1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef SERVICES_EDM_PLUGIN_INCLUDE_IPTABLES_RULE_PLUGIN_H 17 #define SERVICES_EDM_PLUGIN_INCLUDE_IPTABLES_RULE_PLUGIN_H 18 19 #include <message_parcel.h> 20 21 #include "iplugin.h" 22 #include "iptables_utils.h" 23 24 namespace OHOS { 25 namespace EDM { 26 class IptablesRulePlugin : public IPlugin { 27 public: 28 IptablesRulePlugin(); 29 ErrCode OnHandlePolicy(std::uint32_t funcCode, MessageParcel &data, MessageParcel &reply, 30 HandlePolicyData &policyData, int32_t userId) override; 31 OnHandlePolicyDone(std::uint32_t funcCode,const std::string & adminName,bool isGlobalChanged,int32_t userId)32 void OnHandlePolicyDone(std::uint32_t funcCode, const std::string &adminName, bool isGlobalChanged, 33 int32_t userId) override{}; 34 OnAdminRemove(const std::string & adminName,const std::string & policyData,const std::string & mergeData,int32_t userId)35 ErrCode OnAdminRemove(const std::string &adminName, const std::string &policyData, 36 const std::string &mergeData, int32_t userId) override 37 { 38 return ERR_OK; 39 }; 40 OnAdminRemoveDone(const std::string & adminName,const std::string & currentJsonData,int32_t userId)41 void OnAdminRemoveDone(const std::string &adminName, const std::string ¤tJsonData, int32_t userId) override{}; 42 43 ErrCode OnGetPolicy(std::string &policyData, MessageParcel &data, MessageParcel &reply, int32_t userId) override; 44 45 private: 46 void InitFirewallChain(); 47 bool ConvertAddFilterToIptablesCommand(const IPTABLES::AddFilter &addFilter, std::string &Command); 48 ErrCode ExecRemoveFilterIptablesCommand(const IPTABLES::RemoveFilter &removeFilter); 49 ErrCode ExecRemoveFilterBySimpleCommand(const IPTABLES::Direction &direction); 50 ErrCode ExecRemoveFilterByDetailedCommand(const IPTABLES::RemoveFilter &removeFilter); 51 bool ConvertChainCommand(const IPTABLES::Action &action, const IPTABLES::Direction &direction, 52 std::string &Command); 53 void ConvertIpAddressCommand(const std::string &ipAddress, const bool isSourceIp, std::string &Command); 54 void ConvertPortCommand(const std::string &port, const bool isSourcePort, std::string &Command); 55 void ConvertProtocolCommand(const IPTABLES::Protocol &protocol, std::string &Command); 56 bool ConvertActionCommand(const IPTABLES::Action &action, std::string &Command); 57 void ConvertRuleNoCommand(const IPTABLES::AddMethod &method, uint32_t ruleNo, std::string &Command); 58 void ConvertUidCommand(const std::string &uid, std::string &Command); 59 ErrCode AddIptablesFilterRule(MessageParcel &data); 60 ErrCode RemoveIptablesFilterRule(MessageParcel &data); 61 62 static bool isChainInit_; 63 }; 64 } // namespace EDM 65 } // namespace OHOS 66 67 #endif // SERVICES_EDM_PLUGIN_INCLUDE_IPTABLES_RULE_PLUGIN_H 68