1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <arpa/inet.h>
17 #include <sys/socket.h>
18
19 #include "errors.h"
20 #include "ipc_object_stub.h"
21 #include "ipc_types.h"
22 #include "message_parcel.h"
23 #include "netfirewall_hisysevent.h"
24 #include "netmanager_base_common_utils.h"
25 #include "netmanager_base_permission.h"
26 #include "netmgr_ext_log_wrapper.h"
27 #include "netfirewall_stub.h"
28
29 namespace OHOS {
30 namespace NetManagerStandard {
31 namespace {
32 static constexpr const char *PERMISSION_MANAGE_NET_FIREWALL = "ohos.permission.MANAGE_NET_FIREWALL";
33 static constexpr const char *PERMISSION_GET_NET_FIREWALL = "ohos.permission.GET_NET_FIREWALL";
34 }
NetFirewallStub()35 NetFirewallStub::NetFirewallStub()
36 {
37 memberFuncMap_[static_cast<uint32_t>(SET_NET_FIREWALL_STATUS)] = {PERMISSION_MANAGE_NET_FIREWALL,
38 &NetFirewallStub::OnSetNetFirewallPolicy};
39 memberFuncMap_[static_cast<uint32_t>(GET_NET_FIREWALL_STATUS)] = {PERMISSION_GET_NET_FIREWALL,
40 &NetFirewallStub::OnGetNetFirewallPolicy};
41 memberFuncMap_[static_cast<uint32_t>(ADD_NET_FIREWALL_RULE)] = {PERMISSION_MANAGE_NET_FIREWALL,
42 &NetFirewallStub::OnAddNetFirewallRule};
43 memberFuncMap_[static_cast<uint32_t>(UPDATE_NET_FIREWALL_RULE)] = {PERMISSION_MANAGE_NET_FIREWALL,
44 &NetFirewallStub::OnUpdateNetFirewallRule};
45 memberFuncMap_[static_cast<uint32_t>(DELETE_NET_FIREWALL_RULE)] = {PERMISSION_MANAGE_NET_FIREWALL,
46 &NetFirewallStub::OnDeleteNetFirewallRule};
47 memberFuncMap_[static_cast<uint32_t>(GET_ALL_NET_FIREWALL_RULES)] = {PERMISSION_GET_NET_FIREWALL,
48 &NetFirewallStub::OnGetNetFirewallRules};
49 memberFuncMap_[static_cast<uint32_t>(GET_NET_FIREWALL_RULE)] = {PERMISSION_GET_NET_FIREWALL,
50 &NetFirewallStub::OnGetNetFirewallRule};
51 memberFuncMap_[static_cast<uint32_t>(GET_ALL_INTERCEPT_RECORDS)] = {PERMISSION_GET_NET_FIREWALL,
52 &NetFirewallStub::OnGetInterceptRecords};
53 }
54
CheckFirewallPermission(std::string & strPermission)55 int32_t NetFirewallStub::CheckFirewallPermission(std::string &strPermission)
56 {
57 if (!strPermission.empty() && !NetManagerPermission::CheckPermission(strPermission)) {
58 NETMGR_EXT_LOG_E("Permission denied permission: %{public}s", strPermission.c_str());
59 return FIREWALL_ERR_PERMISSION_DENIED;
60 }
61 return FIREWALL_SUCCESS;
62 }
63
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)64 int32_t NetFirewallStub::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply,
65 MessageOption &option)
66 {
67 std::u16string myDescripter = NetFirewallStub::GetDescriptor();
68 std::u16string remoteDescripter = data.ReadInterfaceToken();
69 if (myDescripter != remoteDescripter) {
70 NETMGR_EXT_LOG_E("descriptor checked fail");
71 return NETMANAGER_EXT_ERR_DESCRIPTOR_MISMATCH;
72 }
73 auto itFunc = memberFuncMap_.find(code);
74 if (itFunc != memberFuncMap_.end()) {
75 NETMGR_EXT_LOG_I("enter OnRemoteRequest code %{public}d:", code);
76 int32_t checkResult = CheckFirewallPermission(itFunc->second.strPermission);
77 if (checkResult != FIREWALL_SUCCESS) {
78 return checkResult;
79 }
80 auto serviceFunc = itFunc->second.serviceFunc;
81 if (serviceFunc != nullptr) {
82 return (this->*serviceFunc)(data, reply);
83 }
84 }
85 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
86 }
87
OnSetNetFirewallPolicy(MessageParcel & data,MessageParcel & reply)88 int32_t NetFirewallStub::OnSetNetFirewallPolicy(MessageParcel &data, MessageParcel &reply)
89 {
90 int32_t userId;
91 if (!data.ReadInt32(userId)) {
92 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
93 }
94 if (userId <= 0) {
95 NETMGR_EXT_LOG_E("Parameter error.");
96 return FIREWALL_ERR_INVALID_PARAMETER;
97 }
98 sptr<NetFirewallPolicy> status = NetFirewallPolicy::Unmarshalling(data);
99 if (status == nullptr) {
100 NETMGR_EXT_LOG_E("status is nullptr.");
101 return FIREWALL_ERR_INTERNAL;
102 }
103
104 return SetNetFirewallPolicy(userId, status);
105 }
106
OnGetNetFirewallPolicy(MessageParcel & data,MessageParcel & reply)107 int32_t NetFirewallStub::OnGetNetFirewallPolicy(MessageParcel &data, MessageParcel &reply)
108 {
109 int32_t userId;
110 if (!data.ReadInt32(userId)) {
111 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
112 }
113 if (userId <= 0) {
114 NETMGR_EXT_LOG_E("Parameter error.");
115 return FIREWALL_ERR_INVALID_PARAMETER;
116 }
117 sptr<NetFirewallPolicy> status = sptr<NetFirewallPolicy>::MakeSptr();
118 int32_t ret = GetNetFirewallPolicy(userId, status);
119 if (ret == FIREWALL_SUCCESS) {
120 if (!status->Marshalling(reply)) {
121 return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
122 }
123 }
124 return ret;
125 }
126
OnAddNetFirewallRule(MessageParcel & data,MessageParcel & reply)127 int32_t NetFirewallStub::OnAddNetFirewallRule(MessageParcel &data, MessageParcel &reply)
128 {
129 sptr<NetFirewallRule> rule = NetFirewallRule::Unmarshalling(data);
130 if (rule == nullptr) {
131 NETMGR_EXT_LOG_E("rule is nullptr.");
132 return FIREWALL_ERR_INTERNAL;
133 }
134 if (rule->userId <= 0) {
135 NETMGR_EXT_LOG_E("Parameter error.");
136 return FIREWALL_ERR_INVALID_PARAMETER;
137 }
138 if (rule->ruleName.empty() || rule->ruleName.size() > MAX_RULE_NAME_LEN ||
139 rule->ruleDescription.size() > MAX_RULE_DESCRIPTION_LEN) {
140 NETMANAGER_EXT_LOGE("rule name or description is too long");
141 return FIREWALL_ERR_INVALID_PARAMETER;
142 }
143 if (rule->localIps.size() > MAX_RULE_IP_COUNT || rule->remoteIps.size() > MAX_RULE_IP_COUNT) {
144 NETMGR_EXT_LOG_E("ip invalid, size is too long.");
145 return FIREWALL_ERR_EXCEED_MAX_IP;
146 }
147
148 if (rule->localPorts.size() > MAX_RULE_PORT_COUNT || rule->remotePorts.size() > MAX_RULE_PORT_COUNT) {
149 NETMGR_EXT_LOG_E("port invalid, size is too long.");
150 return FIREWALL_ERR_EXCEED_MAX_PORT;
151 }
152
153 if (rule->domains.size() > MAX_RULE_DOMAIN_COUNT) {
154 NETMGR_EXT_LOG_E("domain invalid, size is too long.");
155 return FIREWALL_ERR_EXCEED_MAX_DOMAIN;
156 }
157
158 int32_t result = 0;
159 int32_t ret = AddNetFirewallRule(rule, result);
160 if (ret == FIREWALL_SUCCESS) {
161 if (!reply.WriteUint32(result)) {
162 ret = NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
163 }
164 }
165 NetFirewallHisysEvent::SendFirewallConfigReport(rule->userId, ret);
166 return ret;
167 }
168
OnUpdateNetFirewallRule(MessageParcel & data,MessageParcel & reply)169 int32_t NetFirewallStub::OnUpdateNetFirewallRule(MessageParcel &data, MessageParcel &reply)
170 {
171 sptr<NetFirewallRule> rule = NetFirewallRule::Unmarshalling(data);
172 if (rule == nullptr) {
173 NETMGR_EXT_LOG_E("rule is nullptr.");
174 return FIREWALL_ERR_INTERNAL;
175 }
176 if (rule->userId <= 0) {
177 NETMGR_EXT_LOG_E("Parameter error.");
178 return FIREWALL_ERR_INVALID_PARAMETER;
179 }
180 if (rule->ruleName.empty() || rule->ruleName.size() > MAX_RULE_NAME_LEN ||
181 rule->ruleDescription.size() > MAX_RULE_DESCRIPTION_LEN) {
182 NETMANAGER_EXT_LOGE("rule name or description is too long");
183 return FIREWALL_ERR_INVALID_PARAMETER;
184 }
185 if (rule->localIps.size() > MAX_RULE_IP_COUNT || rule->remoteIps.size() > MAX_RULE_IP_COUNT) {
186 NETMGR_EXT_LOG_E("ip invalid, size is too long.");
187 return FIREWALL_ERR_EXCEED_MAX_IP;
188 }
189
190 if (rule->localPorts.size() > MAX_RULE_PORT_COUNT || rule->remotePorts.size() > MAX_RULE_PORT_COUNT) {
191 NETMGR_EXT_LOG_E("port invalid, size is too long.");
192 return FIREWALL_ERR_EXCEED_MAX_PORT;
193 }
194
195 if (rule->domains.size() > MAX_RULE_DOMAIN_COUNT) {
196 NETMGR_EXT_LOG_E("domain invalid, size is too long.");
197 return FIREWALL_ERR_EXCEED_MAX_DOMAIN;
198 }
199
200 int32_t ret = UpdateNetFirewallRule(rule);
201 NetFirewallHisysEvent::SendFirewallConfigReport(rule->userId, ret);
202 return ret;
203 }
204
OnDeleteNetFirewallRule(MessageParcel & data,MessageParcel & reply)205 int32_t NetFirewallStub::OnDeleteNetFirewallRule(MessageParcel &data, MessageParcel &reply)
206 {
207 int32_t userId;
208 if (!data.ReadInt32(userId)) {
209 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
210 }
211 if (userId <= 0) {
212 NETMGR_EXT_LOG_E("Parameter error.");
213 return FIREWALL_ERR_INVALID_PARAMETER;
214 }
215 int32_t ruleId;
216 if (!data.ReadInt32(ruleId)) {
217 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
218 }
219 if (ruleId <= 0) {
220 NETMGR_EXT_LOG_E("Parameter error.");
221 return FIREWALL_ERR_INVALID_PARAMETER;
222 }
223 int32_t ret = DeleteNetFirewallRule(userId, ruleId);
224 NetFirewallHisysEvent::SendFirewallRequestReport(userId, ret);
225 return ret;
226 }
227
OnGetNetFirewallRules(MessageParcel & data,MessageParcel & reply)228 int32_t NetFirewallStub::OnGetNetFirewallRules(MessageParcel &data, MessageParcel &reply)
229 {
230 int32_t userId;
231 if (!data.ReadInt32(userId)) {
232 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
233 }
234 if (userId <= 0) {
235 NETMGR_EXT_LOG_E("Parameter error.");
236 return FIREWALL_ERR_INVALID_PARAMETER;
237 }
238 sptr<RequestParam> param = RequestParam::Unmarshalling(data);
239 if (param == nullptr) {
240 NETMGR_EXT_LOG_E("param is nullptr.");
241 return FIREWALL_ERR_INTERNAL;
242 }
243 if (param->page < 1 || param->page > FIREWALL_USER_MAX_RULE || param->pageSize < 1 ||
244 param->pageSize > static_cast<int32_t>(MAX_PAGE_SIZE)) {
245 NETMANAGER_EXT_LOGE("ParsePageParam page or pageSize is error");
246 return FIREWALL_ERR_INVALID_PARAMETER;
247 }
248 sptr<FirewallRulePage> info = sptr<FirewallRulePage>::MakeSptr();
249 int32_t ret = GetNetFirewallRules(userId, param, info);
250 if (ret == FIREWALL_SUCCESS) {
251 if (!info->Marshalling(reply)) {
252 return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
253 }
254 }
255 NetFirewallHisysEvent::SendFirewallRequestReport(userId, ret);
256 return ret;
257 }
258
OnGetNetFirewallRule(MessageParcel & data,MessageParcel & reply)259 int32_t NetFirewallStub::OnGetNetFirewallRule(MessageParcel &data, MessageParcel &reply)
260 {
261 int32_t userId;
262 if (!data.ReadInt32(userId)) {
263 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
264 }
265 int32_t ruleId;
266 if (!data.ReadInt32(ruleId)) {
267 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
268 }
269 if (userId <= 0 || ruleId <= 0) {
270 NETMGR_EXT_LOG_E("Parameter error.");
271 return FIREWALL_ERR_INVALID_PARAMETER;
272 }
273 sptr<NetFirewallRule> rule = sptr<NetFirewallRule>::MakeSptr();
274 int32_t ret = GetNetFirewallRule(userId, ruleId, rule);
275 if (ret == FIREWALL_SUCCESS) {
276 if (!rule->Marshalling(reply)) {
277 return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
278 }
279 }
280 NetFirewallHisysEvent::SendFirewallRequestReport(userId, ret);
281 return ret;
282 }
283
OnGetInterceptRecords(MessageParcel & data,MessageParcel & reply)284 int32_t NetFirewallStub::OnGetInterceptRecords(MessageParcel &data, MessageParcel &reply)
285 {
286 int32_t userId;
287 if (!data.ReadInt32(userId)) {
288 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
289 }
290 if (userId <= 0) {
291 NETMGR_EXT_LOG_E("Parameter error.");
292 return FIREWALL_ERR_INVALID_PARAMETER;
293 }
294 sptr<RequestParam> param = RequestParam::Unmarshalling(data);
295 if (param == nullptr) {
296 NETMGR_EXT_LOG_E("param is nullptr.");
297 return FIREWALL_ERR_INTERNAL;
298 }
299 if (param->page < 1 || param->page > FIREWALL_USER_MAX_RULE || param->pageSize < 1 ||
300 param->pageSize > static_cast<int32_t>(MAX_PAGE_SIZE)) {
301 NETMANAGER_EXT_LOGE("ParsePageParam page or pageSize is error");
302 return FIREWALL_ERR_INVALID_PARAMETER;
303 }
304 sptr<InterceptRecordPage> info = sptr<InterceptRecordPage>::MakeSptr();
305 int32_t ret = GetInterceptRecords(userId, param, info);
306 if (ret == FIREWALL_SUCCESS) {
307 if (!info->Marshalling(reply)) {
308 return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
309 }
310 }
311 NetFirewallHisysEvent::SendRecordRequestReport(userId, ret);
312 return ret;
313 }
314 } // namespace NetManagerStandard
315 } // namespace OHOS
316