1/*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#ifndef NETMANAGER_BASE_FIREWALL_MANAGER_H
17#define NETMANAGER_BASE_FIREWALL_MANAGER_H
18
19#include <iostream>
20#include <map>
21#include <mutex>
22#include <vector>
23
24#include "iptables_type.h"
25
26namespace OHOS {
27namespace nmd {
28struct FirewallChainStatus {
29    bool enable;
30    NetManagerStandard::FirewallType type;
31    std::vector<uint32_t> uids;
32};
33
34class FirewallManager {
35public:
36    FirewallManager();
37    ~FirewallManager();
38    /**
39     * Set uids allowed list chain
40     *
41     * @param chain Chain type
42     * @param uids Allowed list uids
43     *
44     * @return NETMANAGER_SUCCESS suceess or NETMANAGER_ERROR failed
45     */
46    int32_t SetUidsAllowedListChain(NetManagerStandard::ChainType chain, const std::vector<uint32_t> &uids);
47
48    /**
49     * Set uids denied list chain
50     *
51     * @param chain Chain type
52     * @param uids Denied list uids
53     *
54     * @return NETMANAGER_SUCCESS suceess or NETMANAGER_ERROR failed
55     */
56    int32_t SetUidsDeniedListChain(NetManagerStandard::ChainType chain, const std::vector<uint32_t> &uids);
57
58    /**
59     * Enable chain
60     *
61     * @param chain Chain type
62     * @param enable Enable or disable
63     *
64     * @return NETMANAGER_SUCCESS suceess or NETMANAGER_ERROR failed
65     */
66    int32_t EnableChain(NetManagerStandard::ChainType chain, bool enable);
67
68    /**
69     * Set uid rule
70     *
71     * @param chain Chain type
72     * @param uid Uid
73     * @param firewallRule Allow or deny
74     *
75     * @return NETMANAGER_SUCCESS suceess or NETMANAGER_ERROR failed
76     */
77    int32_t SetUidRule(NetManagerStandard::ChainType chain, uint32_t uid,
78                       NetManagerStandard::FirewallRule firewallRule);
79
80    /**
81     * Clear firewall all rules
82     */
83    int32_t ClearAllRules();
84
85private:
86    std::string FetchChainName(NetManagerStandard::ChainType chain);
87    NetManagerStandard::FirewallType FetchChainType(NetManagerStandard::ChainType chain);
88    int32_t InitChain();
89    int32_t DeInitChain();
90    int32_t InitDefaultRules();
91    int32_t IptablesNewChain(NetManagerStandard::ChainType chain);
92    int32_t IptablesDeleteChain(NetManagerStandard::ChainType chain);
93    int32_t IptablesSetRule(const std::string &chainName, const std::string &option, const std::string &target,
94                            uint32_t uid);
95    std::string ReadMaxUidConfig();
96    int32_t IsFirewallChian(NetManagerStandard::ChainType chain);
97    inline void CheckChainInitialization();
98
99private:
100    bool chainInitFlag_;
101    std::string strMaxUid_;
102    std::mutex firewallMutex_;
103    NetManagerStandard::FirewallType firewallType_;
104    std::map<NetManagerStandard::ChainType, FirewallChainStatus> firewallChainStatus_;
105};
106} // namespace nmd
107} // namespace OHOS
108#endif // /* NETMANAGER_BASE */
109