1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "networkvpn_service.h"
17
18 #include <cerrno>
19 #include <ctime>
20 #include <fcntl.h>
21 #include <sys/socket.h>
22 #include <sys/stat.h>
23 #include <sys/types.h>
24 #include <sys/un.h>
25 #include <unistd.h>
26 #include <string>
27 #include <fstream>
28 #include <thread>
29
30 #include "ipc_skeleton.h"
31 #include "securec.h"
32 #include "system_ability_definition.h"
33 #include "iservice_registry.h"
34
35 #include "ability_manager_client.h"
36 #include "extended_vpn_ctl.h"
37 #include "net_event_report.h"
38 #include "net_manager_center.h"
39 #include "net_manager_constants.h"
40 #include "net_manager_ext_constants.h"
41 #include "netmanager_base_permission.h"
42 #include "netmgr_ext_log_wrapper.h"
43 #include "netsys_controller.h"
44 #include "networkvpn_hisysevent.h"
45 #include "net_datashare_utils_iface.h"
46 #ifdef SUPPORT_SYSVPN
47 #include "ipsec_vpn_ctl.h"
48 #include "l2tp_vpn_ctl.h"
49 #include "open_vpn_ctl.h"
50 #include "vpn_data_bean.h"
51 #endif // SUPPORT_SYSVPN
52
53 namespace OHOS {
54 namespace NetManagerStandard {
55 constexpr int32_t USER_ID_DIVIDOR = 200000;
56 constexpr int32_t MAX_CALLBACK_COUNT = 128;
57 constexpr const char *NET_ACTIVATE_WORK_THREAD = "VPN_CALLBACK_WORK_THREAD";
58 constexpr const char* VPN_CONFIG_FILE = "/data/service/el1/public/netmanager/vpn_config.json";
59 constexpr const char* VPN_EXTENSION_LABEL = ":vpn";
60 constexpr uint32_t MAX_GET_SERVICE_COUNT = 30;
61 constexpr uint32_t WAIT_FOR_SERVICE_TIME_S = 1;
62 constexpr uint32_t AGAIN_REGISTER_CALLBACK_INTERVAL = 500;
63 constexpr uint32_t MAX_RETRY_TIMES = 10;
64 constexpr uint32_t UID_NET_SYS_NATIVE = 1098;
65 constexpr const char *VPNEXT_MODE_URI =
66 "datashare:///com.ohos.settingsdata/entry/settingsdata/SETTINGSDATA?Proxy=true&key=vpnext_mode";
67
68 const bool REGISTER_LOCAL_RESULT_NETVPN =
69 SystemAbility::MakeAndRegisterAbility(&NetworkVpnService::GetInstance());
70
71 constexpr const int INVALID_CODE = -1;
72 const std::vector<std::string> ACCESS_PERMISSION {"ohos.permission.GET_NETWORK_INFO"};
73 constexpr const char *const PARAM_KEY_STATE = "state";
74 constexpr const char *const COMMON_EVENT_VPN_CONNECT_STATUS_VALUE =
75 "usual.event.VPN_CONNECTION_STATUS_CHANGED";
76
NetworkVpnService()77 NetworkVpnService::NetworkVpnService() : SystemAbility(COMM_VPN_MANAGER_SYS_ABILITY_ID, true) {}
~NetworkVpnService()78 NetworkVpnService::~NetworkVpnService()
79 {
80 RemoveALLClientDeathRecipient();
81 }
82
OnStart()83 void NetworkVpnService::OnStart()
84 {
85 if (state_ == STATE_RUNNING) {
86 NETMGR_EXT_LOG_D("OnStart Vpn Service state is already running");
87 return;
88 }
89 if (!Init()) {
90 NETMGR_EXT_LOG_E("OnStart Vpn init failed");
91 VpnHisysEvent::SendFaultEvent(VpnEventType::TYPE_UNKNOWN, VpnEventOperator::OPERATION_START_SA,
92 VpnEventErrorType::ERROR_INTERNAL_ERROR, "Start Vpn Service failed");
93 return;
94 }
95 state_ = STATE_RUNNING;
96 NETMGR_EXT_LOG_I("OnStart vpn successful");
97 }
98
OnStop()99 void NetworkVpnService::OnStop()
100 {
101 state_ = STATE_STOPPED;
102 isServicePublished_ = false;
103
104 NETMGR_EXT_LOG_I("OnStop vpn successful");
105 }
106
Dump(int32_t fd, const std::vector<std::u16string> &args)107 int32_t NetworkVpnService::Dump(int32_t fd, const std::vector<std::u16string> &args)
108 {
109 std::string result;
110 GetDumpMessage(result);
111 NETMGR_EXT_LOG_I("Vpn dump fd: %{public}d, content: %{public}s", fd, result.c_str());
112 int32_t ret = dprintf(fd, "%s\n", result.c_str());
113 if (ret < 0) {
114 NETMGR_EXT_LOG_E("dprintf failed, errno[%{public}d]", errno);
115 return NETMANAGER_EXT_ERR_INTERNAL;
116 }
117 return NETMANAGER_EXT_SUCCESS;
118 }
119
Init()120 bool NetworkVpnService::Init()
121 {
122 if (!REGISTER_LOCAL_RESULT_NETVPN) {
123 NETMGR_EXT_LOG_E("Register to local sa manager failed");
124 return false;
125 }
126 networkVpnServiceFfrtQueue_ = std::make_shared<ffrt::queue>("NetworkVpnService");
127 if (!networkVpnServiceFfrtQueue_) {
128 NETMGR_EXT_LOG_E("FFRT Create Fail");
129 return false;
130 }
131 if (!isServicePublished_) {
132 if (!Publish(&NetworkVpnService::GetInstance())) {
133 NETMGR_EXT_LOG_E("Register to sa manager failed");
134 return false;
135 }
136 isServicePublished_ = true;
137 }
138
139 AddSystemAbilityListener(COMM_NETSYS_NATIVE_SYS_ABILITY_ID);
140
141 SubscribeCommonEvent();
142 if (!vpnConnCallback_) {
143 vpnConnCallback_ = std::make_shared<VpnConnStateCb>(*this);
144 }
145
146 vpnHapObserver_ = new VpnHapObserver(*this);
147 RegisterFactoryResetCallback();
148 return true;
149 }
150
GetDumpMessage(std::string &message)151 void NetworkVpnService::GetDumpMessage(std::string &message)
152 {
153 std::unique_lock<std::mutex> locker(netVpnMutex_);
154 message.append("Net Vpn Info:\n");
155 if (vpnObj_ != nullptr) {
156 const auto &config = vpnObj_->GetVpnConfig();
157 std::string isLegacy = (config->isLegacy_) ? "true" : "false";
158 message.append("\tisLegacy: " + isLegacy + "\n");
159 message.append("\tPackageName: " + vpnObj_->GetVpnPkg() + "\n");
160 message.append("\tinterface: " + vpnObj_->GetInterfaceName() + "\n");
161 message.append("\tstate: connected\n");
162 } else {
163 message.append("\tstate: disconnected\n");
164 }
165 message.append("\tend.\n");
166 }
167
PublishEvent(const OHOS::AAFwk::Want &want, int eventCode, bool isOrdered, bool isSticky, const std::vector<std::string> &permissions) const168 bool NetworkVpnService::PublishEvent(const OHOS::AAFwk::Want &want, int eventCode,
169 bool isOrdered, bool isSticky, const std::vector<std::string> &permissions) const
170 {
171 OHOS::EventFwk::CommonEventData data;
172 data.SetWant(want);
173 if (eventCode != INVALID_CODE) {
174 data.SetCode(eventCode);
175 }
176 OHOS::EventFwk::CommonEventPublishInfo publishInfo;
177 publishInfo.SetOrdered(isOrdered);
178 // sticky tag: EventFwk would keep last event for later subscriber.
179 publishInfo.SetSticky(isSticky);
180 if (permissions.size() > 0) {
181 publishInfo.SetSubscriberPermissions(permissions);
182 }
183 bool publishResult = OHOS::EventFwk::CommonEventManager::PublishCommonEvent(data, publishInfo);
184 return publishResult;
185 }
186
PublishVpnConnectionStateEvent(const VpnConnectState &state) const187 void NetworkVpnService::PublishVpnConnectionStateEvent(const VpnConnectState &state) const
188 {
189 OHOS::AAFwk::Want want;
190 want.SetAction(COMMON_EVENT_VPN_CONNECT_STATUS_VALUE);
191 want.SetParam(PARAM_KEY_STATE, (state == VpnConnectState::VPN_CONNECTED) ? 1 : 0);
192 if (!PublishEvent(want, INVALID_CODE, false, true, ACCESS_PERMISSION)) {
193 NETMGR_EXT_LOG_I("Publish vpn connection state fail.");
194 }
195 }
196
OnVpnConnStateChanged(const VpnConnectState &state)197 void NetworkVpnService::VpnConnStateCb::OnVpnConnStateChanged(const VpnConnectState &state)
198 {
199 NETMGR_EXT_LOG_I("receive new vpn connect state[%{public}d].", static_cast<uint32_t>(state));
200 vpnService_.PublishVpnConnectionStateEvent(state);
201 if (!vpnService_.networkVpnServiceFfrtQueue_) {
202 NETMGR_EXT_LOG_E("FFRT Create Fail");
203 return;
204 }
205 std::function<void()> OnVpnConnStateChangedFunction = [this, &state]() {
206 std::for_each(vpnService_.vpnEventCallbacks_.begin(), vpnService_.vpnEventCallbacks_.end(),
207 [&state](const auto &callback) {
208 callback->OnVpnStateChanged((VpnConnectState::VPN_CONNECTED == state) ? true : false);
209 });
210 };
211 ffrt::task_handle OnVpnConnStateTask =
212 vpnService_.networkVpnServiceFfrtQueue_->submit_h(OnVpnConnStateChangedFunction,
213 ffrt::task_attr().name("OnVpnConnStateChanged"));
214 vpnService_.networkVpnServiceFfrtQueue_->wait(OnVpnConnStateTask);
215 }
216
OnVpnMultiUserSetUp()217 void NetworkVpnService::OnVpnMultiUserSetUp()
218 {
219 NETMGR_EXT_LOG_I("user multiple execute set up.");
220 if (!networkVpnServiceFfrtQueue_) {
221 NETMGR_EXT_LOG_E("FFRT Create Fail");
222 return;
223 }
224 std::function<void()> OnVpnMultiUserSetUpFunction = [this]() {
225 std::for_each(vpnEventCallbacks_.begin(), vpnEventCallbacks_.end(),
226 [](const auto &callback) { callback->OnVpnMultiUserSetUp(); });
227 };
228 ffrt::task_handle OnVpnMultiUserSetUpTask =
229 networkVpnServiceFfrtQueue_->submit_h(OnVpnMultiUserSetUpFunction,
230 ffrt::task_attr().name("OnVpnMultiUserSetUp"));
231 networkVpnServiceFfrtQueue_->wait(OnVpnMultiUserSetUpTask);
232 }
233
Prepare(bool &isExistVpn, bool &isRun, std::string &pkg)234 int32_t NetworkVpnService::Prepare(bool &isExistVpn, bool &isRun, std::string &pkg)
235 {
236 std::unique_lock<std::mutex> locker(netVpnMutex_);
237 isRun = false;
238 isExistVpn = false;
239 if (vpnObj_ != nullptr) {
240 isExistVpn = true;
241 isRun = vpnObj_->IsVpnConnecting();
242 pkg = vpnObj_->GetVpnPkg();
243 }
244 NETMGR_EXT_LOG_I("NetworkVpnService Prepare successfully");
245 return NETMANAGER_EXT_SUCCESS;
246 }
247
ConvertStringToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)248 void NetworkVpnService::ConvertStringToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)
249 {
250 cJSON *dnsAddr = cJSON_GetObjectItem(doc, "dnsAddresses");
251 if (dnsAddr != nullptr && cJSON_IsArray(dnsAddr)) {
252 for (int32_t i = 0; i < cJSON_GetArraySize(dnsAddr); i++) {
253 cJSON *item = cJSON_GetArrayItem(dnsAddr, i);
254 if (cJSON_IsString(item)) {
255 std::string mem = cJSON_GetStringValue(item);
256 vpnCfg->dnsAddresses_.push_back(mem);
257 }
258 }
259 }
260 cJSON *sDomain = cJSON_GetObjectItem(doc, "searchDomains");
261 if (sDomain != nullptr && cJSON_IsArray(sDomain)) {
262 for (int32_t i = 0; i < cJSON_GetArraySize(sDomain); i++) {
263 cJSON *item = cJSON_GetArrayItem(sDomain, i);
264 if (cJSON_IsString(item)) {
265 std::string mem = cJSON_GetStringValue(item);
266 vpnCfg->searchDomains_.push_back(mem);
267 }
268 }
269 }
270 cJSON *acceptApp = cJSON_GetObjectItem(doc, "acceptedApplications");
271 if (acceptApp != nullptr && cJSON_IsArray(acceptApp)) {
272 for (int32_t i = 0; i < cJSON_GetArraySize(acceptApp); i++) {
273 cJSON *item = cJSON_GetArrayItem(acceptApp, i);
274 if (cJSON_IsString(item)) {
275 std::string mem = cJSON_GetStringValue(item);
276 NETMGR_EXT_LOG_D("acceptApp = %{public}s", mem.c_str());
277 vpnCfg->acceptedApplications_.push_back(mem);
278 }
279 }
280 }
281 cJSON *refusedApp = cJSON_GetObjectItem(doc, "refusedApplications");
282 if (refusedApp != nullptr && cJSON_IsArray(refusedApp)) {
283 for (int32_t i = 0; i < cJSON_GetArraySize(refusedApp); i++) {
284 cJSON *item = cJSON_GetArrayItem(refusedApp, i);
285 if (cJSON_IsString(item)) {
286 std::string mem = cJSON_GetStringValue(item);
287 NETMGR_EXT_LOG_D("refusedApp = %{public}s", mem.c_str());
288 vpnCfg->refusedApplications_.push_back(mem);
289 }
290 }
291 }
292 }
293
ConvertNetAddrToConfig(INetAddr& tmp, const cJSON* const mem)294 void NetworkVpnService::ConvertNetAddrToConfig(INetAddr& tmp, const cJSON* const mem)
295 {
296 cJSON *type = cJSON_GetObjectItem(mem, "type");
297 if (type != nullptr && cJSON_IsNumber(type)) {
298 tmp.type_ = static_cast<int32_t>(cJSON_GetNumberValue(type));
299 NETMGR_EXT_LOG_D("type = %{public}d", tmp.type_);
300 }
301 cJSON *family = cJSON_GetObjectItem(mem, "family");
302 if (family != nullptr && cJSON_IsNumber(family)) {
303 tmp.family_ = static_cast<int32_t>(cJSON_GetNumberValue(family));
304 NETMGR_EXT_LOG_D("family = %{public}d", tmp.family_);
305 }
306 cJSON *prefixlen = cJSON_GetObjectItem(mem, "prefixlen");
307 if (prefixlen != nullptr && cJSON_IsNumber(prefixlen)) {
308 tmp.prefixlen_ = static_cast<int32_t>(cJSON_GetNumberValue(prefixlen));
309 NETMGR_EXT_LOG_D("prefixlen = %{public}d", tmp.prefixlen_);
310 }
311 cJSON *address = cJSON_GetObjectItem(mem, "address");
312 if (address != nullptr && cJSON_IsString(address)) {
313 tmp.address_ = cJSON_GetStringValue(address);
314 }
315 cJSON *netMask = cJSON_GetObjectItem(mem, "netMask");
316 if (netMask != nullptr && cJSON_IsString(netMask)) {
317 tmp.netMask_ = cJSON_GetStringValue(netMask);
318 NETMGR_EXT_LOG_D("netMask = %{public}s", tmp.netMask_.c_str());
319 }
320 cJSON *hostName = cJSON_GetObjectItem(mem, "hostName");
321 if (hostName != nullptr && cJSON_IsString(hostName)) {
322 tmp.hostName_ = cJSON_GetStringValue(hostName);
323 }
324 cJSON *port = cJSON_GetObjectItem(mem, "port");
325 if (port != nullptr && cJSON_IsNumber(port)) {
326 tmp.port_ = static_cast<int32_t>(cJSON_GetNumberValue(port));
327 NETMGR_EXT_LOG_D("port = %{public}d", tmp.port_);
328 }
329 }
330
ConvertVecAddrToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)331 void NetworkVpnService::ConvertVecAddrToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)
332 {
333 cJSON *addresses = cJSON_GetObjectItem(doc, "addresses");
334 if (addresses != nullptr && cJSON_IsArray(addresses)) {
335 uint32_t itemSize = cJSON_GetArraySize(addresses);
336 for (uint32_t i = 0; i < itemSize; i++) {
337 cJSON *item = cJSON_GetArrayItem(addresses, i);
338 if (cJSON_IsObject(item)) {
339 INetAddr tmp;
340 ConvertNetAddrToConfig(tmp, item);
341 vpnCfg->addresses_.push_back(tmp);
342 }
343 }
344 }
345 }
346
ConvertRouteToConfig(Route& tmp, const cJSON* const mem)347 void NetworkVpnService::ConvertRouteToConfig(Route& tmp, const cJSON* const mem)
348 {
349 cJSON *iface = cJSON_GetObjectItem(mem, "iface");
350 if (iface != nullptr && cJSON_IsString(iface)) {
351 tmp.iface_ = cJSON_GetStringValue(iface);
352 NETMGR_EXT_LOG_D("iface = %{public}s", tmp.iface_.c_str());
353 }
354 cJSON *rtnType = cJSON_GetObjectItem(mem, "rtnType");
355 if (rtnType != nullptr && cJSON_IsNumber(rtnType)) {
356 tmp.rtnType_ = cJSON_GetNumberValue(rtnType);
357 NETMGR_EXT_LOG_D("rtnType = %{public}d", tmp.rtnType_);
358 }
359 cJSON *mtu = cJSON_GetObjectItem(mem, "mtu");
360 if (mtu != nullptr && cJSON_IsNumber(mtu)) {
361 tmp.mtu_ = cJSON_GetNumberValue(mtu);
362 NETMGR_EXT_LOG_D("mtu = %{public}d", tmp.mtu_);
363 }
364 cJSON *isHost = cJSON_GetObjectItem(mem, "isHost");
365 if (isHost != nullptr && cJSON_IsBool(isHost)) {
366 tmp.isHost_ = cJSON_IsTrue(isHost) ? true : false;
367 NETMGR_EXT_LOG_D("isHost = %{public}d", tmp.isHost_);
368 }
369 cJSON *hasGateway = cJSON_GetObjectItem(mem, "hasGateway");
370 if (hasGateway != nullptr && cJSON_IsBool(hasGateway)) {
371 tmp.hasGateway_ = cJSON_IsTrue(hasGateway) ? true : false;
372 NETMGR_EXT_LOG_D("hasGateway_ = %{public}d", tmp.hasGateway_);
373 }
374 cJSON *isDefaultRoute = cJSON_GetObjectItem(mem, "isDefaultRoute");
375 if (isDefaultRoute != nullptr && cJSON_IsBool(isDefaultRoute)) {
376 tmp.isDefaultRoute_ = cJSON_IsTrue(isDefaultRoute) ? true : false;
377 NETMGR_EXT_LOG_D("isDefaultRoute_ = %{public}d", tmp.isDefaultRoute_);
378 }
379 cJSON *destination = cJSON_GetObjectItem(mem, "destination");
380 if (destination != nullptr && cJSON_IsObject(destination)) {
381 INetAddr tmpINet;
382 ConvertNetAddrToConfig(tmpINet, destination);
383 tmp.destination_ = tmpINet;
384 }
385 cJSON *gateway = cJSON_GetObjectItem(mem, "gateway");
386 if (gateway != nullptr && cJSON_IsObject(gateway)) {
387 INetAddr tmpINet;
388 ConvertNetAddrToConfig(tmpINet, gateway);
389 tmp.gateway_ = tmpINet;
390 }
391 }
392
ConvertVecRouteToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)393 void NetworkVpnService::ConvertVecRouteToConfig(sptr<VpnConfig> &vpnCfg, const cJSON* const doc)
394 {
395 cJSON *routes = cJSON_GetObjectItem(doc, "routes");
396 if (routes != nullptr && cJSON_IsArray(routes)) {
397 uint32_t itemSize = cJSON_GetArraySize(routes);
398 for (uint32_t i = 0; i < itemSize; i++) {
399 cJSON *item = cJSON_GetArrayItem(routes, i);
400 if (cJSON_IsObject(item)) {
401 Route tmp;
402 ConvertRouteToConfig(tmp, item);
403 vpnCfg->routes_.push_back(tmp);
404 }
405 }
406 }
407 }
408
ParseJsonToConfig(sptr<VpnConfig> &vpnCfg, const std::string& jsonString)409 void NetworkVpnService::ParseJsonToConfig(sptr<VpnConfig> &vpnCfg, const std::string& jsonString)
410 {
411 cJSON *doc = cJSON_Parse(jsonString.c_str());
412 if (doc == nullptr) {
413 NETMGR_EXT_LOG_E("jsonString parse failed!");
414 return;
415 }
416 cJSON *mtu = cJSON_GetObjectItem(doc, "mtu");
417 if (mtu != nullptr && cJSON_IsNumber(mtu)) {
418 vpnCfg->mtu_ = cJSON_GetNumberValue(mtu);
419 NETMGR_EXT_LOG_D("mtu = %{public}d", vpnCfg->mtu_);
420 }
421 cJSON *isAcceptIPv4 = cJSON_GetObjectItem(doc, "isAcceptIPv4");
422 if (isAcceptIPv4 != nullptr && cJSON_IsBool(isAcceptIPv4)) {
423 vpnCfg->isAcceptIPv4_ = cJSON_IsTrue(isAcceptIPv4);
424 NETMGR_EXT_LOG_D("isAcceptIPv4 = %{public}d", vpnCfg->isAcceptIPv4_);
425 }
426 cJSON *isAcceptIPv6 = cJSON_GetObjectItem(doc, "isAcceptIPv6");
427 if (isAcceptIPv6 != nullptr && cJSON_IsBool(isAcceptIPv6)) {
428 vpnCfg->isAcceptIPv6_ = cJSON_IsTrue(isAcceptIPv6);
429 NETMGR_EXT_LOG_D("isAcceptIPv6 = %{public}d", vpnCfg->isAcceptIPv6_);
430 }
431 cJSON *isLegacy = cJSON_GetObjectItem(doc, "isLegacy");
432 if (isLegacy != nullptr && cJSON_IsBool(isLegacy)) {
433 vpnCfg->isLegacy_ = cJSON_IsTrue(isLegacy);
434 NETMGR_EXT_LOG_D("isLegacy = %{public}d", vpnCfg->isLegacy_);
435 }
436 cJSON *isMetered = cJSON_GetObjectItem(doc, "isMetered");
437 if (isMetered != nullptr && cJSON_IsBool(isMetered)) {
438 vpnCfg->isMetered_ = cJSON_IsTrue(isMetered);
439 NETMGR_EXT_LOG_D("isMetered = %{public}d", vpnCfg->isMetered_);
440 }
441 cJSON *isBlocking = cJSON_GetObjectItem(doc, "isBlocking");
442 if (isBlocking != nullptr && cJSON_IsBool(isBlocking)) {
443 vpnCfg->isBlocking_ = cJSON_IsTrue(isBlocking);
444 NETMGR_EXT_LOG_D("isBlocking = %{public}d", vpnCfg->isBlocking_);
445 }
446
447 ConvertStringToConfig(vpnCfg, doc);
448
449 ConvertVecAddrToConfig(vpnCfg, doc);
450
451 ConvertVecRouteToConfig(vpnCfg, doc);
452
453 cJSON_Delete(doc);
454 }
455
RecoverVpnConfig()456 void NetworkVpnService::RecoverVpnConfig()
457 {
458 sptr<VpnConfig> vpnCfg = new VpnConfig();
459 std::ifstream ifs(VPN_CONFIG_FILE);
460 if (!ifs) {
461 NETMGR_EXT_LOG_D("file don't exist, don't need recover");
462 return;
463 }
464 std::string jsonString;
465 std::getline(ifs, jsonString);
466 ParseJsonToConfig(vpnCfg, jsonString);
467 SetUpVpn(vpnCfg);
468 }
469
ConvertNetAddrToJson(const INetAddr& netAddr, cJSON* jInetAddr)470 void NetworkVpnService::ConvertNetAddrToJson(const INetAddr& netAddr, cJSON* jInetAddr)
471 {
472 cJSON_AddItemToObject(jInetAddr, "type", cJSON_CreateNumber(netAddr.type_));
473 cJSON_AddItemToObject(jInetAddr, "family", cJSON_CreateNumber(netAddr.family_));
474 cJSON_AddItemToObject(jInetAddr, "prefixlen", cJSON_CreateNumber(netAddr.prefixlen_));
475 cJSON_AddItemToObject(jInetAddr, "address", cJSON_CreateString(netAddr.address_.c_str()));
476 cJSON_AddItemToObject(jInetAddr, "netMask", cJSON_CreateString(netAddr.netMask_.c_str()));
477 cJSON_AddItemToObject(jInetAddr, "hostName", cJSON_CreateString(netAddr.hostName_.c_str()));
478 cJSON_AddItemToObject(jInetAddr, "port", cJSON_CreateNumber(netAddr.port_));
479 }
480
ConvertVecRouteToJson(const std::vector<Route>& routes, cJSON* jVecRoutes)481 void NetworkVpnService::ConvertVecRouteToJson(const std::vector<Route>& routes, cJSON* jVecRoutes)
482 {
483 for (const auto& mem : routes) {
484 cJSON *jRoute = cJSON_CreateObject();
485 cJSON_AddItemToObject(jRoute, "iface", cJSON_CreateString(mem.iface_.c_str()));
486 cJSON *jDestination = cJSON_CreateObject();
487 ConvertNetAddrToJson(mem.destination_, jDestination);
488 cJSON_AddItemToObject(jRoute, "destination", jDestination);
489 cJSON *jGateway = cJSON_CreateObject();
490 ConvertNetAddrToJson(mem.gateway_, jGateway);
491 cJSON_AddItemToObject(jRoute, "gateway", jGateway);
492 cJSON_AddItemToObject(jRoute, "rtnType", cJSON_CreateNumber(mem.rtnType_));
493 cJSON_AddItemToObject(jRoute, "mtu", cJSON_CreateNumber(mem.mtu_));
494 cJSON_AddItemToObject(jRoute, "isHost", cJSON_CreateBool(mem.isHost_));
495 cJSON_AddItemToObject(jRoute, "hasGateway", cJSON_CreateBool(mem.hasGateway_));
496 cJSON_AddItemToObject(jRoute, "isDefaultRoute", cJSON_CreateBool(mem.isDefaultRoute_));
497 cJSON_AddItemToArray(jVecRoutes, jRoute);
498 }
499 }
500
ParseConfigToJson(const sptr<VpnConfig> &vpnCfg, std::string& jsonString)501 void NetworkVpnService::ParseConfigToJson(const sptr<VpnConfig> &vpnCfg, std::string& jsonString)
502 {
503 cJSON *root = cJSON_CreateObject();
504 cJSON *jVecAddrs = cJSON_CreateArray();
505 for (const auto& mem : vpnCfg->addresses_) {
506 cJSON *jInetAddr = cJSON_CreateObject();
507 ConvertNetAddrToJson(mem, jInetAddr);
508 cJSON_AddItemToArray(jVecAddrs, jInetAddr);
509 }
510 cJSON_AddItemToObject(root, "addresses", jVecAddrs);
511
512 cJSON *jVecRoutes = cJSON_CreateArray();
513 ConvertVecRouteToJson(vpnCfg->routes_, jVecRoutes);
514 cJSON_AddItemToObject(root, "routes", jVecRoutes);
515
516 cJSON_AddItemToObject(root, "mtu", cJSON_CreateNumber(vpnCfg->mtu_));
517 cJSON_AddItemToObject(root, "isAcceptIPv4", cJSON_CreateBool(vpnCfg->isAcceptIPv4_));
518 cJSON_AddItemToObject(root, "isAcceptIPv6", cJSON_CreateBool(vpnCfg->isAcceptIPv6_));
519 cJSON_AddItemToObject(root, "isLegacy", cJSON_CreateBool(vpnCfg->isLegacy_));
520 cJSON_AddItemToObject(root, "isMetered", cJSON_CreateBool(vpnCfg->isMetered_));
521 cJSON_AddItemToObject(root, "isBlocking", cJSON_CreateBool(vpnCfg->isBlocking_));
522
523 cJSON *jVecDnsAddrs = cJSON_CreateArray();
524 for (const auto& mem : vpnCfg->dnsAddresses_) {
525 cJSON_AddItemToArray(jVecDnsAddrs, cJSON_CreateString(mem.c_str()));
526 }
527 cJSON_AddItemToObject(root, "dnsAddresses", jVecDnsAddrs);
528
529 cJSON *jVecDomains = cJSON_CreateArray();
530 for (const auto& mem : vpnCfg->searchDomains_) {
531 cJSON_AddItemToArray(jVecDomains, cJSON_CreateString(mem.c_str()));
532 }
533 cJSON_AddItemToObject(root, "searchDomains", jVecDomains);
534
535 cJSON *jVecAcceptApp = cJSON_CreateArray();
536 for (const auto& mem : vpnCfg->acceptedApplications_) {
537 cJSON_AddItemToArray(jVecAcceptApp, cJSON_CreateString(mem.c_str()));
538 }
539 cJSON_AddItemToObject(root, "acceptedApplications", jVecAcceptApp);
540
541 cJSON *jVecRefuseApp = cJSON_CreateArray();
542 for (const auto& mem : vpnCfg->refusedApplications_) {
543 cJSON_AddItemToArray(jVecRefuseApp, cJSON_CreateString(mem.c_str()));
544 }
545 cJSON_AddItemToObject(root, "refusedApplications", jVecRefuseApp);
546 char *str = cJSON_Print(root);
547 if (str == nullptr) {
548 cJSON_Delete(root);
549 return;
550 }
551 jsonString = str;
552 cJSON_Delete(root);
553 free(str);
554 }
555
SaveVpnConfig(const sptr<VpnConfig> &vpnCfg)556 void NetworkVpnService::SaveVpnConfig(const sptr<VpnConfig> &vpnCfg)
557 {
558 std::string jsonString;
559 ParseConfigToJson(vpnCfg, jsonString);
560 std::ofstream ofs(VPN_CONFIG_FILE);
561 ofs << jsonString;
562 }
563
SetUpVpn(const sptr<VpnConfig> &config, bool isVpnExtCall)564 int32_t NetworkVpnService::SetUpVpn(const sptr<VpnConfig> &config, bool isVpnExtCall)
565 {
566 NETMGR_EXT_LOG_I("SetUpVpn in");
567 std::unique_lock<std::mutex> locker(netVpnMutex_);
568 std::string vpnBundleName = GetBundleName();
569 if (!NetManagerPermission::CheckPermission(Permission::MANAGE_VPN)) {
570 std::string vpnExtMode;
571 int32_t ret = NetDataShareHelperUtilsIface::Query(VPNEXT_MODE_URI, vpnBundleName, vpnExtMode);
572 NETMGR_EXT_LOG_D("ret = [%{public}d], bundleName = [%{public}s]", ret, vpnBundleName.c_str());
573 if (ret != 0 || vpnExtMode != "1") {
574 NETMGR_EXT_LOG_E("query datebase fail.");
575 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
576 }
577 }
578
579 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
580 std::vector<int32_t> activeUserIds;
581 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
582 if (NETMANAGER_EXT_SUCCESS != ret) {
583 return ret;
584 }
585
586 if (vpnObj_ != nullptr) {
587 if (vpnObj_->GetUserId() == userId) {
588 NETMGR_EXT_LOG_W("vpn exist already, please execute destory first");
589 return NETWORKVPN_ERROR_VPN_EXIST;
590 } else {
591 NETMGR_EXT_LOG_W("vpn using by other user");
592 return NETWORKVPN_ERROR_VPN_EXIST;
593 }
594 }
595
596 vpnObj_ = std::make_shared<ExtendedVpnCtl>(config, "", userId, activeUserIds);
597 if (vpnObj_->RegisterConnectStateChangedCb(vpnConnCallback_) != NETMANAGER_EXT_SUCCESS) {
598 NETMGR_EXT_LOG_E("SetUpVpn register internal callback fail.");
599 return NETMANAGER_EXT_ERR_INTERNAL;
600 }
601
602 ret = vpnObj_->SetUp();
603 if (ret == NETMANAGER_EXT_SUCCESS) {
604 hasOpenedVpnUid_ = IPCSkeleton::GetCallingUid();
605 }
606 if (ret == NETMANAGER_EXT_SUCCESS && !vpnBundleName.empty()) {
607 std::vector<std::string> list = {vpnBundleName, vpnBundleName + VPN_EXTENSION_LABEL};
608 auto regRet =
609 Singleton<AppExecFwk::AppMgrClient>::GetInstance().RegisterApplicationStateObserver(vpnHapObserver_, list);
610 NETMGR_EXT_LOG_I("vpnHapOberver RegisterApplicationStateObserver ret = %{public}d", regRet);
611 }
612 NETMGR_EXT_LOG_I("NetworkVpnService SetUp");
613 if (ret == NETMANAGER_EXT_SUCCESS) {
614 currentVpnBundleName_ = vpnBundleName;
615 }
616 return ret;
617 }
618
Protect(bool isVpnExtCall)619 int32_t NetworkVpnService::Protect(bool isVpnExtCall)
620 {
621 /*
622 * Only permission verification is performed and
623 * the protected socket implements fwmark_service in the netsys process.
624 */
625 NETMGR_EXT_LOG_I("Protect vpn tunnel successfully.");
626 return NETMANAGER_EXT_SUCCESS;
627 }
628
DestroyVpn(bool isVpnExtCall)629 int32_t NetworkVpnService::DestroyVpn(bool isVpnExtCall)
630 {
631 NETMGR_EXT_LOG_I("DestroyVpn in");
632 std::unique_lock<std::mutex> locker(netVpnMutex_);
633 std::string vpnBundleName = GetBundleName();
634 if (!NetManagerPermission::CheckPermission(Permission::MANAGE_VPN)) {
635 std::string vpnExtMode;
636 int32_t ret = NetDataShareHelperUtilsIface::Query(VPNEXT_MODE_URI, vpnBundleName, vpnExtMode);
637 NETMGR_EXT_LOG_D("ret = [%{public}d], bundleName = [%{public}s]", ret, vpnBundleName.c_str());
638 if (ret != 0 || vpnExtMode != "1") {
639 NETMGR_EXT_LOG_E("query datebase fail.");
640 return NETMANAGER_EXT_ERR_PERMISSION_DENIED;
641 }
642 }
643
644 if (hasOpenedVpnUid_ != IPCSkeleton::GetCallingUid()) {
645 NETMGR_EXT_LOG_E("not same vpn, can't destroy");
646 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
647 }
648
649 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
650 std::vector<int32_t> activeUserIds;
651 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
652 if (NETMANAGER_EXT_SUCCESS != ret) {
653 return ret;
654 }
655
656 if ((vpnObj_ != nullptr) && (vpnObj_->Destroy() != NETMANAGER_EXT_SUCCESS)) {
657 NETMGR_EXT_LOG_E("destroy vpn is failed");
658 return NETMANAGER_EXT_ERR_INTERNAL;
659 }
660 vpnObj_ = nullptr;
661 // remove vpn config
662 remove(VPN_CONFIG_FILE);
663
664 NETMGR_EXT_LOG_I("Destroy vpn successfully.");
665 currentVpnBundleName_.clear();
666 return NETMANAGER_EXT_SUCCESS;
667 }
668
669 #ifdef SUPPORT_SYSVPN
SetUpVpn(const sptr<SysVpnConfig> &config)670 int32_t NetworkVpnService::SetUpVpn(const sptr<SysVpnConfig> &config)
671 {
672 if (config == nullptr) {
673 NETMGR_EXT_LOG_E("config is null.");
674 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
675 }
676 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
677 std::vector<int32_t> activeUserIds;
678 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
679 if (ret != NETMANAGER_EXT_SUCCESS) {
680 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed");
681 return ret;
682 }
683
684 std::unique_lock<std::mutex> locker(netVpnMutex_);
685 if (vpnObj_ != nullptr) {
686 if (vpnObj_->GetUserId() == userId) {
687 NETMGR_EXT_LOG_W("vpn exist already, please execute destory first");
688 } else {
689 NETMGR_EXT_LOG_W("vpn using by other user");
690 }
691 return NETWORKVPN_ERROR_VPN_EXIST;
692 }
693 vpnObj_ = CreateSysVpnCtl(config, userId, activeUserIds);
694 if (!vpnConnCallback_) {
695 vpnConnCallback_ = std::make_shared<VpnConnStateCb>(*this);
696 }
697 if (vpnObj_ == nullptr || vpnObj_->RegisterConnectStateChangedCb(vpnConnCallback_) != NETMANAGER_EXT_SUCCESS) {
698 NETMGR_EXT_LOG_E("SetUpVpn register internal callback failed");
699 return NETMANAGER_EXT_ERR_INTERNAL;
700 }
701 NETMGR_EXT_LOG_I("SystemVpn SetUp");
702 ret = vpnObj_->SetUp();
703 if (ret == NETMANAGER_EXT_SUCCESS) {
704 hasOpenedVpnUid_ = IPCSkeleton::GetCallingUid();
705 }
706 return ret;
707 }
708
CreateSysVpnCtl( const sptr<SysVpnConfig> &config, int32_t userId, std::vector<int32_t> &activeUserIds)709 std::shared_ptr<NetVpnImpl> NetworkVpnService::CreateSysVpnCtl(
710 const sptr<SysVpnConfig> &config, int32_t userId, std::vector<int32_t> &activeUserIds)
711 {
712 sptr<VpnDataBean> vpnBean = new (std::nothrow) VpnDataBean();
713 if (vpnBean == nullptr) {
714 NETMGR_EXT_LOG_E("vpnBean is nullptr");
715 return nullptr;
716 }
717 int32_t result = QueryVpnData(config, vpnBean);
718 if (result != NETMANAGER_EXT_SUCCESS) {
719 NETMGR_EXT_LOG_E("query vpn data failed");
720 return nullptr;
721 }
722 std::shared_ptr<IpsecVpnCtl> sysVpnCtl = nullptr;
723 switch (vpnBean->vpnType_) {
724 case VpnType::IKEV2_IPSEC_MSCHAPv2:
725 case VpnType::IKEV2_IPSEC_PSK:
726 case VpnType::IKEV2_IPSEC_RSA:
727 case VpnType::IPSEC_XAUTH_PSK:
728 case VpnType::IPSEC_XAUTH_RSA:
729 case VpnType::IPSEC_HYBRID_RSA: {
730 sysVpnCtl = CreateIpsecVpnCtl(vpnBean, userId, activeUserIds);
731 break;
732 }
733 case VpnType::L2TP_IPSEC_PSK:
734 case VpnType::L2TP_IPSEC_RSA: {
735 sysVpnCtl = CreateL2tpCtl(vpnBean, userId, activeUserIds);
736 break;
737 }
738 case VpnType::OPENVPN: {
739 return CreateOpenvpnCtl(vpnBean, userId, activeUserIds);
740 }
741 default:
742 NETMGR_EXT_LOG_E("vpn type is invalid, %{public}d", vpnBean->vpnType_);
743 break;
744 }
745 return sysVpnCtl;
746 }
747
CreateL2tpCtl(sptr<VpnDataBean> vpnBean, int32_t userId, std::vector<int32_t> &activeUserIds)748 std::shared_ptr<IpsecVpnCtl> NetworkVpnService::CreateL2tpCtl(sptr<VpnDataBean> vpnBean, int32_t userId,
749 std::vector<int32_t> &activeUserIds)
750 {
751 sptr<L2tpVpnConfig> l2tpVpnConfig = VpnDataBean::ConvertVpnBeanToL2tpVpnConfig(vpnBean);
752 if (l2tpVpnConfig == nullptr) {
753 NETMGR_EXT_LOG_E("ConvertVpnBeanToL2tpVpnConfig failed");
754 return nullptr;
755 }
756 std::shared_ptr<IpsecVpnCtl> sysVpnCtl = std::make_shared<L2tpVpnCtl>(l2tpVpnConfig, "", userId, activeUserIds);
757 if (sysVpnCtl != nullptr) {
758 sysVpnCtl->l2tpVpnConfig_ = l2tpVpnConfig;
759 }
760 return sysVpnCtl;
761 }
762
QueryVpnData(const sptr<SysVpnConfig> config, sptr<VpnDataBean> &vpnBean)763 int32_t NetworkVpnService::QueryVpnData(const sptr<SysVpnConfig> config, sptr<VpnDataBean> &vpnBean)
764 {
765 if (config == nullptr) {
766 NETMGR_EXT_LOG_E("QueryVpnData failed, param is null");
767 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
768 }
769 if (vpnBean == nullptr) {
770 NETMGR_EXT_LOG_E("vpnBean is nullptr");
771 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
772 }
773 int32_t result = VpnDatabaseHelper::GetInstance().QueryVpnData(vpnBean, config->vpnId_);
774 if (result != NETMANAGER_EXT_SUCCESS) {
775 NETMGR_EXT_LOG_E("query vpn data failed");
776 }
777 return result;
778 }
779
CreateOpenvpnCtl(sptr<VpnDataBean> vpnBean, int32_t userId, std::vector<int32_t> &activeUserIds)780 std::shared_ptr<NetVpnImpl> NetworkVpnService::CreateOpenvpnCtl(sptr<VpnDataBean> vpnBean,
781 int32_t userId, std::vector<int32_t> &activeUserIds)
782 {
783 sptr<OpenvpnConfig> openVpnConfig = VpnDataBean::ConvertVpnBeanToOpenvpnConfig(vpnBean);
784 if (openVpnConfig == nullptr) {
785 NETMGR_EXT_LOG_E("ConvertVpnBeanToOpenvpnConfig failed");
786 return nullptr;
787 }
788 std::shared_ptr<OpenvpnCtl> openVpnCtl =
789 std::make_shared<OpenvpnCtl>(openVpnConfig, "", userId, activeUserIds);
790 if (openVpnCtl != nullptr) {
791 openVpnCtl->openvpnConfig_ = openVpnConfig;
792 }
793 return openVpnCtl;
794 }
795
CreateIpsecVpnCtl(sptr<VpnDataBean> vpnBean, int32_t userId, std::vector<int32_t> &activeUserIds)796 std::shared_ptr<IpsecVpnCtl> NetworkVpnService::CreateIpsecVpnCtl(sptr<VpnDataBean> vpnBean,
797 int32_t userId, std::vector<int32_t> &activeUserIds)
798 {
799 sptr<IpsecVpnConfig> ipsecVpnConfig = VpnDataBean::ConvertVpnBeanToIpsecVpnConfig(vpnBean);
800 if (ipsecVpnConfig == nullptr) {
801 NETMGR_EXT_LOG_E("ConvertVpnBeanToIpsecVpnConfig failed");
802 return nullptr;
803 }
804 std::shared_ptr<IpsecVpnCtl> sysVpnCtl = std::make_shared<IpsecVpnCtl>(ipsecVpnConfig, "", userId, activeUserIds);
805 if (sysVpnCtl != nullptr) {
806 sysVpnCtl->ipsecVpnConfig_ = ipsecVpnConfig;
807 }
808 return sysVpnCtl;
809 }
810
AddSysVpnConfig(sptr<SysVpnConfig> &config)811 int32_t NetworkVpnService::AddSysVpnConfig(sptr<SysVpnConfig> &config)
812 {
813 if (config == nullptr) {
814 NETMGR_EXT_LOG_E("config is null");
815 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
816 }
817
818 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
819 std::vector<int32_t> activeUserIds;
820 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
821 if (ret != NETMANAGER_EXT_SUCCESS) {
822 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed!");
823 return ret;
824 }
825
826 NETMGR_EXT_LOG_I("AddSysVpnConfig id=%{public}s name=%{public}s type=%{public}d",
827 config->vpnId_.c_str(), config->vpnName_.c_str(), config->vpnType_);
828 config->userId_ = userId;
829
830 sptr<VpnDataBean> vpnBean = VpnDataBean::ConvertSysVpnConfigToVpnBean(config);
831 if (vpnBean == nullptr) {
832 NETMGR_EXT_LOG_E("vpnBean is nullptr");
833 return NETMANAGER_EXT_ERR_INTERNAL;
834 }
835 return VpnDatabaseHelper::GetInstance().InsertOrUpdateData(vpnBean);
836 }
837
DeleteSysVpnConfig(const std::string &vpnId)838 int32_t NetworkVpnService::DeleteSysVpnConfig(const std::string &vpnId)
839 {
840 if (vpnId.empty()) {
841 NETMGR_EXT_LOG_E("vpnId is empty");
842 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
843 }
844
845 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
846 std::vector<int32_t> activeUserIds;
847 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
848 if (ret != NETMANAGER_EXT_SUCCESS) {
849 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed");
850 return ret;
851 }
852
853 NETMGR_EXT_LOG_I("DeleteSysVpnConfig id=%{public}s", vpnId.c_str());
854 return VpnDatabaseHelper::GetInstance().DeleteVpnData(vpnId);
855 }
856
GetSysVpnConfigList(std::vector<SysVpnConfig> &vpnList)857 int32_t NetworkVpnService::GetSysVpnConfigList(std::vector<SysVpnConfig> &vpnList)
858 {
859 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
860 std::vector<int32_t> activeUserIds;
861 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
862 if (ret != NETMANAGER_EXT_SUCCESS) {
863 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed");
864 return ret;
865 }
866 NETMGR_EXT_LOG_I("SystemVpn GetSysVpnConfigList");
867 return VpnDatabaseHelper::GetInstance().QueryAllData(vpnList, userId);
868 }
869
GetSysVpnConfig(sptr<SysVpnConfig> &config, const std::string &vpnId)870 int32_t NetworkVpnService::GetSysVpnConfig(sptr<SysVpnConfig> &config, const std::string &vpnId)
871 {
872 if (vpnId.empty()) {
873 NETMGR_EXT_LOG_E("vpnId is empty");
874 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
875 }
876
877 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
878 std::vector<int32_t> activeUserIds;
879 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
880 if (ret != NETMANAGER_EXT_SUCCESS) {
881 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed!");
882 return ret;
883 }
884
885 NETMGR_EXT_LOG_I("GetSysVpnConfig id=%{public}s", vpnId.c_str());
886 sptr<VpnDataBean> vpnBean = new (std::nothrow) VpnDataBean();
887 if (vpnBean == nullptr) {
888 NETMGR_EXT_LOG_E("vpnBean is nullptr");
889 return NETMANAGER_EXT_ERR_INTERNAL;
890 }
891 int32_t result = VpnDatabaseHelper::GetInstance().QueryVpnData(vpnBean, vpnId);
892 if (result != NETMANAGER_EXT_SUCCESS) {
893 NETMGR_EXT_LOG_E("QueryVpnData failed, result = %{public}d", result);
894 return result;
895 }
896 config = VpnDataBean::ConvertVpnBeanToSysVpnConfig(vpnBean);
897 return NETMANAGER_EXT_SUCCESS;
898 }
899
GetConnectedSysVpnConfig(sptr<SysVpnConfig> &config)900 int32_t NetworkVpnService::GetConnectedSysVpnConfig(sptr<SysVpnConfig> &config)
901 {
902 int32_t userId = AppExecFwk::Constants::UNSPECIFIED_USERID;
903 std::vector<int32_t> activeUserIds;
904 int32_t ret = CheckCurrentAccountType(userId, activeUserIds);
905 if (ret != NETMANAGER_EXT_SUCCESS) {
906 NETMGR_EXT_LOG_E("CheckCurrentAccountType failed!");
907 return ret;
908 }
909
910 std::unique_lock<std::mutex> locker(netVpnMutex_);
911 if (vpnObj_ == nullptr) {
912 NETMGR_EXT_LOG_I("GetConnectedSysVpnConfig is null. maybe not setup yet");
913 return NETMANAGER_EXT_SUCCESS;
914 }
915 NETMGR_EXT_LOG_I("SystemVpn GetConnectedSysVpnConfig");
916 return vpnObj_->GetConnectedSysVpnConfig(config);
917 }
918
NotifyConnectStage(const std::string &stage, const int32_t &result)919 int32_t NetworkVpnService::NotifyConnectStage(const std::string &stage, const int32_t &result)
920 {
921 uint32_t callingUid = static_cast<uint32_t>(IPCSkeleton::GetCallingUid());
922 if (callingUid != UID_NET_SYS_NATIVE) {
923 NETMGR_EXT_LOG_E("NotifyConnectStage failed, invalid callingUid");
924 return NETMANAGER_EXT_ERR_NOT_SYSTEM_CALL;
925 }
926
927 std::unique_lock<std::mutex> locker(netVpnMutex_);
928 if (vpnObj_ == nullptr) {
929 NETMGR_EXT_LOG_E("NotifyConnectStage failed, vpnObj_ is null");
930 return NETMANAGER_EXT_ERR_INTERNAL;
931 }
932 NETMGR_EXT_LOG_I("NotifyConnectStage state: %{public}s result: %{public}d",
933 stage.c_str(), result);
934 return vpnObj_->NotifyConnectStage(stage, result);
935 }
936
GetSysVpnCertUri(const int32_t certType, std::string &certUri)937 int32_t NetworkVpnService::GetSysVpnCertUri(const int32_t certType, std::string &certUri)
938 {
939 uint32_t callingUid = static_cast<uint32_t>(IPCSkeleton::GetCallingUid());
940 if (callingUid != UID_NET_SYS_NATIVE) {
941 NETMGR_EXT_LOG_E("GetSysVpnCertUri failed, invalid callingUid");
942 return NETMANAGER_EXT_ERR_NOT_SYSTEM_CALL;
943 }
944 std::unique_lock<std::mutex> locker(netVpnMutex_);
945 if (vpnObj_ == nullptr) {
946 NETMGR_EXT_LOG_E("GetSysVpnCertUri failed, vpnObj_ is null");
947 return NETMANAGER_EXT_ERR_INTERNAL;
948 }
949 return vpnObj_->GetSysVpnCertUri(certType, certUri);
950 }
951 #endif // SUPPORT_SYSVPN
952
RegisterVpnEvent(const sptr<IVpnEventCallback> callback)953 int32_t NetworkVpnService::RegisterVpnEvent(const sptr<IVpnEventCallback> callback)
954 {
955 int32_t ret = NETMANAGER_EXT_ERR_OPERATION_FAILED;
956 if (!networkVpnServiceFfrtQueue_) {
957 NETMGR_EXT_LOG_E("FFRT Create Fail");
958 return ret;
959 }
960 ffrt::task_handle RegisterVpnEventTask = networkVpnServiceFfrtQueue_->submit_h([this, &callback, &ret]() {
961 ret = SyncRegisterVpnEvent(callback);
962 }, ffrt::task_attr().name("RegisterVpnEvent"));
963 networkVpnServiceFfrtQueue_->wait(RegisterVpnEventTask);
964 return ret;
965 }
966
UnregisterVpnEvent(const sptr<IVpnEventCallback> callback)967 int32_t NetworkVpnService::UnregisterVpnEvent(const sptr<IVpnEventCallback> callback)
968 {
969 int32_t ret = NETMANAGER_EXT_ERR_OPERATION_FAILED;
970 if (!networkVpnServiceFfrtQueue_) {
971 NETMGR_EXT_LOG_E("FFRT Create Fail");
972 return ret;
973 }
974 ffrt::task_handle UnregisterVpnEventTask = networkVpnServiceFfrtQueue_->submit_h([this, &callback, &ret]() {
975 ret = SyncUnregisterVpnEvent(callback);
976 }, ffrt::task_attr().name("RegisterVpnEvent"));
977 networkVpnServiceFfrtQueue_->wait(UnregisterVpnEventTask);
978 return ret;
979 }
980
CreateVpnConnection(bool isVpnExtCall)981 int32_t NetworkVpnService::CreateVpnConnection(bool isVpnExtCall)
982 {
983 /*
984 * Only permission verification is performed
985 */
986 NETMGR_EXT_LOG_I("CreateVpnConnection successfully.");
987 return NETMANAGER_EXT_SUCCESS;
988 }
989
CheckCurrentAccountType(int32_t &userId, std::vector<int32_t> &activeUserIds)990 int32_t NetworkVpnService::CheckCurrentAccountType(int32_t &userId, std::vector<int32_t> &activeUserIds)
991 {
992 int32_t uid = IPCSkeleton::GetCallingUid();
993 int32_t userId_Max = 99;
994 if (AccountSA::OsAccountManager::GetOsAccountLocalIdFromUid(uid, userId) != ERR_OK) {
995 NETMGR_EXT_LOG_E("GetOsAccountLocalIdFromUid error, uid: %{public}d.", uid);
996 return NETMANAGER_EXT_ERR_INTERNAL;
997 }
998
999 if (AccountSA::OsAccountManager::QueryActiveOsAccountIds(activeUserIds) != ERR_OK) {
1000 NETMGR_EXT_LOG_E("QueryActiveOsAccountIds error.");
1001 }
1002
1003 if (userId >= 0 && userId <= userId_Max) {
1004 return NETMANAGER_EXT_SUCCESS;
1005 }
1006
1007 auto itr = std::find_if(activeUserIds.begin(), activeUserIds.end(),
1008 [userId](const int32_t &elem) { return (elem == userId) ? true : false; });
1009 if (itr == activeUserIds.end()) {
1010 NETMGR_EXT_LOG_E("userId: %{public}d is not active user. activeUserIds.size: %{public}zd", userId,
1011 activeUserIds.size());
1012 return NETWORKVPN_ERROR_REFUSE_CREATE_VPN;
1013 }
1014
1015 activeUserIds.clear();
1016
1017 AccountSA::OsAccountInfo accountInfo;
1018 if (AccountSA::OsAccountManager::QueryOsAccountById(userId, accountInfo) != ERR_OK) {
1019 NETMGR_EXT_LOG_E("QueryOsAccountById error, userId: %{public}d.", userId);
1020 return NETMANAGER_EXT_ERR_INTERNAL;
1021 }
1022
1023 if (accountInfo.GetType() == AccountSA::OsAccountType::GUEST) {
1024 NETMGR_EXT_LOG_E("The guest user cannot execute the VPN interface.");
1025 return NETWORKVPN_ERROR_REFUSE_CREATE_VPN;
1026 }
1027 return NETMANAGER_EXT_SUCCESS;
1028 }
1029
SyncRegisterVpnEvent(const sptr<IVpnEventCallback> callback)1030 int32_t NetworkVpnService::SyncRegisterVpnEvent(const sptr<IVpnEventCallback> callback)
1031 {
1032 for (auto iterCb = vpnEventCallbacks_.begin(); iterCb != vpnEventCallbacks_.end(); iterCb++) {
1033 if ((*iterCb)->AsObject().GetRefPtr() == callback->AsObject().GetRefPtr()) {
1034 NETMGR_EXT_LOG_E("Register vpn event callback failed, callback already exists");
1035 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
1036 }
1037 }
1038
1039 if (vpnEventCallbacks_.size() >= MAX_CALLBACK_COUNT) {
1040 NETMGR_EXT_LOG_E("callback above max count, return error.");
1041 return NETMANAGER_EXT_ERR_PARAMETER_ERROR;
1042 }
1043
1044 vpnEventCallbacks_.push_back(callback);
1045 AddClientDeathRecipient(callback);
1046 NETMGR_EXT_LOG_I("Register vpn event callback successfully");
1047 return NETMANAGER_EXT_SUCCESS;
1048 }
1049
SyncUnregisterVpnEvent(const sptr<IVpnEventCallback> callback)1050 int32_t NetworkVpnService::SyncUnregisterVpnEvent(const sptr<IVpnEventCallback> callback)
1051 {
1052 for (auto iter = vpnEventCallbacks_.begin(); iter != vpnEventCallbacks_.end(); ++iter) {
1053 if (callback->AsObject().GetRefPtr() == (*iter)->AsObject().GetRefPtr()) {
1054 vpnEventCallbacks_.erase(iter);
1055 RemoveClientDeathRecipient(callback);
1056 NETMGR_EXT_LOG_I("Unregister vpn event successfully.");
1057 return NETMANAGER_EXT_SUCCESS;
1058 }
1059 }
1060 NETMGR_EXT_LOG_E("Unregister vpn event callback is does not exist.");
1061 return NETMANAGER_EXT_ERR_OPERATION_FAILED;
1062 }
1063
OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId)1064 void NetworkVpnService::OnAddSystemAbility(int32_t systemAbilityId, const std::string &deviceId)
1065 {
1066 NETMGR_EXT_LOG_D("NetworkVpnService::OnAddSystemAbility systemAbilityId[%{public}d]", systemAbilityId);
1067 if (systemAbilityId == COMM_NETSYS_NATIVE_SYS_ABILITY_ID) {
1068 if (hasSARemoved_) {
1069 OnNetSysRestart();
1070 hasSARemoved_ = false;
1071 }
1072 }
1073 }
1074
OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId)1075 void NetworkVpnService::OnRemoveSystemAbility(int32_t systemAbilityId, const std::string &deviceId)
1076 {
1077 NETMGR_EXT_LOG_D("NetworkVpnService::OnRemoveSystemAbility systemAbilityId[%{public}d]", systemAbilityId);
1078 if (systemAbilityId == COMM_NETSYS_NATIVE_SYS_ABILITY_ID) {
1079 hasSARemoved_ = true;
1080 }
1081 }
1082
OnNetSysRestart()1083 void NetworkVpnService::OnNetSysRestart()
1084 {
1085 std::lock_guard<std::mutex> locker(netVpnMutex_);
1086 NETMGR_EXT_LOG_I("NetworkVpnService::OnNetSysRestart");
1087 if (vpnObj_ != nullptr) {
1088 vpnObj_->ResumeUids();
1089 }
1090 }
1091
FactoryResetVpn()1092 int32_t NetworkVpnService::FactoryResetVpn()
1093 {
1094 NETMGR_EXT_LOG_I("factory reset Vpn enter.");
1095
1096 return NETMANAGER_EXT_SUCCESS;
1097 }
1098
RegisterFactoryResetCallback()1099 void NetworkVpnService::RegisterFactoryResetCallback()
1100 {
1101 std::thread t([this]() {
1102 uint32_t count = 0;
1103 while (NetConnClient::GetInstance().SystemReady() != NETMANAGER_SUCCESS && count < MAX_GET_SERVICE_COUNT) {
1104 std::this_thread::sleep_for(std::chrono::seconds(WAIT_FOR_SERVICE_TIME_S));
1105 count++;
1106 }
1107 NETMGR_EXT_LOG_W("NetConnClient Get SystemReady count: %{public}u", count);
1108 if (count > MAX_GET_SERVICE_COUNT) {
1109 NETMGR_EXT_LOG_E("Connect netconn service fail.");
1110 } else {
1111 netFactoryResetCallback_ = (std::make_unique<FactoryResetCallBack>(*this)).release();
1112 if (netFactoryResetCallback_ != nullptr) {
1113 int ret = NetConnClient::GetInstance().RegisterNetFactoryResetCallback(netFactoryResetCallback_);
1114 if (ret != NETMANAGER_SUCCESS) {
1115 NETMGR_EXT_LOG_E("RegisterNetFactoryResetCallback ret: %{public}d.", ret);
1116 }
1117 } else {
1118 NETMGR_EXT_LOG_E("netFactoryResetCallback_ is null.");
1119 }
1120 }
1121 });
1122 std::string threadName = "vpnRegisterFactoryResetCallback";
1123 pthread_setname_np(t.native_handle(), threadName.c_str());
1124 t.detach();
1125 }
1126
SetAlwaysOnVpn(std::string &pkg, bool &enable)1127 int32_t NetworkVpnService::SetAlwaysOnVpn(std::string &pkg, bool &enable)
1128 {
1129 int32_t ret = NetDataShareHelperUtilsIface::Update(ALWAYS_ON_VPN_URI, KEY_ALWAYS_ON_VPN, (enable ? pkg:""));
1130 if (ret != NETMANAGER_EXT_SUCCESS) {
1131 NETMGR_EXT_LOG_E("SetAlwaysOnVpn fail: %{public}d", ret);
1132 return NETMANAGER_ERR_INTERNAL;
1133 }
1134 NETMGR_EXT_LOG_I("SetAlwaysOnVpn success: %{public}s", pkg.c_str());
1135
1136 StartAlwaysOnVpn();
1137
1138 return NETMANAGER_EXT_SUCCESS;
1139 }
1140
GetAlwaysOnVpn(std::string &pkg)1141 int32_t NetworkVpnService::GetAlwaysOnVpn(std::string &pkg)
1142 {
1143 std::string value = "";
1144 int32_t ret = NetDataShareHelperUtilsIface::Query(ALWAYS_ON_VPN_URI, KEY_ALWAYS_ON_VPN, value);
1145 if (ret != NETMANAGER_EXT_SUCCESS) {
1146 NETMGR_EXT_LOG_E("GetAlwaysOnVpn fail: %{public}d", ret);
1147 return NETMANAGER_ERR_INTERNAL;
1148 }
1149 pkg = value;
1150 NETMGR_EXT_LOG_I("GetAlwaysOnVpn success: %{public}s", pkg.c_str());
1151 return NETMANAGER_EXT_SUCCESS;
1152 }
1153
StartAlwaysOnVpn()1154 void NetworkVpnService::StartAlwaysOnVpn()
1155 {
1156 //first, according the uerId, query local vpn config, if exist apply
1157 //the config as VPN, if the local VPN is null, query the local kept
1158 //package if exist will call up the target app to provide the VPN
1159 std::string alwaysOnBundleName = "";
1160 int32_t ret = GetAlwaysOnVpn(alwaysOnBundleName);
1161 if (ret != NETMANAGER_EXT_SUCCESS) {
1162 NETMGR_EXT_LOG_E("StartAlwaysOnVpn fail: %{public}d", ret);
1163 return;
1164 }
1165
1166 if (alwaysOnBundleName != "") {
1167 if (vpnObj_ != nullptr) {
1168 std::string pkg = vpnObj_->GetVpnPkg();
1169 if (pkg != alwaysOnBundleName) {
1170 NETMGR_EXT_LOG_W("vpn [ %{public}s] exist, destroy vpn first", pkg.c_str());
1171 DestroyVpn();
1172 }
1173 }
1174 // recover vpn config
1175 RecoverVpnConfig();
1176 }
1177 }
1178
SubscribeCommonEvent()1179 void NetworkVpnService::SubscribeCommonEvent()
1180 {
1181 EventFwk::MatchingSkills matchingSkills;
1182 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_USER_UNLOCKED);
1183 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_POWER_SAVE_MODE_CHANGED);
1184 matchingSkills.AddEvent(EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED);
1185 EventFwk::CommonEventSubscribeInfo subscribeInfo(matchingSkills);
1186 // 1 means CORE_EVENT_PRIORITY
1187 subscribeInfo.SetPriority(1);
1188 subscriber_ = std::make_shared<ReceiveMessage>(subscribeInfo, *this);
1189 uint32_t tryCount = 0;
1190 bool subscribeResult = false;
1191 while (!subscribeResult && tryCount <= MAX_RETRY_TIMES) {
1192 std::this_thread::sleep_for(std::chrono::milliseconds(AGAIN_REGISTER_CALLBACK_INTERVAL));
1193 subscribeResult = EventFwk::CommonEventManager::SubscribeCommonEvent(subscriber_);
1194 tryCount++;
1195 NETMGR_EXT_LOG_E("SubscribeCommonEvent try %{public}d", tryCount);
1196 }
1197
1198 if (!subscribeResult) {
1199 NETMGR_EXT_LOG_E("SubscribeCommonEvent fail: %{public}d", subscribeResult);
1200 }
1201 }
1202
OnReceiveEvent(const EventFwk::CommonEventData &eventData)1203 void NetworkVpnService::ReceiveMessage::OnReceiveEvent(const EventFwk::CommonEventData &eventData)
1204 {
1205 const auto &action = eventData.GetWant().GetAction();
1206 const auto &data = eventData.GetData();
1207 const auto &code = eventData.GetCode();
1208 NETMGR_EXT_LOG_I("NetVReceiveMessage::OnReceiveEvent(), event:[%{public}s], data:[%{public}s], code:[%{public}d]",
1209 action.c_str(), data.c_str(), code);
1210 if (action == EventFwk::CommonEventSupport::COMMON_EVENT_POWER_SAVE_MODE_CHANGED) {
1211 bool isPowerSave = (code == SAVE_MODE || code == LOWPOWER_MODE);
1212 if (isPowerSave) {
1213 vpnService_.StartAlwaysOnVpn();
1214 }
1215 return;
1216 }
1217
1218 if (action == EventFwk::CommonEventSupport::COMMON_EVENT_USER_UNLOCKED) {
1219 vpnService_.StartAlwaysOnVpn();
1220 }
1221
1222 if (action == EventFwk::CommonEventSupport::COMMON_EVENT_PACKAGE_REMOVED) {
1223 std::unique_lock<std::mutex> locker(vpnService_.netVpnMutex_);
1224 std::string vpnBundleName = vpnService_.GetBundleName();
1225 NETMGR_EXT_LOG_D("COMMON_EVENT_PACKAGE_REMOVED, BundleName %{public}s", vpnBundleName.c_str());
1226 NetDataShareHelperUtilsIface::Delete(VPNEXT_MODE_URI, vpnBundleName);
1227 }
1228 }
1229
RegisterBundleName(const std::string &bundleName)1230 int32_t NetworkVpnService::RegisterBundleName(const std::string &bundleName)
1231 {
1232 return 0;
1233 }
1234
GetSelfAppName(std::string &selfAppName)1235 int32_t NetworkVpnService::GetSelfAppName(std::string &selfAppName)
1236 {
1237 std::string bundleName;
1238 auto samgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
1239 if (samgr == nullptr) {
1240 NETMGR_EXT_LOG_E("Get ability manager failed");
1241 return NETMANAGER_EXT_ERR_INTERNAL;
1242 }
1243 auto object = samgr->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
1244 if (object == nullptr) {
1245 NETMGR_EXT_LOG_E("object is NULL.");
1246 return NETMANAGER_EXT_ERR_INTERNAL;
1247 }
1248 auto bms = iface_cast<OHOS::AppExecFwk::IBundleMgr>(object);
1249 if (bms == nullptr) {
1250 NETMGR_EXT_LOG_E("bundle manager service is NULL.");
1251 return NETMANAGER_EXT_ERR_INTERNAL;
1252 }
1253 int32_t uid = IPCSkeleton::GetCallingUid();
1254 auto result = bms->GetNameForUid(uid, bundleName);
1255 if (result != NETMANAGER_EXT_SUCCESS) {
1256 NETMGR_EXT_LOG_E("Error GetBundleNameForUid fail");
1257 return NETMANAGER_EXT_ERR_INTERNAL;
1258 }
1259
1260 auto bundleResourceProxy = bms->GetBundleResourceProxy();
1261 if (bundleResourceProxy == nullptr) {
1262 NETMGR_EXT_LOG_E("Error get bundleResourceProxy fail");
1263 return NETMANAGER_EXT_ERR_INTERNAL;
1264 }
1265 AppExecFwk::BundleResourceInfo bundleResourceInfo;
1266 auto errCode = bundleResourceProxy->GetBundleResourceInfo(
1267 bundleName, static_cast<uint32_t>(OHOS::AppExecFwk::ResourceFlag::GET_RESOURCE_INFO_ALL), bundleResourceInfo);
1268 if (errCode != ERR_OK) {
1269 NETMGR_EXT_LOG_E("Error call GetBundleResourceInfo fail %{public}d", static_cast<int>(errCode));
1270 return NETMANAGER_EXT_ERR_INTERNAL;
1271 }
1272 NETMGR_EXT_LOG_I("StartVpnExtensionAbility bundleResourceInfo.label %{public}s", bundleResourceInfo.label.c_str());
1273 selfAppName = bundleResourceInfo.label;
1274 return NETMANAGER_EXT_SUCCESS;
1275 }
1276
GetBundleName()1277 std::string NetworkVpnService::GetBundleName()
1278 {
1279 std::string bundleName;
1280 auto samgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
1281 if (samgr == nullptr) {
1282 NETMGR_EXT_LOG_E("Get ability manager failed");
1283 return bundleName;
1284 }
1285
1286 sptr<IRemoteObject> object = samgr->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
1287 if (object == nullptr) {
1288 NETMGR_EXT_LOG_E("object is NULL.");
1289 return bundleName;
1290 }
1291 sptr<OHOS::AppExecFwk::IBundleMgr> bms = iface_cast<OHOS::AppExecFwk::IBundleMgr>(object);
1292 if (bms == nullptr) {
1293 NETMGR_EXT_LOG_E("bundle manager service is NULL.");
1294 return bundleName;
1295 }
1296
1297 int32_t uid = IPCSkeleton::GetCallingUid();
1298 auto result = bms->GetNameForUid(uid, bundleName);
1299 if (result != NETMANAGER_EXT_SUCCESS) {
1300 NETMGR_EXT_LOG_E("Error GetBundleNameForUid fail");
1301 return bundleName;
1302 }
1303 NETMGR_EXT_LOG_I("bundle name is [%{public}s], uid = [%{public}d]", bundleName.c_str(), uid);
1304
1305 AppExecFwk::BundleInfo bundleInfo;
1306 auto res = bms->GetBundleInfoV9(
1307 bundleName,
1308 static_cast<int32_t>(
1309 static_cast<uint32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_HAP_MODULE) |
1310 static_cast<uint32_t>(AppExecFwk::GetBundleInfoFlag::GET_BUNDLE_INFO_WITH_EXTENSION_ABILITY)),
1311 bundleInfo, uid / USER_ID_DIVIDOR);
1312 if (res != 0) {
1313 NETMGR_EXT_LOG_E("Error GetBundleInfoV9 %{public}d", res);
1314 }
1315 for (const auto &hap : bundleInfo.hapModuleInfos) {
1316 for (const auto &ext : hap.extensionInfos) {
1317 if (ext.type == AppExecFwk::ExtensionAbilityType::VPN) {
1318 currentVpnAbilityName_.emplace_back(ext.name);
1319 }
1320 }
1321 }
1322
1323 return bundleName;
1324 }
1325
OnExtensionStateChanged(const AppExecFwk::AbilityStateData &abilityStateData)1326 void NetworkVpnService::VpnHapObserver::OnExtensionStateChanged(const AppExecFwk::AbilityStateData &abilityStateData)
1327 {
1328 NETMGR_EXT_LOG_I("VPN HAP is OnExtensionStateChanged");
1329 }
1330
OnProcessCreated(const AppExecFwk::ProcessData &processData)1331 void NetworkVpnService::VpnHapObserver::OnProcessCreated(const AppExecFwk::ProcessData &processData)
1332 {
1333 NETMGR_EXT_LOG_I("VPN HAP is OnProcessCreated");
1334 }
1335
OnProcessStateChanged(const AppExecFwk::ProcessData &processData)1336 void NetworkVpnService::VpnHapObserver::OnProcessStateChanged(const AppExecFwk::ProcessData &processData)
1337 {
1338 NETMGR_EXT_LOG_I("VPN HAP is OnProcessStateChanged");
1339 }
1340
GetCurrentVpnBundleName()1341 std::string NetworkVpnService::GetCurrentVpnBundleName()
1342 {
1343 return currentVpnBundleName_;
1344 }
1345
GetCurrentVpnAbilityName()1346 std::vector<std::string> NetworkVpnService::GetCurrentVpnAbilityName()
1347 {
1348 return currentVpnAbilityName_;
1349 }
1350
OnProcessDied(const AppExecFwk::ProcessData &processData)1351 void NetworkVpnService::VpnHapObserver::OnProcessDied(const AppExecFwk::ProcessData &processData)
1352 {
1353 std::unique_lock<std::mutex> locker(vpnService_.netVpnMutex_);
1354 auto extensionBundleName = vpnService_.GetCurrentVpnBundleName();
1355 auto extensionAbilityName = vpnService_.GetCurrentVpnAbilityName();
1356 if ((vpnService_.vpnObj_ != nullptr) && (vpnService_.vpnObj_->Destroy() != NETMANAGER_EXT_SUCCESS)) {
1357 NETMGR_EXT_LOG_E("destroy vpn failed");
1358 }
1359 vpnService_.vpnObj_ = nullptr;
1360 for (const auto &name : extensionAbilityName) {
1361 AAFwk::Want want;
1362 AppExecFwk::ElementName elem;
1363 elem.SetBundleName(extensionBundleName);
1364 elem.SetAbilityName(name);
1365 want.SetElement(elem);
1366 auto res = AAFwk::AbilityManagerClient::GetInstance()->StopExtensionAbility(
1367 want, nullptr, AAFwk::DEFAULT_INVAL_VALUE, AppExecFwk::ExtensionAbilityType::VPN);
1368 NETMGR_EXT_LOG_I("VPN HAP is OnProcessDied StopExtensionAbility res= %{public}d", res);
1369 }
1370 }
1371
OnRemoteDied(const wptr<IRemoteObject> &remoteObject)1372 void NetworkVpnService::OnRemoteDied(const wptr<IRemoteObject> &remoteObject)
1373 {
1374 NETMGR_EXT_LOG_I("vpn OnRemoteDied");
1375 sptr<IRemoteObject> diedRemoted = remoteObject.promote();
1376 if (diedRemoted == nullptr) {
1377 NETMGR_EXT_LOG_E("diedRemoted is null");
1378 return;
1379 }
1380 sptr<IVpnEventCallback> callback = iface_cast<IVpnEventCallback>(diedRemoted);
1381 UnregisterVpnEvent(callback);
1382 if (vpnObj_ != nullptr && vpnObj_->Destroy() != NETMANAGER_EXT_SUCCESS) {
1383 NETMGR_EXT_LOG_E("destroy vpn is failed");
1384 return;
1385 }
1386 vpnObj_ = nullptr;
1387 }
1388
AddClientDeathRecipient(const sptr<IVpnEventCallback> &callback)1389 void NetworkVpnService::AddClientDeathRecipient(const sptr<IVpnEventCallback> &callback)
1390 {
1391 NETMGR_EXT_LOG_I("vpn AddClientDeathRecipient");
1392 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1393 if (deathRecipient_ == nullptr) {
1394 deathRecipient_ = new (std::nothrow) VpnAppDeathRecipient(*this);
1395 }
1396 if (deathRecipient_ == nullptr) {
1397 NETMGR_EXT_LOG_E("deathRecipient is null");
1398 return;
1399 }
1400 if (!callback->AsObject()->AddDeathRecipient(deathRecipient_)) {
1401 NETMGR_EXT_LOG_E("AddClientDeathRecipient failed");
1402 return;
1403 }
1404 auto iter =
1405 std::find_if(vpnEventCallbacks_.cbegin(), vpnEventCallbacks_.cend(),
1406 [&callback](const sptr<IVpnEventCallback> &item) {
1407 return item->AsObject().GetRefPtr() == callback->AsObject().GetRefPtr();
1408 });
1409 if (iter == vpnEventCallbacks_.cend()) {
1410 vpnEventCallbacks_.emplace_back(callback);
1411 }
1412 }
1413
RemoveClientDeathRecipient(const sptr<IVpnEventCallback> &callback)1414 void NetworkVpnService::RemoveClientDeathRecipient(const sptr<IVpnEventCallback> &callback)
1415 {
1416 NETMGR_EXT_LOG_I("vpn RemoveClientDeathRecipient");
1417 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1418 auto iter =
1419 std::find_if(vpnEventCallbacks_.cbegin(), vpnEventCallbacks_.cend(),
1420 [&callback](const sptr<IVpnEventCallback> &item) {
1421 return item->AsObject().GetRefPtr() == callback->AsObject().GetRefPtr();
1422 });
1423 if (iter == vpnEventCallbacks_.cend()) {
1424 return;
1425 }
1426 callback->AsObject()->RemoveDeathRecipient(deathRecipient_);
1427 vpnEventCallbacks_.erase(iter);
1428 }
1429
RemoveALLClientDeathRecipient()1430 void NetworkVpnService::RemoveALLClientDeathRecipient()
1431 {
1432 std::lock_guard<std::mutex> autoLock(remoteMutex_);
1433 for (auto &item : vpnEventCallbacks_) {
1434 item->AsObject()->RemoveDeathRecipient(deathRecipient_);
1435 }
1436 vpnEventCallbacks_.clear();
1437 deathRecipient_ = nullptr;
1438 }
1439 } // namespace NetManagerStandard
1440 } // namespace OHOS
1441