1/*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#ifndef NET_POLICY_FIREWALL_H
17#define NET_POLICY_FIREWALL_H
18
19#include "firewall_rule.h"
20#include "net_policy_base.h"
21#include "net_policy_file.h"
22
23namespace OHOS {
24namespace NetManagerStandard {
25class NetPolicyFirewall : public NetPolicyBase {
26public:
27    NetPolicyFirewall() : deviceIdleMode_(false) {}
28    void Init();
29
30    /**
31     * Set the UID into device idle allow list.
32     *
33     * @param uid The specified UID of application.
34     * @param isAllowed The UID is into allow list or not.
35     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
36     */
37    int32_t SetDeviceIdleTrustlist(const std::vector<uint32_t> &uids, bool isAllowed);
38
39    /**
40     * Get the allow list of UID in device idle mode.
41     *
42     * @param uids The list of UIDs
43     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
44     */
45    int32_t GetDeviceIdleTrustlist(std::vector<uint32_t> &uids);
46
47    /**
48     * Process network policy in device idle mode.
49     *
50     * @param enable Device idle mode is open or not.
51     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
52     */
53    int32_t UpdateDeviceIdlePolicy(bool enable);
54
55    /**
56     * Reset network firewall rules.
57     *
58     */
59    void ResetPolicies();
60
61    /**
62     * Set the Power Save Allowed List object.
63     *
64     * @param uid The specified UID of application.
65     * @param isAllowed The UID is into allow list or not.
66     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
67     */
68    int32_t SetPowerSaveTrustlist(const std::vector<uint32_t> &uids, bool isAllowed);
69
70    /**
71     * Get the Power Save Allowed List object.
72     *
73     * @param uids The list of UIDs.
74     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
75     */
76    int32_t GetPowerSaveTrustlist(std::vector<uint32_t> &uids);
77
78    /**
79     * Process network policy in device idle mode.
80     *
81     * @param enable Power save mode is open or not.
82     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
83     */
84    int32_t UpdatePowerSavePolicy(bool enable);
85
86    /**
87     * Handle the event from NetPolicyCore
88     *
89     * @param eventId The event id
90     * @param policyEvent The informations passed from other core
91     */
92    void HandleEvent(int32_t eventId, const std::shared_ptr<PolicyEvent> &policyEvent);
93
94private:
95    void UpdateFirewallPolicyList(uint32_t chainType, const std::vector<uint32_t> &uids, bool isAllowed);
96    void DeleteUid(uint32_t uid);
97
98private:
99    std::shared_ptr<FirewallRule> deviceIdleFirewallRule_;
100    std::shared_ptr<FirewallRule> powerSaveFirewallRule_;
101    bool deviceIdleMode_ = false;
102    bool powerSaveMode_ = false;
103    std::set<uint32_t> deviceIdleAllowedList_;
104    std::set<uint32_t> deviceIdleDeniedList_;
105    std::set<uint32_t> powerSaveAllowedList_;
106    std::set<uint32_t> powerSaveDeniedList_;
107};
108} // namespace NetManagerStandard
109} // namespace OHOS
110#endif // NET_POLICY_FIREWALL_H
111