1/*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#ifndef FIREWALL_DB_HELPER_H
17#define FIREWALL_DB_HELPER_H
18
19#include <string>
20
21#include "netfirewall_database.h"
22#include "netfirewall_common.h"
23#include "rdb_common.h"
24#include "rdb_errno.h"
25#include "rdb_helper.h"
26#include "rdb_open_callback.h"
27#include "rdb_predicates.h"
28#include "rdb_store.h"
29#include "result_set.h"
30#include "system_ability.h"
31#include "value_object.h"
32
33namespace OHOS {
34namespace NetManagerStandard {
35// The data index of NetFirewallRule
36struct NetFirewallRuleInfo {
37    int32_t rowCount;
38    int32_t ruleIdIndex;
39    int32_t ruleNameIndex;
40    int32_t ruleDescriptionIndex;
41    int32_t ruleDirectionIndex;
42    int32_t ruleActionIndex;
43    int32_t ruleTypeIndex;
44    int32_t isEnabledIndex;
45    int32_t appUidIndex;
46    int32_t protocolIndex;
47    int32_t primaryDnsIndex;
48    int32_t standbyDnsIndex;
49    int32_t localIpsIndex;
50    int32_t remoteIpsIndex;
51    int32_t localPortsIndex;
52    int32_t remotePortsIndex;
53    int32_t domainsIndex;
54    int32_t userIdIndex;
55};
56
57// Intercept the structure of records in the database
58struct NetInterceptRecordInfo {
59    int32_t rowCount;
60    int32_t idIndex;
61    int32_t timeIndex;
62    int32_t localIpIndex;
63    int32_t remoteIpIndex;
64    int32_t localPortIndex;
65    int32_t remotePortIndex;
66    int32_t protocolIndex;
67    int32_t appUidIndex;
68    int32_t domainIndex;
69};
70
71// save to database @see NetFirewallIpParam
72struct DataBaseIp {
73    uint8_t family;
74    uint8_t type;
75    uint8_t mask;
76    union {
77        struct {
78            in_addr startIp;
79            in_addr endIp;
80        } ipv4;
81        struct {
82            in6_addr startIp;
83            in6_addr endIp;
84        } ipv6;
85    };
86};
87
88// save to database @see NetFirewallPortParam
89struct DataBasePort {
90    uint16_t startPort;
91    uint16_t endPort;
92};
93
94class NetFirewallDbHelper : public NoCopyable {
95public:
96    static NetFirewallDbHelper &GetInstance();
97
98    /**
99     * add NetFirewallRule data record
100     *
101     * @param rule net firewall rule
102     * @return Returns 0 success. Otherwise fail
103     */
104    int32_t AddFirewallRuleRecord(const NetFirewallRule &rule);
105
106    /**
107     * Add interception logs
108     *
109     * @param userId User id
110     * @param records intercept records
111     * @return Returns 0 success. Otherwise fail
112     */
113    int32_t AddInterceptRecord(const int32_t userId, std::vector<sptr<InterceptRecord>> &records);
114
115    /**
116     * Query enabled rule set
117     *
118     * @param rules List of rules obtained from query
119     * @return Returns 0 success. Otherwise fail
120     */
121    int32_t QueryAllUserEnabledFirewallRules(std::vector<NetFirewallRule> &rules,
122        NetFirewallRuleType type = NetFirewallRuleType::RULE_ALL);
123
124    /**
125     * Query enabled rule set
126     *
127     * @param userId User id
128     * @param appUid The UID of an application or service
129     * @param rules List of rules obtained from query
130     * @return Returns 0 success. Otherwise fail
131     */
132    int32_t QueryEnabledFirewallRules(int32_t userId, int32_t appUid, std::vector<NetFirewallRule> &rules);
133
134    /**
135     * Query all rules
136     *
137     * @param rules List of rules obtained from query
138     * @return Returns 0 success. Otherwise fail
139     */
140    int32_t QueryAllFirewallRuleRecord(std::vector<NetFirewallRule> &rules);
141
142    /**
143     * Query firewall rule
144     *
145     * @param ruleId Rule id
146     * @param userId User id
147     * @param rules List of rules obtained from query
148     * @return Returns 0 success. Otherwise fail
149     */
150    int32_t QueryFirewallRuleRecord(int32_t ruleId, int32_t userId, std::vector<NetFirewallRule> &rules);
151
152    /**
153     * Paging query firewall rules
154     *
155     * @param userId User id
156     * @param requestParam Pagination query input
157     * @param rules List of rules obtained from query
158     * @return Returns 0 success. Otherwise fail
159     */
160    int32_t QueryFirewallRule(const int32_t userId, const sptr<RequestParam> &requestParam,
161        sptr<FirewallRulePage> &info);
162
163    /**
164     * Paging query interception records
165     *
166     * @param userId User id
167     * @param requestParam Pagination query input
168     * @param rules List of record obtained from query
169     * @return Returns 0 success. Otherwise fail
170     */
171    int32_t QueryInterceptRecord(const int32_t userId, const sptr<RequestParam> &requestParam,
172        sptr<InterceptRecordPage> &info);
173
174    /**
175     * Query the number of firewall rules for a specified user
176     *
177     * @param userId User id
178     * @param rowCount Number of queries found
179     * @return Returns 0 success. Otherwise fail
180     */
181    int32_t QueryFirewallRuleByUserIdCount(const int32_t userId, int64_t &rowCount);
182
183    /**
184     * Query the number of all firewall rules
185     *
186     * @param rowCount Number of queries found
187     * @return Returns 0 success. Otherwise fail
188     */
189    int32_t QueryFirewallRuleAllCount(int64_t &rowCount);
190
191    /**
192     * Query the number of all domain rules
193     *
194     * @return Number of queries found
195     */
196    int32_t QueryFirewallRuleAllDomainCount();
197
198    /**
199     * Query the number of ambiguous domain names
200     *
201     * @return Number of queries found
202     */
203    int32_t QueryFirewallRuleAllFuzzyDomainCount();
204
205    /**
206     * Query the number of domain rules by userId
207     *
208     * @param userId User id
209     * @return Number of queries found
210     */
211    int32_t QueryFirewallRuleDomainByUserIdCount(int32_t userId);
212
213    /**
214     * Update firewall rule
215     *
216     * @param rule firewall ruele
217     * @return Returns 0 success. Otherwise fail
218     */
219    int32_t UpdateFirewallRuleRecord(const NetFirewallRule &rule);
220
221    /**
222     * Delete firewall rule
223     *
224     * @param userId User id
225     * @param ruleId Rule id
226     * @return Returns 0 success. Otherwise fail
227     */
228    int32_t DeleteFirewallRuleRecord(int32_t userId, int32_t ruleId);
229
230    /**
231     * Delete firewall rule by user id
232     *
233     * @param userId User id
234     * @return Returns 0 success. Otherwise fail
235     */
236    int32_t DeleteFirewallRuleRecordByUserId(int32_t userId);
237
238    /**
239     * Delete firewall rule by app uid
240     *
241     * @param appUid The UID of an application or service
242     * @return Returns 0 success. Otherwise fail
243     */
244    int32_t DeleteFirewallRuleRecordByAppId(int32_t appUid);
245
246    /**
247     * Delete intercept record by user id
248     *
249     * @param userId User id
250     * @return Returns 0 success. Otherwise fail
251     */
252    int32_t DeleteInterceptRecord(int32_t userId);
253
254    /**
255     * Does the specified firewall rule exist
256     *
257     * @param oldRule Current existing rules
258     * @return If there is a return to true, otherwise it will be false
259     */
260    bool IsFirewallRuleExist(int32_t ruleId, NetFirewallRule &oldRule);
261
262    /**
263     * Does the specified dns rule exist
264     *
265     * @param oldRule Current existing rules
266     * @return If there is a return to true, otherwise it will be false
267     */
268    bool IsDnsRuleExist(const sptr<NetFirewallRule> &rule);
269
270    /**
271     * Query the number of query databases
272     *
273     * @param outValue Number of queries found
274     * @param predicates Matching criteria
275     * @return Returns 0 success. Otherwise fail
276     */
277    int32_t Count(int64_t &outValue, const OHOS::NativeRdb::AbsRdbPredicates &predicates);
278
279    int32_t QuerySql(const std::string &sql);
280
281private:
282    NetFirewallDbHelper();
283    ~NetFirewallDbHelper();
284
285    // Fill in firewall rule data
286    int32_t FillValuesOfFirewallRule(NativeRdb::ValuesBucket &values, const NetFirewallRule &rule);
287
288    // Check if data needs to be updated
289    int32_t CheckIfNeedUpdateEx(const std::string &tableName, bool &isUpdate, int32_t ruleId, NetFirewallRule &oldRule);
290
291    int32_t QueryFirewallRuleRecord(const NativeRdb::RdbPredicates &rdbPredicates,
292        const std::vector<std::string> &columns, std::vector<NetFirewallRule> &rules);
293
294    int32_t DeleteAndNoOtherOperation(const std::string &whereClause, const std::vector<std::string> &whereArgs);
295
296    template <typename T>
297    int32_t QueryAndGetResult(const NativeRdb::RdbPredicates &rdbPredicates, const std::vector<std::string> &columns,
298        std::vector<T> &rules);
299
300    void GetParamRuleInfoFormResultSet(std::string &columnName, int32_t index, NetFirewallRuleInfo &table);
301
302    int32_t GetResultSetTableInfo(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
303        struct NetFirewallRuleInfo &table);
304
305    int32_t GetResultSetTableInfo(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
306        NetInterceptRecordInfo &table);
307
308    // Convert query result ResultSet
309    int32_t GetResultRightRecordEx(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
310        std::vector<NetFirewallRule> &rules);
311
312    int32_t GetResultRightRecordEx(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
313        std::vector<InterceptRecord> &rules);
314
315    int32_t AddFirewallRule(NativeRdb::ValuesBucket &values, const NetFirewallRule &rule);
316
317    void GetRuleDataFromResultSet(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
318        const NetFirewallRuleInfo &table, NetFirewallRule &info);
319    void GetRuleListParamFromResultSet(const std::shared_ptr<OHOS::NativeRdb::ResultSet> &resultSet,
320        const NetFirewallRuleInfo &table, NetFirewallRule &info);
321    static bool DomainListToBlob(const std::vector<NetFirewallDomainParam> &vec, std::vector<uint8_t> &blob,
322        uint32_t &fuzzyNum);
323    static bool BlobToDomainList(const std::vector<uint8_t> &blob, std::vector<NetFirewallDomainParam> &vec);
324    template <typename T> static void ListToBlob(const std::vector<T> &vec, std::vector<uint8_t> &blob);
325    template <typename T> static void BlobToList(const std::vector<uint8_t> &blob, std::vector<T> &vec);
326
327    void FirewallIpToDbIp(const std::vector<NetFirewallIpParam> &ips, std::vector<DataBaseIp> &dbips);
328    void DbIpToFirewallIp(const std::vector<DataBaseIp> &dbips, std::vector<NetFirewallIpParam> &ips);
329    void FirewallPortToDbPort(const std::vector<NetFirewallPortParam> &ports, std::vector<DataBasePort> &dbports);
330    void DbPortToFirewallPort(const std::vector<DataBasePort> &dbports, std::vector<NetFirewallPortParam> &ports);
331
332private:
333    static std::shared_ptr<NetFirewallDbHelper> instance_;
334    std::mutex databaseMutex_;
335    std::shared_ptr<NetFirewallDataBase> firewallDatabase_;
336};
337} // namespace NetManagerStandard
338} // namespace OHOS
339
340#endif // FIREWALL_DB_HELPER_H