1 /* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NETWORK_VPN_SERVICE_H 17 #define NETWORK_VPN_SERVICE_H 18 19 #include <memory> 20 #include <string> 21 #include "event_handler.h" 22 #include "i_vpn_conn_state_cb.h" 23 #include "net_vpn_impl.h" 24 #include "network_vpn_service_stub.h" 25 #include "os_account_manager.h" 26 #include "singleton.h" 27 #include "system_ability.h" 28 #include "common_event_manager.h" 29 #include "common_event_subscriber.h" 30 #include "common_event_support.h" 31 #include "application_state_observer_stub.h" 32 #include "app_mgr_client.h" 33 #include "cJSON.h" 34 #include "ffrt.h" 35 #ifdef SUPPORT_SYSVPN 36 #include "ipsec_vpn_ctl.h" 37 #include "vpn_database_helper.h" 38 #endif // SUPPORT_SYSVPN 39 40 namespace OHOS { 41 namespace NetManagerStandard { 42 namespace { 43 constexpr const char *ALWAYS_ON_VPN_URI = 44 "datashare:///com.ohos.settingsdata/entry/settingsdata/SETTINGSDATA?Proxy=true&key=sharing_always_on_vpn"; 45 constexpr const char *KEY_ALWAYS_ON_VPN = "settings.netmanager.always_on_vpn"; 46 47 } // namespace 48 using namespace OHOS::EventFwk; 49 class NetworkVpnService : public SystemAbility, public NetworkVpnServiceStub, protected NoCopyable, 50 public std::enable_shared_from_this<NetworkVpnService> { 51 DECLARE_DELAYED_SINGLETON(NetworkVpnService) 52 DECLARE_SYSTEM_ABILITY(NetworkVpnService) 53 54 enum ServiceRunningState { 55 STATE_STOPPED = 0, 56 STATE_RUNNING, 57 }; 58 59 enum { 60 POWER_MODE_MIN = 600, 61 NORMAL_MODE = POWER_MODE_MIN, 62 SAVE_MODE, 63 EXTREME_MODE, 64 LOWPOWER_MODE, 65 POWER_MODE_MAX = LOWPOWER_MODE 66 }; 67 class VpnConnStateCb : public IVpnConnStateCb { 68 public: VpnConnStateCb(const NetworkVpnService & vpnService)69 explicit VpnConnStateCb(const NetworkVpnService &vpnService) : vpnService_(vpnService){}; 70 virtual ~VpnConnStateCb() = default; 71 void OnVpnConnStateChanged(const VpnConnectState &state) override; 72 void OnMultiVpnConnStateChanged(const VpnConnectState &state, const std::string &vpnId) override; 73 74 private: 75 const NetworkVpnService &vpnService_; 76 }; 77 78 class ReceiveMessage : public OHOS::EventFwk::CommonEventSubscriber { 79 public: ReceiveMessage(const EventFwk::CommonEventSubscribeInfo & subscriberInfo,std::weak_ptr<NetworkVpnService> vpnService)80 ReceiveMessage(const EventFwk::CommonEventSubscribeInfo &subscriberInfo, 81 std::weak_ptr<NetworkVpnService> vpnService) 82 : EventFwk::CommonEventSubscriber(subscriberInfo), vpnService_(vpnService){}; 83 84 virtual void OnReceiveEvent(const EventFwk::CommonEventData &eventData) override; 85 86 private: 87 std::weak_ptr<NetworkVpnService> vpnService_; 88 }; 89 #ifdef SUPPORT_SYSVPN 90 struct MultiVpnEventCallback : RefBase { 91 std::string bundleName; 92 int32_t userId; 93 sptr<IVpnEventCallback> callback; 94 }; 95 #endif // SUPPORT_SYSVPN 96 97 public: 98 /** 99 * service start 100 */ 101 void OnStart() override; 102 103 /** 104 * service stop 105 */ 106 void OnStop() override; 107 108 /** 109 * check current whether has vpn is running 110 */ 111 int32_t Prepare(bool &isExistVpn, bool &isRun, std::string &pkg) override; 112 113 /** 114 * This function is called when the three-party vpn application negotiation ends 115 */ 116 int32_t SetUpVpn(const VpnConfig &config, bool isVpnExtCall = false) override; 117 118 /** 119 * protect vpn tunnel 120 */ 121 int32_t Protect(bool isVpnExtCall = false) override; 122 123 /** 124 * stop the vpn connection 125 */ 126 int32_t DestroyVpn(bool isVpnExtCall = false) override; 127 128 #ifdef SUPPORT_SYSVPN 129 /** 130 * get vpn cert data 131 */ 132 int32_t GetVpnCertData(const int32_t certType, std::vector<int8_t> &certData) override; 133 134 /** 135 * stop the vpn connection 136 */ 137 int32_t DestroyVpn(const std::string &vpnId) override; 138 139 /** 140 * This function is called when the system vpn application negotiation ends 141 */ 142 int32_t SetUpSysVpn(const sptr<SysVpnConfig> &config, bool isVpnExtCall = false) override; 143 144 /** 145 * save the vpn config 146 */ 147 int32_t AddSysVpnConfig(const sptr<SysVpnConfig> &config) override; 148 149 /** 150 * get the vpn config list 151 */ 152 int32_t DeleteSysVpnConfig(const std::string &vpnId) override; 153 154 /** 155 * get the app info of connected vpn 156 */ 157 int32_t GetConnectedVpnAppInfo(std::vector<std::string> &bundleNameList) override; 158 159 /** 160 * get the vpn config listGetConnectedSysVpnConfig 161 */ 162 int32_t GetSysVpnConfigList(std::vector<sptr<SysVpnConfig>> &vpnList) override; 163 164 /** 165 * get the vpn config 166 */ 167 int32_t GetSysVpnConfig(sptr<SysVpnConfig> &config, const std::string &vpnId) override; 168 169 /** 170 * get the vpn connection state 171 */ 172 int32_t GetConnectedSysVpnConfig(sptr<SysVpnConfig> &config) override; 173 174 /** 175 * notify the vpn connection stage and result 176 */ 177 int32_t NotifyConnectStage(const std::string &stage, const int32_t result) override; 178 179 int32_t GetSysVpnCertUri(const int32_t certType, std::string &certUri) override; 180 181 /** 182 * register multi vpn callback 183 */ 184 int32_t RegisterMultiVpnEvent(const sptr<IVpnEventCallback> &callback) override; 185 186 /** 187 * unregister multi vpn callback 188 */ 189 int32_t UnregisterMultiVpnEvent(const sptr<IVpnEventCallback> &callback) override; 190 #endif // SUPPORT_SYSVPN 191 192 /** 193 * register callback 194 */ 195 int32_t RegisterVpnEvent(const sptr<IVpnEventCallback> &callback) override; 196 197 /** 198 * unregister callback 199 */ 200 int32_t UnregisterVpnEvent(const sptr<IVpnEventCallback> &callback) override; 201 202 /** 203 * create the vpn connection 204 */ 205 int32_t CreateVpnConnection(bool isVpnExtCall = false) override; 206 207 /** 208 * dump function 209 */ 210 int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override; 211 212 /** 213 * factory reset vpn , such as always on vpn 214 * 215 * @return Returns 0 success. Otherwise fail 216 */ 217 int32_t FactoryResetVpn() override; 218 219 /** 220 * persist the always on vpn's package 221 * pass empty will disable always on VPN 222 */ 223 int32_t SetAlwaysOnVpn(std::string &pkg, bool &enable); 224 225 /** 226 * read the persisted always on vpn's package 227 */ 228 int32_t GetAlwaysOnVpn(std::string &pkg); 229 230 int32_t GetSelfAppName(std::string &selfAppName, std::string &selfBundleName) override; 231 232 int32_t SetSelfVpnPid() override; 233 234 protected: 235 void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 236 void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override; 237 238 private: 239 bool Init(); 240 void GetDumpMessage(std::string &message); 241 int32_t CheckCurrentAccountType(int32_t &userId, std::vector<int32_t> &activeUserIds); 242 243 void OnVpnMultiUserSetUp(); 244 int32_t SyncRegisterVpnEvent(const sptr<IVpnEventCallback> callback); 245 int32_t SyncUnregisterVpnEvent(const sptr<IVpnEventCallback> callback); 246 247 #ifdef SUPPORT_SYSVPN 248 int32_t SyncRegisterMultiVpnEvent(const sptr<IVpnEventCallback> callback, const std::string &vpnBundleName); 249 int32_t SyncUnregisterMultiVpnEvent(const sptr<IVpnEventCallback> callback); 250 #endif // SUPPORT_SYSVPN 251 252 void OnNetSysRestart(); 253 void ConvertVecRouteToJson(const std::vector<Route>& routes, cJSON* jVecRoutes); 254 void ConvertNetAddrToJson(const INetAddr& netAddr, cJSON* jInetAddr); 255 void ParseConfigToJson(const sptr<VpnConfig> &vpnCfg, std::string& jsonString); 256 void SaveVpnConfig(const sptr<VpnConfig> &vpnCfg); 257 258 void ConvertRouteToConfig(Route& tmp, const cJSON* const mem); 259 void ConvertVecRouteToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc); 260 void ConvertNetAddrToConfig(INetAddr& tmp, const cJSON* const mem); 261 void ConvertVecAddrToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc); 262 void ConvertStringToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc); 263 void ParseJsonToConfig(sptr<VpnConfig> &vpnCfg, const std::string& jsonString); 264 void RecoverVpnConfig(); 265 266 void StartAlwaysOnVpn(); 267 void SubscribeCommonEvent(); 268 int32_t CheckIpcPermission(const std::string &strPermission); 269 bool CheckSystemCall(const std::string &bundleName); 270 bool CheckVpnExtPermission(const std::string &bundleName); 271 bool PublishEvent(const OHOS::AAFwk::Want &want, int eventCode, 272 bool isOrdered, bool isSticky, const std::vector<std::string> &permissions) const; 273 void PublishVpnConnectionStateEvent(const VpnConnectState &state) const; 274 #ifdef SUPPORT_SYSVPN 275 std::shared_ptr<NetVpnImpl> CreateSysVpnCtl(const sptr<SysVpnConfig> &config, int32_t userId, 276 std::vector<int32_t> &activeUserIds, bool isVpnExtCall); 277 std::shared_ptr<NetVpnImpl> CreateOpenvpnCtl(const sptr<SysVpnConfig> &config, int32_t userId, 278 std::vector<int32_t> &activeUserIds); 279 std::shared_ptr<IpsecVpnCtl> CreateIpsecVpnCtl(const sptr<SysVpnConfig> &config, int32_t userId, 280 std::vector<int32_t> &activeUserIds); 281 int32_t QueryVpnData(const sptr<SysVpnConfig> config, sptr<VpnDataBean> &vpnBean); 282 std::shared_ptr<IpsecVpnCtl> CreateL2tpCtl(const sptr<SysVpnConfig> &config, int32_t userId, 283 std::vector<int32_t> &activeUserIds); 284 int32_t DestroyMultiVpn(int32_t callingUid); 285 int32_t DestroyMultiVpn(const std::shared_ptr<NetVpnImpl> &vpnObj, bool needErase = true); 286 int32_t InitMultiVpnInfo(const std::string &vpnId, int32_t vpnType, 287 std::string &vpnBundleName, int32_t userId, std::shared_ptr<NetVpnImpl> &vpnObj); 288 #endif // SUPPORT_SYSVPN 289 int32_t IsSetUpReady(const std::string &vpnId, std::string &vpnBundleName, 290 int32_t &userId, std::vector<int32_t> &activeUserIds); 291 std::string GetBundleName(); 292 std::string GetCurrentVpnBundleName(); 293 std::vector<std::string> GetCurrentVpnAbilityName(); 294 void ClearCurrentVpnUserInfo(); 295 void UnregVpnHpObserver(); 296 bool IsCurrentVpnPid(int32_t uid, int32_t pid); 297 bool CheckVpnPermission(const std::string &bundleName); 298 299 private: 300 ServiceRunningState state_ = ServiceRunningState::STATE_STOPPED; 301 bool isServicePublished_ = false; 302 std::shared_ptr<IVpnConnStateCb> vpnConnCallback_; 303 std::shared_ptr<NetVpnImpl> vpnObj_; 304 #ifdef SUPPORT_SYSVPN 305 std::shared_ptr<NetVpnImpl> connectingObj_; 306 std::map<std::string, std::shared_ptr<NetVpnImpl>> vpnObjMap_; 307 std::vector<sptr<MultiVpnEventCallback>> multiVpnEventCallbacks_; 308 #endif // SUPPORT_SYSVPN 309 std::vector<sptr<IVpnEventCallback>> vpnEventCallbacks_; 310 std::shared_ptr<ffrt::queue> networkVpnServiceFfrtQueue_ = nullptr; 311 std::mutex netVpnMutex_; 312 bool hasSARemoved_ = false; 313 int32_t userId_ = -1; 314 315 std::shared_ptr<ReceiveMessage> subscriber_ = nullptr; 316 317 private: 318 void RegisterFactoryResetCallback(); 319 class FactoryResetCallBack : public IRemoteStub<INetFactoryResetCallback> { 320 public: FactoryResetCallBack(NetworkVpnService & vpnService)321 explicit FactoryResetCallBack(NetworkVpnService& vpnService):vpnService_(vpnService){}; 322 OnNetFactoryReset()323 int32_t OnNetFactoryReset() 324 { 325 return vpnService_.FactoryResetVpn(); 326 } 327 private: 328 NetworkVpnService& vpnService_; 329 }; 330 331 sptr<INetFactoryResetCallback> netFactoryResetCallback_ = nullptr; 332 333 public: 334 int32_t RegisterBundleName(const std::string &bundleName, const std::string &abilityName) override; 335 class VpnHapObserver : public AppExecFwk::ApplicationStateObserverStub { 336 public: VpnHapObserver(NetworkVpnService & vpnService)337 explicit VpnHapObserver(NetworkVpnService &vpnService) : vpnService_(vpnService){}; 338 virtual ~VpnHapObserver() = default; 339 void OnExtensionStateChanged(const AppExecFwk::AbilityStateData &abilityStateData) override ; 340 void OnProcessCreated(const AppExecFwk::ProcessData &processData) override ; 341 void OnProcessStateChanged(const AppExecFwk::ProcessData &processData) override ; 342 void OnProcessDied(const AppExecFwk::ProcessData &processData) override ; 343 private: 344 NetworkVpnService& vpnService_; 345 }; 346 private: 347 class VpnAppDeathRecipient : public IRemoteObject::DeathRecipient { 348 public: VpnAppDeathRecipient(NetworkVpnService & client)349 explicit VpnAppDeathRecipient(NetworkVpnService &client) : client_(client) {} 350 ~VpnAppDeathRecipient() override = default; OnRemoteDied(const wptr<IRemoteObject> & remote)351 void OnRemoteDied(const wptr<IRemoteObject> &remote) override 352 { 353 client_.OnRemoteDied(remote); 354 } 355 356 private: 357 NetworkVpnService &client_; 358 }; 359 void OnRemoteDied(const wptr<IRemoteObject> &remoteObject); 360 bool AddClientDeathRecipient(const sptr<IVpnEventCallback> &callback); 361 void RemoveClientDeathRecipient(const sptr<IVpnEventCallback> &callback); 362 void RemoveALLClientDeathRecipient(); 363 364 std::mutex vpnNameMutex_; 365 std::mutex remoteMutex_; 366 std::mutex cesMutex_; 367 sptr<IRemoteObject::DeathRecipient> deathRecipient_ = nullptr; 368 sptr<VpnHapObserver> vpnHapObserver_ = nullptr; 369 bool registeredCommonEvent_ = false; 370 int32_t hasOpenedVpnUid_ = 0; 371 std::string currentVpnBundleName_; 372 std::map<int32_t, int32_t> setVpnPidMap_; 373 int32_t currSetUpVpnPid_ = 0; 374 std::vector<std::string> currentVpnAbilityName_; 375 }; 376 } // namespace NetManagerStandard 377 } // namespace OHOS 378 #endif // NETWORK_VPN_SERVICE_H 379