1b1b8bc3fSopenharmony_ci/*
2b1b8bc3fSopenharmony_ci * Copyright (c) 2024 Huawei Device Co., Ltd.
3b1b8bc3fSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License");
4b1b8bc3fSopenharmony_ci * you may not use this file except in compliance with the License.
5b1b8bc3fSopenharmony_ci * You may obtain a copy of the License at
6b1b8bc3fSopenharmony_ci *
7b1b8bc3fSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0
8b1b8bc3fSopenharmony_ci *
9b1b8bc3fSopenharmony_ci * Unless required by applicable law or agreed to in writing, software
10b1b8bc3fSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS,
11b1b8bc3fSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12b1b8bc3fSopenharmony_ci * See the License for the specific language governing permissions and
13b1b8bc3fSopenharmony_ci * limitations under the License.
14b1b8bc3fSopenharmony_ci */
15b1b8bc3fSopenharmony_ci
16b1b8bc3fSopenharmony_ci#ifndef NET_FIREWALL_PARCEL_H
17b1b8bc3fSopenharmony_ci#define NET_FIREWALL_PARCEL_H
18b1b8bc3fSopenharmony_ci
19b1b8bc3fSopenharmony_ci#include <string>
20b1b8bc3fSopenharmony_ci#include <vector>
21b1b8bc3fSopenharmony_ci#include <netinet/in.h>
22b1b8bc3fSopenharmony_ci
23b1b8bc3fSopenharmony_ci#include "parcel.h"
24b1b8bc3fSopenharmony_ci
25b1b8bc3fSopenharmony_cinamespace OHOS {
26b1b8bc3fSopenharmony_cinamespace NetManagerStandard {
27b1b8bc3fSopenharmony_ci// Intercept only one record per minute, with a buffer time of 60 seconds
28b1b8bc3fSopenharmony_ciconstexpr const int32_t INTERCEPT_BUFF_INTERVAL_SEC = 60;
29b1b8bc3fSopenharmony_ci// Maximum number of rules per user
30b1b8bc3fSopenharmony_ciconstexpr int32_t FIREWALL_RULE_SIZE_MAX = 1000;
31b1b8bc3fSopenharmony_ci// Maximum number of domain for all users
32b1b8bc3fSopenharmony_ciconstexpr int32_t FIREWALL_DOMAIN_RULE_SIZE_MAX = 2000;
33b1b8bc3fSopenharmony_ciconstexpr int32_t FIREWALL_IPC_IP_RULE_PAGE_SIZE = 300;
34b1b8bc3fSopenharmony_ciconstexpr int32_t FIREWALL_IPC_DOMAIN_RULE_PAGE_SIZE = 2000;
35b1b8bc3fSopenharmony_ciconstexpr uint8_t FAMILY_IPV4 = 1;
36b1b8bc3fSopenharmony_ciconstexpr uint8_t FAMILY_IPV6 = 2;
37b1b8bc3fSopenharmony_ciconstexpr uint8_t SINGLE_IP = 1;
38b1b8bc3fSopenharmony_ciconstexpr uint8_t MULTIPLE_IP = 2;
39b1b8bc3fSopenharmony_ciconstexpr int32_t IPV6_ARRAY_SIZE = 16;
40b1b8bc3fSopenharmony_ci
41b1b8bc3fSopenharmony_ciconstexpr const char *COMMA = ",";
42b1b8bc3fSopenharmony_ciconstexpr const char *NET_FIREWALL_IS_OPEN = "isOpen";
43b1b8bc3fSopenharmony_ciconstexpr const char *NET_FIREWALL_IN_ACTION = "inAction";
44b1b8bc3fSopenharmony_ciconstexpr const char *NET_FIREWALL_OUT_ACTION = "outAction";
45b1b8bc3fSopenharmony_ci
46b1b8bc3fSopenharmony_cinamespace {
47b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RULE_ID = "id";
48b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RULE_NAME = "name";
49b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RULE_DESC = "description";
50b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RULE_DIR = "direction";
51b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RULE_ACTION = "action";
52b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RULE_TYPE = "type";
53b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_IS_ENABLED = "isEnabled";
54b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_APP_ID = "appUid";
55b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_LOCAL_IP = "localIps";
56b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_REMOTE_IP = "remoteIps";
57b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_PROTOCOL = "protocol";
58b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_LOCAL_PORT = "localPorts";
59b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_REMOTE_PORT = "remotePorts";
60b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RULE_DOMAIN = "domains";
61b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_DNS = "dns";
62b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_USER_ID = "userId";
63b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_IP_FAMILY = "family";
64b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_IP_TYPE = "type";
65b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_IP_ADDRESS = "address";
66b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_IP_MASK = "mask";
67b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_IP_START = "startIp";
68b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_IP_END = "endIp";
69b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_PORT_START = "startPort";
70b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_PORT_END = "endPort";
71b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_DOMAIN_IS_WILDCARD = "isWildcard";
72b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_DOMAIN = "domain";
73b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_DNS_PRIMARY = "primaryDns";
74b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_DNS_STANDY = "standbyDns";
75b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RECORD_TIME = "time";
76b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RECORD_LOCAL_IP = "localIp";
77b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RECORD_REMOTE_IP = "remoteIp";
78b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RECORD_LOCAL_PORT = "localPort";
79b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RECORD_REMOTE_PORT = "remotePort";
80b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RECORD_PROTOCOL = "protocol";
81b1b8bc3fSopenharmony_ciconst std::string NET_FIREWALL_RECORD_UID = "appUid";
82b1b8bc3fSopenharmony_ci
83b1b8bc3fSopenharmony_ciconst std::string EQUAL = "=";
84b1b8bc3fSopenharmony_ci} // namespace
85b1b8bc3fSopenharmony_ci
86b1b8bc3fSopenharmony_ci// Firewall rule direction enumeration
87b1b8bc3fSopenharmony_cienum class NetFirewallRuleDirection {
88b1b8bc3fSopenharmony_ci    RULE_IN = 1, // Inbound
89b1b8bc3fSopenharmony_ci    RULE_OUT     // Outbound
90b1b8bc3fSopenharmony_ci};
91b1b8bc3fSopenharmony_ci
92b1b8bc3fSopenharmony_ci// Firewall rule behavior enumeration
93b1b8bc3fSopenharmony_cienum class FirewallRuleAction {
94b1b8bc3fSopenharmony_ci    RULE_INVALID = -1,
95b1b8bc3fSopenharmony_ci    RULE_ALLOW = 0, // allow
96b1b8bc3fSopenharmony_ci    RULE_DENY       // deny
97b1b8bc3fSopenharmony_ci};
98b1b8bc3fSopenharmony_ci
99b1b8bc3fSopenharmony_ci// Firewall Rule Type
100b1b8bc3fSopenharmony_cienum class NetFirewallRuleType {
101b1b8bc3fSopenharmony_ci    RULE_INVALID = -1, // TYPE INVALID
102b1b8bc3fSopenharmony_ci    RULE_IP = 1,       // TYPE IP
103b1b8bc3fSopenharmony_ci    RULE_DOMAIN,       // TYPE Domain
104b1b8bc3fSopenharmony_ci    RULE_DNS,          // TYPE DNS
105b1b8bc3fSopenharmony_ci    RULE_ALL           // TYPE ALL
106b1b8bc3fSopenharmony_ci};
107b1b8bc3fSopenharmony_ci
108b1b8bc3fSopenharmony_ci// Network protocol, currently only supports the following enumeration. Please refer to the enumeration data for
109b1b8bc3fSopenharmony_ci// details: https://learn.microsoft.com/en-us/graph/api/resources/securitynetworkprotocol?view=graph-rest-1.0
110b1b8bc3fSopenharmony_cienum class NetworkProtocol {
111b1b8bc3fSopenharmony_ci    ICMP = 1,       // Internet Control Message Protocol.
112b1b8bc3fSopenharmony_ci    TCP = 6,        // Transmission Control Protocol.
113b1b8bc3fSopenharmony_ci    UDP = 17,       // User Datagram Protocol.
114b1b8bc3fSopenharmony_ci    ICMPV6 = 58,    // Internet Control Message Protocol for ipv6.
115b1b8bc3fSopenharmony_ci    GRE = 47,       // General Routing Encapsulation
116b1b8bc3fSopenharmony_ci    IPSEC_ESP = 50, // Encap Security Payload [RFC2406]
117b1b8bc3fSopenharmony_ci    IPSEC_AH = 51,  // Authentication Header [RFC2402]
118b1b8bc3fSopenharmony_ci    L2TP = 115,     // Layer Two Tunneling Protocol [RFC2661]
119b1b8bc3fSopenharmony_ci};
120b1b8bc3fSopenharmony_ci
121b1b8bc3fSopenharmony_ci// Firewall IP parameters
122b1b8bc3fSopenharmony_cistruct NetFirewallIpParam : public Parcelable {
123b1b8bc3fSopenharmony_ci    uint8_t family; // IPv4=1, IPv6=2, default IPv4, not currently supported for others, optional
124b1b8bc3fSopenharmony_ci    uint8_t type;   // 1:IP address or subnet, when using a single IP, the mask is 32,2: IP segment. Optional
125b1b8bc3fSopenharmony_ci    uint8_t mask;   // IPv4: subnet mask, IPv6: prefix. Optional
126b1b8bc3fSopenharmony_ci    union {
127b1b8bc3fSopenharmony_ci        struct {
128b1b8bc3fSopenharmony_ci            in_addr startIp; // Store IP for single IP, and store starting IP for IP end
129b1b8bc3fSopenharmony_ci            in_addr endIp;
130b1b8bc3fSopenharmony_ci        } ipv4;
131b1b8bc3fSopenharmony_ci        struct {
132b1b8bc3fSopenharmony_ci            in6_addr startIp; // Store IP for single IP, and store starting IP for IP end
133b1b8bc3fSopenharmony_ci            in6_addr endIp;
134b1b8bc3fSopenharmony_ci        } ipv6;
135b1b8bc3fSopenharmony_ci    };
136b1b8bc3fSopenharmony_ci    virtual bool Marshalling(Parcel &parcel) const override;
137b1b8bc3fSopenharmony_ci    static sptr<NetFirewallIpParam> Unmarshalling(Parcel &parcel);
138b1b8bc3fSopenharmony_ci    std::string GetStartIp() const;
139b1b8bc3fSopenharmony_ci    std::string GetEndIp() const;
140b1b8bc3fSopenharmony_ci};
141b1b8bc3fSopenharmony_ci
142b1b8bc3fSopenharmony_ci// Firewall port parameters
143b1b8bc3fSopenharmony_cistruct NetFirewallPortParam : public Parcelable {
144b1b8bc3fSopenharmony_ci    uint16_t startPort; // When there is only one port, the starting port is the same as the ending port. Optional
145b1b8bc3fSopenharmony_ci    uint16_t endPort;   // When there is only one end port, the start port is the same as the end port. Optional
146b1b8bc3fSopenharmony_ci
147b1b8bc3fSopenharmony_ci    virtual bool Marshalling(Parcel &parcel) const override;
148b1b8bc3fSopenharmony_ci    static sptr<NetFirewallPortParam> Unmarshalling(Parcel &parcel);
149b1b8bc3fSopenharmony_ci};
150b1b8bc3fSopenharmony_ci
151b1b8bc3fSopenharmony_ci// Firewall domain name parameters
152b1b8bc3fSopenharmony_cistruct NetFirewallDomainParam : public Parcelable {
153b1b8bc3fSopenharmony_ci    bool isWildcard;    // Is there a universal configuration rule? It is mandatory
154b1b8bc3fSopenharmony_ci    std::string domain; // Domain, mandatory
155b1b8bc3fSopenharmony_ci
156b1b8bc3fSopenharmony_ci    virtual bool Marshalling(Parcel &parcel) const override;
157b1b8bc3fSopenharmony_ci    static sptr<NetFirewallDomainParam> Unmarshalling(Parcel &parcel);
158b1b8bc3fSopenharmony_ci};
159b1b8bc3fSopenharmony_ci
160b1b8bc3fSopenharmony_ci// Firewall DNS parameters
161b1b8bc3fSopenharmony_cistruct NetFirewallDnsParam : public Parcelable {
162b1b8bc3fSopenharmony_ci    std::string primaryDns; // Primary DNS, mandatory
163b1b8bc3fSopenharmony_ci    std::string standbyDns; // Backup DNS, optional
164b1b8bc3fSopenharmony_ci
165b1b8bc3fSopenharmony_ci    virtual bool Marshalling(Parcel &parcel) const override;
166b1b8bc3fSopenharmony_ci    static sptr<NetFirewallDnsParam> Unmarshalling(Parcel &parcel);
167b1b8bc3fSopenharmony_ci};
168b1b8bc3fSopenharmony_ci
169b1b8bc3fSopenharmony_cistruct NetFirewallBaseRule : public Parcelable {
170b1b8bc3fSopenharmony_ci    int32_t userId;
171b1b8bc3fSopenharmony_ci    int32_t appUid;
172b1b8bc3fSopenharmony_ci
173b1b8bc3fSopenharmony_ci    virtual bool Marshalling(Parcel &parcel) const override;
174b1b8bc3fSopenharmony_ci    static sptr<NetFirewallBaseRule> Unmarshalling(Parcel &parcel);
175b1b8bc3fSopenharmony_ci    static bool UnmarshallingBase(Parcel &parcel, sptr<NetFirewallBaseRule> ptr);
176b1b8bc3fSopenharmony_ci};
177b1b8bc3fSopenharmony_ci
178b1b8bc3fSopenharmony_cistruct NetFirewallDomainRule : public NetFirewallBaseRule {
179b1b8bc3fSopenharmony_ci    FirewallRuleAction ruleAction;
180b1b8bc3fSopenharmony_ci    std::vector<NetFirewallDomainParam> domains;
181b1b8bc3fSopenharmony_ci
182b1b8bc3fSopenharmony_ci    bool Marshalling(Parcel &parcel) const override;
183b1b8bc3fSopenharmony_ci    static sptr<NetFirewallDomainRule> Unmarshalling(Parcel &parcel);
184b1b8bc3fSopenharmony_ci};
185b1b8bc3fSopenharmony_ci
186b1b8bc3fSopenharmony_cistruct NetFirewallIpRule : public NetFirewallBaseRule {
187b1b8bc3fSopenharmony_ci    NetFirewallRuleDirection ruleDirection;
188b1b8bc3fSopenharmony_ci    FirewallRuleAction ruleAction;
189b1b8bc3fSopenharmony_ci    NetworkProtocol protocol;
190b1b8bc3fSopenharmony_ci    std::vector<NetFirewallIpParam> localIps;
191b1b8bc3fSopenharmony_ci    std::vector<NetFirewallIpParam> remoteIps;
192b1b8bc3fSopenharmony_ci    std::vector<NetFirewallPortParam> localPorts;
193b1b8bc3fSopenharmony_ci    std::vector<NetFirewallPortParam> remotePorts;
194b1b8bc3fSopenharmony_ci
195b1b8bc3fSopenharmony_ci    static sptr<NetFirewallIpRule> Unmarshalling(Parcel &parcel);
196b1b8bc3fSopenharmony_ci    bool Marshalling(Parcel &parcel) const override;
197b1b8bc3fSopenharmony_ci};
198b1b8bc3fSopenharmony_ci
199b1b8bc3fSopenharmony_cistruct NetFirewallDnsRule : public NetFirewallBaseRule {
200b1b8bc3fSopenharmony_ci    std::string primaryDns;
201b1b8bc3fSopenharmony_ci    std::string standbyDns;
202b1b8bc3fSopenharmony_ci
203b1b8bc3fSopenharmony_ci    static sptr<NetFirewallDnsRule> Unmarshalling(Parcel &parcel);
204b1b8bc3fSopenharmony_ci    bool Marshalling(Parcel &parcel) const override;
205b1b8bc3fSopenharmony_ci};
206b1b8bc3fSopenharmony_ci
207b1b8bc3fSopenharmony_citemplate <typename T> inline sptr<T> firewall_rule_cast(const sptr<NetFirewallBaseRule> &object)
208b1b8bc3fSopenharmony_ci{
209b1b8bc3fSopenharmony_ci    return static_cast<T *>(object.GetRefPtr());
210b1b8bc3fSopenharmony_ci}
211b1b8bc3fSopenharmony_ci
212b1b8bc3fSopenharmony_ci// Firewall rules, external interfaces
213b1b8bc3fSopenharmony_cistruct NetFirewallRule : public Parcelable {
214b1b8bc3fSopenharmony_ci    int32_t ruleId;                                // Rule ID, optional
215b1b8bc3fSopenharmony_ci    std::string ruleName;                          // Rule name, mandatory
216b1b8bc3fSopenharmony_ci    std::string ruleDescription;                   // Rule description, optional
217b1b8bc3fSopenharmony_ci    NetFirewallRuleDirection ruleDirection;        // Rule direction, inbound or outbound, mandatory
218b1b8bc3fSopenharmony_ci    FirewallRuleAction ruleAction;                 // Behavior rules, mandatory
219b1b8bc3fSopenharmony_ci    NetFirewallRuleType ruleType;                  // Rule type, mandatory
220b1b8bc3fSopenharmony_ci    bool isEnabled;                                // Enable or not, required
221b1b8bc3fSopenharmony_ci    int32_t appUid;                                // Application or service ID, optional
222b1b8bc3fSopenharmony_ci    std::vector<NetFirewallIpParam> localIps;      // Local IP address, optional
223b1b8bc3fSopenharmony_ci    std::vector<NetFirewallIpParam> remoteIps;     // Remote IP address, optional
224b1b8bc3fSopenharmony_ci    NetworkProtocol protocol;                      // Protocol, TCP: 6, UDP: 17. Optional
225b1b8bc3fSopenharmony_ci    std::vector<NetFirewallPortParam> localPorts;  // Local port, optional
226b1b8bc3fSopenharmony_ci    std::vector<NetFirewallPortParam> remotePorts; // Remote port, optional
227b1b8bc3fSopenharmony_ci    std::vector<NetFirewallDomainParam> domains;   // Domain name list, optional
228b1b8bc3fSopenharmony_ci    NetFirewallDnsParam dns;                       // DNS, optional
229b1b8bc3fSopenharmony_ci    int32_t userId;                                // User ID, mandatory
230b1b8bc3fSopenharmony_ci
231b1b8bc3fSopenharmony_ci    static sptr<NetFirewallRule> Unmarshalling(Parcel &parcel);
232b1b8bc3fSopenharmony_ci    virtual bool Marshalling(Parcel &parcel) const override;
233b1b8bc3fSopenharmony_ci    std::string ToString() const;
234b1b8bc3fSopenharmony_ci};
235b1b8bc3fSopenharmony_ci
236b1b8bc3fSopenharmony_ci// Interception Record
237b1b8bc3fSopenharmony_cistruct InterceptRecord : public Parcelable {
238b1b8bc3fSopenharmony_ci    uint16_t localPort;   // Local Port
239b1b8bc3fSopenharmony_ci    uint16_t remotePort;  // Destination Port
240b1b8bc3fSopenharmony_ci    uint16_t protocol;    // Transport Layer Protocol
241b1b8bc3fSopenharmony_ci    int32_t time;         // time stamp
242b1b8bc3fSopenharmony_ci    std::string localIp;  // Local IP
243b1b8bc3fSopenharmony_ci    std::string remoteIp; // Remote IP
244b1b8bc3fSopenharmony_ci    int32_t appUid;       // Application or Service ID
245b1b8bc3fSopenharmony_ci    std::string domain;   // domain name
246b1b8bc3fSopenharmony_ci
247b1b8bc3fSopenharmony_ci    virtual bool Marshalling(Parcel &parcel) const override;
248b1b8bc3fSopenharmony_ci    static sptr<InterceptRecord> Unmarshalling(Parcel &parcel);
249b1b8bc3fSopenharmony_ci};
250b1b8bc3fSopenharmony_ci
251b1b8bc3fSopenharmony_ciclass NetFirewallUtils {
252b1b8bc3fSopenharmony_cipublic:
253b1b8bc3fSopenharmony_ci    NetFirewallUtils() = default;
254b1b8bc3fSopenharmony_ci    ~NetFirewallUtils() = default;
255b1b8bc3fSopenharmony_ci    NetFirewallUtils(const NetFirewallUtils &) = delete;
256b1b8bc3fSopenharmony_ci    NetFirewallUtils &operator = (const NetFirewallUtils &) = delete;
257b1b8bc3fSopenharmony_ci    // String segmentation
258b1b8bc3fSopenharmony_ci    static std::vector<std::string> split(const std::string &text, char delim = ',');
259b1b8bc3fSopenharmony_ci    // Delete substring to obtain the remaining strings after deletion
260b1b8bc3fSopenharmony_ci    static std::string erase(const std::string &src, const std::string &sub);
261b1b8bc3fSopenharmony_ci
262b1b8bc3fSopenharmony_ci    // Serialization&Deserialization List
263b1b8bc3fSopenharmony_ci    template <typename T> static bool MarshallingList(const std::vector<T> &list, Parcel &parcel);
264b1b8bc3fSopenharmony_ci    template <typename T> static bool UnmarshallingList(Parcel &parcel, std::vector<T> &list);
265b1b8bc3fSopenharmony_ci};
266b1b8bc3fSopenharmony_ci} // namespace NetManagerStandard
267b1b8bc3fSopenharmony_ci} // namespace OHOS
268b1b8bc3fSopenharmony_ci
269b1b8bc3fSopenharmony_ci#endif // NET_FIREWALL_PARCEL_H