18e745fdaSopenharmony_ci/* 28e745fdaSopenharmony_ci * Copyright (c) 2024 Huawei Device Co., Ltd. 38e745fdaSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 48e745fdaSopenharmony_ci * you may not use this file except in compliance with the License. 58e745fdaSopenharmony_ci * You may obtain a copy of the License at 68e745fdaSopenharmony_ci * 78e745fdaSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 88e745fdaSopenharmony_ci * 98e745fdaSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 108e745fdaSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 118e745fdaSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 128e745fdaSopenharmony_ci * See the License for the specific language governing permissions and 138e745fdaSopenharmony_ci * limitations under the License. 148e745fdaSopenharmony_ci */ 158e745fdaSopenharmony_ci 168e745fdaSopenharmony_ci#include <sys/socket.h> 178e745fdaSopenharmony_ci#include <sys/types.h> 188e745fdaSopenharmony_ci 198e745fdaSopenharmony_ci#include "netfirewall_service.h" 208e745fdaSopenharmony_ci#include "ipc_skeleton.h" 218e745fdaSopenharmony_ci#include "bundle_constants.h" 228e745fdaSopenharmony_ci#include "iremote_object.h" 238e745fdaSopenharmony_ci#include "net_event_report.h" 248e745fdaSopenharmony_ci#include "net_manager_center.h" 258e745fdaSopenharmony_ci#include "net_manager_constants.h" 268e745fdaSopenharmony_ci#include "net_manager_ext_constants.h" 278e745fdaSopenharmony_ci#include "netfirewall_default_rule_parser.h" 288e745fdaSopenharmony_ci#include "netfirewall_db_helper.h" 298e745fdaSopenharmony_ci#include "netfirewall_hisysevent.h" 308e745fdaSopenharmony_ci#include "netmanager_base_common_utils.h" 318e745fdaSopenharmony_ci#include "netmanager_base_permission.h" 328e745fdaSopenharmony_ci#include "netmanager_hitrace.h" 338e745fdaSopenharmony_ci#include "netmgr_ext_log_wrapper.h" 348e745fdaSopenharmony_ci#include "system_ability_definition.h" 358e745fdaSopenharmony_ci#include "netsys_controller.h" 368e745fdaSopenharmony_ci#include "netfirewall_intercept_recorder.h" 378e745fdaSopenharmony_ci 388e745fdaSopenharmony_cinamespace OHOS { 398e745fdaSopenharmony_cinamespace NetManagerStandard { 408e745fdaSopenharmony_ciconstexpr int64_t QUERY_USER_ID_DELAY_TIME_MS = 300L; 418e745fdaSopenharmony_ciconstexpr int32_t QUERY_USER_MAX_RETRY_TIMES = 100; 428e745fdaSopenharmony_ci 438e745fdaSopenharmony_cinamespace { 448e745fdaSopenharmony_ciconst std::string PUSH_RESULT_SUCCESS = "Success"; 458e745fdaSopenharmony_ciconst std::string PUSH_RESULT_FAILD = "Faild"; 468e745fdaSopenharmony_ciconst std::string PUSH_RESULT_UNKONW = "Unkonw"; 478e745fdaSopenharmony_ci} // namespace 488e745fdaSopenharmony_ci 498e745fdaSopenharmony_ciconst bool REGISTER_LOCAL_RESULT_NETFIREWALL = 508e745fdaSopenharmony_ci SystemAbility::MakeAndRegisterAbility(DelayedSingleton<NetFirewallService>::GetInstance().get()); 518e745fdaSopenharmony_ci 528e745fdaSopenharmony_cistd::shared_ptr<ffrt::queue> NetFirewallService::ffrtServiceHandler_; 538e745fdaSopenharmony_ci 548e745fdaSopenharmony_ciNetFirewallService::NetFirewallService() : SystemAbility(COMM_FIREWALL_MANAGER_SYS_ABILITY_ID, true) 558e745fdaSopenharmony_ci{ 568e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("NetFirewallService()"); 578e745fdaSopenharmony_ci} 588e745fdaSopenharmony_ci 598e745fdaSopenharmony_ciNetFirewallService::~NetFirewallService() 608e745fdaSopenharmony_ci{ 618e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("~NetFirewallService()"); 628e745fdaSopenharmony_ci} 638e745fdaSopenharmony_ci 648e745fdaSopenharmony_civoid NetFirewallService::SetCurrentUserId(int32_t userId) 658e745fdaSopenharmony_ci{ 668e745fdaSopenharmony_ci currentUserId_ = userId; 678e745fdaSopenharmony_ci NetFirewallPolicyManager::GetInstance().SetCurrentUserId(currentUserId_); 688e745fdaSopenharmony_ci NetFirewallInterceptRecorder::GetInstance()->SetCurrentUserId(currentUserId_); 698e745fdaSopenharmony_ci // set current userid to native 708e745fdaSopenharmony_ci NetFirewallRuleNativeHelper::GetInstance().SetCurrentUserId(currentUserId_); 718e745fdaSopenharmony_ci} 728e745fdaSopenharmony_ci 738e745fdaSopenharmony_ciint32_t NetFirewallService::GetCurrentAccountId() 748e745fdaSopenharmony_ci{ 758e745fdaSopenharmony_ci std::vector<int32_t> accountIds; 768e745fdaSopenharmony_ci auto ret = AccountSA::OsAccountManager::QueryActiveOsAccountIds(accountIds); 778e745fdaSopenharmony_ci if (ret != ERR_OK || accountIds.empty()) { 788e745fdaSopenharmony_ci NETMGR_EXT_LOG_E("query active user failed errCode=%{public}d", ret); 798e745fdaSopenharmony_ci return FIREWALL_ERR_INTERNAL; 808e745fdaSopenharmony_ci } 818e745fdaSopenharmony_ci SetCurrentUserId(accountIds.front()); 828e745fdaSopenharmony_ci return currentUserId_; 838e745fdaSopenharmony_ci} 848e745fdaSopenharmony_ci 858e745fdaSopenharmony_ci/** 868e745fdaSopenharmony_ci * Turn on or off the firewall 878e745fdaSopenharmony_ci * 888e745fdaSopenharmony_ci * @param userId User id 898e745fdaSopenharmony_ci * @param policy The firewall status to be set 908e745fdaSopenharmony_ci * @return Returns 0 success. Otherwise fail 918e745fdaSopenharmony_ci */ 928e745fdaSopenharmony_ciint32_t NetFirewallService::SetNetFirewallPolicy(const int32_t userId, const sptr<NetFirewallPolicy> &policy) 938e745fdaSopenharmony_ci{ 948e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("SetNetFirewallPolicy userId=%{public}d isOpen= %{public}d, inAction=%{public}d", userId, 958e745fdaSopenharmony_ci policy->isOpen, policy->inAction); 968e745fdaSopenharmony_ci int32_t ret = CheckUserExist(userId); 978e745fdaSopenharmony_ci if (ret != FIREWALL_SUCCESS) { 988e745fdaSopenharmony_ci return ret; 998e745fdaSopenharmony_ci } 1008e745fdaSopenharmony_ci ret = NetFirewallPolicyManager::GetInstance().SetNetFirewallPolicy(userId, policy); 1018e745fdaSopenharmony_ci if (ret != FIREWALL_SUCCESS) { 1028e745fdaSopenharmony_ci return ret; 1038e745fdaSopenharmony_ci } 1048e745fdaSopenharmony_ci 1058e745fdaSopenharmony_ci if (userId == currentUserId_) { 1068e745fdaSopenharmony_ci // If the firewall switch status of the current user has changed, determine whether to issue it 1078e745fdaSopenharmony_ci if (NetFirewallPolicyManager::GetInstance().IsFirewallStatusChange(policy)) { 1088e745fdaSopenharmony_ci // netfirewall rules to native 1098e745fdaSopenharmony_ci NetFirewallRuleManager::GetInstance().OpenOrCloseNativeFirewall(policy->isOpen); 1108e745fdaSopenharmony_ci } 1118e745fdaSopenharmony_ci if (NetFirewallPolicyManager::GetInstance().IsFirewallActionChange(policy)) { 1128e745fdaSopenharmony_ci NetsysController::GetInstance().SetFirewallDefaultAction(policy->inAction, policy->outAction); 1138e745fdaSopenharmony_ci } 1148e745fdaSopenharmony_ci NetFirewallPolicyManager::GetInstance().SetCurrentUserFirewallPolicy(policy); 1158e745fdaSopenharmony_ci } 1168e745fdaSopenharmony_ci 1178e745fdaSopenharmony_ci return ret; 1188e745fdaSopenharmony_ci} 1198e745fdaSopenharmony_ci 1208e745fdaSopenharmony_ci/** 1218e745fdaSopenharmony_ci * Query firewall status 1228e745fdaSopenharmony_ci * 1238e745fdaSopenharmony_ci * @param userId User id 1248e745fdaSopenharmony_ci * @param status status of user userId 1258e745fdaSopenharmony_ci * @return Returns 0 success. Otherwise fail 1268e745fdaSopenharmony_ci */ 1278e745fdaSopenharmony_ciint32_t NetFirewallService::GetNetFirewallPolicy(const int32_t userId, sptr<NetFirewallPolicy> &policy) 1288e745fdaSopenharmony_ci{ 1298e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("GetNetFirewallPolicy"); 1308e745fdaSopenharmony_ci int32_t ret = CheckUserExist(userId); 1318e745fdaSopenharmony_ci if (ret != FIREWALL_SUCCESS) { 1328e745fdaSopenharmony_ci return ret; 1338e745fdaSopenharmony_ci } 1348e745fdaSopenharmony_ci NetFirewallPolicyManager::GetInstance().GetNetFirewallPolicy(userId, policy); 1358e745fdaSopenharmony_ci return FIREWALL_SUCCESS; 1368e745fdaSopenharmony_ci} 1378e745fdaSopenharmony_ci 1388e745fdaSopenharmony_ciint32_t NetFirewallService::AddNetFirewallRule(const sptr<NetFirewallRule> &rule, int32_t &ruleId) 1398e745fdaSopenharmony_ci{ 1408e745fdaSopenharmony_ci return NetFirewallRuleManager::GetInstance().AddNetFirewallRule(rule, ruleId); 1418e745fdaSopenharmony_ci} 1428e745fdaSopenharmony_ci 1438e745fdaSopenharmony_ciint32_t NetFirewallService::AddDefaultNetFirewallRule(int32_t userId) 1448e745fdaSopenharmony_ci{ 1458e745fdaSopenharmony_ci return NetFirewallRuleManager::GetInstance().AddDefaultNetFirewallRule(userId); 1468e745fdaSopenharmony_ci} 1478e745fdaSopenharmony_ci 1488e745fdaSopenharmony_ciint32_t NetFirewallService::UpdateNetFirewallRule(const sptr<NetFirewallRule> &rule) 1498e745fdaSopenharmony_ci{ 1508e745fdaSopenharmony_ci return NetFirewallRuleManager::GetInstance().UpdateNetFirewallRule(rule); 1518e745fdaSopenharmony_ci} 1528e745fdaSopenharmony_ci 1538e745fdaSopenharmony_ciint32_t NetFirewallService::DeleteNetFirewallRule(const int32_t userId, const int32_t ruleId) 1548e745fdaSopenharmony_ci{ 1558e745fdaSopenharmony_ci return NetFirewallRuleManager::GetInstance().DeleteNetFirewallRule(userId, ruleId); 1568e745fdaSopenharmony_ci} 1578e745fdaSopenharmony_ci 1588e745fdaSopenharmony_ciint32_t NetFirewallService::GetNetFirewallRules(const int32_t userId, const sptr<RequestParam> &requestParam, 1598e745fdaSopenharmony_ci sptr<FirewallRulePage> &info) 1608e745fdaSopenharmony_ci{ 1618e745fdaSopenharmony_ci return NetFirewallRuleManager::GetInstance().GetNetFirewallRules(userId, requestParam, info); 1628e745fdaSopenharmony_ci} 1638e745fdaSopenharmony_ci 1648e745fdaSopenharmony_ciint32_t NetFirewallService::GetNetFirewallRule(const int32_t userId, const int32_t ruleId, sptr<NetFirewallRule> &rule) 1658e745fdaSopenharmony_ci{ 1668e745fdaSopenharmony_ci return NetFirewallRuleManager::GetInstance().GetNetFirewallRule(userId, ruleId, rule); 1678e745fdaSopenharmony_ci} 1688e745fdaSopenharmony_ci 1698e745fdaSopenharmony_ciint32_t NetFirewallService::GetInterceptRecords(const int32_t userId, const sptr<RequestParam> &requestParam, 1708e745fdaSopenharmony_ci sptr<InterceptRecordPage> &info) 1718e745fdaSopenharmony_ci{ 1728e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("GetInterceptRecords"); 1738e745fdaSopenharmony_ci int32_t ret = CheckUserExist(userId); 1748e745fdaSopenharmony_ci if (ret != FIREWALL_SUCCESS) { 1758e745fdaSopenharmony_ci return ret; 1768e745fdaSopenharmony_ci } 1778e745fdaSopenharmony_ci // Cache data writing to avoid not being able to access new data 1788e745fdaSopenharmony_ci NetFirewallInterceptRecorder::GetInstance()->SyncRecordCache(); 1798e745fdaSopenharmony_ci return NetFirewallInterceptRecorder::GetInstance()->GetInterceptRecords(userId, requestParam, info); 1808e745fdaSopenharmony_ci} 1818e745fdaSopenharmony_ci 1828e745fdaSopenharmony_ciint32_t NetFirewallService::CheckUserExist(const int32_t userId) 1838e745fdaSopenharmony_ci{ 1848e745fdaSopenharmony_ci AccountSA::OsAccountInfo accountInfo; 1858e745fdaSopenharmony_ci if (AccountSA::OsAccountManager::QueryOsAccountById(userId, accountInfo) != ERR_OK) { 1868e745fdaSopenharmony_ci NETMGR_EXT_LOG_E("QueryOsAccountById error, userId: %{public}d.", userId); 1878e745fdaSopenharmony_ci return FIREWALL_ERR_NO_USER; 1888e745fdaSopenharmony_ci } 1898e745fdaSopenharmony_ci return FIREWALL_SUCCESS; 1908e745fdaSopenharmony_ci} 1918e745fdaSopenharmony_ci 1928e745fdaSopenharmony_ciint32_t NetFirewallService::Dump(int32_t fd, const std::vector<std::u16string> &args) 1938e745fdaSopenharmony_ci{ 1948e745fdaSopenharmony_ci std::string result; 1958e745fdaSopenharmony_ci GetDumpMessage(result); 1968e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("NetFirewall dump fd: %{public}d, content: %{public}s", fd, result.c_str()); 1978e745fdaSopenharmony_ci int32_t ret = dprintf(fd, "%s\n", result.c_str()); 1988e745fdaSopenharmony_ci if (ret < 0) { 1998e745fdaSopenharmony_ci NETMGR_EXT_LOG_E("dprintf failed, errno[%{public}d]", errno); 2008e745fdaSopenharmony_ci return FIREWALL_ERR_INTERNAL; 2018e745fdaSopenharmony_ci } 2028e745fdaSopenharmony_ci return FIREWALL_SUCCESS; 2038e745fdaSopenharmony_ci} 2048e745fdaSopenharmony_ci 2058e745fdaSopenharmony_civoid NetFirewallService::GetDumpMessage(std::string &message) 2068e745fdaSopenharmony_ci{ 2078e745fdaSopenharmony_ci message.append("NetFirewall Info:\n"); 2088e745fdaSopenharmony_ci message.append("\tServiceRunningState: " + GetServiceState() + "\n"); 2098e745fdaSopenharmony_ci message.append("\tSpendTimeMSec: " + std::to_string(serviceSpendTime_) + "ms" + "\n"); 2108e745fdaSopenharmony_ci std::map<int32_t, bool> firewallStateMap; 2118e745fdaSopenharmony_ci GetAllUserFirewallState(firewallStateMap); 2128e745fdaSopenharmony_ci message.append("\t"); 2138e745fdaSopenharmony_ci for (const auto &pair : firewallStateMap) { 2148e745fdaSopenharmony_ci std::string userId = std::to_string(pair.first); 2158e745fdaSopenharmony_ci std::string state = pair.second ? "Enable" : "Disable"; 2168e745fdaSopenharmony_ci message.append("UserId: " + userId + " " + state + ", "); 2178e745fdaSopenharmony_ci } 2188e745fdaSopenharmony_ci message.append("\n"); 2198e745fdaSopenharmony_ci message.append("\tLastRulePushTime: " + GetLastRulePushTime() + "\n"); 2208e745fdaSopenharmony_ci message.append("\tLastRulePushResult: " + GetLastRulePushResult() + "\n"); 2218e745fdaSopenharmony_ci} 2228e745fdaSopenharmony_ci 2238e745fdaSopenharmony_cistd::string NetFirewallService::GetServiceState() 2248e745fdaSopenharmony_ci{ 2258e745fdaSopenharmony_ci return (state_ == ServiceRunningState::STATE_RUNNING) ? "Running" : "Stop"; 2268e745fdaSopenharmony_ci} 2278e745fdaSopenharmony_ci 2288e745fdaSopenharmony_cistd::string NetFirewallService::GetLastRulePushTime() 2298e745fdaSopenharmony_ci{ 2308e745fdaSopenharmony_ci currentSetRuleSecond_ = NetFirewallRuleManager::GetInstance().GetCurrentSetRuleSecond(); 2318e745fdaSopenharmony_ci if (currentSetRuleSecond_ == 0) { 2328e745fdaSopenharmony_ci return PUSH_RESULT_UNKONW; 2338e745fdaSopenharmony_ci } 2348e745fdaSopenharmony_ci return std::to_string(currentSetRuleSecond_); 2358e745fdaSopenharmony_ci} 2368e745fdaSopenharmony_ci 2378e745fdaSopenharmony_cistd::string NetFirewallService::GetLastRulePushResult() 2388e745fdaSopenharmony_ci{ 2398e745fdaSopenharmony_ci lastRulePushResult_ = NetFirewallRuleManager::GetInstance().GetLastRulePushResult(); 2408e745fdaSopenharmony_ci if (lastRulePushResult_ == FIREWALL_SUCCESS) { 2418e745fdaSopenharmony_ci return PUSH_RESULT_SUCCESS; 2428e745fdaSopenharmony_ci } 2438e745fdaSopenharmony_ci if (lastRulePushResult_ < 0) { 2448e745fdaSopenharmony_ci return PUSH_RESULT_UNKONW; 2458e745fdaSopenharmony_ci } 2468e745fdaSopenharmony_ci return PUSH_RESULT_FAILD; 2478e745fdaSopenharmony_ci} 2488e745fdaSopenharmony_ci 2498e745fdaSopenharmony_ciint32_t NetFirewallService::GetAllUserFirewallState(std::map<int32_t, bool> &firewallStateMap) 2508e745fdaSopenharmony_ci{ 2518e745fdaSopenharmony_ci std::vector<AccountSA::OsAccountInfo> osAccountInfos; 2528e745fdaSopenharmony_ci AccountSA::OsAccountManager::QueryAllCreatedOsAccounts(osAccountInfos); 2538e745fdaSopenharmony_ci size_t size = osAccountInfos.size(); 2548e745fdaSopenharmony_ci for (const auto &info : osAccountInfos) { 2558e745fdaSopenharmony_ci int32_t userId = info.GetLocalId(); 2568e745fdaSopenharmony_ci firewallStateMap[userId] = NetFirewallPolicyManager::GetInstance().IsNetFirewallOpen(userId); 2578e745fdaSopenharmony_ci } 2588e745fdaSopenharmony_ci return FIREWALL_SUCCESS; 2598e745fdaSopenharmony_ci} 2608e745fdaSopenharmony_ci 2618e745fdaSopenharmony_civoid NetFirewallService::OnStart() 2628e745fdaSopenharmony_ci{ 2638e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("OnStart()"); 2648e745fdaSopenharmony_ci uint64_t startServiceTime = GetCurrentMilliseconds(); 2658e745fdaSopenharmony_ci if (state_ == ServiceRunningState::STATE_RUNNING) { 2668e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("PcfirewallService is already running."); 2678e745fdaSopenharmony_ci return; 2688e745fdaSopenharmony_ci } 2698e745fdaSopenharmony_ci 2708e745fdaSopenharmony_ci if (!REGISTER_LOCAL_RESULT_NETFIREWALL) { 2718e745fdaSopenharmony_ci NETMGR_EXT_LOG_E("Register to local sa manager failed"); 2728e745fdaSopenharmony_ci return; 2738e745fdaSopenharmony_ci } 2748e745fdaSopenharmony_ci if (!isServicePublished_) { 2758e745fdaSopenharmony_ci if (!Publish(DelayedSingleton<NetFirewallService>::GetInstance().get())) { 2768e745fdaSopenharmony_ci NETMGR_EXT_LOG_E("Register to sa manager failed"); 2778e745fdaSopenharmony_ci return; 2788e745fdaSopenharmony_ci } 2798e745fdaSopenharmony_ci isServicePublished_ = true; 2808e745fdaSopenharmony_ci } 2818e745fdaSopenharmony_ci 2828e745fdaSopenharmony_ci state_ = ServiceRunningState::STATE_RUNNING; 2838e745fdaSopenharmony_ci 2848e745fdaSopenharmony_ci AddSystemAbilityListener(COMM_NETSYS_NATIVE_SYS_ABILITY_ID); 2858e745fdaSopenharmony_ci AddSystemAbilityListener(COMMON_EVENT_SERVICE_ID); 2868e745fdaSopenharmony_ci if (OnInit() != FIREWALL_SUCCESS) { 2878e745fdaSopenharmony_ci NETMGR_EXT_LOG_E("Init data failed"); 2888e745fdaSopenharmony_ci return; 2898e745fdaSopenharmony_ci } 2908e745fdaSopenharmony_ci serviceSpendTime_ = GetCurrentMilliseconds() - startServiceTime; 2918e745fdaSopenharmony_ci} 2928e745fdaSopenharmony_ci 2938e745fdaSopenharmony_ciint32_t NetFirewallService::OnInit() 2948e745fdaSopenharmony_ci{ 2958e745fdaSopenharmony_ci InitServiceHandler(); 2968e745fdaSopenharmony_ci InitQueryUserId(QUERY_USER_MAX_RETRY_TIMES); 2978e745fdaSopenharmony_ci SubscribeCommonEvent(); 2988e745fdaSopenharmony_ci NetFirewallInterceptRecorder::GetInstance()->RegisterInterceptCallback(); 2998e745fdaSopenharmony_ci return FIREWALL_SUCCESS; 3008e745fdaSopenharmony_ci} 3018e745fdaSopenharmony_ci 3028e745fdaSopenharmony_civoid NetFirewallService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId) 3038e745fdaSopenharmony_ci{ 3048e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("OnAddSystemAbility systemAbilityId:%{public}d added!", systemAbilityId); 3058e745fdaSopenharmony_ci if (systemAbilityId == COMM_NETSYS_NATIVE_SYS_ABILITY_ID) { 3068e745fdaSopenharmony_ci if (hasSaRemoved_) { 3078e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("native reboot, reset firewall rules."); 3088e745fdaSopenharmony_ci NetFirewallRuleManager::GetInstance().OpenOrCloseNativeFirewall( 3098e745fdaSopenharmony_ci NetFirewallPolicyManager::GetInstance().IsCurrentFirewallOpen()); 3108e745fdaSopenharmony_ci NetFirewallInterceptRecorder::GetInstance()->RegisterInterceptCallback(); 3118e745fdaSopenharmony_ci hasSaRemoved_ = false; 3128e745fdaSopenharmony_ci } 3138e745fdaSopenharmony_ci // After the universal service is launched, you can register for broadcast monitoring 3148e745fdaSopenharmony_ci } else if (systemAbilityId == COMMON_EVENT_SERVICE_ID && subscriber_ != nullptr) { 3158e745fdaSopenharmony_ci RegisterSubscribeCommonEvent(); 3168e745fdaSopenharmony_ci } 3178e745fdaSopenharmony_ci} 3188e745fdaSopenharmony_ci 3198e745fdaSopenharmony_cibool NetFirewallService::InitUsersOnBoot() 3208e745fdaSopenharmony_ci{ 3218e745fdaSopenharmony_ci std::vector<int32_t> userIds; 3228e745fdaSopenharmony_ci if (AccountSA::OsAccountManager::QueryActiveOsAccountIds(userIds) != ERR_OK || userIds.empty()) { 3238e745fdaSopenharmony_ci NETMGR_EXT_LOG_E("PcfirewallService: failed to get current userIds"); 3248e745fdaSopenharmony_ci return false; 3258e745fdaSopenharmony_ci } 3268e745fdaSopenharmony_ci SetCurrentUserId(userIds.front()); 3278e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("PcfirewallService::get current userIds success, Current userId: %{public}d", 3288e745fdaSopenharmony_ci currentUserId_.load()); 3298e745fdaSopenharmony_ci InitQueryNetFirewallRules(); 3308e745fdaSopenharmony_ci return true; 3318e745fdaSopenharmony_ci} 3328e745fdaSopenharmony_ci 3338e745fdaSopenharmony_civoid NetFirewallService::InitQueryUserId(int32_t times) 3348e745fdaSopenharmony_ci{ 3358e745fdaSopenharmony_ci times--; 3368e745fdaSopenharmony_ci bool ret = InitUsersOnBoot(); 3378e745fdaSopenharmony_ci if (!ret && times > 0) { 3388e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("InitQueryUserId failed"); 3398e745fdaSopenharmony_ci ffrtServiceHandler_->submit([this, times]() { InitQueryUserId(times); }, 3408e745fdaSopenharmony_ci ffrt::task_attr().delay(QUERY_USER_ID_DELAY_TIME_MS).name("InitQueryUserId")); 3418e745fdaSopenharmony_ci } 3428e745fdaSopenharmony_ci} 3438e745fdaSopenharmony_ci 3448e745fdaSopenharmony_civoid NetFirewallService::InitQueryNetFirewallRules() 3458e745fdaSopenharmony_ci{ 3468e745fdaSopenharmony_ci NetFirewallRuleManager::GetInstance().OpenOrCloseNativeFirewall( 3478e745fdaSopenharmony_ci NetFirewallPolicyManager::GetInstance().IsCurrentFirewallOpen()); 3488e745fdaSopenharmony_ci} 3498e745fdaSopenharmony_ci 3508e745fdaSopenharmony_civoid NetFirewallService::InitServiceHandler() 3518e745fdaSopenharmony_ci{ 3528e745fdaSopenharmony_ci if (ffrtServiceHandler_ != nullptr) { 3538e745fdaSopenharmony_ci NETMGR_EXT_LOG_E("InitServiceHandler already init."); 3548e745fdaSopenharmony_ci return; 3558e745fdaSopenharmony_ci } 3568e745fdaSopenharmony_ci ffrtServiceHandler_ = 3578e745fdaSopenharmony_ci std::make_shared<ffrt::queue>("NetFirewallService", ffrt::queue_attr().qos(ffrt::qos_utility)); 3588e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("InitServiceHandler succeeded."); 3598e745fdaSopenharmony_ci} 3608e745fdaSopenharmony_ci 3618e745fdaSopenharmony_civoid NetFirewallService::OnStop() 3628e745fdaSopenharmony_ci{ 3638e745fdaSopenharmony_ci if (state_ != ServiceRunningState::STATE_RUNNING) { 3648e745fdaSopenharmony_ci return; 3658e745fdaSopenharmony_ci } 3668e745fdaSopenharmony_ci NetFirewallInterceptRecorder::GetInstance()->SyncRecordCache(); 3678e745fdaSopenharmony_ci ffrtServiceHandler_.reset(); 3688e745fdaSopenharmony_ci ffrtServiceHandler_ = nullptr; 3698e745fdaSopenharmony_ci if (subscriber_ != nullptr) { 3708e745fdaSopenharmony_ci bool unSubscribeResult = OHOS::EventFwk::CommonEventManager::UnSubscribeCommonEvent(subscriber_); 3718e745fdaSopenharmony_ci subscriber_ = nullptr; 3728e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("UnregisterSubscriber end, unSubscribeResult = %{public}d", unSubscribeResult); 3738e745fdaSopenharmony_ci } 3748e745fdaSopenharmony_ci NetFirewallInterceptRecorder::GetInstance()->UnRegisterInterceptCallback(); 3758e745fdaSopenharmony_ci state_ = ServiceRunningState::STATE_NOT_START; 3768e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("OnStop end."); 3778e745fdaSopenharmony_ci} 3788e745fdaSopenharmony_ci 3798e745fdaSopenharmony_civoid NetFirewallService::OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId) 3808e745fdaSopenharmony_ci{ 3818e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("OnRemoveSystemAbility systemAbilityId:%{public}d removed!", systemAbilityId); 3828e745fdaSopenharmony_ci if (systemAbilityId == COMM_NETSYS_NATIVE_SYS_ABILITY_ID) { 3838e745fdaSopenharmony_ci hasSaRemoved_ = true; 3848e745fdaSopenharmony_ci } else if (systemAbilityId == COMMON_EVENT_SERVICE_ID) { 3858e745fdaSopenharmony_ci OHOS::EventFwk::CommonEventManager::UnSubscribeCommonEvent(subscriber_); 3868e745fdaSopenharmony_ci subscriber_ = nullptr; 3878e745fdaSopenharmony_ci } 3888e745fdaSopenharmony_ci} 3898e745fdaSopenharmony_ci 3908e745fdaSopenharmony_civoid NetFirewallService::SubscribeCommonEvent() 3918e745fdaSopenharmony_ci{ 3928e745fdaSopenharmony_ci EventFwk::MatchingSkills matchingSkills; 3938e745fdaSopenharmony_ci matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_USER_REMOVED); 3948e745fdaSopenharmony_ci matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_USER_SWITCHED); 3958e745fdaSopenharmony_ci matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED); 3968e745fdaSopenharmony_ci EventFwk::CommonEventSubscribeInfo subscribeInfo(matchingSkills); 3978e745fdaSopenharmony_ci // 1 means CORE_EVENT_PRIORITY 3988e745fdaSopenharmony_ci subscribeInfo.SetPriority(1); 3998e745fdaSopenharmony_ci subscriber_ = std::make_shared<ReceiveMessage>(subscribeInfo, shared_from_this()); 4008e745fdaSopenharmony_ci RegisterSubscribeCommonEvent(); 4018e745fdaSopenharmony_ci} 4028e745fdaSopenharmony_ci 4038e745fdaSopenharmony_civoid NetFirewallService::RegisterSubscribeCommonEvent() 4048e745fdaSopenharmony_ci{ 4058e745fdaSopenharmony_ci // If the universal service has not been loaded yet, registering for broadcasting will fail 4068e745fdaSopenharmony_ci if (!EventFwk::CommonEventManager::SubscribeCommonEvent(subscriber_)) { 4078e745fdaSopenharmony_ci NETMGR_EXT_LOG_E("SubscribeCommonEvent fail"); 4088e745fdaSopenharmony_ci subscriber_ = nullptr; 4098e745fdaSopenharmony_ci } 4108e745fdaSopenharmony_ci} 4118e745fdaSopenharmony_ci 4128e745fdaSopenharmony_civoid NetFirewallService::ReceiveMessage::OnReceiveEvent(const EventFwk::CommonEventData &eventData) 4138e745fdaSopenharmony_ci{ 4148e745fdaSopenharmony_ci const auto &action = eventData.GetWant().GetAction(); 4158e745fdaSopenharmony_ci const auto &data = eventData.GetData(); 4168e745fdaSopenharmony_ci const auto &code = eventData.GetCode(); 4178e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("NetVReceiveMessage::OnReceiveEvent(), event:[%{public}s], data:[%{public}s], code:[%{public}d]", 4188e745fdaSopenharmony_ci action.c_str(), data.c_str(), code); 4198e745fdaSopenharmony_ci int32_t userId = code; 4208e745fdaSopenharmony_ci if (action == EventFwk::CommonEventSupport::COMMON_EVENT_USER_REMOVED) { 4218e745fdaSopenharmony_ci NetFirewallRuleManager::GetInstance().DeleteNetFirewallRuleByUserId(userId); 4228e745fdaSopenharmony_ci NetFirewallPolicyManager::GetInstance().ClearFirewallPolicy(userId); 4238e745fdaSopenharmony_ci NetFirewallDbHelper::GetInstance().DeleteInterceptRecord(userId); 4248e745fdaSopenharmony_ci NetFirewallRuleManager::GetInstance().DeleteUserRuleSize(userId); 4258e745fdaSopenharmony_ci return; 4268e745fdaSopenharmony_ci } 4278e745fdaSopenharmony_ci if (action == EventFwk::CommonEventSupport::COMMON_EVENT_USER_SWITCHED) { 4288e745fdaSopenharmony_ci // Old user cache cleaning 4298e745fdaSopenharmony_ci NetFirewallInterceptRecorder::GetInstance()->SyncRecordCache(); 4308e745fdaSopenharmony_ci NetFirewallPolicyManager::GetInstance().ClearCurrentFirewallPolicy(); 4318e745fdaSopenharmony_ci netfirewallService_->SetCurrentUserId(userId); 4328e745fdaSopenharmony_ci // Old user native bpf cleaning 4338e745fdaSopenharmony_ci NetFirewallRuleNativeHelper::GetInstance().ClearFirewallRules(NetFirewallRuleType::RULE_ALL); 4348e745fdaSopenharmony_ci NetFirewallRuleManager::GetInstance().OpenOrCloseNativeFirewall( 4358e745fdaSopenharmony_ci NetFirewallPolicyManager::GetInstance().IsCurrentFirewallOpen()); 4368e745fdaSopenharmony_ci return; 4378e745fdaSopenharmony_ci } 4388e745fdaSopenharmony_ci if (action == EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED) { 4398e745fdaSopenharmony_ci if (eventData.GetWant().GetIntParam(AppExecFwk::Constants::UID, 0) < 0) { 4408e745fdaSopenharmony_ci NETMGR_EXT_LOG_E("error:deletedUid < 0!,return"); 4418e745fdaSopenharmony_ci return; 4428e745fdaSopenharmony_ci } 4438e745fdaSopenharmony_ci uint32_t deletedUid = static_cast<uint32_t>(eventData.GetWant().GetIntParam(AppExecFwk::Constants::UID, 0)); 4448e745fdaSopenharmony_ci NETMGR_EXT_LOG_I("NetFirewallService: deletedUid %{public}d", deletedUid); 4458e745fdaSopenharmony_ci NetFirewallRuleManager::GetInstance().DeleteNetFirewallRuleByAppId(deletedUid); 4468e745fdaSopenharmony_ci } 4478e745fdaSopenharmony_ci} 4488e745fdaSopenharmony_ci} // namespace NetManagerStandard 4498e745fdaSopenharmony_ci} // namespace OHOS 450