1 /*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "net_policy_firewall.h"
17
18 #include "ipc_skeleton.h"
19
20 #include "firewall_rule.h"
21 #include "net_policy_core.h"
22 #include "net_policy_event_handler.h"
23 #include "net_settings.h"
24
25 namespace OHOS {
26 namespace NetManagerStandard {
27 constexpr uint32_t MAX_LIST_SIZE = 1000;
Init()28 void NetPolicyFirewall::Init()
29 {
30 deviceIdleFirewallRule_ = FirewallRule::CreateFirewallRule(FIREWALL_CHAIN_DEVICE_IDLE);
31 powerSaveFirewallRule_ = FirewallRule::CreateFirewallRule(FIREWALL_CHAIN_POWER_SAVE);
32
33 GetFileInst()->ReadFirewallRules(FIREWALL_CHAIN_DEVICE_IDLE, deviceIdleAllowedList_, deviceIdleDeniedList_);
34 GetFileInst()->ReadFirewallRules(FIREWALL_CHAIN_POWER_SAVE, powerSaveAllowedList_, powerSaveDeniedList_);
35
36 deviceIdleFirewallRule_->SetAllowedList(deviceIdleAllowedList_);
37 powerSaveFirewallRule_->SetAllowedList(powerSaveAllowedList_);
38 }
39
SetDeviceIdleTrustlist(const std::vector<uint32_t> & uids,bool isAllowed)40 int32_t NetPolicyFirewall::SetDeviceIdleTrustlist(const std::vector<uint32_t> &uids, bool isAllowed)
41 {
42 if (powerSaveAllowedList_.size() > MAX_LIST_SIZE) {
43 NETMGR_LOG_E("Device idle allowed list's size is over the max size.");
44 return NETMANAGER_ERR_PARAMETER_ERROR;
45 }
46 UpdateFirewallPolicyList(FIREWALL_CHAIN_DEVICE_IDLE, uids, isAllowed);
47 GetFileInst()->WriteFirewallRules(FIREWALL_CHAIN_DEVICE_IDLE, deviceIdleAllowedList_, deviceIdleDeniedList_);
48 deviceIdleFirewallRule_->SetAllowedList(uids, isAllowed ? FIREWALL_RULE_ALLOW : FIREWALL_RULE_DENY);
49
50 std::shared_ptr<PolicyEvent> eventData = std::make_shared<PolicyEvent>();
51 eventData->eventId = NetPolicyEventHandler::MSG_DEVICE_IDLE_LIST_UPDATED;
52 eventData->deviceIdleList = deviceIdleAllowedList_;
53 SendEvent(NetPolicyEventHandler::MSG_DEVICE_IDLE_LIST_UPDATED, eventData);
54 return NETMANAGER_SUCCESS;
55 }
56
SetPowerSaveTrustlist(const std::vector<uint32_t> & uids,bool isAllowed)57 int32_t NetPolicyFirewall::SetPowerSaveTrustlist(const std::vector<uint32_t> &uids, bool isAllowed)
58 {
59 if (powerSaveAllowedList_.size() > MAX_LIST_SIZE) {
60 NETMGR_LOG_E("Power save allowed list's size is over the max size.");
61 return NETMANAGER_ERR_PARAMETER_ERROR;
62 }
63 UpdateFirewallPolicyList(FIREWALL_CHAIN_POWER_SAVE, uids, isAllowed);
64 GetFileInst()->WriteFirewallRules(FIREWALL_CHAIN_POWER_SAVE, powerSaveAllowedList_, powerSaveDeniedList_);
65 powerSaveFirewallRule_->SetAllowedList(uids, isAllowed ? FIREWALL_RULE_ALLOW : FIREWALL_RULE_DENY);
66
67 std::shared_ptr<PolicyEvent> eventData = std::make_shared<PolicyEvent>();
68 eventData->eventId = NetPolicyEventHandler::MSG_POWER_SAVE_LIST_UPDATED;
69 eventData->powerSaveList = powerSaveAllowedList_;
70 SendEvent(NetPolicyEventHandler::MSG_POWER_SAVE_LIST_UPDATED, eventData);
71 return NETMANAGER_SUCCESS;
72 }
73
UpdateFirewallPolicyList(uint32_t chainType,const std::vector<uint32_t> & uids,bool isAllowed)74 void NetPolicyFirewall::UpdateFirewallPolicyList(uint32_t chainType, const std::vector<uint32_t> &uids, bool isAllowed)
75 {
76 for (auto &uid : uids) {
77 if (chainType == FIREWALL_CHAIN_DEVICE_IDLE) {
78 if (isAllowed) {
79 deviceIdleAllowedList_.emplace(uid);
80 } else {
81 deviceIdleAllowedList_.erase(uid);
82 }
83 }
84
85 if (chainType == FIREWALL_CHAIN_POWER_SAVE) {
86 if (isAllowed) {
87 powerSaveAllowedList_.emplace(uid);
88 } else {
89 powerSaveAllowedList_.erase(uid);
90 }
91 }
92 }
93 }
94
GetDeviceIdleTrustlist(std::vector<uint32_t> & uids)95 int32_t NetPolicyFirewall::GetDeviceIdleTrustlist(std::vector<uint32_t> &uids)
96 {
97 uids = deviceIdleFirewallRule_->GetAllowedList();
98 return NETMANAGER_SUCCESS;
99 }
100
GetPowerSaveTrustlist(std::vector<uint32_t> & uids)101 int32_t NetPolicyFirewall::GetPowerSaveTrustlist(std::vector<uint32_t> &uids)
102 {
103 uids = powerSaveFirewallRule_->GetAllowedList();
104 return NETMANAGER_SUCCESS;
105 }
106
UpdateDeviceIdlePolicy(bool enable)107 int32_t NetPolicyFirewall::UpdateDeviceIdlePolicy(bool enable)
108 {
109 if (deviceIdleMode_ == enable) {
110 NETMGR_LOG_E("Same device idle policy.");
111 return NETMANAGER_ERR_PARAMETER_ERROR;
112 }
113 if (enable) {
114 deviceIdleFirewallRule_->SetAllowedList();
115 }
116 NetmanagerHiTrace::NetmanagerStartSyncTrace("Update device idle firewall status start");
117 deviceIdleFirewallRule_->EnableFirewall(enable);
118 NetmanagerHiTrace::NetmanagerFinishSyncTrace("Update device idle firewall status end");
119 deviceIdleMode_ = enable;
120 // notify to other core.
121 auto policyEvent = std::make_shared<PolicyEvent>();
122 policyEvent->deviceIdleMode = enable;
123 NetmanagerHiTrace::NetmanagerStartSyncTrace("Notify other policy class device idle status start");
124 SendEvent(NetPolicyEventHandler::MSG_DEVICE_IDLE_MODE_CHANGED, policyEvent);
125 NetmanagerHiTrace::NetmanagerFinishSyncTrace("Notify other policy class device idle status end");
126 return NETMANAGER_SUCCESS;
127 }
128
UpdatePowerSavePolicy(bool enable)129 int32_t NetPolicyFirewall::UpdatePowerSavePolicy(bool enable)
130 {
131 if (powerSaveMode_ == enable) {
132 NETMGR_LOG_E("Same power save policy.");
133 return NETMANAGER_ERR_PARAMETER_ERROR;
134 }
135 if (enable) {
136 powerSaveFirewallRule_->SetAllowedList();
137 }
138 NetmanagerHiTrace::NetmanagerStartSyncTrace("Update power save firewall status start");
139 powerSaveFirewallRule_->EnableFirewall(enable);
140 NetmanagerHiTrace::NetmanagerFinishSyncTrace("Update power save firewall status end");
141 powerSaveMode_ = enable;
142 // notify to other core.
143 auto policyEvent = std::make_shared<PolicyEvent>();
144 policyEvent->powerSaveMode = enable;
145 NetmanagerHiTrace::NetmanagerStartSyncTrace("Notify other policy class power save status start");
146 SendEvent(NetPolicyEventHandler::MSG_DEVICE_IDLE_MODE_CHANGED, policyEvent);
147 NetmanagerHiTrace::NetmanagerFinishSyncTrace("Notify other policy class power save status end");
148 return NETMANAGER_SUCCESS;
149 }
150
ResetPolicies()151 void NetPolicyFirewall::ResetPolicies()
152 {
153 deviceIdleFirewallRule_->ClearAllowedList();
154 deviceIdleFirewallRule_->ClearDeniedList();
155
156 powerSaveFirewallRule_->ClearAllowedList();
157 powerSaveFirewallRule_->ClearDeniedList();
158
159 deviceIdleAllowedList_.clear();
160 deviceIdleDeniedList_.clear();
161 GetFileInst()->WriteFirewallRules(FIREWALL_CHAIN_DEVICE_IDLE, deviceIdleAllowedList_, deviceIdleDeniedList_);
162
163 powerSaveAllowedList_.clear();
164 powerSaveDeniedList_.clear();
165 GetFileInst()->WriteFirewallRules(FIREWALL_CHAIN_POWER_SAVE, powerSaveAllowedList_, powerSaveDeniedList_);
166
167 UpdateDeviceIdlePolicy(false);
168 UpdatePowerSavePolicy(false);
169 }
170
DeleteUid(uint32_t uid)171 void NetPolicyFirewall::DeleteUid(uint32_t uid)
172 {
173 SetDeviceIdleTrustlist({uid}, false);
174 SetPowerSaveTrustlist({uid}, false);
175
176 deviceIdleFirewallRule_->RemoveFromAllowedList(uid);
177 powerSaveFirewallRule_->RemoveFromAllowedList(uid);
178 }
179
HandleEvent(int32_t eventId,const std::shared_ptr<PolicyEvent> & policyEvent)180 void NetPolicyFirewall::HandleEvent(int32_t eventId, const std::shared_ptr<PolicyEvent> &policyEvent)
181 {
182 switch (eventId) {
183 case NetPolicyEventHandler::MSG_UID_REMOVED:
184 DeleteUid(policyEvent->deletedUid);
185 break;
186 case NetPolicyEventHandler::MSG_POWER_SAVE_MODE_CHANGED:
187 UpdatePowerSavePolicy(policyEvent->powerSaveMode);
188 break;
189 case NetPolicyEventHandler::MSG_DEVICE_IDLE_MODE_CHANGED:
190 UpdateDeviceIdlePolicy(policyEvent->deviceIdleMode);
191 break;
192 default:
193 break;
194 }
195 }
196 } // namespace NetManagerStandard
197 } // namespace OHOS
198