1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef SERVICES_EDM_PLUGIN_INCLUDE_IPTABLES_IPTABLES_MANAGER_H 17 #define SERVICES_EDM_PLUGIN_INCLUDE_IPTABLES_IPTABLES_MANAGER_H 18 19 #include <memory> 20 #include <thread> 21 #include <mutex> 22 #include <unistd.h> 23 #include <string> 24 #include <vector> 25 26 #include "chain_rule.h" 27 #include "domain_filter_rule.h" 28 #include "edm_errors.h" 29 #include "firewall_rule.h" 30 31 namespace OHOS { 32 namespace EDM { 33 namespace IPTABLES { 34 35 class IptablesManager { 36 public: 37 static std::shared_ptr<IptablesManager> GetInstance(); 38 ErrCode AddFirewallRule(const FirewallRuleParcel &firewall); 39 ErrCode RemoveFirewallRule(const FirewallRuleParcel &firewall); 40 ErrCode GetFirewallRules(std::vector<FirewallRuleParcel> &list); 41 42 ErrCode AddDomainFilterRule(const DomainFilterRuleParcel &DomainFilter); 43 ErrCode RemoveDomainFilterRules(const DomainFilterRuleParcel &DomainFilter); 44 ErrCode GetDomainFilterRules(std::vector<DomainFilterRuleParcel> &list); 45 46 static void Init(); 47 static bool HasInit(); 48 49 private: 50 ErrCode GetRemoveChainName(Direction direction, Action action, std::vector<std::string> &chainNameList); 51 ErrCode GetDomainRemoveChainName(Direction direction, Action action, std::vector<std::string>& chainNameList); 52 void GetRemoveInputChainName(Action action, std::vector<std::string>& chainNameList); 53 void GetRemoveOutputChainName(Action action, std::vector<std::string>& chainNameList); 54 void GetRemoveForwardChainName(Action action, std::vector<std::string>& chainNameList); 55 void GetDomainRemoveOutputChainName(Action action, std::vector<std::string>& chainNameList); 56 void GetDomainRemoveForwardChainName(Action action, std::vector<std::string>& chainNameList); 57 58 bool ExistOutputAllowFirewallRule(); 59 bool ExistForwardAllowFirewallRule(); 60 bool ExistOutputAllowDomainRule(); 61 bool ExistForwardAllowDomainRule(); 62 bool CheckRemoveDomainParams(Direction direction, Action action, std::string appUid, std::string domainName); 63 bool CheckRemoveFirewallParams(Direction direction, FirewallRule rule); 64 bool CheckAddFirewallParams(Direction direction, FirewallRule rule); 65 bool GetFirewallChainName(Direction direction, Action action, std::string& chainName); 66 67 bool ChainExistRule(const std::vector<std::string> &chainNames); 68 void ConvertFirewallRuleList(std::vector<FirewallRuleParcel>& list, 69 std::vector<std::string> ruleList, Direction direction); 70 71 static void SetDefaultFirewallDenyChain(Direction direction); 72 static void ClearDefaultFirewallOutputDenyChain(); 73 static void ClearDefaultFirewallForwardDenyChain(); 74 static void SetDefaultDomainDenyChain(Direction direction); 75 static void ClearDefaultDomainOutputDenyChain(); 76 static void ClearDefaultDomainForwardDenyChain(); 77 78 static bool g_chainInit; 79 static bool g_defaultFirewallOutputChainInit; 80 static bool g_defaultFirewallForwardChainInit; 81 static bool g_defaultDomainOutputChainInit; 82 static bool g_defaultDomainForwardChainInit; 83 84 static std::shared_ptr<IptablesManager> instance_; 85 static std::mutex mutexLock_; 86 }; 87 } // namespace IPTABLES 88 } // namespace EDM 89 } // namespace OHOS 90 #endif // SERVICES_EDM_PLUGIN_INCLUDE_IPTABLES_IPTABLES_MANAGER_H 91