1 /* 2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NET_POLICY_SERVICE_H 17 #define NET_POLICY_SERVICE_H 18 19 #include <atomic> 20 #include <mutex> 21 22 #include "event_runner.h" 23 #include "singleton.h" 24 #include "system_ability.h" 25 #include "system_ability_definition.h" 26 27 #include "net_bundle.h" 28 #include "net_policy_callback.h" 29 #include "net_policy_event_handler.h" 30 #include "net_policy_firewall.h" 31 #include "net_policy_rule.h" 32 #include "net_policy_service_common.h" 33 #include "net_policy_service_stub.h" 34 #include "net_policy_traffic.h" 35 #include "net_access_policy.h" 36 #include "net_access_policy_rdb.h" 37 #include "common_event_subscriber.h" 38 #include "common_event_support.h" 39 40 namespace OHOS { 41 namespace NetManagerStandard { 42 #define NET_SYMBOL_VISIBLE __attribute__ ((visibility("default"))) 43 class NET_SYMBOL_VISIBLE NetPolicyService : public SystemAbility, 44 public NetPolicyServiceStub, 45 public std::enable_shared_from_this<NetPolicyService> { 46 DECLARE_DELAYED_SINGLETON(NetPolicyService) 47 DECLARE_SYSTEM_ABILITY(NetPolicyService) 48 49 public: 50 void OnStart() override; 51 void OnStop() override; 52 int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override; 53 int32_t OnExtension(const std::string& extension, MessageParcel& data, MessageParcel& reply) override; 54 55 /** 56 * Set the network policy for the specified UID. 57 * @param uid The specified UID of app. 58 * @param policy The network policy for application. 59 * For details, see {@link NetUidPolicy}. 60 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 61 */ 62 int32_t SetPolicyByUid(uint32_t uid, uint32_t policy) override; 63 64 /** 65 * Get the network policy of the specified UID. 66 * @param uid The specified UID of app. 67 * @param policy Return this uid's policy. 68 * For details, see {@link NetUidPolicy}. 69 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 70 */ 71 int32_t GetPolicyByUid(uint32_t uid, uint32_t &policy) override; 72 73 /** 74 * Get the application UIDs of the specified policy. 75 * @param policy the network policy of the current UID of application. 76 * For details, see {@link NetUidPolicy}. 77 * @param uids The list of UIDs 78 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 79 */ 80 int32_t GetUidsByPolicy(uint32_t policy, std::vector<uint32_t> &uids) override; 81 82 /** 83 * Get the status whether the specified uid app can access the metered network or non-metered network. 84 * @param uid The specified UID of application. 85 * @param metered Indicates metered network or non-metered network. 86 * @param isAllowed Return true means it's allowed to access the network. 87 * Return false means it's not allowed to access the network. 88 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 89 */ 90 int32_t IsUidNetAllowed(uint32_t uid, bool metered, bool &isAllowed) override; 91 92 /** 93 * Get the status whether the specified uid app can access the specified iface network. 94 * @param uid The specified UID of application. 95 * @param ifaceName Iface name. 96 * @param isAllowed Return true means it's allowed to access the network. 97 * Return false means it's not allowed to access the network. 98 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 99 */ 100 int32_t IsUidNetAllowed(uint32_t uid, const std::string &ifaceName, bool &isAllowed) override; 101 102 /** 103 * Register network policy change callback. 104 * @param callback Interface type pointer. 105 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 106 */ 107 int32_t RegisterNetPolicyCallback(const sptr<INetPolicyCallback> &callback) override; 108 109 /** 110 * Unregister network policy change callback. 111 * @param callback Interface type pointer. 112 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 113 */ 114 int32_t UnregisterNetPolicyCallback(const sptr<INetPolicyCallback> &callback) override; 115 116 /** 117 * Set policies by NetPolicyQuotaPolicy. 118 * @param quotaPolicies The list of network quota policy, {@link NetQuotaPolicy}. 119 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 120 */ 121 int32_t SetNetQuotaPolicies(const std::vector<NetQuotaPolicy> "aPolicies) override; 122 123 /** 124 * Get network policies. 125 * @param quotaPolicies The list of network quota policy, {@link NetQuotaPolicy}. 126 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 127 */ 128 int32_t GetNetQuotaPolicies(std::vector<NetQuotaPolicy> "aPolicies) override; 129 130 /** 131 * Reset network policies\rules\quota policies\firewall rules. 132 * @param simId Specify the matched simId of quota policy. 133 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 134 */ 135 int32_t ResetPolicies(const std::string &simId) override; 136 137 /** 138 * Control if apps can use data on background. 139 * @param allowBackground Allow apps to use data on background. 140 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 141 */ 142 int32_t SetBackgroundPolicy(bool allowBackground) override; 143 144 /** 145 * Get the status if apps can use data on background. 146 * @param backgroundPolicy True is allowed to use data on background. 147 * False is not allowed to use data on background. 148 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 149 */ 150 int32_t GetBackgroundPolicy(bool &backgroundPolicy) override; 151 152 /** 153 * Get the background network restriction policy for the specified uid. 154 * @param uid uid The specified UID of application. 155 * @param backgroundPolicyOfUid The specified UID of backgroundPolicy. 156 * For details, see {@link NetBackgroundPolicy}. 157 * @return uint32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 158 */ 159 int32_t GetBackgroundPolicyByUid(uint32_t uid, uint32_t &backgroundPolicyOfUid) override; 160 161 /** 162 * Update the limit or warning remind time of quota policy. 163 * @param netType {@link NetBearType}. 164 * @param simId Specify the matched simId of quota policy when netType is cellular. 165 * @param remindType {@link RemindType}. 166 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 167 */ 168 int32_t UpdateRemindPolicy(int32_t netType, const std::string &simId, uint32_t remindType) override; 169 170 /** 171 * Set the UID into device idle allow list. 172 * @param uid The specified UID of application. 173 * @param isAllowed The UID is into allowed list or not. 174 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 175 */ 176 int32_t SetDeviceIdleTrustlist(const std::vector<uint32_t> &uids, bool isAllowed) override; 177 178 /** 179 * Get the allow list of UID in device idle mode. 180 * @param uids The list of UIDs 181 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 182 */ 183 int32_t GetDeviceIdleTrustlist(std::vector<uint32_t> &uids) override; 184 185 /** 186 * Process network policy in device idle mode. 187 * @param enable Device idle mode is open or not. 188 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 189 */ 190 int32_t SetDeviceIdlePolicy(bool enable) override; 191 192 /** 193 * Get the allow list of UID in power save mode. 194 * 195 * @param uids The list of UIDs. 196 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 197 */ 198 int32_t GetPowerSaveTrustlist(std::vector<uint32_t> &uids) override; 199 200 /** 201 * Set the UID into power save allow list. 202 * @param uid The specified UID of application. 203 * @param isAllowed The UID is into allowed list or not. 204 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 205 */ 206 int32_t SetPowerSaveTrustlist(const std::vector<uint32_t> &uids, bool isAllowed) override; 207 208 /** 209 * Process network policy in Power Save mode. 210 * 211 * @param enable Power save mode is open or not. 212 * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 213 */ 214 int32_t SetPowerSavePolicy(bool enable) override; 215 216 /** 217 * Check if you have permission 218 * 219 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 220 */ 221 int32_t CheckPermission() override; 222 223 /** 224 * factory reset net policies 225 * 226 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 227 */ 228 int32_t FactoryResetPolicies() override; 229 230 /** 231 * Set the policy to access the network of the specified application. 232 * 233 * @param uid The specified UID of application. 234 * @param policy The network access policy of application, {@link NetworkAccessPolicy}. 235 * @param reconfirmFlag true means a reconfirm diaglog trigger while policy deny network access. 236 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 237 */ 238 int32_t SetNetworkAccessPolicy(uint32_t uid, NetworkAccessPolicy policy, bool reconfirmFlag) override; 239 240 /** 241 * Query the network access policy of the specified application or all applications. 242 * 243 * @param parameter Indicate to get all or an application network access policy, {@link AccessPolicyParameter}. 244 * @param policy The network access policy of application, {@link AccessPolicySave}. 245 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 246 */ 247 int32_t GetNetworkAccessPolicy(AccessPolicyParameter parameter, AccessPolicySave& policy) override; 248 GetNetAccessPolicyDBHandler()249 NetAccessPolicyRDB GetNetAccessPolicyDBHandler() 250 { 251 static NetAccessPolicyRDB netAccessPolicy; 252 return netAccessPolicy; 253 } 254 int32_t DeleteNetworkAccessPolicy(uint32_t uid); 255 int32_t NotifyNetAccessPolicyDiag(uint32_t uid) override; 256 int32_t RefreshNetworkAccessPolicyFromConfig(); 257 258 /** 259 * Set NIC Traffic allowed or disallowed 260 * 261 * @param ifaceNames ifaceNames 262 * @param status true for allowed, false for disallowed 263 * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}. 264 */ 265 int32_t SetNicTrafficAllowed(const std::vector<std::string> &ifaceNames, bool status) override; 266 267 void SetBrokerUidAccessPolicyMap(std::optional<uint32_t> uid); 268 void DelBrokerUidAccessPolicyMap(uint32_t uid); 269 270 int32_t OnBackup(MessageParcel& data, MessageParcel& reply); 271 int32_t OnRestore(MessageParcel& data, MessageParcel& reply); 272 273 protected: 274 void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 275 void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 276 277 private: 278 void Init(); 279 int32_t GetDumpMessage(std::string &message); 280 281 void OnNetSysRestart(); 282 void ResetNetAccessPolicy(); 283 void UpdateNetAccessPolicyToMapFromDB(); 284 void OverwriteNetAccessPolicyToDBFromConfig(); 285 void UpdateNetworkAccessPolicyFromConfig(const std::string &bundleName, NetworkAccessPolicy &policy); 286 int32_t GetActivatedOsAccountId(int32_t &userId); 287 std::unordered_map<uint32_t, SampleBundleInfo> GetSampleBundleInfosForActiveUser(); 288 289 private: 290 enum ServiceRunningState { 291 STATE_STOPPED = 0, 292 STATE_RUNNING, 293 }; 294 295 std::shared_ptr<NetPolicyTraffic> netPolicyTraffic_ = nullptr; 296 std::shared_ptr<NetPolicyFirewall> netPolicyFirewall_ = nullptr; 297 std::shared_ptr<NetPolicyRule> netPolicyRule_ = nullptr; 298 std::shared_ptr<NetPolicyFile> netPolicyFile_ = nullptr; 299 ServiceRunningState state_ = ServiceRunningState::STATE_STOPPED; 300 std::shared_ptr<NetPolicyCore> netPolicyCore_ = nullptr; 301 std::shared_ptr<NetPolicyCallback> netPolicyCallback_ = nullptr; 302 sptr<NetPolicyServiceCommon> serviceComm_ = nullptr; 303 std::mutex mutex_; 304 std::vector<uint16_t> monthDay_; 305 306 bool hasSARemoved_ = false; 307 bool isDisplayTrafficAncoList_ = false; 308 uint64_t netPolicySysTimerId_ = 0; 309 310 private: 311 void RegisterFactoryResetCallback(); 312 313 class FactoryResetCallBack : public IRemoteStub<INetFactoryResetCallback> { 314 public: FactoryResetCallBack(std::shared_ptr<NetPolicyService> netPolicy)315 FactoryResetCallBack(std::shared_ptr<NetPolicyService> netPolicy) 316 { 317 netPolicy_ = netPolicy; 318 } 319 OnNetFactoryReset()320 int32_t OnNetFactoryReset() 321 { 322 if (netPolicy_ != nullptr) { 323 netPolicy_->FactoryResetPolicies(); 324 return NETMANAGER_SUCCESS; 325 } else { 326 return NETMANAGER_ERR_LOCAL_PTR_NULL; 327 } 328 } 329 private: 330 std::shared_ptr<NetPolicyService> netPolicy_ = nullptr; 331 }; 332 sptr<INetFactoryResetCallback> netFactoryResetCallback_ = nullptr; 333 }; 334 } // namespace NetManagerStandard 335 } // namespace OHOS 336 #endif // NET_POLICY_SERVICE_H 337