1b1b8bc3fSopenharmony_ci/*
2b1b8bc3fSopenharmony_ci * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3b1b8bc3fSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License");
4b1b8bc3fSopenharmony_ci * you may not use this file except in compliance with the License.
5b1b8bc3fSopenharmony_ci * You may obtain a copy of the License at
6b1b8bc3fSopenharmony_ci *
7b1b8bc3fSopenharmony_ci *     http://www.apache.org/licenses/LICENSE-2.0
8b1b8bc3fSopenharmony_ci *
9b1b8bc3fSopenharmony_ci * Unless required by applicable law or agreed to in writing, software
10b1b8bc3fSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS,
11b1b8bc3fSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12b1b8bc3fSopenharmony_ci * See the License for the specific language governing permissions and
13b1b8bc3fSopenharmony_ci * limitations under the License.
14b1b8bc3fSopenharmony_ci */
15b1b8bc3fSopenharmony_ci
16b1b8bc3fSopenharmony_ci#ifndef FIREWALL_RULE_H
17b1b8bc3fSopenharmony_ci#define FIREWALL_RULE_H
18b1b8bc3fSopenharmony_ci
19b1b8bc3fSopenharmony_ci#include <set>
20b1b8bc3fSopenharmony_ci#include <string>
21b1b8bc3fSopenharmony_ci#include <vector>
22b1b8bc3fSopenharmony_ci
23b1b8bc3fSopenharmony_ci#include "refbase.h"
24b1b8bc3fSopenharmony_ci
25b1b8bc3fSopenharmony_ci#include "netmanager_hitrace.h"
26b1b8bc3fSopenharmony_ci#include "netsys_policy_wrapper.h"
27b1b8bc3fSopenharmony_ci
28b1b8bc3fSopenharmony_cinamespace OHOS {
29b1b8bc3fSopenharmony_cinamespace NetManagerStandard {
30b1b8bc3fSopenharmony_ciclass FirewallRule : public std::enable_shared_from_this<FirewallRule> {
31b1b8bc3fSopenharmony_cipublic:
32b1b8bc3fSopenharmony_ci    /**
33b1b8bc3fSopenharmony_ci     * Creare firewall rule
34b1b8bc3fSopenharmony_ci     *
35b1b8bc3fSopenharmony_ci     * @param chain The chain type
36b1b8bc3fSopenharmony_ci     * @return std::shared_ptr<FirewallRule> The firewall rule, such as DeviceIdleFirewallRule
37b1b8bc3fSopenharmony_ci     */
38b1b8bc3fSopenharmony_ci    static std::shared_ptr<FirewallRule> CreateFirewallRule(uint32_t chain);
39b1b8bc3fSopenharmony_ci
40b1b8bc3fSopenharmony_ci    /**
41b1b8bc3fSopenharmony_ci     * Get the firewall allow list.
42b1b8bc3fSopenharmony_ci     *
43b1b8bc3fSopenharmony_ci     * @return const std::vector<uint32_t>& The firewall allow list
44b1b8bc3fSopenharmony_ci     */
45b1b8bc3fSopenharmony_ci    virtual const std::vector<uint32_t> &GetAllowedList() const;
46b1b8bc3fSopenharmony_ci
47b1b8bc3fSopenharmony_ci    /**
48b1b8bc3fSopenharmony_ci     * Set the firewall allow list
49b1b8bc3fSopenharmony_ci     *
50b1b8bc3fSopenharmony_ci     * @param uid The UID of application
51b1b8bc3fSopenharmony_ci     * @param rule The firewall rull, see {@link FIREWALL_RULE_ALLOW and FIREWALL_RULE_DENY}
52b1b8bc3fSopenharmony_ci     */
53b1b8bc3fSopenharmony_ci    virtual void SetAllowedList(const std::vector<uint32_t> &uids, uint32_t rule);
54b1b8bc3fSopenharmony_ci
55b1b8bc3fSopenharmony_ci    /**
56b1b8bc3fSopenharmony_ci     * Set the firewall allow list
57b1b8bc3fSopenharmony_ci     *
58b1b8bc3fSopenharmony_ci     * @param uids The aggregate of UID
59b1b8bc3fSopenharmony_ci     */
60b1b8bc3fSopenharmony_ci    virtual void SetAllowedList(const std::set<uint32_t> &uids);
61b1b8bc3fSopenharmony_ci
62b1b8bc3fSopenharmony_ci    /**
63b1b8bc3fSopenharmony_ci     * Set the firewall allow list
64b1b8bc3fSopenharmony_ci     *
65b1b8bc3fSopenharmony_ci     */
66b1b8bc3fSopenharmony_ci    virtual void SetAllowedList();
67b1b8bc3fSopenharmony_ci
68b1b8bc3fSopenharmony_ci    /**
69b1b8bc3fSopenharmony_ci     * Get the firewall reject list
70b1b8bc3fSopenharmony_ci     *
71b1b8bc3fSopenharmony_ci     * @return const std::vector<uint32_t>& The firewall reject list
72b1b8bc3fSopenharmony_ci     */
73b1b8bc3fSopenharmony_ci    virtual const std::vector<uint32_t> &GetDeniedList() const;
74b1b8bc3fSopenharmony_ci
75b1b8bc3fSopenharmony_ci    /**
76b1b8bc3fSopenharmony_ci     * Set the firewall reject list
77b1b8bc3fSopenharmony_ci     *
78b1b8bc3fSopenharmony_ci     * @param uid The UID of application
79b1b8bc3fSopenharmony_ci     * @param rule The firewall rull, see {@link FIREWALL_RULE_ALLOW} and {@link FIREWALL_RULE_DENY}
80b1b8bc3fSopenharmony_ci     */
81b1b8bc3fSopenharmony_ci    virtual void SetDeniedList(uint32_t uid, uint32_t rule);
82b1b8bc3fSopenharmony_ci
83b1b8bc3fSopenharmony_ci    /**
84b1b8bc3fSopenharmony_ci     * Set the firewall reject list
85b1b8bc3fSopenharmony_ci     *
86b1b8bc3fSopenharmony_ci     * @param uids The vector of UID
87b1b8bc3fSopenharmony_ci     */
88b1b8bc3fSopenharmony_ci    virtual void SetDeniedList(const std::vector<uint32_t> &uids);
89b1b8bc3fSopenharmony_ci
90b1b8bc3fSopenharmony_ci    /**
91b1b8bc3fSopenharmony_ci     * Set the firewall reject list
92b1b8bc3fSopenharmony_ci     *
93b1b8bc3fSopenharmony_ci     */
94b1b8bc3fSopenharmony_ci    virtual void SetDeniedList();
95b1b8bc3fSopenharmony_ci
96b1b8bc3fSopenharmony_ci    /**
97b1b8bc3fSopenharmony_ci     * Clear the firewall allow list
98b1b8bc3fSopenharmony_ci     *
99b1b8bc3fSopenharmony_ci     */
100b1b8bc3fSopenharmony_ci    void ClearAllowedList();
101b1b8bc3fSopenharmony_ci
102b1b8bc3fSopenharmony_ci    /**
103b1b8bc3fSopenharmony_ci     * Clear the firewall reject list
104b1b8bc3fSopenharmony_ci     *
105b1b8bc3fSopenharmony_ci     */
106b1b8bc3fSopenharmony_ci    void ClearDeniedList();
107b1b8bc3fSopenharmony_ci
108b1b8bc3fSopenharmony_ci    /**
109b1b8bc3fSopenharmony_ci     * Set the firewall rule for the specified UID
110b1b8bc3fSopenharmony_ci     *
111b1b8bc3fSopenharmony_ci     * @param uid The UID of application
112b1b8bc3fSopenharmony_ci     * @param isAllow allow the firewall rule or not
113b1b8bc3fSopenharmony_ci     */
114b1b8bc3fSopenharmony_ci    virtual void SetUidFirewallRule(uint32_t uid, bool isAllow);
115b1b8bc3fSopenharmony_ci
116b1b8bc3fSopenharmony_ci    /**
117b1b8bc3fSopenharmony_ci     * Enable the firewall rule
118b1b8bc3fSopenharmony_ci     *
119b1b8bc3fSopenharmony_ci     * @param enable true: enable the firewall rule; false: disable the firewall rule
120b1b8bc3fSopenharmony_ci     */
121b1b8bc3fSopenharmony_ci    virtual void EnableFirewall(bool enable);
122b1b8bc3fSopenharmony_ci
123b1b8bc3fSopenharmony_ci    /**
124b1b8bc3fSopenharmony_ci     * Remove the UID from the firewall allow list
125b1b8bc3fSopenharmony_ci     *
126b1b8bc3fSopenharmony_ci     * @param uid The UID of application
127b1b8bc3fSopenharmony_ci     */
128b1b8bc3fSopenharmony_ci    virtual void RemoveFromAllowedList(uint32_t uid);
129b1b8bc3fSopenharmony_ci
130b1b8bc3fSopenharmony_ci    /**
131b1b8bc3fSopenharmony_ci     * Remove the UID from the firewall reject list
132b1b8bc3fSopenharmony_ci     *
133b1b8bc3fSopenharmony_ci     * @param uid The UID of application
134b1b8bc3fSopenharmony_ci     */
135b1b8bc3fSopenharmony_ci    virtual void RemoveFromDeniedList(uint32_t uid);
136b1b8bc3fSopenharmony_ci
137b1b8bc3fSopenharmony_ci    /**
138b1b8bc3fSopenharmony_ci     * Clear Firewall All Rules
139b1b8bc3fSopenharmony_ci     */
140b1b8bc3fSopenharmony_ci    virtual int32_t ClearFirewallAllRules();
141b1b8bc3fSopenharmony_ci
142b1b8bc3fSopenharmony_ciprotected:
143b1b8bc3fSopenharmony_ci    explicit FirewallRule(uint32_t chainType);
144b1b8bc3fSopenharmony_ci    virtual ~FirewallRule();
145b1b8bc3fSopenharmony_ci
146b1b8bc3fSopenharmony_ciprotected:
147b1b8bc3fSopenharmony_ci    uint32_t chainType_ = 0;
148b1b8bc3fSopenharmony_ci    std::string chainName_;
149b1b8bc3fSopenharmony_ci    std::vector<uint32_t> allowedList_;
150b1b8bc3fSopenharmony_ci    std::vector<uint32_t> deniedList_;
151b1b8bc3fSopenharmony_ci    bool modeEnable_ = false;
152b1b8bc3fSopenharmony_ci
153b1b8bc3fSopenharmony_ciprivate:
154b1b8bc3fSopenharmony_ci    void SetAllowedList(uint32_t uid, uint32_t rule);
155b1b8bc3fSopenharmony_ci    std::shared_ptr<NetsysPolicyWrapper> netsys_ = nullptr;
156b1b8bc3fSopenharmony_ci};
157b1b8bc3fSopenharmony_ci} // namespace NetManagerStandard
158b1b8bc3fSopenharmony_ci} // namespace OHOS
159b1b8bc3fSopenharmony_ci#endif // FIREWALL_RULE_H
160