;
411 ConvertRouteToConfig(tmp, item);
412 vpnCfg->routes_.push_back(tmp);
413 }
414 }
415 }
416 }
417
ParseJsonToConfig(sptr<VpnConfig> & vpnCfg,const std::string & jsonString)418 void NetworkVpnService::ParseJsonToConfig(sptr<VpnConfig> &vpnCfg, const std::string& jsonString)
419 {
420 cJSON *doc = cJSON_Parse(jsonString.c_str());
421 if (doc == nullptr) {
422 NETMGR_EXT_LOG_E("jsonString parse failed!");
423 return;
424 }
425 cJSON *mtu = cJSON_GetObjectItem(doc, "mtu");
426 if (mtu != nullptr && cJSON_IsNumber(mtu)) {
427 vpnCfg->mtu_ = cJSON_GetNumberValue(mtu);
428 NETMGR_EXT_LOG_D("mtu = %{public}d", vpnCfg->mtu_);
429 }
430 cJSON *isAcceptIPv4 = cJSON_GetObjectItem(doc, "isAcceptIPv4");
431 if (isAcceptIPv4 != nullptr && cJSON_IsBool(isAcceptIPv4)) {
432 vpnCfg->isAcceptIPv4_ = cJSON_IsTrue(isAcceptIPv4);
433 NETMGR_EXT_LOG_D("isAcceptIPv4 = %{public}d", vpnCfg->isAcceptIPv4_);
434 }
435 cJSON *isAcceptIPv6 = cJSON_GetObjectItem(doc, "isAcceptIPv6");
436 if (isAcceptIPv6 != nullptr && cJSON_IsBool(isAcceptIPv6)) {
437 vpnCfg->isAcceptIPv6_ = cJSON_IsTrue(isAcceptIPv6);
438 NETMGR_EXT_LOG_D("isAcceptIPv6 = %{public}d", vpnCfg->isAcceptIPv6_);
439 }
440 cJSON *isLegacy = cJSON_GetObjectItem(doc, "isLegacy");
441 if (isLegacy != nullptr && cJSON_IsBool(isLegacy)) {
442 vpnCfg->isLegacy_ = cJSON_IsTrue(isLegacy);
443 NETMGR_EXT_LOG_D("isLegacy = %{public}d", vpnCfg->isLegacy_);
444 }
445 cJSON *isMetered = cJSON_GetObjectItem(doc, "isMetered");
446 if (isMetered != nullptr && cJSON_IsBool(isMetered)) {
447 vpnCfg->isMetered_ = cJSON_IsTrue(isMetered);
448 NETMGR_EXT_LOG_D("isMetered = %{public}d", vpnCfg->isMetered_);
449 }
450 cJSON *isBlocking = cJSON_GetObjectItem(doc, "isBlocking");
451 if (isBlocking != nullptr && cJSON_IsBool(isBlocking)) {
452 vpnCfg->isBlocking_ = cJSON_IsTrue(isBlocking);
453 NETMGR_EXT_LOG_D("isBlocking = %{public}d", vpnCfg->isBlocking_);
454 }
455
456 ConvertStringToConfig(vpnCfg, doc);
457
458 ConvertVecAddrToConfig(vpnCfg, doc);
459
460 ConvertVecRouteToConfig(vpnCfg, doc);
461
462 cJSON_Delete(doc);
463 }
464
RecoverVpnConfig()465 void NetworkVpnService::RecoverVpnConfig()
466 {
467 sptr<VpnConfig> vpnCfg = new VpnConfig();
468 std::ifstream ifs(VPN_CONFIG_FILE);
469 if (!ifs) {
470 NETMGR_EXT_LOG_D("file don't exist, don't need recover");
471 return;
472 }
473 std::string jsonString;
474 std::getline(ifs, jsonString);
475 ParseJsonToConfig(vpnCfg, jsonString);
476 SetUpVpn(vpnCfg);
477 }
478
ConvertNetAddrToJson(const INetAddr & netAddr,cJSON * jInetAddr)479 void NetworkVpnService::ConvertNetAddrToJson(const INetAddr& netAddr, cJSON* jInetAddr)
480 {
481 cJSON_AddItemToObject(jInetAddr, "type", cJSON_CreateNumber(netAddr.type_));
482 cJSON_AddItemToObject(jInetAddr, "family", cJSON_CreateNumber(netAddr.family_));
483 cJSON_AddItemToObject(jInetAddr, "prefixlen", cJSON_CreateNumber(netAddr.prefixlen_));
484 cJSON_AddItemToObject(jInetAddr, "address", cJSON_CreateString(netAddr.address_.c_str()));
485 cJSON_AddItemToObject(jInetAddr, "netMask", cJSON_CreateString(netAddr.netMask_.c_str()));
486 cJSON_AddItemToObject(jInetAddr, "hostName", cJSON_CreateString(netAddr.hostName_.c_str()));
487 cJSON_AddItemToObject(jInetAddr, "port", cJSON_CreateNumber(netAddr.port_));
488 }
489
ConvertVecRouteToJson(const std::vector<Route> & routes,cJSON * jVecRoutes)490 void NetworkVpnService::ConvertVecRouteToJson(const std::vector<Route>& routes, cJSON* jVecRoutes)
491 {
492 for (const auto& mem : routes) {
493 cJSON *jRoute = cJSON_CreateObject();
494 cJSON_AddItemToObject(jRoute, "iface", cJSON_CreateString(mem.iface_.c_str()));
495 cJSON *jDestination = cJSON_CreateObject();
496 ConvertNetAddrToJson(mem.destination_, jDestination);
497 cJSON_AddItemToObject(jRoute, "destination", jDestination);
498 cJSON *jGateway = cJSON_CreateObject();
499 ConvertNetAddrToJson(mem.gateway_, jGateway);
500 cJSON_AddItemToObject(jRoute, "gateway", jGateway);
501 cJSON_AddItemToObject(jRoute, "rtnType", cJSON_CreateNumber(mem.rtnType_));
502 cJSON_AddItemToObject(jRoute, "mtu", cJSON_CreateNumber(mem.mtu_));
503 cJSON_AddItemToObject(jRoute, "isHost", cJSON_CreateBool(mem.isHost_));
504 cJSON_AddItemToObject(jRoute, "hasGateway", cJSON_CreateBool(mem.hasGateway_));
505 cJSON_AddItemToObject(jRoute, "isDefaultRoute", cJSON_CreateBool(mem.isDefaultRoute_));
506 cJSON_AddItemToArray(jVecRoutes, jRoute);
507 }
508 }
509
ParseConfigToJson(const sptr<VpnConfig> & vpnCfg,std::string & jsonString)510 void NetworkVpnService::ParseConfigToJson(const sptr<VpnConfig> &vpnCfg, std::string& jsonString)
511 {
512 cJSON *root = cJSON_CreateObject();
513 cJSON *jVecAddrs = cJSON_CreateArray();
514 for (const auto& mem : vpnCfg->addresses_) {
515 cJSON *jInetAddr = cJSON_CreateObject();
516 ConvertNetAddrToJson(mem, jInetAddr);
517 cJSON_AddItemToArray(jVecAddrs, jInetAddr);
518 }
519 cJSON_AddItemToObject(root, "addresses", jVecAddrs);
520
521 cJSON *jVecRoutes = cJSON_CreateArray();
522 ConvertVecRouteToJson(vpnCfg->routes_, jVecRoutes);
523 cJSON_AddItemToObject(root, "routes", jVecRoutes);
524
525 cJSON_AddItemToObject(root, "mtu", cJSON_CreateNumber(vpnCfg->mtu_));
526 cJSON_AddItemToObject(root, "isAcceptIPv4", cJSON_CreateBool(vpnCfg->isAcceptIPv4_));
527 cJSON_AddItemToObject(root, "isAcceptIPv6", cJSON_CreateBool(vpnCfg->isAcceptIPv6_));
528 cJSON_AddItemToObject(root, "isLegacy", cJSON_CreateBool(vpnCfg->isLegacy_));
529 cJSON_AddItemToObject(root, "isMetered", cJSON_CreateBool(vpnCfg->isMetered_));
530 cJSON_AddItemToObject(root, "isBlocking", cJSON_CreateBool(vpnCfg->isBlocking_));
531
532 cJSON *jVecDnsAddrs = cJSON_CreateArray();
533 for (const auto& mem : vpnCfg->dnsAddresses_) {
534 cJSON_AddItemToArray(jVecDnsAddrs, cJSON_CreateString(mem.c_str()));
535 }
536 cJSON_AddItemToObject(root, "dnsAddresses", jVecDnsAddrs);
537
538 cJSON *jVecDomains = cJSON_CreateArray();
539 for (const auto& mem : vpnCfg->searchDomains_) {
540 cJSON_AddItemToArray(jVecDomains, cJSON_CreateString(mem.c_str()));
541 }
542 cJSON_AddItemToObject(root, "searchDomains", jVecDomains);
543
544 cJSON *jVecAcceptApp = cJSON_CreateArray();
545 for (const auto& mem : vpnCfg->acceptedApplications_) {
546 cJSON_AddItemToArray(jVecAcceptApp, cJSON_CreateString(mem.c_str()));
547 }
548 cJSON_AddItemToObject(root, "acceptedApplications", jVecAcceptApp);
549
550 cJSON *jVecRefuseApp = cJSON_CreateArray();
551 for (const auto& mem : vpnCfg->refusedApplications_) {
552 cJSON_AddItemToArray(jVecRefuseApp, cJSON_CreateString(mem.c_str()));
553 }
554 cJSON_AddItemToObject(root, "refusedApplications", jVecRefuseApp);
555 char *str = cJSON_Print(root);
556 if (str == nullptr) {
557 cJSON_Delete(root);
558 return;
559 }
560 jsonString = str;
561 cJSON_Delete(root);
562 free(str);
563 }
564
SaveVpnConfig(const sptr<VpnConfig> & vpnCfg)565 void NetworkVpnService::SaveVpnConfig(const sptr<VpnConfig> &vpnCfg)
566 {
567 std::string jsonString;
568 ParseConfigToJson(vpnCfg, jsonString);
569 std::ofstream ofs(VPN_CONFIG_FILE);
570 ofs << jsonString;
571 }
572
CheckVpnPermission(const std::string & bundleName)573 bool NetworkVpnService::CheckVpnPermission(const std::string &bundleName)
574 {
575 if (!NetManagerPermission::CheckPermission(Permission::MANAGE_VPN)) {
576 std::string vpnExtMode;
577 int32_t ret = NetDataShareHelperUtilsIface::Query(VPNEXT_MODE_URI, bundleName, vpnExtMode);
578 NETMGR_EXT_LOG_D("ret = [%{public}d], bundleName = [%{public}s]", ret, bundleName.c_str());
579 if (ret != 0 || vpnExtMode != "1") {
580 NETMGR_EXT_LOG_E("query datebase fail.");
581 return false;
582 }
583 }
584 return true;
585 }
586
SetUpVpn(const sptr<VpnConfig> & config,bool isVpnExtCall)587 int32_t NetworkVpnService::SetUpVpn(const sptr<VpnConfig> &config, bool isVpnExtCall)
588 {
589 NETMGR_EXT_LOG_I("SetUpVpn in");
590 std::unique_lock<std::mutex> locker(netVpnMutex_);
591 std::string vpnBundleName = GetBundleName();
592 if (!CheckVpnPermission(vpnBundleName)) {
593 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
594 }
595
596 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
597 std::vector<int32_t> activeUserIds;
598 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
599 userId_ = userId;
600 if (NETMANAGER_EXT_SUCCESS != ret) {
601 return ret;
602 }
603
604 if (vpnObj_ != nullptr) {
605 if (vpnObj_->GetUserId() == userId) {
606 NETMGR_EXT_LOG_W("vpn exist already, please execute destory first");
607 return NETWORKVPN_ERROR_VPN_EXIST;
608 } else {
609 NETMGR_EXT_LOG_W("vpn using by other user");
610 return NETWORKVPN_ERROR_VPN_EXIST;
611 }
612 }
613
614 vpnObj_ = std::make_shared<ExtendedVpnCtl>(config, "", userId, activeUserIds);
615 if (vpnObj_->RegisterConnectStateChangedCb(vpnConnCallback_) != NETMANAGER_EXT_SUCCESS) {
616 NETMGR_EXT_LOG_E("SetUpVpn register internal callback fail.");
617 return NETMANAGER_EXT_ERR_INTERNAL;
618 }
619
620 ret = vpnObj_->SetUp();
621 if (ret == NETMANAGER_EXT_SUCCESS) {
622 hasOpenedVpnUid_ = IPCSkeleton::GetCallingUid();
623 currSetUpVpnPid_ = IPCSkeleton::GetCallingPid();
624 }
625 if (ret == NETMANAGER_EXT_SUCCESS && !vpnBundleName.empty()) {
626 std::vector<std::string> list = {vpnBundleName, vpnBundleName + VPN_EXTENSION_LABEL};
627 auto regRet =
628 Singleton<AppExecFwk::AppMgrClient>::GetInstance().RegisterApplicationStateObserver(vpnHapObserver_, list);
629 NETMGR_EXT_LOG_I("vpnHapOberver RegisterApplicationStateObserver ret = %{public}d", regRet);
630 }
631 NETMGR_EXT_LOG_I("NetworkVpnService SetUp");
632 if (ret == NETMANAGER_EXT_SUCCESS) {
633 currentVpnBundleName_ = vpnBundleName;
634 }
635 return ret;
636 }
637
Protect(bool isVpnExtCall)638 int32_t NetworkVpnService::Protect(bool isVpnExtCall)
639 {
640 /*
641 * Only permission verification is performed and
642 * the protected socket implements fwmark_service in the netsys process.
643 */
644 NETMGR_EXT_LOG_I("Protect vpn tunnel successfully.");
645 return NETMANAGER_EXT_SUCCESS;
646 }
647
DestroyVpn(bool isVpnExtCall)648 int32_t NetworkVpnService::DestroyVpn(bool isVpnExtCall)
649 {
650 NETMGR_EXT_LOG_I("DestroyVpn in");
651 std::unique_lock<std::mutex> locker(netVpnMutex_);
652 std::string vpnBundleName = GetBundleName();
653 if (!CheckVpnPermission(vpnBundleName)) {
654 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
655 }
656
657 if (hasOpenedVpnUid_ != IPCSkeleton::GetCallingUid()) {
658 NETMGR_EXT_LOG_E("not same vpn, can't destroy");
659 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
660 }
661
662 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
663 std::vector<int32_t> activeUserIds;
664 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
665 if (NETMANAGER_EXT_SUCCESS != ret) {
666 return ret;
667 }
668
669 if ((vpnObj_ != nullptr) && (vpnObj_->Destroy() != NETMANAGER_EXT_SUCCESS)) {
670 NETMGR_EXT_LOG_E("destroy vpn is failed");
671 return NETMANAGER_EXT_ERR_INTERNAL;
672 }
673 vpnObj_ = nullptr;
674 // remove vpn config
675 remove(VPN_CONFIG_FILE);
676
677 NETMGR_EXT_LOG_I("Destroy vpn successfully.");
678 currSetUpVpnPid_ = 0;
679 return NETMANAGER_EXT_SUCCESS;
680 }
681
682 #ifdef SUPPORT_SYSVPN
SetUpVpn(const sptr<SysVpnConfig> & config)683 int32_t NetworkVpnService::SetUpVpn(const sptr<SysVpnConfig> &config)
684 {
685 if (config == nullptr) {
686 NETMGR_EXT_LOG_E("config is null.");
687 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
688 }
689 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
690 std::vector<int32_t> activeUserIds;
691 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
692 if (ret != NETMANAGER_EXT_SUCCESS) {
693 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed");
694 return ret;
695 }
696
697 std::unique_lock<std::mutex> locker(netVpnMutex_);
698 if (vpnObj_ != nullptr) {
699 if (vpnObj_->GetUserId() == userId) {
700 NETMGR_EXT_LOG_W("vpn exist already, please execute destory first");
701 } else {
702 NETMGR_EXT_LOG_W("vpn using by other user");
703 }
704 return NETWORKVPN_ERROR_VPN_EXIST;
705 }
706 vpnObj_ = CreateSysVpnCtl(config, userId, activeUserIds);
707 if (!vpnConnCallback_) {
708 vpnConnCallback_ = std::make_shared<VpnConnStateCb>(*this);
709 }
710 if (vpnObj_ == nullptr || vpnObj_->RegisterConnectStateChangedCb(vpnConnCallback_) != NETMANAGER_EXT_SUCCESS) {
711 NETMGR_EXT_LOG_E("SetUpVpn register internal callback failed");
712 return NETMANAGER_EXT_ERR_INTERNAL;
713 }
714 NETMGR_EXT_LOG_I("SystemVpn SetUp");
715 ret = vpnObj_->SetUp();
716 if (ret == NETMANAGER_EXT_SUCCESS) {
717 hasOpenedVpnUid_ = IPCSkeleton::GetCallingUid();
718 }
719 return ret;
720 }
721
CreateSysVpnCtl(const sptr<SysVpnConfig> & config,int32_t userId,std::vector<int32_t> & activeUserIds)722 std::shared_ptr<NetVpnImpl> NetworkVpnService::CreateSysVpnCtl(
723 const sptr<SysVpnConfig> &config, int32_t userId, std::vector<int32_t> &activeUserIds)
724 {
725 sptr<VpnDataBean> vpnBean = new (std::nothrow) VpnDataBean();
726 if (vpnBean == nullptr) {
727 NETMGR_EXT_LOG_E("vpnBean is nullptr");
728 return nullptr;
729 }
730 int32_t result = QueryVpnData(config, vpnBean);
731 if (result != NETMANAGER_EXT_SUCCESS) {
732 NETMGR_EXT_LOG_E("query vpn data failed");
733 return nullptr;
734 }
735 std::shared_ptr<IpsecVpnCtl> sysVpnCtl = nullptr;
736 switch (vpnBean->vpnType_) {
737 case VpnType::IKEV2_IPSEC_MSCHAPv2:
738 case VpnType::IKEV2_IPSEC_PSK:
739 case VpnType::IKEV2_IPSEC_RSA:
740 case VpnType::IPSEC_XAUTH_PSK:
741 case VpnType::IPSEC_XAUTH_RSA:
742 case VpnType::IPSEC_HYBRID_RSA: {
743 sysVpnCtl = CreateIpsecVpnCtl(vpnBean, userId, activeUserIds);
744 break;
745 }
746 case VpnType::L2TP_IPSEC_PSK:
747 case VpnType::L2TP_IPSEC_RSA: {
748 sysVpnCtl = CreateL2tpCtl(vpnBean, userId, activeUserIds);
749 break;
750 }
751 case VpnType::OPENVPN: {
752 return CreateOpenvpnCtl(vpnBean, userId, activeUserIds);
753 }
754 default:
755 NETMGR_EXT_LOG_E("vpn type is invalid, %{public}d", vpnBean->vpnType_);
756 break;
757 }
758 return sysVpnCtl;
759 }
760
CreateL2tpCtl(sptr<VpnDataBean> vpnBean,int32_t userId,std::vector<int32_t> & activeUserIds)761 std::shared_ptr<IpsecVpnCtl> NetworkVpnService::CreateL2tpCtl(sptr<VpnDataBean> vpnBean, int32_t userId,
762 std::vector<int32_t> &activeUserIds)
763 {
764 sptr<L2tpVpnConfig> l2tpVpnConfig = VpnDataBean::ConvertVpnBeanToL2tpVpnConfig(vpnBean);
765 if (l2tpVpnConfig == nullptr) {
766 NETMGR_EXT_LOG_E("ConvertVpnBeanToL2tpVpnConfig failed");
767 return nullptr;
768 }
769 std::shared_ptr<IpsecVpnCtl> sysVpnCtl = std::make_shared<L2tpVpnCtl>(l2tpVpnConfig, "", userId, activeUserIds);
770 if (sysVpnCtl != nullptr) {
771 sysVpnCtl->l2tpVpnConfig_ = l2tpVpnConfig;
772 }
773 return sysVpnCtl;
774 }
775
QueryVpnData(const sptr<SysVpnConfig> config,sptr<VpnDataBean> & vpnBean)776 int32_t NetworkVpnService::QueryVpnData(const sptr<SysVpnConfig> config, sptr<VpnDataBean> &vpnBean)
777 {
778 if (config == nullptr) {
779 NETMGR_EXT_LOG_E("QueryVpnData failed, param is null");
780 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
781 }
782 if (vpnBean == nullptr) {
783 NETMGR_EXT_LOG_E("vpnBean is nullptr");
784 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
785 }
786 int32_t result = VpnDatabaseHelper::GetInstance().QueryVpnData(vpnBean, config->vpnId_);
787 if (result != NETMANAGER_EXT_SUCCESS) {
788 NETMGR_EXT_LOG_E("query vpn data failed");
789 }
790 return result;
791 }
792
CreateOpenvpnCtl(sptr<VpnDataBean> vpnBean,int32_t userId,std::vector<int32_t> & activeUserIds)793 std::shared_ptr<NetVpnImpl> NetworkVpnService::CreateOpenvpnCtl(sptr<VpnDataBean> vpnBean,
794 int32_t userId, std::vector<int32_t> &activeUserIds)
795 {
796 sptr<OpenvpnConfig> openVpnConfig = VpnDataBean::ConvertVpnBeanToOpenvpnConfig(vpnBean);
797 if (openVpnConfig == nullptr) {
798 NETMGR_EXT_LOG_E("ConvertVpnBeanToOpenvpnConfig failed");
799 return nullptr;
800 }
801 std::shared_ptr<OpenvpnCtl> openVpnCtl =
802 std::make_shared<OpenvpnCtl>(openVpnConfig, "", userId, activeUserIds);
803 if (openVpnCtl != nullptr) {
804 openVpnCtl->openvpnConfig_ = openVpnConfig;
805 }
806 return openVpnCtl;
807 }
808
CreateIpsecVpnCtl(sptr<VpnDataBean> vpnBean,int32_t userId,std::vector<int32_t> & activeUserIds)809 std::shared_ptr<IpsecVpnCtl> NetworkVpnService::CreateIpsecVpnCtl(sptr<VpnDataBean> vpnBean,
810 int32_t userId, std::vector<int32_t> &activeUserIds)
811 {
812 sptr<IpsecVpnConfig> ipsecVpnConfig = VpnDataBean::ConvertVpnBeanToIpsecVpnConfig(vpnBean);
813 if (ipsecVpnConfig == nullptr) {
814 NETMGR_EXT_LOG_E("ConvertVpnBeanToIpsecVpnConfig failed");
815 return nullptr;
816 }
817 std::shared_ptr<IpsecVpnCtl> sysVpnCtl = std::make_shared<IpsecVpnCtl>(ipsecVpnConfig, "", userId, activeUserIds);
818 if (sysVpnCtl != nullptr) {
819 sysVpnCtl->ipsecVpnConfig_ = ipsecVpnConfig;
820 }
821 return sysVpnCtl;
822 }
823
AddSysVpnConfig(sptr<SysVpnConfig> & config)824 int32_t NetworkVpnService::AddSysVpnConfig(sptr<SysVpnConfig> &config)
825 {
826 if (config == nullptr) {
827 NETMGR_EXT_LOG_E("config is null");
828 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
829 }
830
831 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
832 std::vector<int32_t> activeUserIds;
833 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
834 if (ret != NETMANAGER_EXT_SUCCESS) {
835 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed!");
836 return ret;
837 }
838
839 NETMGR_EXT_LOG_I("AddSysVpnConfig id=%{public}s type=%{public}d",
840 config->vpnId_.c_str(), config->vpnType_);
841 config->userId_ = userId;
842
843 sptr<VpnDataBean> vpnBean = VpnDataBean::ConvertSysVpnConfigToVpnBean(config);
844 if (vpnBean == nullptr) {
845 NETMGR_EXT_LOG_E("vpnBean is nullptr");
846 return NETMANAGER_EXT_ERR_INTERNAL;
847 }
848 return VpnDatabaseHelper::GetInstance().InsertOrUpdateData(vpnBean);
849 }
850
DeleteSysVpnConfig(const std::string & vpnId)851 int32_t NetworkVpnService::DeleteSysVpnConfig(const std::string &vpnId)
852 {
853 if (vpnId.empty()) {
854 NETMGR_EXT_LOG_E("vpnId is empty");
855 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
856 }
857
858 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
859 std::vector<int32_t> activeUserIds;
860 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
861 if (ret != NETMANAGER_EXT_SUCCESS) {
862 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed");
863 return ret;
864 }
865
866 NETMGR_EXT_LOG_I("DeleteSysVpnConfig id=%{public}s", vpnId.c_str());
867 return VpnDatabaseHelper::GetInstance().DeleteVpnData(vpnId);
868 }
869
GetSysVpnConfigList(std::vector<SysVpnConfig> & vpnList)870 int32_t NetworkVpnService::GetSysVpnConfigList(std::vector<SysVpnConfig> &vpnList)
871 {
872 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
873 std::vector<int32_t> activeUserIds;
874 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
875 if (ret != NETMANAGER_EXT_SUCCESS) {
876 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed");
877 return ret;
878 }
879 NETMGR_EXT_LOG_I("SystemVpn GetSysVpnConfigList");
880 return VpnDatabaseHelper::GetInstance().QueryAllData(vpnList, userId);
881 }
882
GetSysVpnConfig(sptr<SysVpnConfig> & config,const std::string & vpnId)883 int32_t NetworkVpnService::GetSysVpnConfig(sptr<SysVpnConfig> &config, const std::string &vpnId)
884 {
885 if (vpnId.empty()) {
886 NETMGR_EXT_LOG_E("vpnId is empty");
887 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
888 }
889
890 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
891 std::vector<int32_t> activeUserIds;
892 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
893 if (ret != NETMANAGER_EXT_SUCCESS) {
894 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed!");
895 return ret;
896 }
897
898 NETMGR_EXT_LOG_I("GetSysVpnConfig id=%{public}s", vpnId.c_str());
899 sptr<VpnDataBean> vpnBean = new (std::nothrow) VpnDataBean();
900 if (vpnBean == nullptr) {
901 NETMGR_EXT_LOG_E("vpnBean is nullptr");
902 return NETMANAGER_EXT_ERR_INTERNAL;
903 }
904 int32_t result = VpnDatabaseHelper::GetInstance().QueryVpnData(vpnBean, vpnId);
905 if (result != NETMANAGER_EXT_SUCCESS) {
906 NETMGR_EXT_LOG_E("QueryVpnData failed, result = %{public}d", result);
907 return result;
908 }
909 config = VpnDataBean::ConvertVpnBeanToSysVpnConfig(vpnBean);
910 return NETMANAGER_EXT_SUCCESS;
911 }
912
GetConnectedSysVpnConfig(sptr<SysVpnConfig> & config)913 int32_t NetworkVpnService::GetConnectedSysVpnConfig(sptr<SysVpnConfig> &config)
914 {
915 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
916 std::vector<int32_t> activeUserIds;
917 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
918 if (ret != NETMANAGER_EXT_SUCCESS) {
919 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed!");
920 return ret;
921 }
922
923 std::unique_lock<std::mutex> locker(netVpnMutex_);
924 if (vpnObj_ == nullptr) {
925 NETMGR_EXT_LOG_I("GetConnectedSysVpnConfig is null. maybe not setup yet");
926 return NETMANAGER_EXT_SUCCESS;
927 }
928 NETMGR_EXT_LOG_I("SystemVpn GetConnectedSysVpnConfig");
929 return vpnObj_->GetConnectedSysVpnConfig(config);
930 }
931
NotifyConnectStage(const std::string & stage,const int32_t & result)932 int32_t NetworkVpnService::NotifyConnectStage(const std::string &stage, const int32_t &result)
933 {
934 uint32_t callingUid = static_cast<uint32_t>(IPCSkeleton::GetCallingUid());
935 if (callingUid != UID_NET_SYS_NATIVE) {
936 NETMGR_EXT_LOG_E("NotifyConnectStage failed, invalid callingUid");
937 return NETMANAGER_EXT_ERR_NOT_SYSTEM_CALL;
938 }
939
940 std::unique_lock<std::mutex> locker(netVpnMutex_);
941 if (vpnObj_ == nullptr) {
942 NETMGR_EXT_LOG_E("NotifyConnectStage failed, vpnObj_ is null");
943 return NETMANAGER_EXT_ERR_INTERNAL;
944 }
945 return vpnObj_->NotifyConnectStage(stage, result);
946 }
947
GetSysVpnCertUri(const int32_t certType,std::string & certUri)948 int32_t NetworkVpnService::GetSysVpnCertUri(const int32_t certType, std::string &certUri)
949 {
950 uint32_t callingUid = static_cast<uint32_t>(IPCSkeleton::GetCallingUid());
951 if (callingUid != UID_NET_SYS_NATIVE) {
952 NETMGR_EXT_LOG_E("GetSysVpnCertUri failed, invalid callingUid");
953 return NETMANAGER_EXT_ERR_NOT_SYSTEM_CALL;
954 }
955 std::unique_lock<std::mutex> locker(netVpnMutex_);
956 if (vpnObj_ == nullptr) {
957 NETMGR_EXT_LOG_E("GetSysVpnCertUri failed, vpnObj_ is null");
958 return NETMANAGER_EXT_ERR_INTERNAL;
959 }
960 return vpnObj_->GetSysVpnCertUri(certType, certUri);
961 }
962 #endif // SUPPORT_SYSVPN
963
RegisterVpnEvent(const sptr<IVpnEventCallback> callback)964 int32_t NetworkVpnService::RegisterVpnEvent(const sptr<IVpnEventCallback> callback)
965 {
966 int32_t ret = NETMANAGER_EXT_ERR_OPERATION_FAILED;
967 if (!networkVpnServiceFfrtQueue_) {
968 NETMGR_EXT_LOG_E("FFRT Create Fail");
969 return ret;
970 }
971 ffrt::task_handle RegisterVpnEventTask = networkVpnServiceFfrtQueue_->submit_h([this, &callback, &ret]() {
972 ret = SyncRegisterVpnEvent(callback);
973 }, ffrt::task_attr().name("RegisterVpnEvent"));
974 networkVpnServiceFfrtQueue_->wait(RegisterVpnEventTask);
975 return ret;
976 }
977
UnregisterVpnEvent(const sptr<IVpnEventCallback> callback)978 int32_t NetworkVpnService::UnregisterVpnEvent(const sptr<IVpnEventCallback> callback)
979 {
980 int32_t ret = NETMANAGER_EXT_ERR_OPERATION_FAILED;
981 if (!networkVpnServiceFfrtQueue_) {
982 NETMGR_EXT_LOG_E("FFRT Create Fail");
983 return ret;
984 }
985 ffrt::task_handle UnregisterVpnEventTask = networkVpnServiceFfrtQueue_->submit_h([this, &callback, &ret]() {
986 ret = SyncUnregisterVpnEvent(callback);
987 }, ffrt::task_attr().name("RegisterVpnEvent"));
988 networkVpnServiceFfrtQueue_->wait(UnregisterVpnEventTask);
989 return ret;
990 }
991
CreateVpnConnection(bool isVpnExtCall)992 int32_t NetworkVpnService::CreateVpnConnection(bool isVpnExtCall)
993 {
994 /*
995 * Only permission verification is performed
996 */
997 NETMGR_EXT_LOG_I("CreateVpnConnection successfully.");
998 return NETMANAGER_EXT_SUCCESS;
999 }
1000
CheckCurrentAccountType(int32_t & userId,std::vector<int32_t> & activeUserIds)1001 int32_t NetworkVpnService::CheckCurrentAccountType(int32_t &userId, std::vector<int32_t> &activeUserIds)
1002 {
1003 int32_t uid = IPCSkeleton::GetCallingUid();
1004 int32_t userId_Max = 99;
1005 if (AccountSA::OsAccountManager::GetOsAccountLocalIdFromUid(uid, userId) != ERR_OK) {
1006 NETMGR_EXT_LOG_E("GetOsAccountLocalIdFromUid error, uid: %{public}d.", uid);
1007 return NETMANAGER_EXT_ERR_INTERNAL;
1008 }
1009
1010 if (AccountSA::OsAccountManager::QueryActiveOsAccountIds(activeUserIds) != ERR_OK) {
1011 NETMGR_EXT_LOG_E("QueryActiveOsAccountIds error.");
1012 }
1013
1014 if (userId >= 0 && userId <= userId_Max) {
1015 return NETMANAGER_EXT_SUCCESS;
1016 }
1017
1018 auto itr = std::find_if(activeUserIds.begin(), activeUserIds.end(),
1019 [userId](const int32_t &elem) { return (elem == userId) ? true : false; });
1020 if (itr == activeUserIds.end()) {
1021 NETMGR_EXT_LOG_E("userId: %{public}d is not active user. activeUserIds.size: %{public}zd", userId,
1022 activeUserIds.size());
1023 return NETWORKVPN_ERROR_REFUSE_CREATE_VPN;
1024 }
1025
1026 activeUserIds.clear();
1027
1028 AccountSA::OsAccountType accountType;
1029 if (AccountSA::OsAccountManager::GetOsAccountType(userId, accountType) != ERR_OK) {
1030 NETMGR_EXT_LOG_E("GetOsAccountType error, userId: %{public}d.", userId);
1031 return NETMANAGER_EXT_ERR_INTERNAL;
1032 }
1033 if (accountType == AccountSA::OsAccountType::GUEST) {
1034 NETMGR_EXT_LOG_E("The guest user cannot execute the VPN interface.");
1035 return NETWORKVPN_ERROR_REFUSE_CREATE_VPN;
1036 }
1037 return NETMANAGER_EXT_SUCCESS;
1038 }
1039
SyncRegisterVpnEvent(const sptr<IVpnEventCallback> callback)1040 int32_t NetworkVpnService::SyncRegisterVpnEvent(const sptr<IVpnEventCallback> callback)
1041 {
1042 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1043 for (auto iterCb = vpnEventCallbacks_.begin(); iterCb != vpnEventCallbacks_.end(); iterCb++) {
1044 if ((*iterCb)->AsObject().GetRefPtr() == callback->AsObject().GetRefPtr()) {
1045 NETMGR_EXT_LOG_E("Register vpn event callback failed, callback already exists");
1046 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
1047 }
1048 }
1049
1050 if (vpnEventCallbacks_.size() >= MAX_CALLBACK_COUNT) {
1051 NETMGR_EXT_LOG_E("callback above max count, return error.");
1052 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1053 }
1054 if (!AddClientDeathRecipient(callback)) {
1055 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
1056 }
1057 vpnEventCallbacks_.push_back(callback);
1058 NETMGR_EXT_LOG_I("Register vpn event callback successfully");
1059 return NETMANAGER_EXT_SUCCESS;
1060 }
1061
SyncUnregisterVpnEvent(const sptr<IVpnEventCallback> callback)1062 int32_t NetworkVpnService::SyncUnregisterVpnEvent(const sptr<IVpnEventCallback> callback)
1063 {
1064 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1065 for (auto iter = vpnEventCallbacks_.begin(); iter != vpnEventCallbacks_.end(); ++iter) {
1066 if (callback->AsObject().GetRefPtr() == (*iter)->AsObject().GetRefPtr()) {
1067 RemoveClientDeathRecipient(callback);
1068 vpnEventCallbacks_.erase(iter);
1069 NETMGR_EXT_LOG_I("Unregister vpn event successfully.");
1070 return NETMANAGER_EXT_SUCCESS;
1071 }
1072 }
1073 NETMGR_EXT_LOG_E("Unregister vpn event callback is does not exist.");
1074 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
1075 }
1076
OnAddSystemAbility(int32_t systemAbilityId,const std::string & deviceId)1077 void NetworkVpnService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId)
1078 {
1079 NETMGR_EXT_LOG_D("NetworkVpnService::OnAddSystemAbility systemAbilityId[%{public}d]", systemAbilityId);
1080 if (systemAbilityId == COMM_NETSYS_NATIVE_SYS_ABILITY_ID) {
1081 if (hasSARemoved_) {
1082 OnNetSysRestart();
1083 hasSARemoved_ = false;
1084 }
1085 } else if (systemAbilityId == COMMON_EVENT_SERVICE_ID && !registeredCommonEvent_) {
1086 SubscribeCommonEvent();
1087 }
1088 }
1089
OnRemoveSystemAbility(int32_t systemAbilityId,const std::string & deviceId)1090 void NetworkVpnService::OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId)
1091 {
1092 NETMGR_EXT_LOG_D("NetworkVpnService::OnRemoveSystemAbility systemAbilityId[%{public}d]", systemAbilityId);
1093 if (systemAbilityId == COMM_NETSYS_NATIVE_SYS_ABILITY_ID) {
1094 hasSARemoved_ = true;
1095 } else if (systemAbilityId == COMMON_EVENT_SERVICE_ID) {
1096 registeredCommonEvent_ = false;
1097 }
1098 }
1099
OnNetSysRestart()1100 void NetworkVpnService::OnNetSysRestart()
1101 {
1102 std::lock_guard<std::mutex> locker(netVpnMutex_);
1103 NETMGR_EXT_LOG_I("NetworkVpnService::OnNetSysRestart");
1104 if (vpnObj_ != nullptr) {
1105 vpnObj_->ResumeUids();
1106 }
1107 }
1108
FactoryResetVpn()1109 int32_t NetworkVpnService::FactoryResetVpn()
1110 {
1111 NETMGR_EXT_LOG_I("factory reset Vpn enter.");
1112
1113 return NETMANAGER_EXT_SUCCESS;
1114 }
1115
RegisterFactoryResetCallback()1116 void NetworkVpnService::RegisterFactoryResetCallback()
1117 {
1118 std::thread t([this]() {
1119 uint32_t count = 0;
1120 while (NetConnClient::GetInstance().SystemReady() != NETMANAGER_SUCCESS && count < MAX_GET_SERVICE_COUNT) {
1121 std::this_thread::sleep_for(std::chrono::seconds(WAIT_FOR_SERVICE_TIME_S));
1122 count++;
1123 }
1124 NETMGR_EXT_LOG_W("NetConnClient Get SystemReady count: %{public}u", count);
1125 if (count > MAX_GET_SERVICE_COUNT) {
1126 NETMGR_EXT_LOG_E("Connect netconn service fail.");
1127 } else {
1128 netFactoryResetCallback_ = (std::make_unique<FactoryResetCallBack>(*this)).release();
1129 if (netFactoryResetCallback_ != nullptr) {
1130 int ret = NetConnClient::GetInstance().RegisterNetFactoryResetCallback(netFactoryResetCallback_);
1131 if (ret != NETMANAGER_SUCCESS) {
1132 NETMGR_EXT_LOG_E("RegisterNetFactoryResetCallback ret: %{public}d.", ret);
1133 }
1134 } else {
1135 NETMGR_EXT_LOG_E("netFactoryResetCallback_ is null.");
1136 }
1137 }
1138 });
1139 std::string threadName = "vpnRegisterFactoryResetCallback";
1140 pthread_setname_np(t.native_handle(), threadName.c_str());
1141 t.detach();
1142 }
1143
SetAlwaysOnVpn(std::string & pkg,bool & enable)1144 int32_t NetworkVpnService::SetAlwaysOnVpn(std::string &pkg, bool &enable)
1145 {
1146 int32_t ret = NetDataShareHelperUtilsIface::Update(ALWAYS_ON_VPN_URI, KEY_ALWAYS_ON_VPN, (enable ? pkg:""));
1147 if (ret != NETMANAGER_EXT_SUCCESS) {
1148 NETMGR_EXT_LOG_E("SetAlwaysOnVpn fail: %{public}d", ret);
1149 return NETMANAGER_ERR_INTERNAL;
1150 }
1151 NETMGR_EXT_LOG_I("SetAlwaysOnVpn success: %{public}s", pkg.c_str());
1152
1153 StartAlwaysOnVpn();
1154
1155 return NETMANAGER_EXT_SUCCESS;
1156 }
1157
GetAlwaysOnVpn(std::string & pkg)1158 int32_t NetworkVpnService::GetAlwaysOnVpn(std::string &pkg)
1159 {
1160 std::string value = "";
1161 int32_t ret = NetDataShareHelperUtilsIface::Query(ALWAYS_ON_VPN_URI, KEY_ALWAYS_ON_VPN, value);
1162 if (ret != NETMANAGER_EXT_SUCCESS) {
1163 NETMGR_EXT_LOG_E("GetAlwaysOnVpn fail: %{public}d", ret);
1164 return NETMANAGER_ERR_INTERNAL;
1165 }
1166 pkg = value;
1167 NETMGR_EXT_LOG_I("GetAlwaysOnVpn success: %{public}s", pkg.c_str());
1168 return NETMANAGER_EXT_SUCCESS;
1169 }
1170
StartAlwaysOnVpn()1171 void NetworkVpnService::StartAlwaysOnVpn()
1172 {
1173 //first, according the uerId, query local vpn config, if exist apply
1174 //the config as VPN, if the local VPN is null, query the local kept
1175 //package if exist will call up the target app to provide the VPN
1176 std::string alwaysOnBundleName = "";
1177 int32_t ret = GetAlwaysOnVpn(alwaysOnBundleName);
1178 if (ret != NETMANAGER_EXT_SUCCESS) {
1179 NETMGR_EXT_LOG_E("StartAlwaysOnVpn fail: %{public}d", ret);
1180 return;
1181 }
1182
1183 if (alwaysOnBundleName != "") {
1184 if (vpnObj_ != nullptr) {
1185 std::string pkg = vpnObj_->GetVpnPkg();
1186 if (pkg != alwaysOnBundleName) {
1187 NETMGR_EXT_LOG_W("vpn [ %{public}s] exist, destroy vpn first", pkg.c_str());
1188 DestroyVpn();
1189 }
1190 }
1191 // recover vpn config
1192 RecoverVpnConfig();
1193 }
1194 }
1195
SubscribeCommonEvent()1196 void NetworkVpnService::SubscribeCommonEvent()
1197 {
1198 std::lock_guard<std::mutex> autoLock(cesMutex_);
1199 if (subscriber_ == nullptr) {
1200 EventFwk::MatchingSkills matchingSkills;
1201 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_USER_UNLOCKED);
1202 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_POWER_SAVE_MODE_CHANGED);
1203 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED);
1204 EventFwk::CommonEventSubscribeInfo subscribeInfo(matchingSkills);
1205 // 1 means CORE_EVENT_PRIORITY
1206 subscribeInfo.SetPriority(1);
1207 subscriber_ = std::make_shared<ReceiveMessage>(subscribeInfo, shared_from_this());
1208 }
1209 bool ret = EventFwk::CommonEventManager::SubscribeCommonEvent(subscriber_);
1210 if (!ret) {
1211 NETMGR_EXT_LOG_E("SubscribeCommonEvent fail: %{public}d", ret);
1212 registeredCommonEvent_ = false;
1213 } else {
1214 registeredCommonEvent_ = true;
1215 }
1216 }
1217
OnReceiveEvent(const EventFwk::CommonEventData & eventData)1218 void NetworkVpnService::ReceiveMessage::OnReceiveEvent(const EventFwk::CommonEventData &eventData)
1219 {
1220 auto vpnService = vpnService_.lock();
1221 if (vpnService == nullptr) {
1222 NETMGR_EXT_LOG_E("vpnService_ null");
1223 return;
1224 }
1225 const auto &action = eventData.GetWant().GetAction();
1226 const auto &data = eventData.GetData();
1227 const auto &code = eventData.GetCode();
1228 NETMGR_EXT_LOG_I("NetVReceiveMessage::OnReceiveEvent(), event:[%{public}s], data:[%{public}s], code:[%{public}d]",
1229 action.c_str(), data.c_str(), code);
1230 if (action == EventFwk::CommonEventSupport::COMMON_EVENT_POWER_SAVE_MODE_CHANGED) {
1231 bool isPowerSave = (code == SAVE_MODE || code == LOWPOWER_MODE);
1232 if (isPowerSave) {
1233 vpnService->StartAlwaysOnVpn();
1234 }
1235 return;
1236 }
1237
1238 if (action == EventFwk::CommonEventSupport::COMMON_EVENT_USER_UNLOCKED) {
1239 vpnService->StartAlwaysOnVpn();
1240 }
1241
1242 if (action == EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED) {
1243 std::string bundleName = eventData.GetWant().GetElement().GetBundleName();
1244 NETMGR_EXT_LOG_D("COMMON_EVENT_PACKAGE_REMOVED, BundleName %{public}s", bundleName.c_str());
1245 NetDataShareHelperUtilsIface::Delete(VPNEXT_MODE_URI, bundleName);
1246 }
1247 }
1248
RegisterBundleName(const std::string & bundleName,const std::string & abilityName)1249 int32_t NetworkVpnService::RegisterBundleName(const std::string &bundleName, const std::string &abilityName)
1250 {
1251 if (bundleName.empty() || abilityName.empty()) {
1252 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1253 }
1254
1255 std::vector<std::string> list = {bundleName, bundleName + VPN_EXTENSION_LABEL};
1256 auto regRet =
1257 Singleton<AppExecFwk::AppMgrClient>::GetInstance().RegisterApplicationStateObserver(vpnHapObserver_, list);
1258 NETMGR_EXT_LOG_I("RegisterBundleName RegisterApplicationStateObserver ret = %{public}d", regRet);
1259
1260 currentVpnBundleName_ = bundleName;
1261 std::lock_guard<std::mutex> autoLock(vpnNameMutex_);
1262 currentVpnAbilityName_.emplace_back(abilityName);
1263 return NETMANAGER_EXT_SUCCESS;
1264 }
1265
GetSelfAppName(std::string & selfAppName,std::string & selfBundleName)1266 int32_t NetworkVpnService::GetSelfAppName(std::string &selfAppName, std::string &selfBundleName)
1267 {
1268 std::string bundleName;
1269 auto samgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
1270 if (samgr == nullptr) {
1271 NETMGR_EXT_LOG_E("Get ability manager failed");
1272 return NETMANAGER_EXT_ERR_INTERNAL;
1273 }
1274 auto object = samgr->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
1275 if (object == nullptr) {
1276 NETMGR_EXT_LOG_E("object is NULL.");
1277 return NETMANAGER_EXT_ERR_INTERNAL;
1278 }
1279 auto bms = iface_cast<OHOS::AppExecFwk::IBundleMgr>(object);
1280 if (bms == nullptr) {
1281 NETMGR_EXT_LOG_E("bundle manager service is NULL.");
1282 return NETMANAGER_EXT_ERR_INTERNAL;
1283 }
1284 int32_t uid = IPCSkeleton::GetCallingUid();
1285 auto result = bms->GetNameForUid(uid, bundleName);
1286 if (result != NETMANAGER_EXT_SUCCESS) {
1287 NETMGR_EXT_LOG_E("Error GetBundleNameForUid fail");
1288 return NETMANAGER_EXT_ERR_INTERNAL;
1289 }
1290
1291 auto bundleResourceProxy = bms->GetBundleResourceProxy();
1292 if (bundleResourceProxy == nullptr) {
1293 NETMGR_EXT_LOG_E("Error get bundleResourceProxy fail");
1294 return NETMANAGER_EXT_ERR_INTERNAL;
1295 }
1296 AppExecFwk::BundleResourceInfo bundleResourceInfo;
1297 auto errCode = bundleResourceProxy->GetBundleResourceInfo(
1298 bundleName, static_cast<uint32_t>(OHOS::AppExecFwk::ResourceFlag::GET_RESOURCE_INFO_ALL), bundleResourceInfo);
1299 if (errCode != ERR_OK) {
1300 NETMGR_EXT_LOG_E("Error call GetBundleResourceInfo fail %{public}d", static_cast<int>(errCode));
1301 return NETMANAGER_EXT_ERR_INTERNAL;
1302 }
1303 NETMGR_EXT_LOG_I("StartVpnExtensionAbility bundleResourceInfo.label %{public}s", bundleResourceInfo.label.c_str());
1304 selfAppName = bundleResourceInfo.label;
1305 selfBundleName = bundleName;
1306 return NETMANAGER_EXT_SUCCESS;
1307 }
1308
SetSelfVpnPid()1309 int32_t NetworkVpnService::SetSelfVpnPid()
1310 {
1311 int32_t uid = IPCSkeleton::GetCallingUid();
1312 int32_t pid = IPCSkeleton::GetCallingPid();
1313 setVpnPidMap_.emplace(uid, pid);
1314 NETMGR_EXT_LOG_I("SetSelfVpnPid uid: %{public}d, pid: %{public}d", uid, pid);
1315 return NETMANAGER_EXT_SUCCESS;
1316 }
1317
GetBundleName()1318 std::string NetworkVpnService::GetBundleName()
1319 {
1320 std::string bundleName;
1321 auto samgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
1322 if (samgr == nullptr) {
1323 NETMGR_EXT_LOG_E("Get ability manager failed");
1324 return bundleName;
1325 }
1326
1327 sptr<IRemoteObject> object = samgr->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
1328 if (object == nullptr) {
1329 NETMGR_EXT_LOG_E("object is NULL.");
1330 return bundleName;
1331 }
1332 sptr<OHOS::AppExecFwk::IBundleMgr> bms = iface_cast<OHOS::AppExecFwk::IBundleMgr>(object);
1333 if (bms == nullptr) {
1334 NETMGR_EXT_LOG_E("bundle manager service is NULL.");
1335 return bundleName;
1336 }
1337
1338 int32_t uid = IPCSkeleton::GetCallingUid();
1339 auto result = bms->GetNameForUid(uid, bundleName);
1340 if (result != NETMANAGER_EXT_SUCCESS) {
1341 NETMGR_EXT_LOG_E("Error GetBundleNameForUid fail");
1342 return bundleName;
1343 }
1344 NETMGR_EXT_LOG_I("bundle name is [%{public}s], uid = [%{public}d]", bundleName.c_str(), uid);
1345
1346 AppExecFwk::BundleInfo bundleInfo;
1347 auto res = bms->GetBundleInfoV9(
1348 bundleName,
1349 static_cast<int32_t>(
1350 static_cast<uint32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_HAP_MODULE) |
1351 static_cast<uint32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_EXTENSION_ABILITY)),
1352 bundleInfo, uid / USER_ID_DIVIDOR);
1353 if (res != 0) {
1354 NETMGR_EXT_LOG_E("Error GetBundleInfoV9 %{public}d", res);
1355 }
1356 std::lock_guard<std::mutex> autoLock(vpnNameMutex_);
1357 for (const auto &hap : bundleInfo.hapModuleInfos) {
1358 for (const auto &ext : hap.extensionInfos) {
1359 if (ext.type == AppExecFwk::ExtensionAbilityType::VPN) {
1360 currentVpnAbilityName_.emplace_back(ext.name);
1361 }
1362 }
1363 }
1364
1365 return bundleName;
1366 }
1367
OnExtensionStateChanged(const AppExecFwk::AbilityStateData & abilityStateData)1368 void NetworkVpnService::VpnHapObserver::OnExtensionStateChanged(const AppExecFwk::AbilityStateData &abilityStateData)
1369 {
1370 NETMGR_EXT_LOG_I("VPN HAP is OnExtensionStateChanged");
1371 }
1372
OnProcessCreated(const AppExecFwk::ProcessData & processData)1373 void NetworkVpnService::VpnHapObserver::OnProcessCreated(const AppExecFwk::ProcessData &processData)
1374 {
1375 NETMGR_EXT_LOG_I("VPN HAP is OnProcessCreated");
1376 }
1377
OnProcessStateChanged(const AppExecFwk::ProcessData & processData)1378 void NetworkVpnService::VpnHapObserver::OnProcessStateChanged(const AppExecFwk::ProcessData &processData)
1379 {
1380 NETMGR_EXT_LOG_I("VPN HAP is OnProcessStateChanged");
1381 }
1382
GetCurrentVpnBundleName()1383 std::string NetworkVpnService::GetCurrentVpnBundleName()
1384 {
1385 return currentVpnBundleName_;
1386 }
1387
IsCurrentVpnPid(int32_t uid,int32_t pid)1388 bool NetworkVpnService::IsCurrentVpnPid(int32_t uid, int32_t pid)
1389 {
1390 auto it = setVpnPidMap_.find(uid);
1391 if (it != setVpnPidMap_.end() && it->second == pid) {
1392 return true;
1393 }
1394
1395 if (pid == currSetUpVpnPid_) {
1396 return true;
1397 }
1398 return false;
1399 }
1400
UnregVpnHpObserver()1401 void NetworkVpnService::UnregVpnHpObserver()
1402 {
1403 auto unRegRet =
1404 Singleton<AppExecFwk::AppMgrClient>::GetInstance().UnregisterApplicationStateObserver(vpnHapObserver_);
1405 NETMGR_EXT_LOG_I("UnregisterApplicationStateObserver ret = %{public}d", unRegRet);
1406 }
1407
GetCurrentVpnAbilityName()1408 std::vector<std::string> NetworkVpnService::GetCurrentVpnAbilityName()
1409 {
1410 std::lock_guard<std::mutex> autoLock(vpnNameMutex_);
1411 return currentVpnAbilityName_;
1412 }
1413
ClearCurrentVpnUserInfo()1414 void NetworkVpnService::ClearCurrentVpnUserInfo()
1415 {
1416 std::lock_guard<std::mutex> autoLock(vpnNameMutex_);
1417 currentVpnBundleName_ = "";
1418 currentVpnAbilityName_.clear();
1419 setVpnPidMap_.clear();
1420 currSetUpVpnPid_ = 0;
1421 }
1422
OnProcessDied(const AppExecFwk::ProcessData & processData)1423 void NetworkVpnService::VpnHapObserver::OnProcessDied(const AppExecFwk::ProcessData &processData)
1424 {
1425 std::unique_lock<std::mutex> locker(vpnService_.netVpnMutex_);
1426 auto extensionBundleName = vpnService_.GetCurrentVpnBundleName();
1427 auto extensionAbilityName = vpnService_.GetCurrentVpnAbilityName();
1428 NETMGR_EXT_LOG_I("vpn OnProcessDied %{public}d, %{public}d", processData.uid, processData.pid);
1429 if (!vpnService_.IsCurrentVpnPid(processData.uid, processData.pid)) {
1430 NETMGR_EXT_LOG_I("OnProcessDied not vpn uid and pid");
1431 return;
1432 }
1433 if ((vpnService_.vpnObj_ != nullptr) && (vpnService_.vpnObj_->Destroy() != NETMANAGER_EXT_SUCCESS)) {
1434 NETMGR_EXT_LOG_E("destroy vpn failed");
1435 }
1436 vpnService_.vpnObj_ = nullptr;
1437 for (const auto &name : extensionAbilityName) {
1438 AAFwk::Want want;
1439 AppExecFwk::ElementName elem;
1440 elem.SetBundleName(extensionBundleName);
1441 elem.SetAbilityName(name);
1442 want.SetElement(elem);
1443 auto res = AAFwk::AbilityManagerClient::GetInstance()->StopExtensionAbility(
1444 want, nullptr, AAFwk::DEFAULT_INVAL_VALUE, AppExecFwk::ExtensionAbilityType::VPN);
1445 NETMGR_EXT_LOG_I("VPN HAP is OnProcessDied StopExtensionAbility res= %{public}d", res);
1446 }
1447 vpnService_.UnregVpnHpObserver();
1448 vpnService_.ClearCurrentVpnUserInfo();
1449 }
1450
OnRemoteDied(const wptr<IRemoteObject> & remoteObject)1451 void NetworkVpnService::OnRemoteDied(const wptr<IRemoteObject> &remoteObject)
1452 {
1453 NETMGR_EXT_LOG_I("vpn OnRemoteDied");
1454 sptr<IRemoteObject> diedRemoted = remoteObject.promote();
1455 if (diedRemoted == nullptr) {
1456 NETMGR_EXT_LOG_E("diedRemoted is null");
1457 return;
1458 }
1459 sptr<IVpnEventCallback> callback = iface_cast<IVpnEventCallback>(diedRemoted);
1460 UnregisterVpnEvent(callback);
1461 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1462 #ifdef SUPPORT_SYSVPN
1463 if (vpnObj_ != nullptr && vpnObj_->IsSystemVpn()) {
1464 NETMGR_EXT_LOG_W("system vpn client died");
1465 return;
1466 }
1467 #endif // SUPPORT_SYSVPN
1468 if (vpnObj_ != nullptr && vpnObj_->Destroy() != NETMANAGER_EXT_SUCCESS) {
1469 NETMGR_EXT_LOG_E("destroy vpn is failed");
1470 return;
1471 }
1472 vpnObj_ = nullptr;
1473 }
1474
AddClientDeathRecipient(const sptr<IVpnEventCallback> & callback)1475 bool NetworkVpnService::AddClientDeathRecipient(const sptr<IVpnEventCallback> &callback)
1476 {
1477 NETMGR_EXT_LOG_I("vpn AddClientDeathRecipient");
1478 if (deathRecipient_ == nullptr) {
1479 deathRecipient_ = new (std::nothrow) VpnAppDeathRecipient(*this);
1480 }
1481 if (deathRecipient_ == nullptr) {
1482 NETMGR_EXT_LOG_E("deathRecipient is null");
1483 return false;
1484 }
1485 if (!callback->AsObject()->AddDeathRecipient(deathRecipient_)) {
1486 NETMGR_EXT_LOG_E("AddClientDeathRecipient failed");
1487 return false;
1488 }
1489 return true;
1490 }
1491
RemoveClientDeathRecipient(const sptr<IVpnEventCallback> & callback)1492 void NetworkVpnService::RemoveClientDeathRecipient(const sptr<IVpnEventCallback> &callback)
1493 {
1494 NETMGR_EXT_LOG_I("vpn RemoveClientDeathRecipient");
1495 if (deathRecipient_ == nullptr) {
1496 NETMGR_EXT_LOG_E("vpn deathRecipient_ is null");
1497 return;
1498 }
1499 callback->AsObject()->RemoveDeathRecipient(deathRecipient_);
1500 }
1501
RemoveALLClientDeathRecipient()1502 void NetworkVpnService::RemoveALLClientDeathRecipient()
1503 {
1504 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1505 for (auto &item : vpnEventCallbacks_) {
1506 item->AsObject()->RemoveDeathRecipient(deathRecipient_);
1507 }
1508 vpnEventCallbacks_.clear();
1509 deathRecipient_ = nullptr;
1510 }
1511 } // namespace NetManagerStandard
1512 } // namespace OHOS
1513