1 /* 2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef INCLUDE_CONN_MANAGER_H 17 #define INCLUDE_CONN_MANAGER_H 18 19 #include <map> 20 #include <memory> 21 #include <mutex> 22 #include <set> 23 #include <sys/types.h> 24 #include <vector> 25 #include <thread> 26 27 #include "bpf_def.h" 28 #include "netsys_network.h" 29 #include "network_permission.h" 30 #include "route_manager.h" 31 #include "safe_map.h" 32 #include "netsys_access_policy.h" 33 #include "net_all_capabilities.h" 34 35 namespace OHOS { 36 namespace nmd { 37 class ConnManager { 38 public: 39 enum RouteAction { 40 ROUTE_ADD, 41 ROUTE_REMOVE, 42 ROUTE_UPDATE, 43 }; 44 45 ConnManager(); 46 ~ConnManager(); 47 48 /** 49 * Disallow or allow a app to create AF_INET or AF_INET6 socket 50 * 51 * @param uid App's uid which need to be disallowed ot allowed to create AF_INET or AF_INET6 socket 52 * @param allow 0 means disallow, 1 means allow 53 * @return return 0 if OK, return error number if not OK 54 */ 55 int32_t SetInternetPermission(uint32_t uid, uint8_t allow, uint8_t isBroker); 56 57 /** 58 * Creates a physical network 59 * 60 * @param netId The network Id to create 61 * @param permission The permission necessary to use the network. Must be one of 62 * PERMISSION_NONE/PERMISSION_NETWORK/PERMISSION_SYSTEM 63 * 64 * @return Returns 0, successfully create the physical network, otherwise it will fail 65 */ 66 int32_t CreatePhysicalNetwork(uint16_t netId, NetworkPermission permission); 67 68 /** 69 * Creates a virtual network 70 * 71 * @param netId The network Id to create 72 * @param hasDns true if this network set dns 73 * @param secure true if set bypass=false 74 * 75 * @return Returns 0, successfully create the physical network, otherwise it will fail 76 */ 77 int32_t CreateVirtualNetwork(uint16_t netId, bool hasDns); 78 79 /** 80 * Destroy a network. Any interfaces added to the network are removed, and the network ceases 81 * to be the default network 82 * 83 * @param netId The network to destroy 84 * 85 * @return Returns 0, successfully destroy the network, otherwise it will fail 86 */ 87 int32_t DestroyNetwork(int32_t netId); 88 89 /** 90 * Set network as default network 91 * 92 * @param netId The network to set as the default 93 * 94 * @return Returns 0, successfully Set default network, otherwise it will fail 95 */ 96 int32_t SetDefaultNetwork(int32_t netId); 97 98 /** 99 * Clear default network 100 * 101 * @return Returns 0, successfully clear default network, otherwise it will fail 102 */ 103 int32_t ClearDefaultNetwork(); 104 105 /** 106 * Get default network 107 * 108 * @return NetId of default network 109 */ 110 int32_t GetDefaultNetwork() const; 111 112 /** 113 * Add an interface to a network. The interface must not be assigned to any network, including 114 * the specified network 115 * 116 * @param netId The network to add the interface 117 * @param interafceName The name of the interface to add 118 * 119 * @return Returns 0, successfully add an interface to a network, otherwise it will fail 120 */ 121 int32_t AddInterfaceToNetwork(int32_t netId, std::string &interafceName, 122 NetManagerStandard::NetBearType netBearerType = NetManagerStandard::BEARER_DEFAULT); 123 124 /** 125 * Remove an interface to a network. The interface must be assigned to the specified network 126 * 127 * @param netId The network to add the interface 128 * @param interafceName The name of the interface to remove 129 * 130 * @return Returns 0, successfully remove an interface to a network, otherwise it will fail 131 */ 132 int32_t RemoveInterfaceFromNetwork(int32_t netId, std::string &interafceName); 133 134 /** 135 * Reinit route when netmanager restart 136 * 137 * @param 138 * 139 * @return Returns 0, reinit route successfully, otherwise it will fail 140 */ 141 int32_t ReinitRoute(); 142 143 /** 144 * Add a route for specific network 145 * 146 * @param netId The network to add the route 147 * @param interfaceName The name of interface of the route 148 * This interface should be assigned to the netID 149 * @param destination The destination of the route 150 * @param nextHop The route's next hop address 151 * 152 * @return Returns 0, successfully add a route for specific network, otherwise it will fail 153 */ 154 int32_t AddRoute(int32_t netId, NetworkRouteInfo networkRouteInfo, bool& routeRepeat); 155 156 /** 157 * Remove a route for specific network 158 * 159 * @param netId The network to remove the route 160 * @param interfaceName The name of interface of the route 161 * This interface should be assigned to the netID 162 * @param destination The destination of the route 163 * @param nextHop The route's next hop address 164 * 165 * @return Returns 0, successfully remove a route for specific network, otherwise it will fail 166 */ 167 int32_t RemoveRoute(int32_t netId, std::string interfaceName, std::string destination, std::string nextHop); 168 169 /** 170 * Update a route for specific network 171 * 172 * @param netId The network to update the route 173 * @param interfaceName The name of interface of the route 174 * This interface should be assigned to the netID 175 * @param destination The destination of the route 176 * @param nextHop The route's next hop address 177 * 178 * @return Returns 0, successfully update a route for specific network, otherwise it will fail 179 */ 180 int32_t UpdateRoute(int32_t netId, std::string interfaceName, std::string destination, std::string nextHop); 181 182 /** 183 * Get the mark for the given network id 184 * 185 * @param netId The network to get the mark 186 * 187 * @return A Mark of the given network id. 188 */ 189 int32_t GetFwmarkForNetwork(int32_t netId); 190 191 /** 192 * Set the permission required to access a specific network 193 * 194 * @param netId The network to set 195 * @param permission Network permission to use 196 * 197 * @return Returns 0, successfully set the permission for specific network, otherwise it will fail 198 */ 199 int32_t SetPermissionForNetwork(int32_t netId, NetworkPermission permission); 200 201 /** 202 * Find virtual network from netId 203 * 204 * @param netId The network id 205 * @return Returns nullptr, the netId is not virtual network 206 */ 207 std::shared_ptr<NetsysNetwork> FindVirtualNetwork(int32_t netId); 208 209 /** 210 * Add uids to virtual network 211 * 212 * @param netId The virtual network id 213 * @param uidRanges App uids to set 214 * 215 * @return Returns 0, successfully set the uids for specific network, otherwise it will fail 216 */ 217 int32_t AddUidsToNetwork(int32_t netId, const std::vector<NetManagerStandard::UidRange> &uidRanges); 218 219 /** 220 * Remove uids from virtual network 221 * 222 * @param netId The virtual network id 223 * @param uidRanges App uids to set 224 * 225 * @return Returns 0, successfully remove the uids for specific network, otherwise it will fail 226 */ 227 int32_t RemoveUidsFromNetwork(int32_t netId, const std::vector<NetManagerStandard::UidRange> &uidRanges); 228 229 /** 230 * Get the Dump Infos object 231 * 232 * @param infos The output message 233 */ 234 void GetDumpInfos(std::string &infos); 235 236 /** 237 * Set the policy to access the network of the specified application. 238 * 239 * @param uid - The specified UID of application. 240 * @param policy - the network access policy of application. For details, see {@link NetworkAccessPolicy}. 241 * @return Returns 0, successfully set the network access policy for application, otherwise it will fail 242 */ 243 int32_t SetNetworkAccessPolicy(uint32_t uid, NetManagerStandard::NetworkAccessPolicy policy, bool reconfirmFlag); 244 int32_t DeleteNetworkAccessPolicy(uint32_t uid); 245 int32_t NotifyNetBearerTypeChange(std::set<NetManagerStandard::NetBearType> bearerTypes); 246 int32_t CloseSocketsUid(const std::string &ipAddr, uint32_t uid); 247 #ifdef SUPPORT_SYSVPN 248 /** 249 * update vpn interface rules 250 * 251 * @param netId Network number 252 * @param extMessages ext message 253 * @param add true add, false remove 254 * @return Returns 0, add network ip mark successfully, otherwise it will fail 255 */ 256 int32_t UpdateVpnRules(uint16_t netId, const std::vector<std::string> &extMessages, bool add); 257 #endif // SUPPORT_SYSVPN 258 259 private: 260 int32_t defaultNetId_; 261 bool needReinitRouteFlag_; 262 std::map<int32_t, std::string> physicalInterfaceName_; 263 SafeMap<int32_t, std::shared_ptr<NetsysNetwork>> networks_; 264 std::mutex interfaceNameMutex_; 265 std::tuple<bool, std::shared_ptr<NetsysNetwork>> FindNetworkById(int32_t netId); 266 int32_t GetNetworkForInterface(int32_t netId, std::string &interfaceName); 267 RouteManager::TableType GetTableType(int32_t netId); 268 net_interface_name_id GetInterfaceNameId(NetManagerStandard::NetBearType netBearerType); 269 void AddNetIdAndIfaceToMap(int32_t netId, net_interface_name_id nameId); 270 void AddIfindexAndNetTypeToMap(const std::string &interfaceName, net_interface_name_id nameId); 271 }; 272 } // namespace nmd 273 } // namespace OHOS 274 #endif // INCLUDE_CONN_MANAGER_H 275