1/*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#ifndef NET_POLICY_RULE_H
17#define NET_POLICY_RULE_H
18
19#include <map>
20
21#include "net_policy_base.h"
22#include "netmanager_base_common_utils.h"
23#include "net_access_policy.h"
24
25namespace OHOS {
26namespace NetManagerStandard {
27constexpr uint32_t POLICY_TRANS_CONDITION_MASK = 0b11111111110000000000;
28constexpr uint32_t POLICY_TRANS_RULE_MASK = 0b00000000001111111000;
29constexpr uint32_t POLICY_TRANS_NET_CTRL_MASK = 0b00000000000000000111;
30constexpr u_int8_t CONDITION_START_BIT = 10;
31constexpr u_int8_t RULE_START_BIT = 3;
32
33enum PolicyTransCtrl {
34    POLICY_TRANS_CTRL_NONE = 0b000,
35    POLICY_TRANS_CTRL_ADD_DENIEDLIST = 0b010,
36    POLICY_TRANS_CTRL_ADD_ALLOWEDLIST = 0b100,
37    POLICY_TRANS_CTRL_REMOVE_ALL = 0b001,
38};
39
40struct UidPolicyRule {
41    uint32_t policy_ = 0;
42    uint32_t rule_ = 1 << 7;
43    uint32_t netsys_ = 7;
44};
45
46class NetPolicyRule : public NetPolicyBase {
47public:
48    NetPolicyRule();
49    void Init();
50    void HandleEvent(int32_t eventId, const std::shared_ptr<PolicyEvent> &policyEvent);
51
52    /**
53     * Transform policy to rule and netsys-control.
54     *
55     * @param uid The UID of application.
56     * @param policy See {@link NetUidPolicy}.
57     * @return Returns 0 success. Otherwise fail.
58     * @permission ohos.permission.CONNECTIVITY_INTERNAL
59     * @systemapi Hide this for inner system use.
60     */
61    int32_t TransPolicyToRule(uint32_t uid, uint32_t policy);
62
63    /**
64     * Get the status whether the specified uid app can access the metered network or non-metered network.
65     *
66     * @param uid The specified UID of application.
67     * @param metered Indicates meterd network or non-metered network.
68     * @param isAllowed Return true means it's allowed to access the network.
69     *      Return false means it's not allowed to access the network.
70     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
71     * @permission ohos.permission.CONNECTIVITY_INTERNAL
72     * @systemapi Hide this for inner system use.
73     */
74    int32_t IsUidNetAllowed(uint32_t uid, bool metered, bool &isAllowed);
75
76    /**
77     * Get the network policy of the specified UID.
78     *
79     * @param uid The specified UID of app.
80     * @param policy Return this uid's policy.
81     *      For details, see {@link NetUidPolicy}.
82     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
83     * @permission ohos.permission.CONNECTIVITY_INTERNAL
84     * @systemapi Hide this for inner system use.
85     */
86    int32_t GetPolicyByUid(uint32_t uid, uint32_t &policy);
87
88    /**
89     * Get the application UIDs of the specified policy.
90     *
91     * @param policy the network policy of the current UID of application.
92     * @param uids The list of UIDs.
93     *      For details, see {@link NetUidPolicy}.
94     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
95     * @permission ohos.permission.CONNECTIVITY_INTERNAL
96     * @systemapi Hide this for inner system use.
97     */
98    int32_t GetUidsByPolicy(uint32_t policy, std::vector<uint32_t> &uids);
99
100    /**
101     * Reset network policies and rules.
102     *
103     * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
104     * @permission ohos.permission.CONNECTIVITY_INTERNAL
105     * @systemapi Hide this for inner system use.
106     */
107    int32_t ResetPolicies();
108
109    /**
110     * Control if apps can use data on background.
111     *
112     * @param allow Allow apps to use data on background.
113     * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
114     * @permission ohos.permission.CONNECTIVITY_INTERNAL
115     * @systemapi Hide this for inner system use.
116     */
117    int32_t SetBackgroundPolicy(bool allow);
118
119    /**
120     * Get the background network restriction policy for the specified uid.
121     *
122     * @param uid The specified UID of application.
123     * @param backgroundPolicyOfUid The specified UID of backgroundPolicy.
124     *      For details, see {@link NetBackgroundPolicy}.
125     * @return uint32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
126     * @permission ohos.permission.CONNECTIVITY_INTERNAL
127     * @systemapi Hide this for inner system use.
128     */
129    int32_t GetBackgroundPolicyByUid(uint32_t uid, uint32_t &backgroundPolicyOfUid);
130
131    /**
132     * Get the status if apps can use data on background.
133     * @param backgroundPolicy True is allowed to use data on background.
134     *      False is not allowed to use data on background.
135     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
136     * @permission ohos.permission.CONNECTIVITY_INTERNAL
137     * @systemapi Hide this for inner system use.
138     */
139    int32_t GetBackgroundPolicy(bool &backgroundPolicy);
140
141    /**
142     * Get the Dump Message object.
143     */
144    void GetDumpMessage(std::string &message);
145
146    // When system's mode status is changed, do this function.
147    void TransPolicyToRule();
148
149    /**
150     * Set the policy to access the network of the specified application.
151     *
152     * @param uid The specified UID of application.
153     * @param policy The network access policy of application, {@link NetworkAccessPolicy}.
154     * @param reconfirmFlag true means a reconfirm diaglog trigger while policy deny network access.
155     * @param isBroker true means the broker application.
156     * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
157     * @permission ohos.permission.CONNECTIVITY_INTERNAL
158     * @systemapi Hide this for inner system use.
159     */
160    int32_t SetNetworkAccessPolicy(uint32_t uid, NetworkAccessPolicy Policy, bool reconfirmFlag, bool isBroker);
161
162    /**
163     * Delete the policy to access the network of the specified application from map.
164     *
165     * @param uid The specified UID of application.
166     * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
167     * @permission ohos.permission.CONNECTIVITY_INTERNAL
168     * @systemapi Hide this for inner system use.
169     */
170    int32_t DeleteNetworkAccessPolicy(uint32_t uid);
171
172    /**
173     * Set NIC Traffic allowed or disallowed
174     *
175     * @param ifaceNames ifaceNames
176     * @param status true for allowed, false for disallowed
177     * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
178     */
179    int32_t PolicySetNicTrafficAllowed(const std::vector<std::string> &ifaceNames, bool status);
180
181private:
182    void NetsysCtrl(uint32_t uid, uint32_t netsysCtrl);
183    void TransConditionToRuleAndNetsys(uint32_t policyCondition, uint32_t uid, uint32_t policy);
184    uint32_t MoveToConditionBit(uint32_t value);
185    uint32_t MoveToRuleBit(uint32_t value);
186    uint32_t ChangePolicyToPolicyTransitionCondition(uint32_t policy);
187    uint32_t BuildTransCondition(uint32_t uid, uint32_t policy);
188    uint32_t GetMatchTransCondition(uint32_t policyCondition);
189    void ProcessCtrlNone(uint32_t uid);
190    void ProcessCtrlAddAllowedList(uint32_t uid);
191
192    // When a uid add into some forbidden list, do this function.
193    void TransPolicyToRule(uint32_t uid);
194    bool IsIdleMode();
195    bool InIdleAllowedList(uint32_t uid);
196    bool IsLimitByAdmin();
197    bool IsForeground(uint32_t uid);
198    bool IsPowerSave();
199    bool InPowerSaveAllowedList(uint32_t uid);
200    bool IsLimitedBackground();
201    void DeleteUid(uint32_t uid);
202    bool IsValidNetPolicy(uint32_t policy);
203    void UpdateForegroundUidList(uint32_t uid, bool isForeground);
204
205private:
206    std::map<uint32_t, UidPolicyRule> uidPolicyRules_;
207    bool backgroundAllow_ = true;
208    bool deviceIdleMode_ = false;
209    bool powerSaveMode_ = false;
210    std::set<uint32_t> deviceIdleAllowedList_;
211    std::set<uint32_t> powerSaveAllowedList_;
212    std::set<uint32_t> foregroundUidList_;
213    std::mutex foregroundUidListMutex_;
214
215private:
216    /**
217     * The map for transforming conditions to net rule and netsys control.
218     *
219     * Example:
220     *  bit 11~20       bit 4~10      bit 1~3
221     *  0000001100      0010000       110
222     *  Condition       Rule          Netsys control
223     *
224     * Condition: see {@link enum PolicyTransCondition}
225     * Rule: see {@link enum NetUidRule}
226     * Netsys control: see {@link enum NetsysOperation}
227     *
228     * Transform Flow:
229     *      1. According to the status of system(such as device idle mode or power save mode)
230     *          and the net policy of uid, construct the Condition by bit operations.
231     *      2. Find the matched Condition in this map.
232     *      3. Get the rule bits and netsys-control bits from the matched Condition.
233     *      4. Process the corresponding operations.
234     */
235    static inline const std::vector<uint32_t> POLICY_TRANS_MAP = {
236        0b00011000000100000000, 0b10000000000000100010, 0b00010000001000000000, 0b00000010100000010100,
237        0b00000011000000001100, 0b00000010010000001100, 0b01000000001000000000, 0b00000100100000010100,
238        0b00000100010000100010, 0b00000000010000000001, 0b00000001000000100010, 0b00000000000000000001,
239    };
240};
241} // namespace NetManagerStandard
242} // namespace OHOS
243#endif // NET_POLICY_RULE_H
244