2 * Copyright (c) 2016 Samsung Electronics Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 #include "table-firewall.h"
19 #include "helper-firewall.h"
20 #include "stc-firewall.h"
21 #include "stc-manager-gdbus.h"
23 #define IDENTIFIER_LEN 512
25 #define LOCK_NAME "admin"
27 #define CHAIN_NAME "chain"
28 #define CHAIN_TARGET "target"
29 #define CHAIN_PRIORITY "priority"
31 #define RULE_CHAIN "chain"
32 #define RULE_DIRECTION "direction"
33 #define RULE_SIPTYPE "s_ip_type"
34 #define RULE_DIPTYPE "d_ip_type"
35 #define RULE_SPORTTYPE "s_port_type"
36 #define RULE_DPORTTYPE "d_port_type"
37 #define RULE_PROTOCOL "protocol"
38 #define RULE_FAMILY "family"
39 #define RULE_SIP1 "s_ip1"
40 #define RULE_SIP2 "s_ip2"
41 #define RULE_DIP1 "d_ip1"
42 #define RULE_DIP2 "d_ip2"
43 #define RULE_SPORT1 "s_port1"
44 #define RULE_SPORT2 "s_port2"
45 #define RULE_DPORT1 "d_port1"
46 #define RULE_DPORT2 "d_port2"
47 #define RULE_IFNAME "ifname"
48 #define RULE_TARGET "target"
49 #define RULE_IDENTIFIER "identifier"
50 #define RULE_KEY "key"
52 #define RULE_TARGET_ACCEPT "ACCEPT"
53 #define RULE_TARGET_DROP "DROP"
54 #define RULE_TARGET_LOG "LOG"
56 #define FIREWALL_DBUS_ERROR_NAME "net.stc.firewall.Error.Failed"
58 #define STC_FIREWALL_DBUS_REPLY_ERROR(invocation, err_num) \
59 g_dbus_method_invocation_return_dbus_error((invocation), \
60 FIREWALL_DBUS_ERROR_NAME, \
61 stc_err_strs[-(err_num)])
63 #define STC_FIREWALL_CHECK_LOCK_STATE(invocation) do { \
64 if (g_lock_state == FIREWALL_LOCKED) { \
65 STC_LOGD("Firewall is locked"); \
66 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, \
67 STC_ERROR_PERMISSION_DENIED); \
68 __STC_LOG_FUNC_EXIT__; \
73 static const gchar *stc_err_strs[] = {
86 static GHashTable *g_firewalls = NULL;
87 static int g_lock_state = FIREWALL_UNKONWN;
88 static uint g_chain_priority = 0;
90 static void __fw_rule_copy(firewall_rule_s *rule,
91 const firewall_rule_s *info)
95 rule->chain = g_strdup(info->chain);
98 rule->direction = info->direction;
99 rule->s_ip_type = info->s_ip_type;
100 rule->d_ip_type = info->d_ip_type;
101 rule->s_port_type = info->s_port_type;
102 rule->d_port_type = info->d_port_type;
103 rule->protocol = info->protocol;
104 rule->family = info->family;
106 rule->s_ip1 = info->s_ip1;
107 rule->s_ip2 = info->s_ip2;
108 rule->d_ip1 = info->d_ip1;
109 rule->d_ip2 = info->d_ip2;
111 rule->s_port1 = info->s_port1;
112 rule->s_port2 = info->s_port2;
113 rule->d_port1 = info->d_port1;
114 rule->d_port2 = info->d_port2;
118 rule->ifname = g_strdup(info->ifname);
121 rule->target = info->target;
123 if (info->target_str) {
124 FREE(rule->target_str);
125 rule->target_str = g_strdup(info->target_str);
128 if (info->identifier) {
129 FREE(rule->identifier);
130 rule->identifier = g_strdup(info->identifier);
133 rule->key = info->key;
136 static void __fw_rule_make_key(firewall_rule_s *rule,
137 firewall_rule_s *info)
144 str = g_string_sized_new(IDENTIFIER_LEN);
148 g_string_append_printf(str, "%s", rule->chain);
150 g_string_append_printf(str, "_%u%u%u%u%u%u%u", rule->direction,
151 rule->s_ip_type, rule->d_ip_type, rule->s_port_type,
152 rule->d_port_type, rule->protocol, rule->family);
154 if (rule->family == STC_FW_FAMILY_V4) {
155 g_string_append_printf(str, "_");
156 g_string_append_printf(str, "%08x", rule->s_ip1.Ipv4.s_addr);
157 g_string_append_printf(str, "%08x", rule->s_ip2.Ipv4.s_addr);
159 g_string_append_printf(str, "_");
160 g_string_append_printf(str, "%08x", rule->d_ip1.Ipv4.s_addr);
161 g_string_append_printf(str, "%08x", rule->d_ip2.Ipv4.s_addr);
162 } else if (rule->family == STC_FW_FAMILY_V6) {
163 g_string_append_printf(str, "_");
164 g_string_append_printf(str, "%08x", rule->s_ip1.Ipv6.s6_addr32[0]);
165 g_string_append_printf(str, "%08x", rule->s_ip1.Ipv6.s6_addr32[1]);
166 g_string_append_printf(str, "%08x", rule->s_ip1.Ipv6.s6_addr32[2]);
167 g_string_append_printf(str, "%08x", rule->s_ip1.Ipv6.s6_addr32[3]);
168 g_string_append_printf(str, "%08x", rule->s_ip2.Ipv6.s6_addr32[0]);
169 g_string_append_printf(str, "%08x", rule->s_ip2.Ipv6.s6_addr32[1]);
170 g_string_append_printf(str, "%08x", rule->s_ip2.Ipv6.s6_addr32[2]);
171 g_string_append_printf(str, "%08x", rule->s_ip2.Ipv6.s6_addr32[3]);
173 g_string_append_printf(str, "_");
174 g_string_append_printf(str, "%08x", rule->d_ip1.Ipv6.s6_addr32[0]);
175 g_string_append_printf(str, "%08x", rule->d_ip1.Ipv6.s6_addr32[1]);
176 g_string_append_printf(str, "%08x", rule->d_ip1.Ipv6.s6_addr32[2]);
177 g_string_append_printf(str, "%08x", rule->d_ip1.Ipv6.s6_addr32[3]);
178 g_string_append_printf(str, "%08x", rule->d_ip2.Ipv6.s6_addr32[0]);
179 g_string_append_printf(str, "%08x", rule->d_ip2.Ipv6.s6_addr32[1]);
180 g_string_append_printf(str, "%08x", rule->d_ip2.Ipv6.s6_addr32[2]);
181 g_string_append_printf(str, "%08x", rule->d_ip2.Ipv6.s6_addr32[3]);
184 g_string_append_printf(str, "_%04x", rule->s_port1);
185 g_string_append_printf(str, "%04x", rule->s_port2);
187 g_string_append_printf(str, "_%04x", rule->d_port1);
188 g_string_append_printf(str, "%04x", rule->d_port2);
190 g_string_append_printf(str, "_%s", (rule->ifname) ? rule->ifname : "");
191 g_string_append_printf(str, "_%u", rule->target);
193 FREE(rule->identifier);
194 rule->identifier = g_string_free(str, FALSE);
195 rule->key = g_str_hash(rule->identifier);
197 FREE(info->identifier);
198 info->identifier = g_strdup(rule->identifier);
199 info->key = rule->key;
201 STC_LOGD("Identifier [%s]", rule->identifier);
202 STC_LOGD("Key [%u]", rule->key);
205 static void __fw_rule_free(void *data)
207 firewall_rule_s *rule = (firewall_rule_s *)data;
211 FREE(rule->identifier);
215 static void __fw_data_free(gpointer value)
217 stc_fw_data_s *data = (stc_fw_data_s *)value;
219 g_slist_free_full(data->rules, __fw_rule_free);
225 static gint __fw_rule_comp(gconstpointer a, gconstpointer b)
227 firewall_rule_s *data = (firewall_rule_s *)a;
228 firewall_rule_s *rule = (firewall_rule_s *)b;
230 if ((data->key == rule->key) &&
231 (g_strcmp0(data->identifier, rule->identifier) == 0))
237 static stc_error_e __fw_chain_add(const char *chain)
240 stc_fw_data_s *lookup;
242 ret_value_msg_if(g_firewalls == NULL,
244 "firewall is not initialized!");
246 lookup = g_hash_table_lookup(g_firewalls, chain);
248 STC_LOGD("chain already present");
249 return STC_ERROR_ALREADY_DATA;
252 data = MALLOC0(stc_fw_data_s, 1);
254 STC_LOGE("data allocation failed");
255 return STC_ERROR_OUT_OF_MEMORY;
258 data->target = STC_FW_CHAIN_TARGET_NONE;
262 g_hash_table_insert(g_firewalls, g_strdup(chain), data);
264 return STC_ERROR_NONE;
267 static stc_error_e __fw_chain_remove(const char *chain)
269 stc_fw_data_s *lookup;
271 ret_value_msg_if(g_firewalls == NULL,
273 "firewall is not initialized!");
275 lookup = g_hash_table_lookup(g_firewalls, chain);
277 STC_LOGE("chain not found");
278 return STC_ERROR_NO_DATA;
281 if (lookup->target != STC_FW_CHAIN_TARGET_NONE) {
282 STC_LOGE("can't be applied bcz chain is set");
283 return STC_ERROR_INVALID_PARAMETER;
286 g_slist_free_full(lookup->rules, __fw_rule_free);
287 lookup->rules = NULL;
289 g_hash_table_remove(g_firewalls, chain);
291 return STC_ERROR_NONE;
294 static stc_error_e __fw_chain_flush(const char *chain)
296 stc_fw_data_s *lookup;
298 ret_value_msg_if(g_firewalls == NULL,
300 "firewall is not initialized!");
302 lookup = g_hash_table_lookup(g_firewalls, chain);
304 STC_LOGE("chain not found");
305 return STC_ERROR_NO_DATA;
308 if (lookup->target != STC_FW_CHAIN_TARGET_NONE) {
309 STC_LOGE("can't be applied bcz chain is set");
310 return STC_ERROR_INVALID_PARAMETER;
313 g_slist_free_full(lookup->rules, __fw_rule_free);
314 lookup->rules = NULL;
316 return STC_ERROR_NONE;
319 static stc_error_e __fw_chain_set(const char *chain, stc_fw_data_s value)
321 stc_fw_data_s *lookup;
323 ret_value_msg_if(g_firewalls == NULL,
325 "firewall is not initialized!");
327 lookup = g_hash_table_lookup(g_firewalls, chain);
329 STC_LOGE("chain not found");
330 return STC_ERROR_NO_DATA;
333 lookup->target = value.target;
334 lookup->priority = value.priority;
336 return STC_ERROR_NONE;
339 static stc_fw_data_s *__fw_chain_get(const char *chain)
341 stc_fw_data_s *lookup;
343 ret_value_msg_if(g_firewalls == NULL, NULL,
344 "firewall is not initialized!");
346 lookup = g_hash_table_lookup(g_firewalls, chain);
348 STC_LOGE("chain not found");
355 static stc_error_e __fw_chain_unset(const char *chain)
357 stc_error_e ret = STC_ERROR_NONE;
358 stc_fw_data_s *lookup;
360 ret_value_msg_if(g_firewalls == NULL,
362 "firewall is not initialized!");
364 lookup = g_hash_table_lookup(g_firewalls, chain);
366 STC_LOGE("chain not found");
367 return STC_ERROR_NO_DATA;
370 lookup->target = STC_FW_CHAIN_TARGET_NONE;
371 lookup->priority = 0;
376 static void __fw_chain_make_params(gpointer key, gpointer value,
379 char *chain = (char *)key;
380 stc_fw_data_s *data = (stc_fw_data_s *)value;
381 GVariantBuilder *builder = (GVariantBuilder *)user_data;
382 GVariantBuilder sub_builder;
384 g_variant_builder_init(&sub_builder, G_VARIANT_TYPE("a{sv}"));
386 g_variant_builder_add(&sub_builder, "{sv}", CHAIN_NAME,
387 g_variant_new_string(chain));
389 g_variant_builder_add(&sub_builder, "{sv}", CHAIN_PRIORITY,
390 g_variant_new_uint32(data->priority));
392 g_variant_builder_add(&sub_builder, "{sv}", CHAIN_TARGET,
393 g_variant_new_uint16(data->target));
395 g_variant_builder_add_value(builder, g_variant_builder_end(&sub_builder));
398 static void __fw_rule_make_params(gpointer data, gpointer user_data)
400 firewall_rule_s *rule = (firewall_rule_s *)data;
401 GVariantBuilder *builder = (GVariantBuilder *)user_data;
402 GVariantBuilder sub_builder;
404 g_variant_builder_init(&sub_builder, G_VARIANT_TYPE("a{sv}"));
406 g_variant_builder_add(&sub_builder, "{sv}", RULE_CHAIN,
407 g_variant_new_string(rule->chain));
409 if (rule->direction != STC_FW_DIRECTION_NONE)
410 g_variant_builder_add(&sub_builder, "{sv}", RULE_DIRECTION,
411 g_variant_new_uint16(rule->direction));
413 if (rule->s_ip_type != STC_FW_IP_NONE)
414 g_variant_builder_add(&sub_builder, "{sv}", RULE_SIPTYPE,
415 g_variant_new_uint16(rule->s_ip_type));
417 if (rule->d_ip_type != STC_FW_IP_NONE)
418 g_variant_builder_add(&sub_builder, "{sv}", RULE_DIPTYPE,
419 g_variant_new_uint16(rule->d_ip_type));
421 if (rule->s_port_type != STC_FW_PORT_NONE)
422 g_variant_builder_add(&sub_builder, "{sv}", RULE_SPORTTYPE,
423 g_variant_new_uint16(rule->s_port_type));
425 if (rule->d_port_type != STC_FW_PORT_NONE)
426 g_variant_builder_add(&sub_builder, "{sv}", RULE_DPORTTYPE,
427 g_variant_new_uint16(rule->d_port_type));
429 if (rule->protocol != STC_FW_PROTOCOL_NONE)
430 g_variant_builder_add(&sub_builder, "{sv}", RULE_PROTOCOL,
431 g_variant_new_uint16(rule->protocol));
433 if (rule->family != STC_FW_FAMILY_NONE)
434 g_variant_builder_add(&sub_builder, "{sv}", RULE_FAMILY,
435 g_variant_new_uint16(rule->family));
437 if (rule->family == STC_FW_FAMILY_V4) {
440 switch (rule->s_ip_type) {
441 case STC_FW_IP_RANGE:
443 addr = g_try_malloc0(INET_ADDRSTRLEN);
445 inet_ntop(AF_INET, &(rule->s_ip2.Ipv4), addr, INET_ADDRSTRLEN);
446 g_variant_builder_add(&sub_builder, "{sv}", RULE_SIP2,
447 g_variant_new_string(addr));
450 case STC_FW_IP_SINGLE:
451 addr = g_try_malloc0(INET_ADDRSTRLEN);
453 inet_ntop(AF_INET, &(rule->s_ip1.Ipv4), addr, INET_ADDRSTRLEN);
454 g_variant_builder_add(&sub_builder, "{sv}", RULE_SIP1,
455 g_variant_new_string(addr));
463 switch (rule->d_ip_type) {
464 case STC_FW_IP_RANGE:
466 addr = g_try_malloc0(INET_ADDRSTRLEN);
468 inet_ntop(AF_INET, &(rule->d_ip2.Ipv4), addr, INET_ADDRSTRLEN);
469 g_variant_builder_add(&sub_builder, "{sv}", RULE_DIP2,
470 g_variant_new_string(addr));
473 case STC_FW_IP_SINGLE:
474 addr = g_try_malloc0(INET_ADDRSTRLEN);
476 inet_ntop(AF_INET, &(rule->d_ip1.Ipv4), addr, INET_ADDRSTRLEN);
477 g_variant_builder_add(&sub_builder, "{sv}", RULE_DIP1,
478 g_variant_new_string(addr));
485 } else if (rule->family == STC_FW_FAMILY_V6) {
488 switch (rule->s_ip_type) {
489 case STC_FW_IP_RANGE:
491 addr = g_try_malloc0(INET6_ADDRSTRLEN);
493 inet_ntop(AF_INET6, &(rule->s_ip2.Ipv6), addr, INET6_ADDRSTRLEN);
494 g_variant_builder_add(&sub_builder, "{sv}", RULE_SIP2,
495 g_variant_new_string(addr));
498 case STC_FW_IP_SINGLE:
499 addr = g_try_malloc0(INET6_ADDRSTRLEN);
501 inet_ntop(AF_INET6, &(rule->s_ip1.Ipv6), addr, INET6_ADDRSTRLEN);
502 g_variant_builder_add(&sub_builder, "{sv}", RULE_SIP1,
503 g_variant_new_string(addr));
511 switch (rule->d_ip_type) {
512 case STC_FW_IP_RANGE:
514 addr = g_try_malloc0(INET6_ADDRSTRLEN);
516 inet_ntop(AF_INET6, &(rule->d_ip2.Ipv6), addr, INET6_ADDRSTRLEN);
517 g_variant_builder_add(&sub_builder, "{sv}", RULE_DIP2,
518 g_variant_new_string(addr));
521 case STC_FW_IP_SINGLE:
522 addr = g_try_malloc0(INET6_ADDRSTRLEN);
524 inet_ntop(AF_INET6, &(rule->d_ip1.Ipv6), addr, INET6_ADDRSTRLEN);
525 g_variant_builder_add(&sub_builder, "{sv}", RULE_DIP1,
526 g_variant_new_string(addr));
535 g_variant_builder_add(&sub_builder, "{sv}", RULE_SPORT1,
536 g_variant_new_uint32(rule->s_port1));
538 g_variant_builder_add(&sub_builder, "{sv}", RULE_SPORT2,
539 g_variant_new_uint32(rule->s_port2));
541 g_variant_builder_add(&sub_builder, "{sv}", RULE_DPORT1,
542 g_variant_new_uint32(rule->d_port1));
544 g_variant_builder_add(&sub_builder, "{sv}", RULE_DPORT2,
545 g_variant_new_uint32(rule->d_port2));
548 g_variant_builder_add(&sub_builder, "{sv}", RULE_IFNAME,
549 g_variant_new_string(rule->ifname));
551 if (rule->target != STC_FW_RULE_TARGET_NONE)
552 g_variant_builder_add(&sub_builder, "{sv}", RULE_TARGET,
553 g_variant_new_uint16(rule->target));
555 g_variant_builder_add(&sub_builder, "{sv}", RULE_IDENTIFIER,
556 g_variant_new_string(rule->identifier));
558 g_variant_builder_add(&sub_builder, "{sv}", RULE_KEY,
559 g_variant_new_uint32(rule->key));
561 g_variant_builder_add_value(builder, g_variant_builder_end(&sub_builder));
564 static void __fw_rule_set_to_chain(gpointer data, gpointer user_data)
566 firewall_rule_s *info = (firewall_rule_s *)data;
567 char *chain = (char *)user_data;
568 firewall_rule_s rule;
570 if (chain && (g_strcmp0(info->chain, chain) != 0))
573 memset(&rule, 0, sizeof(firewall_rule_s));
574 memcpy(&rule, info, sizeof(firewall_rule_s));
575 rule.chain = g_strdup(info->chain);
576 rule.ifname = g_strdup(info->ifname);
577 switch (rule.target) {
578 case STC_FW_RULE_TARGET_ACCEPT:
579 rule.target_str = g_strdup(FIREWALL_RULE_TARGET_ACCEPT);
581 case STC_FW_RULE_TARGET_DROP:
582 rule.target_str = g_strdup(FIREWALL_RULE_TARGET_DROP);
584 case STC_FW_RULE_TARGET_LOG:
585 rule.target_str = g_strdup(FIREWALL_RULE_TARGET_LOG);
591 firewall_rule_add(&rule);
595 FREE(rule.target_str);
598 static void __fw_foreach_to_make_rule_param(gpointer key, gpointer value,
601 stc_fw_data_s *data = (stc_fw_data_s *)value;
603 g_slist_foreach(data->rules, __fw_rule_make_params, user_data);
606 static void __fw_foreach_to_set_rule_to_chain(gpointer key, gpointer value,
609 stc_fw_data_s *data = (stc_fw_data_s *)value;
610 char *chain = (char *)user_data;
612 if (chain || (data->target != STC_FW_CHAIN_TARGET_NONE))
613 g_slist_foreach(data->rules, __fw_rule_set_to_chain, user_data);
616 static void __fw_foreach_to_set_chain(gpointer key, gpointer value,
619 char *chain = (char *)key;
620 stc_fw_data_s *data = (stc_fw_data_s *)value;
622 if (data->target != STC_FW_CHAIN_TARGET_NONE) {
623 firewall_chain_s info;
624 memset(&info, 0, sizeof(firewall_chain_s));
626 info.target = data->target;
627 info.priority = data->priority;
628 firewall_chain_set(&info);
632 static void __fw_foreach_to_add_chain(gpointer key, gpointer value,
635 char *chain = (char *)key;
636 stc_fw_data_s *data = (stc_fw_data_s *)value;
638 if (data->target != STC_FW_CHAIN_TARGET_NONE) {
639 firewall_chain_s info;
640 memset(&info, 0, sizeof(firewall_chain_s));
642 info.target = data->target;
643 info.priority = data->priority;
644 firewall_chain_add(&info);
648 static void __fw_chain_foreach(GHFunc func, void *user_data)
650 g_hash_table_foreach(g_firewalls, func, user_data);
653 stc_cb_ret_e __fw_table_chain_info_cb(const firewall_chain_s *info,
658 data = MALLOC0(stc_fw_data_s, 1);
660 STC_LOGE("data allocation failed");
664 data->target = info->target;
665 data->priority = info->priority;
668 g_hash_table_insert(g_firewalls, g_strdup(info->chain), data);
673 stc_cb_ret_e __fw_table_rule_info_cb(const firewall_rule_s *info,
676 stc_fw_data_s *lookup;
677 firewall_rule_s *rule;
679 lookup = g_hash_table_lookup(g_firewalls, info->chain);
681 STC_LOGE("chain not found");
685 rule = MALLOC0(firewall_rule_s, 1);
687 STC_LOGE("rule allocation failed");
691 memset(rule, 0, sizeof(firewall_rule_s));
692 __fw_rule_copy(rule, info);
694 lookup->rules = g_slist_append(lookup->rules, rule);
699 static stc_error_e __fw_rule_add(firewall_rule_s *info)
701 stc_fw_data_s *lookup;
702 firewall_rule_s *rule;
705 ret_value_msg_if(g_firewalls == NULL,
707 "firewall is not initialized!");
709 lookup = g_hash_table_lookup(g_firewalls, info->chain);
711 STC_LOGE("chain not found");
712 return STC_ERROR_NO_DATA;
715 if (lookup->target != STC_FW_CHAIN_TARGET_NONE) {
716 STC_LOGE("can't be applied bcz chain is set");
717 return STC_ERROR_INVALID_PARAMETER;
720 rule = MALLOC0(firewall_rule_s, 1);
722 STC_LOGE("rule allocation failed");
723 return STC_ERROR_OUT_OF_MEMORY;
726 memset(rule, 0, sizeof(firewall_rule_s));
727 __fw_rule_copy(rule, info);
728 __fw_rule_make_key(rule, info);
730 comp = g_slist_find_custom(lookup->rules, rule, __fw_rule_comp);
732 STC_LOGD("rule already present");
733 __fw_rule_free(rule);
734 return STC_ERROR_ALREADY_DATA;
737 lookup->rules = g_slist_append(lookup->rules, rule);
739 return STC_ERROR_NONE;
742 static stc_error_e __fw_rule_remove(const firewall_rule_s *info)
744 stc_fw_data_s *lookup;
747 firewall_rule_s *rule;
749 ret_value_msg_if(g_firewalls == NULL,
751 "firewall is not initialized!");
753 lookup = g_hash_table_lookup(g_firewalls, info->chain);
755 STC_LOGE("chain not found");
756 return STC_ERROR_NO_DATA;
759 if (lookup->target != STC_FW_CHAIN_TARGET_NONE) {
760 STC_LOGE("can't be applied bcz chain is set");
761 return STC_ERROR_INVALID_PARAMETER;
764 rule_list = lookup->rules;
765 comp = g_slist_find_custom(rule_list, info, __fw_rule_comp);
767 STC_LOGD("rule not found");
768 return STC_ERROR_NO_DATA;
772 lookup->rules = g_slist_remove(lookup->rules, rule);
773 __fw_rule_free(rule);
775 return STC_ERROR_NONE;
778 static stc_error_e __fw_rule_update(const firewall_rule_s *info)
780 stc_fw_data_s *lookup;
783 firewall_rule_s *origin_rule;
784 firewall_rule_s *update_rule;
786 ret_value_msg_if(g_firewalls == NULL,
788 "firewall is not initialized!");
790 lookup = g_hash_table_lookup(g_firewalls, info->chain);
792 STC_LOGE("chain not found");
793 return STC_ERROR_NO_DATA;
796 if (lookup->target != STC_FW_CHAIN_TARGET_NONE) {
797 STC_LOGE("can't be applied bcz chain is set");
798 return STC_ERROR_INVALID_PARAMETER;
801 rule_list = lookup->rules;
802 comp = g_slist_find_custom(rule_list, info, __fw_rule_comp);
804 STC_LOGD("rule not found");
805 return STC_ERROR_NO_DATA;
808 origin_rule = comp->data;
810 update_rule = MALLOC0(firewall_rule_s, 1);
812 STC_LOGE("rule allocation failed");
813 return STC_ERROR_OUT_OF_MEMORY;
816 memset(update_rule, 0, sizeof(firewall_rule_s));
817 __fw_rule_copy(update_rule, info);
818 __fw_rule_make_key(update_rule, info);
820 comp = g_slist_find_custom(lookup->rules, update_rule, __fw_rule_comp);
822 STC_LOGD("rule already present");
823 __fw_rule_free(update_rule);
824 return STC_ERROR_ALREADY_DATA;
827 lookup->rules = g_slist_remove(lookup->rules, origin_rule);
828 __fw_rule_free(origin_rule);
830 lookup->rules = g_slist_append(lookup->rules, update_rule);
832 return STC_ERROR_NONE;
835 static void __fw_rule_extract(const char *key, GVariant *value,
838 __STC_LOG_FUNC_ENTER__;
840 firewall_rule_s *rule = (firewall_rule_s *)user_data;
842 __STC_LOG_FUNC_EXIT__;
846 if (g_strcmp0(key, RULE_CHAIN) == 0) {
848 const gchar *str = g_variant_get_string(value, &str_length);
849 rule->chain = g_strdup(str);
850 STC_LOGD("%s: [%s]", RULE_CHAIN, rule->chain);
852 } else if (g_strcmp0(key, RULE_DIRECTION) == 0) {
853 rule->direction = g_variant_get_uint16(value);
854 STC_LOGD("%s: [%u]", RULE_DIRECTION, rule->direction);
856 } else if (g_strcmp0(key, RULE_SIPTYPE) == 0) {
857 rule->s_ip_type = g_variant_get_uint16(value);
858 STC_LOGD("%s: [%u]", RULE_SIPTYPE, rule->s_ip_type);
860 } else if (g_strcmp0(key, RULE_DIPTYPE) == 0) {
861 rule->d_ip_type = g_variant_get_uint16(value);
862 STC_LOGD("%s: [%u]", RULE_DIPTYPE, rule->d_ip_type);
864 } else if (g_strcmp0(key, RULE_SPORTTYPE) == 0) {
865 rule->s_port_type = g_variant_get_uint16(value);
866 STC_LOGD("%s: [%u]", RULE_SPORTTYPE, rule->s_port_type);
868 } else if (g_strcmp0(key, RULE_DPORTTYPE) == 0) {
869 rule->d_port_type = g_variant_get_uint16(value);
870 STC_LOGD("%s: [%u]", RULE_DPORTTYPE, rule->d_port_type);
872 } else if (g_strcmp0(key, RULE_PROTOCOL) == 0) {
873 rule->protocol = g_variant_get_uint16(value);
874 STC_LOGD("%s: [%u]", RULE_PROTOCOL, rule->protocol);
876 } else if (g_strcmp0(key, RULE_FAMILY) == 0) {
877 rule->family = g_variant_get_uint16(value);
878 STC_LOGD("%s: [%u]", RULE_FAMILY, rule->family);
880 } else if (g_strcmp0(key, RULE_SIP1) == 0) {
882 const gchar *str = g_variant_get_string(value, &str_length);
883 if (rule->family == STC_FW_FAMILY_V4) {
884 inet_pton(AF_INET, str, &(rule->s_ip1.Ipv4));
885 STC_LOGD("%s: [%08x]", RULE_SIP1, rule->s_ip1.Ipv4.s_addr);
886 } else if (rule->family == STC_FW_FAMILY_V6) {
887 inet_pton(AF_INET6, str, &(rule->s_ip1.Ipv6));
888 STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP1,
889 rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1],
890 rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]);
893 } else if (g_strcmp0(key, RULE_SIP2) == 0) {
895 const gchar *str = g_variant_get_string(value, &str_length);
896 if (rule->family == STC_FW_FAMILY_V4) {
897 inet_pton(AF_INET, str, &(rule->s_ip2.Ipv4));
898 STC_LOGD("%s: [%08x]", RULE_SIP2, rule->s_ip2.Ipv4.s_addr);
899 } else if (rule->family == STC_FW_FAMILY_V6) {
900 inet_pton(AF_INET6, str, &(rule->s_ip2.Ipv6));
901 STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP2,
902 rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1],
903 rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]);
906 } else if (g_strcmp0(key, RULE_DIP1) == 0) {
908 const gchar *str = g_variant_get_string(value, &str_length);
909 if (rule->family == STC_FW_FAMILY_V4) {
910 inet_pton(AF_INET, str, &(rule->d_ip1.Ipv4));
911 STC_LOGD("%s: [%08x]", RULE_DIP1, rule->d_ip1.Ipv4.s_addr);
912 } else if (rule->family == STC_FW_FAMILY_V6) {
913 inet_pton(AF_INET6, str, &(rule->d_ip1.Ipv6));
914 STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP1,
915 rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1],
916 rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]);
919 } else if (g_strcmp0(key, RULE_DIP2) == 0) {
921 const gchar *str = g_variant_get_string(value, &str_length);
922 if (rule->family == STC_FW_FAMILY_V4) {
923 inet_pton(AF_INET, str, &(rule->d_ip2.Ipv4));
924 STC_LOGD("%s: [%08x]", RULE_DIP2, rule->d_ip2.Ipv4.s_addr);
925 } else if (rule->family == STC_FW_FAMILY_V6) {
926 inet_pton(AF_INET6, str, &(rule->d_ip2.Ipv6));
927 STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP2,
928 rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1],
929 rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]);
932 } else if (g_strcmp0(key, RULE_SPORT1) == 0) {
933 rule->s_port1 = g_variant_get_uint32(value);
934 STC_LOGD("%s: [%04x]", RULE_SPORT1, rule->s_port1);
936 } else if (g_strcmp0(key, RULE_SPORT2) == 0) {
937 rule->s_port2 = g_variant_get_uint32(value);
938 STC_LOGD("%s: [%04x]", RULE_SPORT2, rule->s_port2);
940 } else if (g_strcmp0(key, RULE_DPORT1) == 0) {
941 rule->d_port1 = g_variant_get_uint32(value);
942 STC_LOGD("%s: [%04x]", RULE_DPORT1, rule->d_port1);
944 } else if (g_strcmp0(key, RULE_DPORT2) == 0) {
945 rule->d_port2 = g_variant_get_uint32(value);
946 STC_LOGD("%s: [%04x]", RULE_DPORT2, rule->d_port2);
948 } else if (g_strcmp0(key, RULE_IFNAME) == 0) {
950 const gchar *str = g_variant_get_string(value, &str_length);
951 rule->ifname = g_strdup(str);
952 STC_LOGD("%s: [%s]", RULE_IFNAME, rule->ifname);
954 } else if (g_strcmp0(key, RULE_TARGET) == 0) {
955 rule->target = g_variant_get_uint16(value);
956 STC_LOGD("%s: [%u]", RULE_TARGET, rule->target);
958 } else if (g_strcmp0(key, RULE_IDENTIFIER) == 0) {
960 const gchar *str = g_variant_get_string(value, &str_length);
961 rule->identifier = g_strdup(str);
962 STC_LOGD("%s: [%s]", RULE_IDENTIFIER, rule->identifier);
964 } else if (g_strcmp0(key, RULE_KEY) == 0) {
965 rule->key = g_variant_get_uint32(value);
966 STC_LOGD("%s: [%u]", RULE_KEY, rule->key);
969 STC_LOGD("Unknown rule [%s]", key);
972 __STC_LOG_FUNC_EXIT__;
975 gboolean __validate_fw_rule(firewall_rule_s *rule)
977 __STC_LOG_FUNC_ENTER__;
980 __STC_LOG_FUNC_EXIT__;
984 if (rule->chain == NULL) {
985 __STC_LOG_FUNC_EXIT__;
989 if (rule->direction > STC_FW_DIRECTION_OUT) {
990 __STC_LOG_FUNC_EXIT__;
994 if (rule->s_ip_type > STC_FW_IP_RANGE) {
995 __STC_LOG_FUNC_EXIT__;
999 if (rule->d_ip_type > STC_FW_IP_RANGE) {
1000 __STC_LOG_FUNC_EXIT__;
1004 if (rule->s_port_type > STC_FW_PORT_RANGE) {
1005 __STC_LOG_FUNC_EXIT__;
1009 if (rule->d_port_type > STC_FW_PORT_RANGE) {
1010 __STC_LOG_FUNC_EXIT__;
1014 if (rule->protocol > STC_FW_PROTOCOL_ALL) {
1015 __STC_LOG_FUNC_EXIT__;
1019 if (rule->family > STC_FW_FAMILY_V6) {
1020 __STC_LOG_FUNC_EXIT__;
1024 __STC_LOG_FUNC_EXIT__;
1028 void stc_firewall_init(void)
1030 int ret = STC_ERROR_NONE;
1032 g_firewalls = g_hash_table_new_full(g_str_hash,
1033 g_str_equal, g_free, __fw_data_free);
1035 ret = table_firewall_get_lock(LOCK_NAME, &g_lock_state);
1036 if (ret != STC_ERROR_NONE)
1037 table_firewall_insert_lock(LOCK_NAME, FIREWALL_UNLOCKED);
1039 if (g_lock_state == FIREWALL_UNKONWN)
1040 g_lock_state = FIREWALL_UNLOCKED;
1042 table_firewall_foreach_chain(__fw_table_chain_info_cb, NULL);
1043 table_firewall_foreach_rule(__fw_table_rule_info_cb, NULL);
1046 void stc_firewall_update(void)
1048 __fw_chain_foreach(__fw_foreach_to_add_chain, NULL);
1049 __fw_chain_foreach(__fw_foreach_to_set_rule_to_chain, NULL);
1050 __fw_chain_foreach(__fw_foreach_to_set_chain, NULL);
1053 void stc_firewall_deinit(void)
1056 g_hash_table_destroy(g_firewalls);
1061 gboolean handle_firewall_lock(StcFirewall *object,
1062 GDBusMethodInvocation *invocation,
1065 __STC_LOG_FUNC_ENTER__;
1066 int ret = STC_ERROR_NONE;
1068 ret = table_firewall_update_lock(LOCK_NAME, FIREWALL_LOCKED);
1069 if (ret != STC_ERROR_NONE)
1070 table_firewall_insert_lock(LOCK_NAME, FIREWALL_LOCKED);
1072 g_lock_state = FIREWALL_LOCKED;
1074 STC_DBUS_REPLY_ERROR_NONE(invocation);
1075 __STC_LOG_FUNC_EXIT__;
1079 gboolean handle_firewall_unlock(StcFirewall *object,
1080 GDBusMethodInvocation *invocation,
1083 __STC_LOG_FUNC_ENTER__;
1084 int ret = STC_ERROR_NONE;
1086 ret = table_firewall_update_lock(LOCK_NAME, FIREWALL_UNLOCKED);
1087 if (ret != STC_ERROR_NONE)
1088 table_firewall_insert_lock(LOCK_NAME, FIREWALL_UNLOCKED);
1090 g_lock_state = FIREWALL_UNLOCKED;
1092 STC_DBUS_REPLY_ERROR_NONE(invocation);
1093 __STC_LOG_FUNC_EXIT__;
1097 gboolean handle_firewall_get_lock(StcFirewall *object,
1098 GDBusMethodInvocation *invocation,
1101 __STC_LOG_FUNC_ENTER__;
1102 int ret = STC_ERROR_NONE;
1103 GVariant *return_parameters = NULL;
1105 if (g_lock_state == FIREWALL_UNKONWN) {
1106 ret = table_firewall_get_lock(LOCK_NAME, &g_lock_state);
1107 if (ret != STC_ERROR_NONE)
1108 table_firewall_insert_lock(LOCK_NAME, FIREWALL_UNLOCKED);
1110 if (g_lock_state == FIREWALL_UNKONWN)
1111 g_lock_state = FIREWALL_UNLOCKED;
1114 return_parameters = g_variant_new("(i)", g_lock_state);
1115 STC_DBUS_REPLY(invocation, return_parameters);
1116 __STC_LOG_FUNC_EXIT__;
1120 gboolean handle_firewall_add_chain(StcFirewall *object,
1121 GDBusMethodInvocation *invocation,
1125 __STC_LOG_FUNC_ENTER__;
1126 firewall_chain_s info;
1127 int ret = STC_ERROR_NONE;
1129 STC_FIREWALL_CHECK_LOCK_STATE(invocation);
1131 if (chain == NULL) {
1132 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1133 STC_ERROR_INVALID_PARAMETER);
1134 __STC_LOG_FUNC_EXIT__;
1138 ret = __fw_chain_add(chain);
1139 if (ret == STC_ERROR_NONE) {
1140 memset(&info, 0, sizeof(firewall_chain_s));
1143 info.target = STC_FW_CHAIN_TARGET_NONE;
1144 table_firewall_insert_chain(&info);
1146 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1147 __STC_LOG_FUNC_EXIT__;
1151 STC_DBUS_REPLY_ERROR_NONE(invocation);
1152 __STC_LOG_FUNC_EXIT__;
1156 gboolean handle_firewall_remove_chain(StcFirewall *object,
1157 GDBusMethodInvocation *invocation,
1161 __STC_LOG_FUNC_ENTER__;
1162 firewall_chain_s info;
1163 int ret = STC_ERROR_NONE;
1165 STC_FIREWALL_CHECK_LOCK_STATE(invocation);
1167 if (chain == NULL) {
1168 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1169 STC_ERROR_INVALID_PARAMETER);
1170 __STC_LOG_FUNC_EXIT__;
1174 ret = __fw_chain_remove(chain);
1175 if (ret == STC_ERROR_NONE) {
1176 memset(&info, 0, sizeof(firewall_chain_s));
1178 table_firewall_flush_chain(&info);
1179 table_firewall_delete_chain(&info);
1181 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1182 __STC_LOG_FUNC_EXIT__;
1186 STC_DBUS_REPLY_ERROR_NONE(invocation);
1187 __STC_LOG_FUNC_EXIT__;
1191 gboolean handle_firewall_flush_chain(StcFirewall *object,
1192 GDBusMethodInvocation *invocation,
1196 __STC_LOG_FUNC_ENTER__;
1197 firewall_chain_s info;
1198 int ret = STC_ERROR_NONE;
1200 STC_FIREWALL_CHECK_LOCK_STATE(invocation);
1202 if (chain == NULL) {
1203 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1204 STC_ERROR_INVALID_PARAMETER);
1205 __STC_LOG_FUNC_EXIT__;
1209 ret = __fw_chain_flush(chain);
1210 if (ret == STC_ERROR_NONE) {
1211 memset(&info, 0, sizeof(firewall_chain_s));
1213 table_firewall_flush_chain(&info);
1215 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1216 __STC_LOG_FUNC_EXIT__;
1220 STC_DBUS_REPLY_ERROR_NONE(invocation);
1221 __STC_LOG_FUNC_EXIT__;
1225 gboolean handle_firewall_get_all_chain(StcFirewall *object,
1226 GDBusMethodInvocation *invocation,
1229 __STC_LOG_FUNC_ENTER__;
1230 GVariantBuilder *builder = NULL;
1231 GVariant *return_parameters = NULL;
1233 STC_FIREWALL_CHECK_LOCK_STATE(invocation);
1235 builder = g_variant_builder_new(G_VARIANT_TYPE("aa{sv}"));
1237 __fw_chain_foreach(__fw_chain_make_params, builder);
1239 return_parameters = g_variant_new("(aa{sv})", builder);
1240 g_variant_builder_unref(builder);
1242 DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
1243 STC_DBUS_REPLY(invocation, return_parameters);
1244 __STC_LOG_FUNC_EXIT__;
1248 gboolean handle_firewall_set_chain(StcFirewall *object,
1249 GDBusMethodInvocation *invocation,
1251 unsigned int target,
1254 __STC_LOG_FUNC_ENTER__;
1255 stc_fw_data_s *lookup = NULL;
1257 firewall_chain_s info;
1259 int ret = STC_ERROR_NONE;
1261 STC_FIREWALL_CHECK_LOCK_STATE(invocation);
1263 if (chain == NULL ||
1264 target > STC_FW_CHAIN_TARGET_OUTPUT) {
1265 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1266 STC_ERROR_INVALID_PARAMETER);
1267 __STC_LOG_FUNC_EXIT__;
1271 lookup = __fw_chain_get(chain);
1272 if (lookup == NULL) {
1273 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1275 __STC_LOG_FUNC_EXIT__;
1279 if (lookup->target != STC_FW_CHAIN_TARGET_NONE) {
1280 STC_LOGE("chain is already set");
1281 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1282 STC_ERROR_INVALID_PARAMETER);
1283 __STC_LOG_FUNC_EXIT__;
1288 memset(&info, 0, sizeof(firewall_chain_s));
1290 info.target = target;
1292 ret = firewall_chain_add(&info);
1293 if (ret != STC_ERROR_NONE) {
1294 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1295 __STC_LOG_FUNC_EXIT__;
1299 __fw_chain_foreach(__fw_foreach_to_set_rule_to_chain, chain);
1301 ret = firewall_chain_set(&info);
1302 if (ret != STC_ERROR_NONE) {
1303 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1304 __STC_LOG_FUNC_EXIT__;
1309 priority = g_chain_priority + 1;
1311 memset(&data, 0, sizeof(stc_fw_data_s));
1312 data.target = target;
1313 data.priority = priority;
1315 ret = __fw_chain_set(chain, data);
1316 if (ret == STC_ERROR_NONE) {
1317 info.priority = priority;
1318 table_firewall_update_chain(&info);
1319 g_chain_priority = priority;
1321 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1322 __STC_LOG_FUNC_EXIT__;
1326 STC_DBUS_REPLY_ERROR_NONE(invocation);
1327 __STC_LOG_FUNC_EXIT__;
1331 gboolean handle_firewall_unset_chain(StcFirewall *object,
1332 GDBusMethodInvocation *invocation,
1336 __STC_LOG_FUNC_ENTER__;
1337 stc_fw_data_s *lookup = NULL;
1338 firewall_chain_s info;
1339 int ret = STC_ERROR_NONE;
1341 STC_FIREWALL_CHECK_LOCK_STATE(invocation);
1343 if (chain == NULL) {
1344 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1345 STC_ERROR_INVALID_PARAMETER);
1346 __STC_LOG_FUNC_EXIT__;
1350 lookup = __fw_chain_get(chain);
1351 if (lookup == NULL) {
1352 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1354 __STC_LOG_FUNC_EXIT__;
1358 if (lookup->target == STC_FW_CHAIN_TARGET_NONE) {
1359 STC_LOGE("chain is not set");
1360 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1361 STC_ERROR_INVALID_PARAMETER);
1362 __STC_LOG_FUNC_EXIT__;
1367 memset(&info, 0, sizeof(firewall_chain_s));
1369 info.target = lookup->target;
1371 ret = firewall_chain_unset(&info);
1372 if (ret != STC_ERROR_NONE) {
1373 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1374 __STC_LOG_FUNC_EXIT__;
1378 ret = firewall_chain_remove(&info);
1379 if (ret != STC_ERROR_NONE) {
1380 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1381 __STC_LOG_FUNC_EXIT__;
1386 ret = __fw_chain_unset(chain);
1387 if (ret == STC_ERROR_NONE) {
1388 info.target = STC_FW_CHAIN_TARGET_NONE;
1390 table_firewall_update_chain(&info);
1392 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1393 __STC_LOG_FUNC_EXIT__;
1397 STC_DBUS_REPLY_ERROR_NONE(invocation);
1398 __STC_LOG_FUNC_EXIT__;
1402 gboolean handle_firewall_add_rule(StcFirewall *object,
1403 GDBusMethodInvocation *invocation,
1404 GVariant *parameters,
1407 __STC_LOG_FUNC_ENTER__;
1408 GVariantIter *iter = NULL;
1409 firewall_rule_s *rule;
1410 int ret = STC_ERROR_NONE;
1412 STC_FIREWALL_CHECK_LOCK_STATE(invocation);
1414 rule = MALLOC0(firewall_rule_s, 1);
1416 STC_LOGE("rule allocation failed");
1417 return STC_ERROR_OUT_OF_MEMORY;
1420 memset(rule, 0, sizeof(firewall_rule_s));
1422 g_variant_get(parameters, "a{sv}", &iter);
1424 stc_manager_gdbus_dict_foreach(iter,
1427 g_variant_iter_free(iter);
1430 if (__validate_fw_rule(rule) == FALSE) {
1431 __fw_rule_free(rule);
1432 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1433 STC_ERROR_INVALID_PARAMETER);
1434 __STC_LOG_FUNC_EXIT__;
1438 ret = __fw_rule_add(rule);
1439 if (ret == STC_ERROR_NONE) {
1440 table_firewall_insert_rule(rule);
1442 __fw_rule_free(rule);
1443 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1444 __STC_LOG_FUNC_EXIT__;
1448 __fw_rule_free(rule);
1449 STC_DBUS_REPLY_ERROR_NONE(invocation);
1450 __STC_LOG_FUNC_EXIT__;
1454 gboolean handle_firewall_remove_rule(StcFirewall *object,
1455 GDBusMethodInvocation *invocation,
1456 GVariant *parameters,
1459 __STC_LOG_FUNC_ENTER__;
1460 GVariantIter *iter = NULL;
1461 firewall_rule_s *rule;
1462 int ret = STC_ERROR_NONE;
1464 STC_FIREWALL_CHECK_LOCK_STATE(invocation);
1466 rule = MALLOC0(firewall_rule_s, 1);
1468 STC_LOGE("rule allocation failed");
1469 return STC_ERROR_OUT_OF_MEMORY;
1472 memset(rule, 0, sizeof(firewall_rule_s));
1474 g_variant_get(parameters, "a{sv}", &iter);
1476 stc_manager_gdbus_dict_foreach(iter,
1479 g_variant_iter_free(iter);
1482 if (__validate_fw_rule(rule) == FALSE) {
1483 __fw_rule_free(rule);
1484 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1485 STC_ERROR_INVALID_PARAMETER);
1486 __STC_LOG_FUNC_EXIT__;
1490 ret = __fw_rule_remove(rule);
1491 if (ret == STC_ERROR_NONE) {
1492 table_firewall_delete_rule(rule);
1494 __fw_rule_free(rule);
1495 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1496 __STC_LOG_FUNC_EXIT__;
1500 __fw_rule_free(rule);
1501 STC_DBUS_REPLY_ERROR_NONE(invocation);
1502 __STC_LOG_FUNC_EXIT__;
1506 gboolean handle_firewall_update_rule(StcFirewall *object,
1507 GDBusMethodInvocation *invocation,
1508 GVariant *parameters,
1511 __STC_LOG_FUNC_ENTER__;
1512 GVariantIter *iter = NULL;
1513 firewall_rule_s *rule;
1515 int ret = STC_ERROR_NONE;
1517 STC_FIREWALL_CHECK_LOCK_STATE(invocation);
1519 rule = MALLOC0(firewall_rule_s, 1);
1521 STC_LOGE("rule allocation failed");
1522 return STC_ERROR_OUT_OF_MEMORY;
1525 memset(rule, 0, sizeof(firewall_rule_s));
1527 g_variant_get(parameters, "a{sv}", &iter);
1529 stc_manager_gdbus_dict_foreach(iter,
1532 g_variant_iter_free(iter);
1535 if (__validate_fw_rule(rule) == FALSE) {
1536 __fw_rule_free(rule);
1537 STC_FIREWALL_DBUS_REPLY_ERROR(invocation,
1538 STC_ERROR_INVALID_PARAMETER);
1539 __STC_LOG_FUNC_EXIT__;
1544 ret = __fw_rule_update(rule);
1545 if (ret == STC_ERROR_NONE) {
1546 table_firewall_update_rule(rule, key);
1548 __fw_rule_free(rule);
1549 STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret);
1550 __STC_LOG_FUNC_EXIT__;
1554 __fw_rule_free(rule);
1555 STC_DBUS_REPLY_ERROR_NONE(invocation);
1556 __STC_LOG_FUNC_EXIT__;
1560 gboolean handle_firewall_get_all_rule(StcFirewall *object,
1561 GDBusMethodInvocation *invocation,
1564 __STC_LOG_FUNC_ENTER__;
1565 GVariantBuilder *builder = NULL;
1566 GVariant *return_parameters = NULL;
1568 STC_FIREWALL_CHECK_LOCK_STATE(invocation);
1570 builder = g_variant_builder_new(G_VARIANT_TYPE("aa{sv}"));
1572 __fw_chain_foreach(__fw_foreach_to_make_rule_param, builder);
1574 return_parameters = g_variant_new("(aa{sv})", builder);
1575 g_variant_builder_unref(builder);
1577 DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters);
1578 STC_DBUS_REPLY(invocation, return_parameters);
1579 __STC_LOG_FUNC_EXIT__;