1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <arpa/inet.h>
17 #include <sys/socket.h>
18
19 #include "errors.h"
20 #include "hilog/log.h"
21 #include "ipc_object_stub.h"
22 #include "ipc_types.h"
23 #include "message_parcel.h"
24 #include "netfirewall_hisysevent.h"
25 #include "netmanager_base_common_utils.h"
26 #include "netmanager_base_permission.h"
27 #include "netmgr_ext_log_wrapper.h"
28 #include "netfirewall_stub.h"
29
30 namespace OHOS {
31 namespace NetManagerStandard {
32 namespace {
33 const std::string PERMISSION_MANAGE_NET_FIREWALL = "ohos.permission.MANAGE_NET_FIREWALL";
34 const std::string PERMISSION_GET_NET_FIREWALL = "ohos.permission.GET_NET_FIREWALL";
35 }
NetFirewallStub()36 NetFirewallStub::NetFirewallStub()
37 {
38 memberFuncMap_[static_cast<uint32_t>(SET_NET_FIREWALL_STATUS)] = {PERMISSION_MANAGE_NET_FIREWALL,
39 &NetFirewallStub::OnSetNetFirewallPolicy};
40 memberFuncMap_[static_cast<uint32_t>(GET_NET_FIREWALL_STATUS)] = {PERMISSION_GET_NET_FIREWALL,
41 &NetFirewallStub::OnGetNetFirewallPolicy};
42 memberFuncMap_[static_cast<uint32_t>(ADD_NET_FIREWALL_RULE)] = {PERMISSION_MANAGE_NET_FIREWALL,
43 &NetFirewallStub::OnAddNetFirewallRule};
44 memberFuncMap_[static_cast<uint32_t>(UPDATE_NET_FIREWALL_RULE)] = {PERMISSION_MANAGE_NET_FIREWALL,
45 &NetFirewallStub::OnUpdateNetFirewallRule};
46 memberFuncMap_[static_cast<uint32_t>(DELETE_NET_FIREWALL_RULE)] = {PERMISSION_MANAGE_NET_FIREWALL,
47 &NetFirewallStub::OnDeleteNetFirewallRule};
48 memberFuncMap_[static_cast<uint32_t>(GET_ALL_NET_FIREWALL_RULES)] = {PERMISSION_GET_NET_FIREWALL,
49 &NetFirewallStub::OnGetNetFirewallRules};
50 memberFuncMap_[static_cast<uint32_t>(GET_NET_FIREWALL_RULE)] = {PERMISSION_GET_NET_FIREWALL,
51 &NetFirewallStub::OnGetNetFirewallRule};
52 memberFuncMap_[static_cast<uint32_t>(GET_ALL_INTERCEPT_RECORDS)] = {PERMISSION_GET_NET_FIREWALL,
53 &NetFirewallStub::OnGetInterceptRecords};
54 }
55
CheckFirewallPermission(std::string &strPermission)56 int32_t NetFirewallStub::CheckFirewallPermission(std::string &strPermission)
57 {
58 if (!strPermission.empty() && !NetManagerPermission::CheckPermission(strPermission)) {
59 NETMGR_EXT_LOG_E("Permission denied permission: %{public}s", strPermission.c_str());
60 return FIREWALL_ERR_PERMISSION_DENIED;
61 }
62 return FIREWALL_SUCCESS;
63 }
64
OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)65 int32_t NetFirewallStub::OnRemoteRequest(uint32_t code, MessageParcel &data, MessageParcel &reply,
66 MessageOption &option)
67 {
68 std::u16string myDescripter = NetFirewallStub::GetDescriptor();
69 std::u16string remoteDescripter = data.ReadInterfaceToken();
70 if (myDescripter != remoteDescripter) {
71 NETMGR_EXT_LOG_E("descriptor checked fail");
72 return NETMANAGER_EXT_ERR_DESCRIPTOR_MISMATCH;
73 }
74 auto itFunc = memberFuncMap_.find(code);
75 if (itFunc != memberFuncMap_.end()) {
76 NETMGR_EXT_LOG_I("enter OnRemoteRequest code %{public}d:", code);
77 int32_t checkResult = CheckFirewallPermission(itFunc->second.strPermission);
78 if (checkResult != FIREWALL_SUCCESS) {
79 return checkResult;
80 }
81 auto serviceFunc = itFunc->second.serviceFunc;
82 if (serviceFunc != nullptr) {
83 return (this->*serviceFunc)(data, reply);
84 }
85 }
86 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
87 }
88
OnSetNetFirewallPolicy(MessageParcel &data, MessageParcel &reply)89 int32_t NetFirewallStub::OnSetNetFirewallPolicy(MessageParcel &data, MessageParcel &reply)
90 {
91 int32_t userId;
92 if (!data.ReadInt32(userId)) {
93 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
94 }
95 if (userId <= 0) {
96 NETMGR_EXT_LOG_E("Parameter error.");
97 return FIREWALL_ERR_INVALID_PARAMETER;
98 }
99 sptr<NetFirewallPolicy> status = NetFirewallPolicy::Unmarshalling(data);
100 if (status == nullptr) {
101 NETMGR_EXT_LOG_E("status is nullptr.");
102 return FIREWALL_ERR_INTERNAL;
103 }
104
105 return SetNetFirewallPolicy(userId, status);
106 }
107
OnGetNetFirewallPolicy(MessageParcel &data, MessageParcel &reply)108 int32_t NetFirewallStub::OnGetNetFirewallPolicy(MessageParcel &data, MessageParcel &reply)
109 {
110 int32_t userId;
111 if (!data.ReadInt32(userId)) {
112 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
113 }
114 if (userId <= 0) {
115 NETMGR_EXT_LOG_E("Parameter error.");
116 return FIREWALL_ERR_INVALID_PARAMETER;
117 }
118 sptr<NetFirewallPolicy> status = new (std::nothrow) NetFirewallPolicy();
119 int32_t ret = GetNetFirewallPolicy(userId, status);
120 if (ret == FIREWALL_SUCCESS) {
121 if (!status->Marshalling(reply)) {
122 return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
123 }
124 }
125 return ret;
126 }
127
OnAddNetFirewallRule(MessageParcel &data, MessageParcel &reply)128 int32_t NetFirewallStub::OnAddNetFirewallRule(MessageParcel &data, MessageParcel &reply)
129 {
130 sptr<NetFirewallRule> rule = NetFirewallRule::Unmarshalling(data);
131 if (rule == nullptr) {
132 NETMGR_EXT_LOG_E("rule is nullptr.");
133 return FIREWALL_ERR_INTERNAL;
134 }
135 if (rule->userId <= 0) {
136 NETMGR_EXT_LOG_E("Parameter error.");
137 return FIREWALL_ERR_INVALID_PARAMETER;
138 }
139 if (rule->ruleName.empty() || rule->ruleName.size() > MAX_RULE_NAME_LEN ||
140 rule->ruleDescription.size() > MAX_RULE_DESCRIPTION_LEN) {
141 NETMANAGER_EXT_LOGE("rule name or description is too long");
142 return FIREWALL_ERR_INVALID_PARAMETER;
143 }
144 if (rule->localIps.size() > MAX_RULE_IP_COUNT || rule->remoteIps.size() > MAX_RULE_IP_COUNT) {
145 NETMGR_EXT_LOG_E("ip invalid, size is too long.");
146 return FIREWALL_ERR_EXCEED_MAX_IP;
147 }
148
149 if (rule->localPorts.size() > MAX_RULE_PORT_COUNT || rule->remotePorts.size() > MAX_RULE_PORT_COUNT) {
150 NETMGR_EXT_LOG_E("port invalid, size is too long.");
151 return FIREWALL_ERR_EXCEED_MAX_PORT;
152 }
153
154 if (rule->domains.size() > MAX_RULE_DOMAIN_COUNT) {
155 NETMGR_EXT_LOG_E("domain invalid, size is too long.");
156 return FIREWALL_ERR_EXCEED_MAX_DOMAIN;
157 }
158
159 int32_t result = 0;
160 int32_t ret = AddNetFirewallRule(rule, result);
161 if (ret == FIREWALL_SUCCESS) {
162 if (!reply.WriteUint32(result)) {
163 ret = NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
164 }
165 }
166 NetFirewallHisysEvent::SendFirewallConfigReport(rule->userId, ret);
167 return ret;
168 }
169
OnUpdateNetFirewallRule(MessageParcel &data, MessageParcel &reply)170 int32_t NetFirewallStub::OnUpdateNetFirewallRule(MessageParcel &data, MessageParcel &reply)
171 {
172 sptr<NetFirewallRule> rule = NetFirewallRule::Unmarshalling(data);
173 if (rule == nullptr) {
174 NETMGR_EXT_LOG_E("rule is nullptr.");
175 return FIREWALL_ERR_INTERNAL;
176 }
177 if (rule->userId <= 0) {
178 NETMGR_EXT_LOG_E("Parameter error.");
179 return FIREWALL_ERR_INVALID_PARAMETER;
180 }
181 if (rule->ruleName.empty() || rule->ruleName.size() > MAX_RULE_NAME_LEN ||
182 rule->ruleDescription.size() > MAX_RULE_DESCRIPTION_LEN) {
183 NETMANAGER_EXT_LOGE("rule name or description is too long");
184 return FIREWALL_ERR_INVALID_PARAMETER;
185 }
186 if (rule->localIps.size() > MAX_RULE_IP_COUNT || rule->remoteIps.size() > MAX_RULE_IP_COUNT) {
187 NETMGR_EXT_LOG_E("ip invalid, size is too long.");
188 return FIREWALL_ERR_EXCEED_MAX_IP;
189 }
190
191 if (rule->localPorts.size() > MAX_RULE_PORT_COUNT || rule->remotePorts.size() > MAX_RULE_PORT_COUNT) {
192 NETMGR_EXT_LOG_E("port invalid, size is too long.");
193 return FIREWALL_ERR_EXCEED_MAX_PORT;
194 }
195
196 if (rule->domains.size() > MAX_RULE_DOMAIN_COUNT) {
197 NETMGR_EXT_LOG_E("domain invalid, size is too long.");
198 return FIREWALL_ERR_EXCEED_MAX_DOMAIN;
199 }
200
201 int32_t ret = UpdateNetFirewallRule(rule);
202 NetFirewallHisysEvent::SendFirewallConfigReport(rule->userId, ret);
203 return ret;
204 }
205
OnDeleteNetFirewallRule(MessageParcel &data, MessageParcel &reply)206 int32_t NetFirewallStub::OnDeleteNetFirewallRule(MessageParcel &data, MessageParcel &reply)
207 {
208 int32_t userId;
209 if (!data.ReadInt32(userId)) {
210 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
211 }
212 if (userId <= 0) {
213 NETMGR_EXT_LOG_E("Parameter error.");
214 return FIREWALL_ERR_INVALID_PARAMETER;
215 }
216 int32_t ruleId;
217 if (!data.ReadInt32(ruleId)) {
218 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
219 }
220 if (ruleId <= 0) {
221 NETMGR_EXT_LOG_E("Parameter error.");
222 return FIREWALL_ERR_INVALID_PARAMETER;
223 }
224 int32_t ret = DeleteNetFirewallRule(userId, ruleId);
225 NetFirewallHisysEvent::SendFirewallRequestReport(userId, ret);
226 return ret;
227 }
228
OnGetNetFirewallRules(MessageParcel &data, MessageParcel &reply)229 int32_t NetFirewallStub::OnGetNetFirewallRules(MessageParcel &data, MessageParcel &reply)
230 {
231 int32_t userId;
232 if (!data.ReadInt32(userId)) {
233 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
234 }
235 if (userId <= 0) {
236 NETMGR_EXT_LOG_E("Parameter error.");
237 return FIREWALL_ERR_INVALID_PARAMETER;
238 }
239 sptr<RequestParam> param = RequestParam::Unmarshalling(data);
240 if (param == nullptr) {
241 NETMGR_EXT_LOG_E("param is nullptr.");
242 return FIREWALL_ERR_INTERNAL;
243 }
244 if (param->page < 1 || param->page > FIREWALL_USER_MAX_RULE || param->pageSize < 1 ||
245 param->pageSize > static_cast<int32_t>(MAX_PAGE_SIZE)) {
246 NETMANAGER_EXT_LOGE("ParsePageParam page or pageSize is error");
247 return FIREWALL_ERR_INVALID_PARAMETER;
248 }
249 sptr<FirewallRulePage> info = new (std::nothrow) FirewallRulePage();
250 int32_t ret = GetNetFirewallRules(userId, param, info);
251 if (ret == FIREWALL_SUCCESS) {
252 if (!info->Marshalling(reply)) {
253 return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
254 }
255 }
256 NetFirewallHisysEvent::SendFirewallRequestReport(userId, ret);
257 return ret;
258 }
259
OnGetNetFirewallRule(MessageParcel &data, MessageParcel &reply)260 int32_t NetFirewallStub::OnGetNetFirewallRule(MessageParcel &data, MessageParcel &reply)
261 {
262 int32_t userId;
263 if (!data.ReadInt32(userId)) {
264 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
265 }
266 int32_t ruleId;
267 if (!data.ReadInt32(ruleId)) {
268 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
269 }
270 if (userId <= 0 || ruleId <= 0) {
271 NETMGR_EXT_LOG_E("Parameter error.");
272 return FIREWALL_ERR_INVALID_PARAMETER;
273 }
274 sptr<NetFirewallRule> rule = new (std::nothrow) NetFirewallRule();
275 int32_t ret = GetNetFirewallRule(userId, ruleId, rule);
276 if (ret == FIREWALL_SUCCESS) {
277 if (!rule->Marshalling(reply)) {
278 return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
279 }
280 }
281 NetFirewallHisysEvent::SendFirewallRequestReport(userId, ret);
282 return ret;
283 }
284
OnGetInterceptRecords(MessageParcel &data, MessageParcel &reply)285 int32_t NetFirewallStub::OnGetInterceptRecords(MessageParcel &data, MessageParcel &reply)
286 {
287 int32_t userId;
288 if (!data.ReadInt32(userId)) {
289 return NETMANAGER_EXT_ERR_READ_DATA_FAIL;
290 }
291 if (userId <= 0) {
292 NETMGR_EXT_LOG_E("Parameter error.");
293 return FIREWALL_ERR_INVALID_PARAMETER;
294 }
295 sptr<RequestParam> param = RequestParam::Unmarshalling(data);
296 if (param == nullptr) {
297 NETMGR_EXT_LOG_E("param is nullptr.");
298 return FIREWALL_ERR_INTERNAL;
299 }
300 if (param->page < 1 || param->page > FIREWALL_USER_MAX_RULE || param->pageSize < 1 ||
301 param->pageSize > static_cast<int32_t>(MAX_PAGE_SIZE)) {
302 NETMANAGER_EXT_LOGE("ParsePageParam page or pageSize is error");
303 return FIREWALL_ERR_INVALID_PARAMETER;
304 }
305 sptr<InterceptRecordPage> info = new (std::nothrow) InterceptRecordPage();
306 int32_t ret = GetInterceptRecords(userId, param, info);
307 if (ret == FIREWALL_SUCCESS) {
308 if (!info->Marshalling(reply)) {
309 return NETMANAGER_EXT_ERR_WRITE_REPLY_FAIL;
310 }
311 }
312 NetFirewallHisysEvent::SendRecordRequestReport(userId, ret);
313 return ret;
314 }
315 } // namespace NetManagerStandard
316 } // namespace OHOS
317