1/*
2 * Copyright (c) 2021-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#ifndef NET_POLICY_SERVICE_H
17#define NET_POLICY_SERVICE_H
18
19#include <atomic>
20#include <mutex>
21
22#include "event_runner.h"
23#include "singleton.h"
24#include "system_ability.h"
25#include "system_ability_definition.h"
26
27#include "net_policy_callback.h"
28#include "net_policy_event_handler.h"
29#include "net_policy_firewall.h"
30#include "net_policy_rule.h"
31#include "net_policy_service_common.h"
32#include "net_policy_service_stub.h"
33#include "net_policy_traffic.h"
34#include "net_access_policy.h"
35#include "net_access_policy_rdb.h"
36#include "common_event_subscriber.h"
37#include "common_event_support.h"
38
39namespace OHOS {
40namespace NetManagerStandard {
41#define NET_SYMBOL_VISIBLE __attribute__ ((visibility("default")))
42class NET_SYMBOL_VISIBLE NetPolicyService : public SystemAbility,
43                         public NetPolicyServiceStub,
44                         public std::enable_shared_from_this<NetPolicyService> {
45    DECLARE_DELAYED_SINGLETON(NetPolicyService)
46    DECLARE_SYSTEM_ABILITY(NetPolicyService)
47
48public:
49    void OnStart() override;
50    void OnStop() override;
51    int32_t Dump(int32_t fd, const std::vector<std::u16string> &args) override;
52
53    /**
54     * Set the network policy for the specified UID.
55     * @param uid The specified UID of app.
56     * @param policy The network policy for application.
57     *      For details, see {@link NetUidPolicy}.
58     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
59     */
60    int32_t SetPolicyByUid(uint32_t uid, uint32_t policy) override;
61
62    /**
63     * Get the network policy of the specified UID.
64     * @param uid The specified UID of app.
65     * @param policy Return this uid's policy.
66     *      For details, see {@link NetUidPolicy}.
67     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
68     */
69    int32_t GetPolicyByUid(uint32_t uid, uint32_t &policy) override;
70
71    /**
72     * Get the application UIDs of the specified policy.
73     * @param policy the network policy of the current UID of application.
74     *      For details, see {@link NetUidPolicy}.
75     * @param uids The list of UIDs
76     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
77     */
78    int32_t GetUidsByPolicy(uint32_t policy, std::vector<uint32_t> &uids) override;
79
80    /**
81     * Get the status whether the specified uid app can access the metered network or non-metered network.
82     * @param uid The specified UID of application.
83     * @param metered Indicates metered network or non-metered network.
84     * @param isAllowed Return true means it's allowed to access the network.
85     *      Return false means it's not allowed to access the network.
86     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
87     */
88    int32_t IsUidNetAllowed(uint32_t uid, bool metered, bool &isAllowed) override;
89
90    /**
91     * Get the status whether the specified uid app can access the specified iface network.
92     * @param uid The specified UID of application.
93     * @param ifaceName Iface name.
94     * @param isAllowed Return true means it's allowed to access the network.
95     *      Return false means it's not allowed to access the network.
96     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
97     */
98    int32_t IsUidNetAllowed(uint32_t uid, const std::string &ifaceName, bool &isAllowed) override;
99
100    /**
101     * Register network policy change callback.
102     * @param callback Interface type pointer.
103     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
104     */
105    int32_t RegisterNetPolicyCallback(const sptr<INetPolicyCallback> &callback) override;
106
107    /**
108     * Unregister network policy change callback.
109     * @param callback Interface type pointer.
110     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
111     */
112    int32_t UnregisterNetPolicyCallback(const sptr<INetPolicyCallback> &callback) override;
113
114    /**
115     * Set policies by NetPolicyQuotaPolicy.
116     * @param quotaPolicies The list of network quota policy, {@link NetQuotaPolicy}.
117     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
118     */
119    int32_t SetNetQuotaPolicies(const std::vector<NetQuotaPolicy> &quotaPolicies) override;
120
121    /**
122     * Get network policies.
123     * @param quotaPolicies The list of network quota policy, {@link NetQuotaPolicy}.
124     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
125     */
126    int32_t GetNetQuotaPolicies(std::vector<NetQuotaPolicy> &quotaPolicies) override;
127
128    /**
129     * Reset network policies\rules\quota policies\firewall rules.
130     * @param simId Specify the matched simId of quota policy.
131     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
132     */
133    int32_t ResetPolicies(const std::string &simId) override;
134
135    /**
136     * Control if apps can use data on background.
137     * @param allowBackground Allow apps to use data on background.
138     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
139     */
140    int32_t SetBackgroundPolicy(bool allowBackground) override;
141
142    /**
143     * Get the status if apps can use data on background.
144     * @param backgroundPolicy True is allowed to use data on background.
145     *      False is not allowed to use data on background.
146     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
147     */
148    int32_t GetBackgroundPolicy(bool &backgroundPolicy) override;
149
150    /**
151     * Get the background network restriction policy for the specified uid.
152     * @param uid uid The specified UID of application.
153     * @param backgroundPolicyOfUid The specified UID of backgroundPolicy.
154     *      For details, see {@link NetBackgroundPolicy}.
155     * @return uint32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
156     */
157    int32_t GetBackgroundPolicyByUid(uint32_t uid, uint32_t &backgroundPolicyOfUid) override;
158
159    /**
160     * Update the limit or warning remind time of quota policy.
161     * @param netType {@link NetBearType}.
162     * @param simId Specify the matched simId of quota policy when netType is cellular.
163     * @param remindType {@link RemindType}.
164     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
165     */
166    int32_t UpdateRemindPolicy(int32_t netType, const std::string &simId, uint32_t remindType) override;
167
168    /**
169     * Set the UID into device idle allow list.
170     * @param uid The specified UID of application.
171     * @param isAllowed The UID is into allowed list or not.
172     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
173     */
174    int32_t SetDeviceIdleTrustlist(const std::vector<uint32_t> &uids, bool isAllowed) override;
175
176    /**
177     * Get the allow list of UID in device idle mode.
178     * @param uids The list of UIDs
179     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
180     */
181    int32_t GetDeviceIdleTrustlist(std::vector<uint32_t> &uids) override;
182
183    /**
184     * Process network policy in device idle mode.
185     * @param enable Device idle mode is open or not.
186     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
187     */
188    int32_t SetDeviceIdlePolicy(bool enable) override;
189
190    /**
191     * Get the allow list of UID in power save mode.
192     *
193     * @param uids The list of UIDs.
194     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
195     */
196    int32_t GetPowerSaveTrustlist(std::vector<uint32_t> &uids) override;
197
198    /**
199     * Set the UID into power save allow list.
200     * @param uid The specified UID of application.
201     * @param isAllowed The UID is into allowed list or not.
202     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
203     */
204    int32_t SetPowerSaveTrustlist(const std::vector<uint32_t> &uids, bool isAllowed) override;
205
206    /**
207     * Process network policy in Power Save mode.
208     *
209     * @param enable Power save mode is open or not.
210     * @return int32_t Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
211     */
212    int32_t SetPowerSavePolicy(bool enable) override;
213
214    /**
215     * Check if you have permission
216     *
217     * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
218     */
219    int32_t CheckPermission() override;
220
221	/**
222     * factory reset net policies
223     *
224     * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
225     */
226    int32_t FactoryResetPolicies() override;
227
228    /**
229     * Set the policy to access the network of the specified application.
230     *
231     * @param uid The specified UID of application.
232     * @param policy The network access policy of application, {@link NetworkAccessPolicy}.
233     * @param reconfirmFlag true means a reconfirm diaglog trigger while policy deny network access.
234     * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
235     */
236    int32_t SetNetworkAccessPolicy(uint32_t uid, NetworkAccessPolicy policy, bool reconfirmFlag) override;
237
238    /**
239     * Query the network access policy of the specified application or all applications.
240     *
241     * @param parameter Indicate to get all or an application network access policy, {@link AccessPolicyParameter}.
242     * @param policy The network access policy of application, {@link AccessPolicySave}.
243     * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
244     */
245    int32_t GetNetworkAccessPolicy(AccessPolicyParameter parameter, AccessPolicySave& policy) override;
246
247    NetAccessPolicyRDB GetNetAccessPolicyDBHandler()
248    {
249        static NetAccessPolicyRDB netAccessPolicy;
250        return netAccessPolicy;
251    }
252    int32_t DeleteNetworkAccessPolicy(uint32_t uid);
253    int32_t NotifyNetAccessPolicyDiag(uint32_t uid) override;
254
255    /**
256     * Set NIC Traffic allowed or disallowed
257     *
258     * @param ifaceNames ifaceNames
259     * @param status true for allowed, false for disallowed
260     * @return Returns 0 success. Otherwise fail, {@link NetPolicyResultCode}.
261     */
262    int32_t SetNicTrafficAllowed(const std::vector<std::string> &ifaceNames, bool status) override;
263
264protected:
265    void OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
266    void OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) override;
267
268private:
269    void Init();
270    int32_t GetDumpMessage(std::string &message);
271
272    void OnNetSysRestart();
273    void UpdateNetAccessPolicyToMapFromDB();
274    bool CheckNetworkAccessIsBroker(uint32_t uid);
275
276private:
277    enum ServiceRunningState {
278        STATE_STOPPED = 0,
279        STATE_RUNNING,
280    };
281
282    std::shared_ptr<NetPolicyTraffic> netPolicyTraffic_ = nullptr;
283    std::shared_ptr<NetPolicyFirewall> netPolicyFirewall_ = nullptr;
284    std::shared_ptr<NetPolicyRule> netPolicyRule_ = nullptr;
285    std::shared_ptr<NetPolicyFile> netPolicyFile_ = nullptr;
286    ServiceRunningState state_ = ServiceRunningState::STATE_STOPPED;
287    std::shared_ptr<NetPolicyCore> netPolicyCore_ = nullptr;
288    std::shared_ptr<NetPolicyCallback> netPolicyCallback_ = nullptr;
289    sptr<NetPolicyServiceCommon> serviceComm_ = nullptr;
290    std::mutex mutex_;
291    std::vector<uint16_t> monthDay_;
292
293    bool hasSARemoved_ = false;
294
295private:
296    void RegisterFactoryResetCallback();
297
298    class FactoryResetCallBack : public IRemoteStub<INetFactoryResetCallback> {
299    public:
300        FactoryResetCallBack(std::shared_ptr<NetPolicyService> netPolicy)
301        {
302            netPolicy_ = netPolicy;
303        }
304
305        int32_t OnNetFactoryReset()
306        {
307            if (netPolicy_ != nullptr) {
308                netPolicy_->FactoryResetPolicies();
309                return NETMANAGER_SUCCESS;
310            } else {
311                return NETMANAGER_ERR_LOCAL_PTR_NULL;
312            }
313        }
314    private:
315        std::shared_ptr<NetPolicyService> netPolicy_ = nullptr;
316    };
317    sptr<INetFactoryResetCallback> netFactoryResetCallback_ = nullptr;
318};
319} // namespace NetManagerStandard
320} // namespace OHOS
321#endif // NET_POLICY_SERVICE_H
322