1b1b8bc3fSopenharmony_ci/* 2b1b8bc3fSopenharmony_ci * Copyright (C) 2022-2023 Huawei Device Co., Ltd. 3b1b8bc3fSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4b1b8bc3fSopenharmony_ci * you may not use this file except in compliance with the License. 5b1b8bc3fSopenharmony_ci * You may obtain a copy of the License at 6b1b8bc3fSopenharmony_ci * 7b1b8bc3fSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8b1b8bc3fSopenharmony_ci * 9b1b8bc3fSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10b1b8bc3fSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11b1b8bc3fSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12b1b8bc3fSopenharmony_ci * See the License for the specific language governing permissions and 13b1b8bc3fSopenharmony_ci * limitations under the License. 14b1b8bc3fSopenharmony_ci */ 15b1b8bc3fSopenharmony_ci 16b1b8bc3fSopenharmony_ci#include "bandwidth_manager.h" 17b1b8bc3fSopenharmony_ci 18b1b8bc3fSopenharmony_ci#include <cinttypes> 19b1b8bc3fSopenharmony_ci 20b1b8bc3fSopenharmony_ci#include "iptables_wrapper.h" 21b1b8bc3fSopenharmony_ci#include "net_manager_constants.h" 22b1b8bc3fSopenharmony_ci#include "netmanager_base_common_utils.h" 23b1b8bc3fSopenharmony_ci#include "netnative_log_wrapper.h" 24b1b8bc3fSopenharmony_ci 25b1b8bc3fSopenharmony_cinamespace OHOS { 26b1b8bc3fSopenharmony_cinamespace nmd { 27b1b8bc3fSopenharmony_ciusing namespace NetManagerStandard; 28b1b8bc3fSopenharmony_cistatic constexpr const char *CHAIN_NAME_COSTLY_PTR = "ohbw_costly_"; 29b1b8bc3fSopenharmony_ciBandwidthManager::BandwidthManager() : chainInitFlag_(false), dataSaverEnable_(false) {} 30b1b8bc3fSopenharmony_ci 31b1b8bc3fSopenharmony_ciBandwidthManager::~BandwidthManager() 32b1b8bc3fSopenharmony_ci{ 33b1b8bc3fSopenharmony_ci DeInitChain(); 34b1b8bc3fSopenharmony_ci} 35b1b8bc3fSopenharmony_ci 36b1b8bc3fSopenharmony_ciinline void BandwidthManager::CheckChainInitialization() 37b1b8bc3fSopenharmony_ci{ 38b1b8bc3fSopenharmony_ci if (chainInitFlag_ == false) { 39b1b8bc3fSopenharmony_ci InitChain(); 40b1b8bc3fSopenharmony_ci InitDefaultRules(); 41b1b8bc3fSopenharmony_ci } 42b1b8bc3fSopenharmony_ci} 43b1b8bc3fSopenharmony_ci 44b1b8bc3fSopenharmony_cistd::string BandwidthManager::FetchChainName(ChainType chain) 45b1b8bc3fSopenharmony_ci{ 46b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager FetchChainName: chain=%{public}d", chain); 47b1b8bc3fSopenharmony_ci std::string chainName; 48b1b8bc3fSopenharmony_ci switch (chain) { 49b1b8bc3fSopenharmony_ci case ChainType::CHAIN_OHBW_INPUT: 50b1b8bc3fSopenharmony_ci chainName = "ohbw_INPUT"; 51b1b8bc3fSopenharmony_ci break; 52b1b8bc3fSopenharmony_ci case ChainType::CHAIN_OHBW_OUTPUT: 53b1b8bc3fSopenharmony_ci chainName = "ohbw_OUTPUT"; 54b1b8bc3fSopenharmony_ci break; 55b1b8bc3fSopenharmony_ci case ChainType::CHAIN_OHBW_FORWARD: 56b1b8bc3fSopenharmony_ci chainName = "ohbw_FORWARD"; 57b1b8bc3fSopenharmony_ci break; 58b1b8bc3fSopenharmony_ci case ChainType::CHAIN_OHBW_DENIED_LIST_BOX: 59b1b8bc3fSopenharmony_ci chainName = "ohbw_denied_list_box"; 60b1b8bc3fSopenharmony_ci break; 61b1b8bc3fSopenharmony_ci case ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX: 62b1b8bc3fSopenharmony_ci chainName = "ohbw_allowed_list_box"; 63b1b8bc3fSopenharmony_ci break; 64b1b8bc3fSopenharmony_ci case ChainType::CHAIN_OHBW_GLOBAL_ALERT: 65b1b8bc3fSopenharmony_ci chainName = "ohbw_global_alert"; 66b1b8bc3fSopenharmony_ci break; 67b1b8bc3fSopenharmony_ci case ChainType::CHAIN_OHBW_COSTLY_SHARED: 68b1b8bc3fSopenharmony_ci chainName = "ohbw_costly_shared"; 69b1b8bc3fSopenharmony_ci break; 70b1b8bc3fSopenharmony_ci case ChainType::CHAIN_OHBW_DATA_SAVER: 71b1b8bc3fSopenharmony_ci chainName = "ohbw_data_saver"; 72b1b8bc3fSopenharmony_ci break; 73b1b8bc3fSopenharmony_ci default: 74b1b8bc3fSopenharmony_ci chainName = "oh_unusable"; 75b1b8bc3fSopenharmony_ci break; 76b1b8bc3fSopenharmony_ci } 77b1b8bc3fSopenharmony_ci return chainName; 78b1b8bc3fSopenharmony_ci} 79b1b8bc3fSopenharmony_ci 80b1b8bc3fSopenharmony_ciint32_t BandwidthManager::InitChain() 81b1b8bc3fSopenharmony_ci{ 82b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager InitChain"); 83b1b8bc3fSopenharmony_ci bool hasError = false; 84b1b8bc3fSopenharmony_ci hasError = (IptablesNewChain(ChainType::CHAIN_OHBW_INPUT) == NETMANAGER_ERROR) || 85b1b8bc3fSopenharmony_ci (IptablesNewChain(ChainType::CHAIN_OHBW_OUTPUT) == NETMANAGER_ERROR) || 86b1b8bc3fSopenharmony_ci (IptablesNewChain(ChainType::CHAIN_OHBW_FORWARD) == NETMANAGER_ERROR) || 87b1b8bc3fSopenharmony_ci (IptablesNewChain(ChainType::CHAIN_OHBW_DENIED_LIST_BOX) == NETMANAGER_ERROR) || 88b1b8bc3fSopenharmony_ci (IptablesNewChain(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX) == NETMANAGER_ERROR) || 89b1b8bc3fSopenharmony_ci (IptablesNewChain(ChainType::CHAIN_OHBW_GLOBAL_ALERT) == NETMANAGER_ERROR) || 90b1b8bc3fSopenharmony_ci (IptablesNewChain(ChainType::CHAIN_OHBW_COSTLY_SHARED) == NETMANAGER_ERROR) || 91b1b8bc3fSopenharmony_ci (IptablesNewChain(ChainType::CHAIN_OHBW_DATA_SAVER) == NETMANAGER_ERROR); 92b1b8bc3fSopenharmony_ci chainInitFlag_ = true; 93b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 94b1b8bc3fSopenharmony_ci} 95b1b8bc3fSopenharmony_ci 96b1b8bc3fSopenharmony_ciint32_t BandwidthManager::DeInitChain() 97b1b8bc3fSopenharmony_ci{ 98b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager DeInitChain"); 99b1b8bc3fSopenharmony_ci bool hasError = false; 100b1b8bc3fSopenharmony_ci hasError = (IptablesDeleteChain(ChainType::CHAIN_OHBW_INPUT) == NETMANAGER_ERROR) || 101b1b8bc3fSopenharmony_ci (IptablesDeleteChain(ChainType::CHAIN_OHBW_OUTPUT) == NETMANAGER_ERROR) || 102b1b8bc3fSopenharmony_ci (IptablesDeleteChain(ChainType::CHAIN_OHBW_FORWARD) == NETMANAGER_ERROR) || 103b1b8bc3fSopenharmony_ci (IptablesDeleteChain(ChainType::CHAIN_OHBW_DENIED_LIST_BOX) == NETMANAGER_ERROR) || 104b1b8bc3fSopenharmony_ci (IptablesDeleteChain(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX) == NETMANAGER_ERROR) || 105b1b8bc3fSopenharmony_ci (IptablesDeleteChain(ChainType::CHAIN_OHBW_GLOBAL_ALERT) == NETMANAGER_ERROR) || 106b1b8bc3fSopenharmony_ci (IptablesDeleteChain(ChainType::CHAIN_OHBW_COSTLY_SHARED) == NETMANAGER_ERROR) || 107b1b8bc3fSopenharmony_ci (IptablesDeleteChain(ChainType::CHAIN_OHBW_DATA_SAVER) == NETMANAGER_ERROR); 108b1b8bc3fSopenharmony_ci chainInitFlag_ = false; 109b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 110b1b8bc3fSopenharmony_ci} 111b1b8bc3fSopenharmony_ci 112b1b8bc3fSopenharmony_ciint32_t BandwidthManager::InitDefaultBwChainRules() 113b1b8bc3fSopenharmony_ci{ 114b1b8bc3fSopenharmony_ci bool hasError = false; 115b1b8bc3fSopenharmony_ci std::string command; 116b1b8bc3fSopenharmony_ci std::string chainName; 117b1b8bc3fSopenharmony_ci 118b1b8bc3fSopenharmony_ci // -A INPUT -j ohbw_INPUT 119b1b8bc3fSopenharmony_ci // -A OUTPUT -j ohbw_OUTPUT 120b1b8bc3fSopenharmony_ci chainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT); 121b1b8bc3fSopenharmony_ci command = "-t filter -A INPUT -j " + chainName; 122b1b8bc3fSopenharmony_ci hasError = hasError || 123b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 124b1b8bc3fSopenharmony_ci chainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT); 125b1b8bc3fSopenharmony_ci command = "-t filter -A OUTPUT -j " + chainName; 126b1b8bc3fSopenharmony_ci hasError = hasError || 127b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 128b1b8bc3fSopenharmony_ci // -A ohbw_INPUT -p esp -j RETURN 129b1b8bc3fSopenharmony_ci // -A ohbw_INPUT -m mark --mark 0x100000/0x100000 -j RETURN 130b1b8bc3fSopenharmony_ci chainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT); 131b1b8bc3fSopenharmony_ci command = "-t filter -A " + chainName + " -p esp -j RETURN"; 132b1b8bc3fSopenharmony_ci hasError = hasError || 133b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 134b1b8bc3fSopenharmony_ci command = 135b1b8bc3fSopenharmony_ci "-t filter -A " + FetchChainName(ChainType::CHAIN_OHBW_INPUT) + " -m mark --mark 0x100000/0x100000 -j RETURN"; 136b1b8bc3fSopenharmony_ci hasError = hasError || 137b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 138b1b8bc3fSopenharmony_ci 139b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 140b1b8bc3fSopenharmony_ci} 141b1b8bc3fSopenharmony_ci 142b1b8bc3fSopenharmony_ciint32_t BandwidthManager::InitDefaultListBoxChainRules() 143b1b8bc3fSopenharmony_ci{ 144b1b8bc3fSopenharmony_ci bool hasError = false; 145b1b8bc3fSopenharmony_ci std::string command; 146b1b8bc3fSopenharmony_ci std::string chainName; 147b1b8bc3fSopenharmony_ci std::string fChainName; 148b1b8bc3fSopenharmony_ci 149b1b8bc3fSopenharmony_ci // -A ohbw_OUPUT -j ohbw_denied_list_box 150b1b8bc3fSopenharmony_ci // -A ohbw_denied_list_box -j ohbw_allowed_list_box 151b1b8bc3fSopenharmony_ci // -A ohbw_allowed_list_box -j ohbw_data_saver 152b1b8bc3fSopenharmony_ci // -A ohbw_data_saver -j RETURN 153b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX); 154b1b8bc3fSopenharmony_ci chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX); 155b1b8bc3fSopenharmony_ci command = "-t filter -A " + fChainName + " -j " + chainName; 156b1b8bc3fSopenharmony_ci hasError = hasError || 157b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 158b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX); 159b1b8bc3fSopenharmony_ci chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER); 160b1b8bc3fSopenharmony_ci command = "-t filter -A " + fChainName + " -j " + chainName; 161b1b8bc3fSopenharmony_ci hasError = hasError || 162b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 163b1b8bc3fSopenharmony_ci chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER); 164b1b8bc3fSopenharmony_ci command = "-t filter -A " + chainName + " -j RETURN"; 165b1b8bc3fSopenharmony_ci hasError = hasError || 166b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 167b1b8bc3fSopenharmony_ci 168b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 169b1b8bc3fSopenharmony_ci} 170b1b8bc3fSopenharmony_ci 171b1b8bc3fSopenharmony_ciint32_t BandwidthManager::InitDefaultAlertChainRules() 172b1b8bc3fSopenharmony_ci{ 173b1b8bc3fSopenharmony_ci bool hasError = false; 174b1b8bc3fSopenharmony_ci std::string command; 175b1b8bc3fSopenharmony_ci std::string chainName; 176b1b8bc3fSopenharmony_ci std::string fChainName; 177b1b8bc3fSopenharmony_ci 178b1b8bc3fSopenharmony_ci // -A ohbw_INPUT -j ohbw_global_alert 179b1b8bc3fSopenharmony_ci // -A ohbw_OUTPUT -j ohbw_global_alert 180b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT); 181b1b8bc3fSopenharmony_ci chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT); 182b1b8bc3fSopenharmony_ci command = "-t filter -A " + fChainName + " -j " + chainName; 183b1b8bc3fSopenharmony_ci hasError = hasError || 184b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 185b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT); 186b1b8bc3fSopenharmony_ci chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT); 187b1b8bc3fSopenharmony_ci command = "-t filter -A " + fChainName + " -j " + chainName; 188b1b8bc3fSopenharmony_ci hasError = hasError || 189b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 190b1b8bc3fSopenharmony_ci 191b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 192b1b8bc3fSopenharmony_ci} 193b1b8bc3fSopenharmony_ci 194b1b8bc3fSopenharmony_ciint32_t BandwidthManager::InitDefaultRules() 195b1b8bc3fSopenharmony_ci{ 196b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager InitDefaultRules"); 197b1b8bc3fSopenharmony_ci bool hasError = false; 198b1b8bc3fSopenharmony_ci hasError = (InitDefaultBwChainRules() == NETMANAGER_ERROR) || 199b1b8bc3fSopenharmony_ci (InitDefaultListBoxChainRules() == NETMANAGER_ERROR) || 200b1b8bc3fSopenharmony_ci (InitDefaultAlertChainRules() == NETMANAGER_ERROR); 201b1b8bc3fSopenharmony_ci 202b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 203b1b8bc3fSopenharmony_ci} 204b1b8bc3fSopenharmony_ci 205b1b8bc3fSopenharmony_ciint32_t BandwidthManager::IptablesNewChain(ChainType chain) 206b1b8bc3fSopenharmony_ci{ 207b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager NewChain: chain=%{public}d", chain); 208b1b8bc3fSopenharmony_ci std::string command = "-t filter -N " + FetchChainName(chain); 209b1b8bc3fSopenharmony_ci return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command); 210b1b8bc3fSopenharmony_ci} 211b1b8bc3fSopenharmony_ci 212b1b8bc3fSopenharmony_ciint32_t BandwidthManager::IptablesNewChain(const std::string &chainName) 213b1b8bc3fSopenharmony_ci{ 214b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager NewChain: chain=%{public}s", chainName.c_str()); 215b1b8bc3fSopenharmony_ci std::string command = "-t filter -N " + chainName; 216b1b8bc3fSopenharmony_ci return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command); 217b1b8bc3fSopenharmony_ci} 218b1b8bc3fSopenharmony_ci 219b1b8bc3fSopenharmony_ciint32_t BandwidthManager::IptablesDeleteChain(ChainType chain) 220b1b8bc3fSopenharmony_ci{ 221b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager DeleteChain: chain=%{public}d", chain); 222b1b8bc3fSopenharmony_ci bool hasError = false; 223b1b8bc3fSopenharmony_ci std::string command = "-t filter -F " + FetchChainName(chain); 224b1b8bc3fSopenharmony_ci hasError = hasError || 225b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 226b1b8bc3fSopenharmony_ci command = "-t filter -X " + FetchChainName(chain); 227b1b8bc3fSopenharmony_ci hasError = hasError || 228b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 229b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 230b1b8bc3fSopenharmony_ci} 231b1b8bc3fSopenharmony_ci 232b1b8bc3fSopenharmony_ciint32_t BandwidthManager::IptablesDeleteChain(const std::string &chainName) 233b1b8bc3fSopenharmony_ci{ 234b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager DeleteChain: chain=%{public}s", chainName.c_str()); 235b1b8bc3fSopenharmony_ci bool hasError = false; 236b1b8bc3fSopenharmony_ci std::string command = "-t filter -F " + chainName; 237b1b8bc3fSopenharmony_ci hasError = hasError || 238b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 239b1b8bc3fSopenharmony_ci command = "-t filter -X " + chainName; 240b1b8bc3fSopenharmony_ci hasError = hasError || 241b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 242b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 243b1b8bc3fSopenharmony_ci} 244b1b8bc3fSopenharmony_ci 245b1b8bc3fSopenharmony_ciint32_t BandwidthManager::SetGlobalAlert(Operate operate, int64_t bytes) 246b1b8bc3fSopenharmony_ci{ 247b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager SetGlobalAlert: operate=%{public}d, bytes=%{public}" PRId64, operate, bytes); 248b1b8bc3fSopenharmony_ci bool hasError = false; 249b1b8bc3fSopenharmony_ci std::string command; 250b1b8bc3fSopenharmony_ci std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_GLOBAL_ALERT); 251b1b8bc3fSopenharmony_ci if (operate == OP_SET) { 252b1b8bc3fSopenharmony_ci globalAlertBytes_ = bytes; 253b1b8bc3fSopenharmony_ci command = "-t filter -A " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name globalAlert"; 254b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == 255b1b8bc3fSopenharmony_ci NETMANAGER_ERROR); 256b1b8bc3fSopenharmony_ci } else { 257b1b8bc3fSopenharmony_ci if (bytes == globalAlertBytes_) { 258b1b8bc3fSopenharmony_ci command = 259b1b8bc3fSopenharmony_ci "-t filter -D " + chainName + " -m quota --quota " + std::to_string(bytes) + " --name globalAlert"; 260b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand( 261b1b8bc3fSopenharmony_ci IPTYPE_IPV4, command) == NETMANAGER_ERROR); 262b1b8bc3fSopenharmony_ci globalAlertBytes_ = 0; 263b1b8bc3fSopenharmony_ci } else { 264b1b8bc3fSopenharmony_ci NETNATIVE_LOGE("not match bytes, cannot remove global alert"); 265b1b8bc3fSopenharmony_ci return NETMANAGER_ERROR; 266b1b8bc3fSopenharmony_ci } 267b1b8bc3fSopenharmony_ci } 268b1b8bc3fSopenharmony_ci 269b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 270b1b8bc3fSopenharmony_ci} 271b1b8bc3fSopenharmony_ci 272b1b8bc3fSopenharmony_ciint32_t BandwidthManager::SetCostlyAlert(Operate operate, const std::string &iface, int64_t bytes) 273b1b8bc3fSopenharmony_ci{ 274b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager SetCostlyAlert: operate=%{public}d, iface=%{public}s, bytes=%{public}" PRId64, 275b1b8bc3fSopenharmony_ci operate, iface.c_str(), bytes); 276b1b8bc3fSopenharmony_ci bool hasError = false; 277b1b8bc3fSopenharmony_ci std::string command; 278b1b8bc3fSopenharmony_ci std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + iface + "alert"; 279b1b8bc3fSopenharmony_ci if (operate == OP_SET) { 280b1b8bc3fSopenharmony_ci ifaceAlertBytes_[iface] = bytes; 281b1b8bc3fSopenharmony_ci command = 282b1b8bc3fSopenharmony_ci "-t filter -A " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name " + iface + "Alert"; 283b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == 284b1b8bc3fSopenharmony_ci NETMANAGER_ERROR); 285b1b8bc3fSopenharmony_ci } else { 286b1b8bc3fSopenharmony_ci if (bytes == ifaceAlertBytes_[iface]) { 287b1b8bc3fSopenharmony_ci command = "-t filter -D " + chainName + " -m quota2 --quota " + std::to_string(bytes) + " --name " + iface + 288b1b8bc3fSopenharmony_ci "Alert"; 289b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand( 290b1b8bc3fSopenharmony_ci IPTYPE_IPV4, command) == NETMANAGER_ERROR); 291b1b8bc3fSopenharmony_ci ifaceAlertBytes_[iface] = 0; 292b1b8bc3fSopenharmony_ci } else { 293b1b8bc3fSopenharmony_ci NETNATIVE_LOGE("not match bytes, cannot remove global alert"); 294b1b8bc3fSopenharmony_ci return NETMANAGER_ERROR; 295b1b8bc3fSopenharmony_ci } 296b1b8bc3fSopenharmony_ci } 297b1b8bc3fSopenharmony_ci 298b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 299b1b8bc3fSopenharmony_ci} 300b1b8bc3fSopenharmony_ci 301b1b8bc3fSopenharmony_ciint32_t BandwidthManager::EnableDataSaver(bool enable) 302b1b8bc3fSopenharmony_ci{ 303b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager EnableDataSaver: enable=%{public}d", enable); 304b1b8bc3fSopenharmony_ci bool hasError = false; 305b1b8bc3fSopenharmony_ci std::unique_lock<std::mutex> lock(bandwidthMutex_); 306b1b8bc3fSopenharmony_ci CheckChainInitialization(); 307b1b8bc3fSopenharmony_ci 308b1b8bc3fSopenharmony_ci std::string command; 309b1b8bc3fSopenharmony_ci std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DATA_SAVER); 310b1b8bc3fSopenharmony_ci if (enable == true && dataSaverEnable_ == false) { 311b1b8bc3fSopenharmony_ci dataSaverEnable_ = true; 312b1b8bc3fSopenharmony_ci command = "-t filter -R " + chainName + " 1 -j REJECT"; 313b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == 314b1b8bc3fSopenharmony_ci NETMANAGER_ERROR); 315b1b8bc3fSopenharmony_ci command = "-t filter -I " + chainName + " -m owner --uid-owner 0-9999 -j RETURN"; 316b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == 317b1b8bc3fSopenharmony_ci NETMANAGER_ERROR); 318b1b8bc3fSopenharmony_ci } else if (enable == false && dataSaverEnable_ == true) { 319b1b8bc3fSopenharmony_ci dataSaverEnable_ = false; 320b1b8bc3fSopenharmony_ci command = "-t filter -D " + chainName + " -m owner --uid-owner 0-9999 -j RETURN"; 321b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == 322b1b8bc3fSopenharmony_ci NETMANAGER_ERROR); 323b1b8bc3fSopenharmony_ci command = "-t filter -R " + chainName + " 1 -j RETURN"; 324b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == 325b1b8bc3fSopenharmony_ci NETMANAGER_ERROR); 326b1b8bc3fSopenharmony_ci } else { 327b1b8bc3fSopenharmony_ci NETNATIVE_LOGE("DataSaver is already %{public}s, do not repeat", enable == true ? "true" : "false"); 328b1b8bc3fSopenharmony_ci return NETMANAGER_ERROR; 329b1b8bc3fSopenharmony_ci } 330b1b8bc3fSopenharmony_ci 331b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 332b1b8bc3fSopenharmony_ci} 333b1b8bc3fSopenharmony_ci 334b1b8bc3fSopenharmony_ciint32_t BandwidthManager::SetIfaceQuotaDetail(const std::string &ifName, int64_t bytes) 335b1b8bc3fSopenharmony_ci{ 336b1b8bc3fSopenharmony_ci std::string command; 337b1b8bc3fSopenharmony_ci std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + ifName; 338b1b8bc3fSopenharmony_ci std::string fChainName; 339b1b8bc3fSopenharmony_ci std::string strMaxBytes = std::to_string(bytes); 340b1b8bc3fSopenharmony_ci bool hasError = false; 341b1b8bc3fSopenharmony_ci 342b1b8bc3fSopenharmony_ci if (ifaceQuotaBytes_.count(ifName) > 0) { 343b1b8bc3fSopenharmony_ci // -R ohbw_costly_iface 1 -m quota2 ! --quota 12345 --name iface -j REJECT 344b1b8bc3fSopenharmony_ci command = "-t filter -D " + chainName + " -m quota2 ! --quota " + std::to_string(ifaceQuotaBytes_[ifName]) + 345b1b8bc3fSopenharmony_ci " --name " + ifName + " --jump REJECT"; 346b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == 347b1b8bc3fSopenharmony_ci NETMANAGER_ERROR); 348b1b8bc3fSopenharmony_ci command = "-t filter -A " + chainName + " -m quota2 ! --quota " + strMaxBytes + " --name " + ifName + 349b1b8bc3fSopenharmony_ci " --jump REJECT"; 350b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == 351b1b8bc3fSopenharmony_ci NETMANAGER_ERROR); 352b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("hasError %d", hasError); 353b1b8bc3fSopenharmony_ci ifaceQuotaBytes_[ifName] = bytes; 354b1b8bc3fSopenharmony_ci return NETMANAGER_SUCCESS; 355b1b8bc3fSopenharmony_ci } 356b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesNewChain(chainName) == NETMANAGER_ERROR); 357b1b8bc3fSopenharmony_ci ifaceQuotaBytes_[ifName] = bytes; 358b1b8bc3fSopenharmony_ci 359b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT); 360b1b8bc3fSopenharmony_ci std::string cChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX); 361b1b8bc3fSopenharmony_ci command = "-t filter -A " + fChainName + " -o " + ifName + " -j " + cChainName; 362b1b8bc3fSopenharmony_ci hasError = hasError || 363b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 364b1b8bc3fSopenharmony_ci 365b1b8bc3fSopenharmony_ci // -I ohbw_INPUT -i iface -j ohbw_costly_iface 366b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT); 367b1b8bc3fSopenharmony_ci command = "-t filter -I " + fChainName + " -i " + ifName + " --jump " + chainName; 368b1b8bc3fSopenharmony_ci hasError = hasError || 369b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 370b1b8bc3fSopenharmony_ci // -I ohbw_OUTPUT -o iface -j ohbw_costly_iface 371b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT); 372b1b8bc3fSopenharmony_ci command = "-t filter -I " + fChainName + " -o " + ifName + " --jump " + chainName; 373b1b8bc3fSopenharmony_ci hasError = hasError || 374b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 375b1b8bc3fSopenharmony_ci // -A ohbw_FORWARD -i iface -j ohbw_costly_iface 376b1b8bc3fSopenharmony_ci // -A ohbw_FORWARD -o iface -j ohbw_costly_iface 377b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_FORWARD); 378b1b8bc3fSopenharmony_ci command = "-t filter -A " + fChainName + " -i " + ifName + " --jump " + chainName; 379b1b8bc3fSopenharmony_ci hasError = hasError || 380b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 381b1b8bc3fSopenharmony_ci command = "-t filter -A " + fChainName + " -o " + ifName + " --jump " + chainName; 382b1b8bc3fSopenharmony_ci hasError = hasError || 383b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 384b1b8bc3fSopenharmony_ci // -A ohbw_costly_iface -m quota2 ! --quota 12345 --name iface -j REJECT 385b1b8bc3fSopenharmony_ci command = 386b1b8bc3fSopenharmony_ci "-t filter -A " + chainName + " -m quota2 ! --quota " + strMaxBytes + " --name " + ifName + " --jump REJECT"; 387b1b8bc3fSopenharmony_ci hasError = hasError || 388b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 389b1b8bc3fSopenharmony_ci 390b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 391b1b8bc3fSopenharmony_ci} 392b1b8bc3fSopenharmony_ci 393b1b8bc3fSopenharmony_ciint32_t BandwidthManager::SetIfaceQuota(const std::string &ifName, int64_t bytes) 394b1b8bc3fSopenharmony_ci{ 395b1b8bc3fSopenharmony_ci if (!CommonUtils::CheckIfaceName(ifName)) { 396b1b8bc3fSopenharmony_ci NETNATIVE_LOGE("iface name valid check fail: %{public}s", ifName.c_str()); 397b1b8bc3fSopenharmony_ci return NETMANAGER_ERROR; 398b1b8bc3fSopenharmony_ci } 399b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager SetIfaceQuota: ifName=%{public}s, bytes=%{public}" PRId64, ifName.c_str(), bytes); 400b1b8bc3fSopenharmony_ci std::unique_lock<std::mutex> lock(bandwidthMutex_); 401b1b8bc3fSopenharmony_ci CheckChainInitialization(); 402b1b8bc3fSopenharmony_ci 403b1b8bc3fSopenharmony_ci return SetIfaceQuotaDetail(ifName, bytes); 404b1b8bc3fSopenharmony_ci} 405b1b8bc3fSopenharmony_ci 406b1b8bc3fSopenharmony_ciint32_t BandwidthManager::RemoveIfaceQuota(const std::string &ifName) 407b1b8bc3fSopenharmony_ci{ 408b1b8bc3fSopenharmony_ci if (!CommonUtils::CheckIfaceName(ifName)) { 409b1b8bc3fSopenharmony_ci NETNATIVE_LOGE("iface name valid check fail: %{public}s", ifName.c_str()); 410b1b8bc3fSopenharmony_ci return NETMANAGER_ERROR; 411b1b8bc3fSopenharmony_ci } 412b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager RemoveIfaceQuota: ifName=%{public}s", ifName.c_str()); 413b1b8bc3fSopenharmony_ci bool hasError = false; 414b1b8bc3fSopenharmony_ci std::unique_lock<std::mutex> lock(bandwidthMutex_); 415b1b8bc3fSopenharmony_ci CheckChainInitialization(); 416b1b8bc3fSopenharmony_ci 417b1b8bc3fSopenharmony_ci std::string command; 418b1b8bc3fSopenharmony_ci std::string chainName = std::string(CHAIN_NAME_COSTLY_PTR) + ifName; 419b1b8bc3fSopenharmony_ci std::string fChainName; 420b1b8bc3fSopenharmony_ci 421b1b8bc3fSopenharmony_ci if (ifaceQuotaBytes_.count(ifName) == 0) { 422b1b8bc3fSopenharmony_ci NETNATIVE_LOGE("RemoveIfaceQuota iface %s not exist, can not remove", ifName.c_str()); 423b1b8bc3fSopenharmony_ci return NETMANAGER_ERROR; 424b1b8bc3fSopenharmony_ci } else { 425b1b8bc3fSopenharmony_ci ifaceQuotaBytes_.erase(ifName); 426b1b8bc3fSopenharmony_ci } 427b1b8bc3fSopenharmony_ci 428b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT); 429b1b8bc3fSopenharmony_ci std::string cChainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX); 430b1b8bc3fSopenharmony_ci command = "-t filter -D " + fChainName + " -o " + ifName + " -j " + cChainName; 431b1b8bc3fSopenharmony_ci hasError = hasError || 432b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 433b1b8bc3fSopenharmony_ci 434b1b8bc3fSopenharmony_ci // -D ohbw_INPUT -i iface -j ohbw_costly_iface 435b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_INPUT); 436b1b8bc3fSopenharmony_ci command = "-t filter -D " + fChainName + " -i " + ifName + " --jump " + chainName; 437b1b8bc3fSopenharmony_ci hasError = hasError || 438b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 439b1b8bc3fSopenharmony_ci // -D ohbw_OUTPUT -o iface -j ohbw_costly_iface 440b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_OUTPUT); 441b1b8bc3fSopenharmony_ci command = "-t filter -D " + fChainName + " -o " + ifName + " --jump " + chainName; 442b1b8bc3fSopenharmony_ci hasError = hasError || 443b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 444b1b8bc3fSopenharmony_ci // -D ohbw_FORWARD -i iface -j ohbw_costly_iface 445b1b8bc3fSopenharmony_ci // -D ohbw_FORWARD -o iface -j ohbw_costly_iface 446b1b8bc3fSopenharmony_ci fChainName = FetchChainName(ChainType::CHAIN_OHBW_FORWARD); 447b1b8bc3fSopenharmony_ci command = "-t filter -D " + fChainName + " -i " + ifName + " --jump " + chainName; 448b1b8bc3fSopenharmony_ci hasError = hasError || 449b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 450b1b8bc3fSopenharmony_ci command = "-t filter -D " + fChainName + " -o " + ifName + " --jump " + chainName; 451b1b8bc3fSopenharmony_ci hasError = hasError || 452b1b8bc3fSopenharmony_ci (IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command) == NETMANAGER_ERROR); 453b1b8bc3fSopenharmony_ci // -F ohbw_costly_iface 454b1b8bc3fSopenharmony_ci // -X ohbw_costly_iface 455b1b8bc3fSopenharmony_ci hasError = hasError || (IptablesDeleteChain(chainName) == NETMANAGER_ERROR); 456b1b8bc3fSopenharmony_ci 457b1b8bc3fSopenharmony_ci return hasError ? NETMANAGER_ERROR : NETMANAGER_SUCCESS; 458b1b8bc3fSopenharmony_ci} 459b1b8bc3fSopenharmony_ci 460b1b8bc3fSopenharmony_ciint32_t BandwidthManager::AddDeniedList(uint32_t uid) 461b1b8bc3fSopenharmony_ci{ 462b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager AddDeniedList: uid=%{public}d", uid); 463b1b8bc3fSopenharmony_ci std::unique_lock<std::mutex> lock(bandwidthMutex_); 464b1b8bc3fSopenharmony_ci CheckChainInitialization(); 465b1b8bc3fSopenharmony_ci 466b1b8bc3fSopenharmony_ci auto [_, inserted] = deniedListUids_.insert(uid); 467b1b8bc3fSopenharmony_ci if (!inserted) { 468b1b8bc3fSopenharmony_ci return NETMANAGER_ERROR; 469b1b8bc3fSopenharmony_ci } 470b1b8bc3fSopenharmony_ci 471b1b8bc3fSopenharmony_ci std::string strUid = std::to_string(uid); 472b1b8bc3fSopenharmony_ci std::string command; 473b1b8bc3fSopenharmony_ci std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX); 474b1b8bc3fSopenharmony_ci command = "-t filter -I " + chainName + " -m owner --uid-owner " + strUid + " -j REJECT"; 475b1b8bc3fSopenharmony_ci 476b1b8bc3fSopenharmony_ci return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command); 477b1b8bc3fSopenharmony_ci} 478b1b8bc3fSopenharmony_ci 479b1b8bc3fSopenharmony_ciint32_t BandwidthManager::RemoveDeniedList(uint32_t uid) 480b1b8bc3fSopenharmony_ci{ 481b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager RemoveDeniedList: uid=%{public}d", uid); 482b1b8bc3fSopenharmony_ci std::unique_lock<std::mutex> lock(bandwidthMutex_); 483b1b8bc3fSopenharmony_ci CheckChainInitialization(); 484b1b8bc3fSopenharmony_ci 485b1b8bc3fSopenharmony_ci if (deniedListUids_.erase(uid) == 0) { 486b1b8bc3fSopenharmony_ci return NETMANAGER_ERROR; 487b1b8bc3fSopenharmony_ci } 488b1b8bc3fSopenharmony_ci 489b1b8bc3fSopenharmony_ci std::string strUid = std::to_string(uid); 490b1b8bc3fSopenharmony_ci std::string command; 491b1b8bc3fSopenharmony_ci std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_DENIED_LIST_BOX); 492b1b8bc3fSopenharmony_ci command = "-t filter -D " + chainName + " -m owner --uid-owner " + strUid + " -j REJECT"; 493b1b8bc3fSopenharmony_ci 494b1b8bc3fSopenharmony_ci return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command); 495b1b8bc3fSopenharmony_ci} 496b1b8bc3fSopenharmony_ci 497b1b8bc3fSopenharmony_ciint32_t BandwidthManager::AddAllowedList(uint32_t uid) 498b1b8bc3fSopenharmony_ci{ 499b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager AddAllowedList: uid=%{public}d", uid); 500b1b8bc3fSopenharmony_ci std::unique_lock<std::mutex> lock(bandwidthMutex_); 501b1b8bc3fSopenharmony_ci CheckChainInitialization(); 502b1b8bc3fSopenharmony_ci 503b1b8bc3fSopenharmony_ci auto [_, inserted] = allowedListUids_.insert(uid); 504b1b8bc3fSopenharmony_ci if (!inserted) { 505b1b8bc3fSopenharmony_ci return NETMANAGER_ERROR; 506b1b8bc3fSopenharmony_ci } 507b1b8bc3fSopenharmony_ci 508b1b8bc3fSopenharmony_ci std::string strUid = std::to_string(uid); 509b1b8bc3fSopenharmony_ci std::string command; 510b1b8bc3fSopenharmony_ci std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX); 511b1b8bc3fSopenharmony_ci command = "-t filter -I " + chainName + " -m owner --uid-owner " + strUid + " -j RETURN"; 512b1b8bc3fSopenharmony_ci 513b1b8bc3fSopenharmony_ci return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command); 514b1b8bc3fSopenharmony_ci} 515b1b8bc3fSopenharmony_ci 516b1b8bc3fSopenharmony_ciint32_t BandwidthManager::RemoveAllowedList(uint32_t uid) 517b1b8bc3fSopenharmony_ci{ 518b1b8bc3fSopenharmony_ci NETNATIVE_LOG_D("BandwidthManager RemoveAllowedList: uid=%{public}d", uid); 519b1b8bc3fSopenharmony_ci std::unique_lock<std::mutex> lock(bandwidthMutex_); 520b1b8bc3fSopenharmony_ci CheckChainInitialization(); 521b1b8bc3fSopenharmony_ci 522b1b8bc3fSopenharmony_ci if (allowedListUids_.erase(uid) == 0) { 523b1b8bc3fSopenharmony_ci return NETMANAGER_ERROR; 524b1b8bc3fSopenharmony_ci } 525b1b8bc3fSopenharmony_ci 526b1b8bc3fSopenharmony_ci std::string strUid = std::to_string(uid); 527b1b8bc3fSopenharmony_ci 528b1b8bc3fSopenharmony_ci std::string command; 529b1b8bc3fSopenharmony_ci std::string chainName = FetchChainName(ChainType::CHAIN_OHBW_ALLOWED_LIST_BOX); 530b1b8bc3fSopenharmony_ci command = "-t filter -D " + chainName + " -m owner --uid-owner " + strUid + " -j RETURN"; 531b1b8bc3fSopenharmony_ci 532b1b8bc3fSopenharmony_ci return IptablesWrapper::GetInstance()->RunCommand(IPTYPE_IPV4, command); 533b1b8bc3fSopenharmony_ci} 534b1b8bc3fSopenharmony_ci} // namespace nmd 535b1b8bc3fSopenharmony_ci} // namespace OHOS 536