From e9cf7157200314f7da28d42f86bf3f04b197d56c Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 7 Feb 2018 11:17:27 +0900 Subject: [PATCH 01/16] Fixed some svaces WGID : 307350, 307352 Change-Id: I517541c5c088f2a0f30ea71186fcf9d2df332d9e Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/monitor/stc-default-connection.c | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 9e2c1af..d50d114 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.46 +Version: 0.0.47 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/monitor/stc-default-connection.c b/src/monitor/stc-default-connection.c index 9a43408..6128e02 100755 --- a/src/monitor/stc-default-connection.c +++ b/src/monitor/stc-default-connection.c @@ -118,8 +118,10 @@ static void __telephony_get_modem_subscriber_id(GDBusConnection *connection, DEBUG_PARAMS(message); DEBUG_PARAM_TYPE(message); g_variant_get(message, "(&s&s)", &plmn, &msin); - plmn_len = strlen(plmn); - msin_len = strlen(msin); + if (plmn) + plmn_len = strlen(plmn); + if (msin) + msin_len = strlen(msin); if (msin_len + plmn_len >= IMSI_LENGTH) { STC_LOGD("Incorrect length of mobile subscriber identifier + net id"); //LCOV_EXCL_LINE -- 2.7.4 From 1582744d78efda2bc85b7cdf3cb6ece204803e5b Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Thu, 8 Feb 2018 09:44:18 +0900 Subject: [PATCH 02/16] Moved exception list to plugin Change-Id: Iec04f0f7aba1862cde610a9e3c4d7c93f67674e0 Signed-off-by: hyunuktak --- include/stc-manager-plugin.h | 16 ++- include/stc-plugin.h | 33 ++++- packaging/stc-manager.spec | 2 +- plugin/CMakeLists.txt | 3 + plugin/stc-plugin-appstatus.c | 186 ++++++++++++++++++++++++ plugin/stc-plugin-exception.c | 291 ++++++++++++++++++++++++++++++++++++++ plugin/stc-plugin-popup.c | 73 ++++++++++ plugin/stc-plugin.c | 227 +++-------------------------- src/monitor/include/stc-monitor.h | 5 - src/monitor/stc-app-lifecycle.c | 3 +- src/monitor/stc-monitor.c | 117 ++------------- src/stc-manager-gdbus.c | 5 +- src/stc-manager-plugin.c | 93 +++++++++--- src/stc-manager.c | 2 +- 14 files changed, 711 insertions(+), 345 deletions(-) create mode 100755 plugin/stc-plugin-appstatus.c create mode 100755 plugin/stc-plugin-exception.c create mode 100755 plugin/stc-plugin-popup.c diff --git a/include/stc-manager-plugin.h b/include/stc-manager-plugin.h index f4233da..f0409b2 100755 --- a/include/stc-manager-plugin.h +++ b/include/stc-manager-plugin.h @@ -21,17 +21,21 @@ #include "stc-plugin.h" -void stc_manager_plugin_init(void); -void stc_manager_plugin_deinit(void); +int stc_manager_plugin_init(void); +int stc_manager_plugin_deinit(void); -int stc_send_warn_message_to_net_popup(const char *content, +int stc_manager_plugin_send_warn_message(const char *content, const char *type, const char *app_id, const char *iftype, const char *warn); -int stc_send_restriction_message_to_net_popup(const char *content, +int stc_manager_plugin_send_restriction_message(const char *content, const char *type, const char *app_id, const char *iftype, const char *limit); -int stc_register_state_changed_cb(stc_s *stc, +int stc_manager_plugin_register_state_changed_cb(stc_s *stc, stc_plugin_app_state_changed_cb cb, void *data); -int stc_deregister_state_changed_cb(stc_s *stc); +int stc_manager_plugin_deregister_state_changed_cb(stc_s *stc); + +int stc_manager_plugin_fill_exception_list(void); +int stc_manager_plugin_update_exception_list(void); +int stc_manager_plugin_check_exception_by_cmdline(char *cmdline); #endif /* __STC_MANAGER_PLUGIN_H__ */ diff --git a/include/stc-plugin.h b/include/stc-plugin.h index 4d843b8..ffb5767 100755 --- a/include/stc-plugin.h +++ b/include/stc-plugin.h @@ -28,20 +28,49 @@ typedef stc_error_e (*stc_plugin_app_state_changed_cb)(stc_cmd_type_e cmd, stc_app_type_e app_type); typedef struct { - int(*send_restriction_message_to_net_popup) (const char *, + void (*initialize_plugin) (void); + void (*deinitialize_plugin) (void); + /* popup */ + int (*send_restriction_message_to_net_popup) (const char *, const char *, const char *, const char *, const char *); - int(*send_warn_message_to_net_popup) (const char *, + int (*send_warn_message_to_net_popup) (const char *, const char *, const char *, const char *, const char *); + + /* app status */ int (*register_state_changed_cb) (stc_s *stc, stc_plugin_app_state_changed_cb cb, void *data); int (*deregister_state_changed_cb) (stc_s *stc); + + /* exception */ + int (*fill_exception_list) (void); + int (*update_exception_list) (void); + int (*check_exception_by_cmdline) (char *cmdline); } stc_plugin_s; +void stc_plugin_initialize(void); +void stc_plugin_deinitialize(void); + +int stc_plugin_popup_send_restriction_message(const char *content, + const char *type, const char *app_id, const char *iftype, const char *limit); +int stc_plugin_popup_send_restriction_message(const char *content, + const char *type, const char *app_id, const char *iftype, const char *limit); + +int stc_plugin_appstatus_register_changed_cb(stc_s *stc, + stc_plugin_app_state_changed_cb cb, + void *data); +int stc_plugin_appstatus_deregister_changed_cb(stc_s *stc); + +int stc_plugin_exception_init(void); +int stc_plugin_exception_deinit(void); +int stc_plugin_exception_fill_list(void); +int stc_plugin_exception_update_list(void); +int stc_plugin_exception_check_by_cmdline(char *cmdline); + #endif /* __STC_PLUGIN_H__ */ diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index d50d114..3b6e441 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.47 +Version: 0.0.48 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/plugin/CMakeLists.txt b/plugin/CMakeLists.txt index afde5f4..bad6651 100755 --- a/plugin/CMakeLists.txt +++ b/plugin/CMakeLists.txt @@ -28,6 +28,9 @@ ADD_DEFINITIONS("-DUSE_DLOG") SET(SRCS_PLUGIN stc-plugin.c + stc-plugin-popup.c + stc-plugin-appstatus.c + stc-plugin-exception.c ) # library build diff --git a/plugin/stc-plugin-appstatus.c b/plugin/stc-plugin-appstatus.c new file mode 100755 index 0000000..d642cd6 --- /dev/null +++ b/plugin/stc-plugin-appstatus.c @@ -0,0 +1,186 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "stc-plugin.h" + +//LCOV_EXCL_START +#define AUL_APP_STATUS_DBUS_PATH "/Org/Tizen/Aul/AppStatus" +#define AUL_APP_STATUS_DBUS_SIGNAL_INTERFACE "org.tizen.aul.AppStatus" +#define AUL_APP_STATUS_BUS_NAME AUL_APP_STATUS_DBUS_SIGNAL_INTERFACE + +#define AUL_APP_STATUS_DBUS_STATUS_CHANGE "AppStatusChange" +#define AUL_APP_STATUS_DBUS_STATUS_CHANGE_TYPE "(issss)" + +typedef struct { + guint sub_id; + const gchar *path; + const gchar *interface; + const gchar *member; + const gchar *param_type; + GDBusSignalCallback callback; + gpointer user_data; +} signal_map_s; + +stc_error_e(*state_changed_cb)(stc_cmd_type_e cmd, pid_t pid, + const gchar *app_id, const gchar *pkg_id, + stc_app_type_e app_type); + +static void __stc_gdbus_handle_aul_changestate(GDBusConnection *connection, + const gchar *sender_name, + const gchar *object_path, + const gchar *interface_name, + const gchar *signal_name, + GVariant *parameters, + gpointer user_data) +{ + pid_t pid; + stc_cmd_type_e status; + stc_app_type_e apptype; + gchar *appid, *pkgid, *statstr, *pkgtype; + + if (g_strcmp0(g_variant_get_type_string(parameters), + AUL_APP_STATUS_DBUS_STATUS_CHANGE_TYPE)) { + STC_LOGE("Dbus type not matching, do not process"); + return; + } + + g_variant_get(parameters, AUL_APP_STATUS_DBUS_STATUS_CHANGE_TYPE, + &pid, &appid, &pkgid, &statstr, &pkgtype); + + if (!strncmp(statstr, "fg", 2)) { + status = STC_CMD_SET_FOREGRD; + } else if (!strncmp(statstr, "bg", 2)) { + status = STC_CMD_SET_BACKGRD; + } else { + goto out; + } + + if (!strncmp(pkgtype, "svc", 3)) + apptype = STC_APP_TYPE_SERVICE; + else if (!strncmp(pkgtype, "widget", 6)) + apptype = STC_APP_TYPE_WIDGET; + else if (!strncmp(pkgtype, "watch", 5)) + apptype = STC_APP_TYPE_WATCH; + else + apptype = STC_APP_TYPE_GUI; + + if (STC_DEBUG_LOG) { + STC_LOGD("\033[1;36mAPP STATUS\033[0;m: Pkg ID [\033[0;34m%s\033[0;m], " + "App ID [\033[0;32m%s\033[0;m], PID [\033[1;33m%d\033[0;m], Status [%s], Type [%s]", + pkgid, appid, pid, statstr, pkgtype); + } + + if (state_changed_cb) + state_changed_cb(status, pid, appid, pkgid, apptype); + +out: + FREE(appid); + FREE(pkgid); + FREE(statstr); + FREE(pkgtype); +} + +signal_map_s signal_map[] = { + + /* AMD DBUS */ + { + 0, + AUL_APP_STATUS_DBUS_PATH, + AUL_APP_STATUS_DBUS_SIGNAL_INTERFACE, + AUL_APP_STATUS_DBUS_STATUS_CHANGE, + AUL_APP_STATUS_DBUS_STATUS_CHANGE_TYPE, + __stc_gdbus_handle_aul_changestate, + NULL + }, + { + 0, + NULL, + NULL, + NULL, + NULL + } +}; + + +static stc_error_e __ground_status_monitor_init(stc_s *stc) +{ + guint i = 0; + + ret_value_msg_if(stc == NULL, STC_ERROR_INVALID_PARAMETER, "failed to get stc data"); + + for (i = 0; signal_map[i].member != NULL; i++) { + signal_map[i].sub_id = + g_dbus_connection_signal_subscribe(stc->connection, + NULL, + signal_map[i].interface, + signal_map[i].member, + signal_map[i].path, + NULL, + G_DBUS_SIGNAL_FLAGS_NONE, + signal_map[i].callback, + signal_map[i].user_data, + NULL); + STC_LOGI("Successfully subscribed [%s] signal", + signal_map[i].member); + } + + return STC_ERROR_NONE; +} + +static stc_error_e __ground_status_monitor_deinit(stc_s *stc) +{ + guint i = 0; + + ret_value_msg_if(stc == NULL, STC_ERROR_INVALID_PARAMETER, "failed to get stc data"); + + for (i = 0; signal_map[i].member != NULL; i++) { + g_dbus_connection_signal_unsubscribe(stc->connection, + signal_map[i].sub_id); + signal_map[i].sub_id = 0; + STC_LOGD("Successfully unsubscribed [%s] signal", + signal_map[i].member); + } + + return STC_ERROR_NONE; +} + +int stc_plugin_appstatus_register_changed_cb(stc_s *stc, + stc_plugin_app_state_changed_cb cb, + void *data) +{ + state_changed_cb = cb; + __ground_status_monitor_init(stc); + + return 0; +} + +int stc_plugin_appstatus_deregister_changed_cb(stc_s *stc) +{ + state_changed_cb = NULL; + __ground_status_monitor_deinit(stc); + return 0; +} +//LCOV_EXCL_STOP diff --git a/plugin/stc-plugin-exception.c b/plugin/stc-plugin-exception.c new file mode 100755 index 0000000..9484d92 --- /dev/null +++ b/plugin/stc-plugin-exception.c @@ -0,0 +1,291 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "stc-plugin.h" + +//LCOV_EXCL_START +#define EXE_TYPE_APPLICATION "app" +#define EXE_TYPE_INSTRUCTION "inst" +#define EXE_TYPE_SYSTEM "sys" +#define EXE_TYPE_SCRIPT "script" + +/* 1 day */ +#define EXCNS_TIMER_INTERVAL 86400 + +#define EXCEPTION_BUF_MAX 64 +#define EXCEPTION_STORAGE "/var/lib/stc/exceptions" + +#define INTERNET_PRIVILEGE "http://tizen.org/privilege/internet" + +typedef struct { + char *process_name; + char *exe_type; +} stc_exceptions_info; + +typedef stc_cb_ret_e +(*stc_exceptions_info_cb)(const stc_exceptions_info *info, + void *user_data); + +static GHashTable *g_excns_hash; /**< exception hash table */ +static GHashTable *g_pkginfo_filter_hash; +static guint g_excns_timer_id; + +static int __pkginfo_filter_list_cb(pkgmgrinfo_pkginfo_h handle, void *user_data) +{ + int ret = 0; + char *pkgname = NULL; + + ret = pkgmgrinfo_pkginfo_get_pkgname(handle, &pkgname); + if (ret == PMINFO_R_OK) { + if (g_hash_table_insert(g_pkginfo_filter_hash, + g_strdup(pkgname), g_strdup(EXE_TYPE_APPLICATION)) != TRUE) + STC_LOGE("Failed to insert hash table"); + } + + return STC_CONTINUE; +} + +static int __pkginfo_pkg_list_cb(pkgmgrinfo_pkginfo_h handle, void *user_data) +{ + int ret = 0; + char *pkgname = NULL; + char *exe_type = NULL; + stc_exceptions_info data; + const stc_exceptions_info_cb excn_cb = user_data; + + ret = pkgmgrinfo_pkginfo_get_pkgname(handle, &pkgname); + if (ret == PMINFO_R_OK) { + exe_type = g_hash_table_lookup(g_pkginfo_filter_hash, pkgname); + if (exe_type) + return STC_CONTINUE; + + data.process_name = pkgname; + data.exe_type = EXE_TYPE_APPLICATION; + + if (excn_cb(&data, NULL) == STC_CANCEL) + STC_LOGE("Failed to insert hash table"); + } + + return STC_CONTINUE; +} + +static void __excn_hash_foreach_print(gpointer key, gpointer value, + gpointer data) +{ + const char *process_name = key; + const char *exe_type = value; + + STC_LOGI("excn info => process_name [%s] exe_type [%s]", + process_name, exe_type); +} + +static void __excn_hash_printall(void) +{ + g_hash_table_foreach(g_excns_hash, + __excn_hash_foreach_print, NULL); +} + +static gboolean __remove_exception_app(gpointer key, gpointer value, + gpointer data) +{ + const char *exe_type = value; + + if (g_strcmp0(exe_type, EXE_TYPE_APPLICATION) == 0) + return TRUE; + + return FALSE; +} + +static void __remove_exception_appall(void) +{ + g_hash_table_foreach_remove(g_excns_hash, + __remove_exception_app, NULL); +} + +static stc_cb_ret_e __insert_exception_cb(const stc_exceptions_info *info, + void *user_data) +{ + stc_cb_ret_e ret = STC_CONTINUE; + + if (g_hash_table_insert(g_excns_hash, + g_strdup(info->process_name), + g_strdup(info->exe_type)) != TRUE) + ret = STC_CANCEL; + + return ret; +} + +static gboolean __update_exceptions_app_list(void *user_data) +{ + stc_plugin_exception_update_list(); + return TRUE; +} + +static stc_error_e pkginfo_exceptions_foreach(const stc_exceptions_info_cb exception_cb, + void *user_data) +{ + int ret = 0; + int err = STC_ERROR_NONE; + pkgmgrinfo_pkginfo_filter_h handle; + + g_pkginfo_filter_hash = g_hash_table_new_full(g_str_hash, + g_str_equal, g_free, g_free); + + ret = pkgmgrinfo_pkginfo_filter_create(&handle); + ret_value_msg_if(ret != PMINFO_R_OK, STC_ERROR_FAIL, + "Failed to create pkginfo filter"); + + ret = pkgmgrinfo_pkginfo_filter_add_string(handle, + PMINFO_PKGINFO_PROP_PACKAGE_PRIVILEGE, + INTERNET_PRIVILEGE); + if (ret != PMINFO_R_OK) { + STC_LOGE("Failed to add pkginfo filter string"); + err = STC_ERROR_FAIL; + goto out; + } + + ret = pkgmgrinfo_pkginfo_filter_foreach_pkginfo(handle, + __pkginfo_filter_list_cb, NULL); + if (ret != PMINFO_R_OK) { + STC_LOGE("Failed to foreach pkginfo filter"); + err = STC_ERROR_FAIL; + goto out; + } + + ret = pkgmgrinfo_pkginfo_get_list(__pkginfo_pkg_list_cb, exception_cb); + if (ret != PMINFO_R_OK) { + STC_LOGE("Failed to get pkginfo list"); + err = STC_ERROR_FAIL; + goto out; + } + +out: + if (g_pkginfo_filter_hash) { + g_hash_table_destroy(g_pkginfo_filter_hash); + g_pkginfo_filter_hash = NULL; + } + + if (handle) + pkgmgrinfo_pkginfo_filter_destroy(handle); + + return err; +} + +static stc_error_e table_exceptions_foreach(const stc_exceptions_info_cb exception_cb, + void *user_data) +{ + stc_error_e error_code = STC_ERROR_NONE; + stc_exceptions_info data; + + FILE *fp = NULL; + char buf[EXCEPTION_BUF_MAX] = {0, }; + + fp = fopen(EXCEPTION_STORAGE, "r"); + ret_value_msg_if(!fp, STC_ERROR_FAIL, "Failed to open %s file"); + + while (fgets(buf, sizeof(buf), fp) != NULL) { + char *process_name, *exe_type; + char *save_ptr = NULL; + + process_name = strtok_r(buf, ":", &save_ptr); + if (process_name != NULL) + data.process_name = process_name; + else + data.process_name = "none"; + + exe_type = strtok_r(NULL, "\n", &save_ptr); + if (exe_type != NULL) + data.exe_type = exe_type; + else + data.exe_type = "none"; + + if (exception_cb(&data, user_data) == STC_CANCEL) + break; + } + fclose(fp); + + return error_code; +} + +int stc_plugin_exception_init(void) +{ + g_excns_hash = g_hash_table_new_full(g_str_hash, + g_str_equal, g_free, g_free); + + return STC_ERROR_NONE; +} + +int stc_plugin_exception_deinit(void) +{ + if (g_excns_timer_id > 0) { + g_source_remove(g_excns_timer_id); + g_excns_timer_id = 0; + } + + g_hash_table_destroy(g_excns_hash); + + return STC_ERROR_NONE; +} + +int stc_plugin_exception_fill_list(void) +{ + table_exceptions_foreach(__insert_exception_cb, NULL); + pkginfo_exceptions_foreach(__insert_exception_cb, NULL); + + if (STC_DEBUG_LOG) + __excn_hash_printall(); + + + g_excns_timer_id = g_timeout_add_seconds(EXCNS_TIMER_INTERVAL, + __update_exceptions_app_list, + NULL); + + return STC_ERROR_NONE; +} + +int stc_plugin_exception_update_list(void) +{ + __remove_exception_appall(); + pkginfo_exceptions_foreach(__insert_exception_cb, NULL); + + if (STC_DEBUG_LOG) + __excn_hash_printall(); + + return STC_ERROR_NONE; +} + +int stc_plugin_exception_check_by_cmdline(char *cmdline) +{ + char *exe_type = NULL; + + exe_type = g_hash_table_lookup(g_excns_hash, cmdline); + if (!exe_type) + return STC_ERROR_NO_DATA; + + return STC_ERROR_NONE; +} +//LCOV_EXCL_STOP diff --git a/plugin/stc-plugin-popup.c b/plugin/stc-plugin-popup.c new file mode 100755 index 0000000..409c890 --- /dev/null +++ b/plugin/stc-plugin-popup.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "stc-plugin.h" + +//LCOV_EXCL_START +int stc_plugin_popup_send_warn_message(const char *content, + const char *type, const char *app_id, const char *iftype, const char *warn) +{ + int ret = 0; + bundle *b = bundle_create(); + + STC_LOGD("Warn message : content[%s] type[%s] app_id[%s] warn[%s]", + content, type, app_id, warn); + + bundle_add(b, "_SYSPOPUP_CONTENT_", content); + bundle_add(b, "_SYSPOPUP_TYPE_", type); + bundle_add(b, "_APP_ID_", app_id); + bundle_add(b, "_IF_TYPE_", iftype); + bundle_add(b, "_WARN_LIMIT_", warn); + + ret = syspopup_launch("net-popup", b); + + bundle_free(b); + + return ret; +} + +int stc_plugin_popup_send_restriction_message(const char *content, + const char *type, const char *app_id, const char *iftype, const char *limit) +{ + int ret = 0; + bundle *b = bundle_create(); + + STC_LOGD("Restriction message : content[%s] type[%s] app_id[%s] limit[%s]", + content, type, app_id, limit); + + bundle_add(b, "_SYSPOPUP_CONTENT_", content); + bundle_add(b, "_SYSPOPUP_TYPE_", type); + bundle_add(b, "_APP_ID_", app_id); + bundle_add(b, "_IF_TYPE_", iftype); + bundle_add(b, "_RESTRICTION_LIMIT_", limit); + + ret = syspopup_launch("net-popup", b); + + bundle_free(b); + + return ret; +} +//LCOV_EXCL_STOP diff --git a/plugin/stc-plugin.c b/plugin/stc-plugin.c index 916a75e..b1b4013 100755 --- a/plugin/stc-plugin.c +++ b/plugin/stc-plugin.c @@ -25,219 +25,36 @@ #include #include "stc-plugin.h" -#include "stc-manager.h" -#include "stc-manager-util.h" -/* - * AUL - */ -#define AUL_APP_STATUS_DBUS_PATH "/Org/Tizen/Aul/AppStatus" -#define AUL_APP_STATUS_DBUS_SIGNAL_INTERFACE "org.tizen.aul.AppStatus" -#define AUL_APP_STATUS_BUS_NAME AUL_APP_STATUS_DBUS_SIGNAL_INTERFACE - -#define AUL_APP_STATUS_DBUS_STATUS_CHANGE "AppStatusChange" -#define AUL_APP_STATUS_DBUS_STATUS_CHANGE_TYPE "(issss)" - -typedef struct { - guint sub_id; - const gchar *path; - const gchar *interface; - const gchar *member; - const gchar *param_type; - GDBusSignalCallback callback; - gpointer user_data; -} signal_map_s; - -stc_error_e(*state_changed_cb)(stc_cmd_type_e cmd, pid_t pid, - const gchar *app_id, const gchar *pkg_id, - stc_app_type_e app_type); - -static void __stc_gdbus_handle_aul_changestate(GDBusConnection *connection, - const gchar *sender_name, - const gchar *object_path, - const gchar *interface_name, - const gchar *signal_name, - GVariant *parameters, - gpointer user_data) -{ - pid_t pid; - stc_cmd_type_e status; - stc_app_type_e apptype; - gchar *appid, *pkgid, *statstr, *pkgtype; - - if (g_strcmp0(g_variant_get_type_string(parameters), - AUL_APP_STATUS_DBUS_STATUS_CHANGE_TYPE)) { - STC_LOGE("Dbus type not matching, do not process"); - return; - } - - g_variant_get(parameters, AUL_APP_STATUS_DBUS_STATUS_CHANGE_TYPE, - &pid, &appid, &pkgid, &statstr, &pkgtype); - - if (!strncmp(statstr, "fg", 2)) { - status = STC_CMD_SET_FOREGRD; - } else if (!strncmp(statstr, "bg", 2)) { - status = STC_CMD_SET_BACKGRD; - } else { - goto out; - } - - if (!strncmp(pkgtype, "svc", 3)) - apptype = STC_APP_TYPE_SERVICE; - else if (!strncmp(pkgtype, "widget", 6)) - apptype = STC_APP_TYPE_WIDGET; - else if (!strncmp(pkgtype, "watch", 5)) - apptype = STC_APP_TYPE_WATCH; - else - apptype = STC_APP_TYPE_GUI; - - if (STC_DEBUG_LOG) { - STC_LOGD("\033[1;36mAPP STATUS\033[0;m: Pkg ID [\033[0;34m%s\033[0;m], " - "App ID [\033[0;32m%s\033[0;m], PID [\033[1;33m%d\033[0;m], Status [%s], Type [%s]", - pkgid, appid, pid, statstr, pkgtype); - } - - if (state_changed_cb) - state_changed_cb(status, pid, appid, pkgid, apptype); - -out: - FREE(appid); - FREE(pkgid); - FREE(statstr); - FREE(pkgtype); -} - -signal_map_s signal_map[] = { - - /* AMD DBUS */ - { - 0, - AUL_APP_STATUS_DBUS_PATH, - AUL_APP_STATUS_DBUS_SIGNAL_INTERFACE, - AUL_APP_STATUS_DBUS_STATUS_CHANGE, - AUL_APP_STATUS_DBUS_STATUS_CHANGE_TYPE, - __stc_gdbus_handle_aul_changestate, - NULL - }, - { - 0, - NULL, - NULL, - NULL, - NULL - } -}; - - -static stc_error_e __ground_status_monitor_init(stc_s *stc) -{ - guint i = 0; - - ret_value_msg_if(stc == NULL, STC_ERROR_INVALID_PARAMETER, "failed to get stc data"); - - for (i = 0; signal_map[i].member != NULL; i++) { - signal_map[i].sub_id = - g_dbus_connection_signal_subscribe(stc->connection, - NULL, - signal_map[i].interface, - signal_map[i].member, - signal_map[i].path, - NULL, - G_DBUS_SIGNAL_FLAGS_NONE, - signal_map[i].callback, - signal_map[i].user_data, - NULL); - STC_LOGI("Successfully subscribed [%s] signal", - signal_map[i].member); - } - - return STC_ERROR_NONE; -} - -static stc_error_e __ground_status_monitor_deinit(stc_s *stc) +//LCOV_EXCL_START +void stc_plugin_initialize(void) { - guint i = 0; - - ret_value_msg_if(stc == NULL, STC_ERROR_INVALID_PARAMETER, "failed to get stc data"); - - for (i = 0; signal_map[i].member != NULL; i++) { - g_dbus_connection_signal_unsubscribe(stc->connection, - signal_map[i].sub_id); - signal_map[i].sub_id = 0; - STC_LOGD("Successfully unsubscribed [%s] signal", - signal_map[i].member); - } - - return STC_ERROR_NONE; + stc_plugin_exception_init(); } -static int __stc_send_warn_message_to_net_popup(const char *content, - const char *type, const char *app_id, const char *iftype, const char *warn) +void stc_plugin_deinitialize(void) { - int ret = 0; - bundle *b = bundle_create(); - - STC_LOGD("Warn message : content[%s] type[%s] app_id[%s] warn[%s]", - content, type, app_id, warn); - - bundle_add(b, "_SYSPOPUP_CONTENT_", content); - bundle_add(b, "_SYSPOPUP_TYPE_", type); - bundle_add(b, "_APP_ID_", app_id); - bundle_add(b, "_IF_TYPE_", iftype); - bundle_add(b, "_WARN_LIMIT_", warn); - - ret = syspopup_launch("net-popup", b); - - bundle_free(b); - - return ret; -} - -static int __stc_send_restriction_message_to_net_popup(const char *content, - const char *type, const char *app_id, const char *iftype, const char *limit) -{ - int ret = 0; - bundle *b = bundle_create(); - - STC_LOGD("Restriction message : content[%s] type[%s] app_id[%s] limit[%s]", - content, type, app_id, limit); - - bundle_add(b, "_SYSPOPUP_CONTENT_", content); - bundle_add(b, "_SYSPOPUP_TYPE_", type); - bundle_add(b, "_APP_ID_", app_id); - bundle_add(b, "_IF_TYPE_", iftype); - bundle_add(b, "_RESTRICTION_LIMIT_", limit); - - ret = syspopup_launch("net-popup", b); - - bundle_free(b); - - return ret; -} - -static int __register_state_changed_cb(stc_s *stc, - stc_plugin_app_state_changed_cb cb, - void *data) -{ - state_changed_cb = cb; - __ground_status_monitor_init(stc); - - return 0; -} - -int __deregister_state_changed_cb(stc_s *stc) -{ - state_changed_cb = NULL; - __ground_status_monitor_deinit(stc); - return 0; + stc_plugin_exception_deinit(); } API stc_plugin_s stc_plugin = { + .initialize_plugin = + stc_plugin_initialize, + .deinitialize_plugin = + stc_plugin_deinitialize, .send_warn_message_to_net_popup = - __stc_send_warn_message_to_net_popup, + stc_plugin_popup_send_restriction_message, .send_restriction_message_to_net_popup = - __stc_send_restriction_message_to_net_popup, - .register_state_changed_cb = __register_state_changed_cb, - .deregister_state_changed_cb = __deregister_state_changed_cb + stc_plugin_popup_send_restriction_message, + .register_state_changed_cb = + stc_plugin_appstatus_register_changed_cb, + .deregister_state_changed_cb = + stc_plugin_appstatus_deregister_changed_cb, + .fill_exception_list = + stc_plugin_exception_fill_list, + .update_exception_list = + stc_plugin_exception_update_list, + .check_exception_by_cmdline = + stc_plugin_exception_check_by_cmdline }; - +//LCOV_EXCL_STOP diff --git a/src/monitor/include/stc-monitor.h b/src/monitor/include/stc-monitor.h index 0ecce65..b8a7357 100755 --- a/src/monitor/include/stc-monitor.h +++ b/src/monitor/include/stc-monitor.h @@ -28,9 +28,6 @@ /* 1 seconds */ #define CONTR_TIMER_INTERVAL 1 -/* 1 day */ -#define EXCNS_TIMER_INTERVAL 86400 - /** * @brief key for processes tree */ @@ -102,8 +99,6 @@ typedef struct { gboolean rstns_tree_updated; GTree *apps; /**< monitored applications */ gboolean apps_tree_updated; - GHashTable *excns_hash; /**< exception hash table */ - guint excns_timer_id; guint background_state; } stc_system_s; diff --git a/src/monitor/stc-app-lifecycle.c b/src/monitor/stc-app-lifecycle.c index d02667f..2fcbfe6 100755 --- a/src/monitor/stc-app-lifecycle.c +++ b/src/monitor/stc-app-lifecycle.c @@ -208,7 +208,8 @@ static gboolean __check_excn(char *cmdline) return TRUE; ret = stc_monitor_check_excn_by_cmdline(cmdline); - if (ret == STC_ERROR_NO_DATA) + if (ret == STC_ERROR_UNINITIALIZED || + ret == STC_ERROR_NO_DATA) return FALSE; else return TRUE; diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index c8f7b7e..b3edf39 100755 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -27,7 +27,6 @@ #include "counter.h" #include "table-statistics.h" #include "table-counters.h" -#include "stc-exception.h" #include "stc-monitor.h" #include "stc-manager-plugin.h" @@ -552,8 +551,6 @@ static void __process_restriction(enum traffic_restriction_type rst_type, counter.iftype = rstn_key->iftype; g_strlcpy(counter.ifname, default_ifname, MAX_IFACE_LENGTH); - - generate_counter_name(&counter); g_free(default_ifname); /* iptables rule */ @@ -597,8 +594,6 @@ static void __process_restriction(enum traffic_restriction_type rst_type, counter.iftype = rstn_key->iftype; g_strlcpy(counter.ifname, default_ifname, MAX_IFACE_LENGTH); - - generate_counter_name(&counter); g_free(default_ifname); /* iptables rule */ @@ -772,7 +767,7 @@ static gboolean __rstn_counter_update(stc_rstn_key_s *rstn_key, snprintf(iftype, MAX_INT_LENGTH, "%d", rstn_key->iftype); snprintf(byte, MAX_INT_LENGTH, "%lld", rstn_value->data_warn_limit); - stc_send_warn_message_to_net_popup("warn threshold crossed", + stc_manager_plugin_send_warn_message("warn threshold crossed", "warning_noti", rstn_key->app_id, iftype, byte); @@ -813,7 +808,7 @@ static gboolean __rstn_counter_update(stc_rstn_key_s *rstn_key, snprintf(iftype, MAX_INT_LENGTH, "%d", rstn_key->iftype); snprintf(byte, MAX_INT_LENGTH, "%lld", rstn_value->data_limit); - stc_send_restriction_message_to_net_popup("restriction threshold crossed", + stc_manager_plugin_send_restriction_message("restriction threshold crossed", "restriction_noti", rstn_key->app_id, iftype, byte); } @@ -1212,7 +1207,8 @@ static gboolean __update_contr_cb(void *user_data) /* we need to continue the timer */ return TRUE; } -#if 0 + +//LCOV_EXCL_START static gboolean __rstn_tree_foreach_print(gpointer key, gpointer value, gpointer data) { @@ -1227,7 +1223,8 @@ static void __rstn_tree_printall(void) { g_tree_foreach(g_system->rstns, __rstn_tree_foreach_print, NULL); } -#endif +//LCOV_EXCL_END + static stc_rstn_value_s * __rstn_lookup(GTree *rstns_tree, const stc_rstn_key_s *key) { @@ -1404,7 +1401,9 @@ static stc_cb_ret_e __insert_restriction_cb(const table_restrictions_info *info, static void __fill_restritions_list(void) { table_restrictions_foreach(__insert_restriction_cb, NULL); - //__rstn_tree_printall(); + + if (STC_DEBUG_LOG) + __rstn_tree_printall(); } static gboolean __add_rstn_foreach_application(gpointer key, @@ -1545,75 +1544,10 @@ static stc_error_e __process_update_background(void) } //LCOV_EXCL_STOP -#if 0 -static void __excn_hash_foreach_print(gpointer key, gpointer value, - gpointer data) -{ - const char *process_name = key; - const char *exe_type = value; - - STC_LOGI("excn info => process_name [%s] exe_type [%s]", - process_name, exe_type); -} - -static void __excn_hash_printall(void) -{ - g_hash_table_foreach(g_system->excns_hash, - __excn_hash_foreach_print, NULL); -} -#endif - -//LCOV_EXCL_START -static gboolean __remove_exception_app(gpointer key, gpointer value, - gpointer data) -{ - const char *exe_type = value; - - if (g_strcmp0(exe_type, EXE_TYPE_APPLICATION) == 0) - return TRUE; - - return FALSE; -} -//LCOV_EXCL_STOP - -static void __remove_exception_appall(void) -{ - g_hash_table_foreach_remove(g_system->excns_hash, //LCOV_EXCL_LINE - __remove_exception_app, NULL); -} - -static stc_cb_ret_e __insert_exception_cb(const stc_exceptions_info *info, - void *user_data) -{ - stc_cb_ret_e ret = STC_CONTINUE; - - if (g_hash_table_insert(g_system->excns_hash, - g_strdup(info->process_name), - g_strdup(info->exe_type)) != TRUE) - ret = STC_CANCEL; //LCOV_EXCL_LINE - - return ret; -} - static void __fill_exceptions_list(void) { - table_exceptions_foreach(__insert_exception_cb, NULL); - pkginfo_exceptions_foreach(__insert_exception_cb, NULL); - - /* __excn_hash_printall(); */ -} - -//LCOV_EXCL_START -static gboolean __update_exceptions_app_list(void *user_data) -{ - __remove_exception_appall(); - pkginfo_exceptions_foreach(__insert_exception_cb, NULL); - - /* __excn_hash_printall(); */ - - return TRUE; + stc_manager_plugin_fill_exception_list(); } -//LCOV_EXCL_STOP stc_error_e stc_monitor_init(void) { @@ -1637,9 +1571,6 @@ stc_error_e stc_monitor_init(void) __rstns_tree_key_free, __rstns_tree_value_free); - system->excns_hash = g_hash_table_new_full(g_str_hash, - g_str_equal, g_free, g_free); - /* create netlink socket for updating kernel counters */ system->contr_sock = create_netlink(NETLINK_NETFILTER, 0); if (system->contr_sock < 0) { @@ -1682,10 +1613,6 @@ stc_error_e stc_monitor_init(void) __fill_exceptions_list(); __fill_restritions_list(); - g_system->excns_timer_id = g_timeout_add_seconds(EXCNS_TIMER_INTERVAL, - __update_exceptions_app_list, - NULL); - return STC_ERROR_NONE; } @@ -1702,12 +1629,6 @@ stc_error_e stc_monitor_deinit(void) g_system->contr_timer_id = 0; } - /* remove exceptions app list update timer */ - if (g_system->excns_timer_id > 0) { - g_source_remove(g_system->excns_timer_id); - g_system->excns_timer_id = 0; - } - /* destroy monitored application tree */ g_tree_destroy(g_system->apps); g_system->apps = NULL; @@ -1716,10 +1637,6 @@ stc_error_e stc_monitor_deinit(void) g_tree_destroy(g_system->rstns); g_system->rstns = NULL; - /* destroy exception hash table */ - g_hash_table_destroy(g_system->excns_hash); - g_system->excns_hash = NULL; - FREE(g_system); return STC_ERROR_NONE; @@ -1954,8 +1871,8 @@ stc_error_e stc_monitor_rstns_tree_add(const table_restrictions_info *info) value.restriction_id = info->restriction_id; if (value.rst_state > STC_RESTRICTION_UNKNOWN && - value.rst_state < STC_RESTRICTION_LAST_ELEM && - info->app_id) + value.rst_state < STC_RESTRICTION_LAST_ELEM && + info->app_id) value.classid = get_classid_by_app_id(info->app_id, TRUE); else value.classid = STC_UNKNOWN_CLASSID; @@ -2005,15 +1922,7 @@ stc_error_e stc_monitor_rstns_tree_remove(const table_restrictions_info *info) stc_error_e stc_monitor_check_excn_by_cmdline(char *cmdline) { - ret_value_msg_if(g_system == NULL, STC_ERROR_FAIL, "stc monitor not initialized!"); - - char *exe_type = NULL; - - exe_type = g_hash_table_lookup(g_system->excns_hash, cmdline); - if (!exe_type) - return STC_ERROR_NO_DATA; - - return STC_ERROR_NONE; + return stc_manager_plugin_check_exception_by_cmdline(cmdline); } int stc_monitor_get_counter_socket(void) diff --git a/src/stc-manager-gdbus.c b/src/stc-manager-gdbus.c index df53f9b..46a3d42 100755 --- a/src/stc-manager-gdbus.c +++ b/src/stc-manager-gdbus.c @@ -194,7 +194,8 @@ static void __stc_manager_gdbus_on_bus_acquired(GDBusConnection *connection, iptables_init(); stc_default_connection_monitor_init(stc); - stc_register_state_changed_cb(stc, stc_manager_app_status_changed, NULL); + stc_manager_plugin_register_state_changed_cb(stc, + stc_manager_app_status_changed, NULL); __STC_LOG_FUNC_EXIT__; } @@ -237,7 +238,7 @@ void stc_manager_gdbus_deinit(gpointer stc_data) __STC_LOG_FUNC_ENTER__; stc_s *stc = (stc_s *)stc_data; - stc_deregister_state_changed_cb(stc); + stc_manager_plugin_deregister_state_changed_cb(stc); stc_default_connection_monitor_deinit(stc); g_bus_unown_name(stc->gdbus_owner_id); diff --git a/src/stc-manager-plugin.c b/src/stc-manager-plugin.c index a97ae73..f4aaae9 100755 --- a/src/stc-manager-plugin.c +++ b/src/stc-manager-plugin.c @@ -17,7 +17,6 @@ #include #include "stc-manager.h" -#include "stc-plugin.h" #include "stc-manager-plugin.h" static gboolean stc_plugin_enabled = FALSE; @@ -25,7 +24,7 @@ static void *handle_plugin; static stc_plugin_s *stc_plugin; //LCOV_EXCL_START -void stc_manager_plugin_init(void) +int stc_manager_plugin_init(void) { __STC_LOG_FUNC_ENTER__; @@ -33,7 +32,7 @@ void stc_manager_plugin_init(void) if (!handle_plugin) { STC_LOGE("Can't load %s: %s", STC_PLUGIN_FILEPATH, dlerror()); __STC_LOG_FUNC_EXIT__; - return; + return STC_ERROR_UNINITIALIZED; } stc_plugin = dlsym(handle_plugin, "stc_plugin"); @@ -41,28 +40,34 @@ void stc_manager_plugin_init(void) STC_LOGE("Can't load symbol: %s", dlerror()); dlclose(handle_plugin); __STC_LOG_FUNC_EXIT__; - return; + return STC_ERROR_UNINITIALIZED; } stc_plugin_enabled = TRUE; + stc_plugin->initialize_plugin(); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_NONE; } -void stc_manager_plugin_deinit(void) +int stc_manager_plugin_deinit(void) { __STC_LOG_FUNC_ENTER__; if (!stc_plugin_enabled) { __STC_LOG_FUNC_EXIT__; - return; + return STC_ERROR_UNINITIALIZED; } + stc_plugin->deinitialize_plugin(); + stc_plugin_enabled = FALSE; dlclose(handle_plugin); __STC_LOG_FUNC_EXIT__; + return STC_ERROR_NONE; } -int stc_send_warn_message_to_net_popup(const char *content, const char *type, +int stc_manager_plugin_send_warn_message(const char *content, const char *type, const char *app_id, const char *iftype, const char *warn) { @@ -71,13 +76,13 @@ int stc_send_warn_message_to_net_popup(const char *content, const char *type, if (!stc_plugin_enabled) { STC_LOGE("Plugin wasn't enabled"); __STC_LOG_FUNC_EXIT__; - return 0; + return STC_ERROR_UNINITIALIZED; } if (!stc_plugin) { STC_LOGE("Plugin wasn't loaded"); __STC_LOG_FUNC_EXIT__; - return 0; + return STC_ERROR_UNINITIALIZED; } __STC_LOG_FUNC_EXIT__; @@ -85,7 +90,7 @@ int stc_send_warn_message_to_net_popup(const char *content, const char *type, iftype, warn); } -int stc_send_restriction_message_to_net_popup(const char *content, +int stc_manager_plugin_send_restriction_message(const char *content, const char *type, const char *app_id, const char *iftype, @@ -96,13 +101,13 @@ int stc_send_restriction_message_to_net_popup(const char *content, if (!stc_plugin_enabled) { STC_LOGE("Plugin wasn't enabled"); __STC_LOG_FUNC_EXIT__; - return 0; + return STC_ERROR_UNINITIALIZED; } if (!stc_plugin) { STC_LOGE("Plugin wasn't loaded"); __STC_LOG_FUNC_EXIT__; - return 0; + return STC_ERROR_UNINITIALIZED; } __STC_LOG_FUNC_EXIT__; @@ -111,7 +116,7 @@ int stc_send_restriction_message_to_net_popup(const char *content, limit); } -int stc_register_state_changed_cb(stc_s *stc, +int stc_manager_plugin_register_state_changed_cb(stc_s *stc, stc_plugin_app_state_changed_cb cb, void *data) { @@ -120,35 +125,87 @@ int stc_register_state_changed_cb(stc_s *stc, if (!stc_plugin_enabled) { STC_LOGE("Plugin wasn't enabled"); __STC_LOG_FUNC_EXIT__; - return 0; + return STC_ERROR_UNINITIALIZED; } if (!stc_plugin) { STC_LOGE("Plugin wasn't loaded"); __STC_LOG_FUNC_EXIT__; - return 0; + return STC_ERROR_UNINITIALIZED; } __STC_LOG_FUNC_EXIT__; return stc_plugin->register_state_changed_cb(stc, cb, data); } -int stc_deregister_state_changed_cb(stc_s *stc) + +int stc_manager_plugin_deregister_state_changed_cb(stc_s *stc) { __STC_LOG_FUNC_ENTER__; if (!stc_plugin_enabled) { STC_LOGE("Plugin wasn't enabled"); __STC_LOG_FUNC_EXIT__; - return 0; + return STC_ERROR_UNINITIALIZED; } if (!stc_plugin) { STC_LOGE("Plugin wasn't loaded"); __STC_LOG_FUNC_EXIT__; - return 0; + return STC_ERROR_UNINITIALIZED; } __STC_LOG_FUNC_EXIT__; return stc_plugin->deregister_state_changed_cb(stc); } + +int stc_manager_plugin_fill_exception_list(void) +{ + __STC_LOG_FUNC_ENTER__; + + if (!stc_plugin_enabled) { + STC_LOGE("Plugin wasn't enabled"); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + if (!stc_plugin) { + STC_LOGE("Plugin wasn't loaded"); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + __STC_LOG_FUNC_EXIT__; + return stc_plugin->fill_exception_list(); +} + +int stc_manager_plugin_update_exception_list(void) +{ + __STC_LOG_FUNC_ENTER__; + + if (!stc_plugin_enabled) { + STC_LOGE("Plugin wasn't enabled"); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + if (!stc_plugin) { + STC_LOGE("Plugin wasn't loaded"); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + __STC_LOG_FUNC_EXIT__; + return stc_plugin->update_exception_list(); +} + +int stc_manager_plugin_check_exception_by_cmdline(char *cmdline) +{ + if (!stc_plugin_enabled) + return STC_ERROR_UNINITIALIZED; + + if (!stc_plugin) + return STC_ERROR_UNINITIALIZED; + + return stc_plugin->check_exception_by_cmdline(cmdline); +} //LCOV_EXCL_STOP diff --git a/src/stc-manager.c b/src/stc-manager.c index d9a4d80..b815400 100755 --- a/src/stc-manager.c +++ b/src/stc-manager.c @@ -88,12 +88,12 @@ static stc_s *__stc_manager_init(void) cgroup_set_release_agent(NET_CLS_SUBSYS, NET_RELEASE_AGENT); EXEC(STC_ERROR_NONE, stc_db_initialize()); + stc_manager_plugin_init(); err = stc_monitor_init(); if (err != STC_ERROR_NONE) goto handle_error; - stc_manager_plugin_init(); stc_app_lifecycle_monitor_init(); stc_manager_gdbus_init((gpointer)stc); -- 2.7.4 From baaf917c0bd196a0df92c9666e9157043128cdda Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Thu, 8 Feb 2018 10:30:35 +0900 Subject: [PATCH 03/16] Moved procfs for app lifecycle to plugin and separate plugins Change-Id: I0310a1761c6b5da28fb991dee7cd03cfdbb49d7b Signed-off-by: hyunuktak --- CMakeLists.txt | 1 + ...ger-plugin.h => stc-manager-plugin-appstatus.h} | 29 +- .../stc-manager-plugin-exception.h | 28 +- include/stc-manager-plugin-procfs.h | 30 ++ interfaces/CMakeLists.txt | 14 + packaging/stc-manager.spec | 36 +- plugin/CMakeLists.txt | 51 +-- plugin/appstatus/CMakeLists.txt | 38 ++ plugin/{ => appstatus}/data/stc_noti_datausage.png | Bin .../appstatus/include/stc-plugin-appstatus.h | 41 +-- plugin/{ => appstatus}/stc-plugin-appstatus.c | 57 ++- plugin/exception/CMakeLists.txt | 36 ++ plugin/exception/include/stc-plugin-exception.h | 39 +++ plugin/{ => exception}/stc-plugin-exception.c | 22 +- plugin/procfs/CMakeLists.txt | 36 ++ .../procfs/include/stc-plugin-procfs.h | 33 +- .../procfs/stc-plugin-procfs.c | 384 +++++++++++---------- plugin/stc-plugin-popup.c | 73 ---- plugin/stc-plugin.c | 60 ---- src/CMakeLists.txt | 27 +- src/helper/helper-nl.c | 2 +- src/helper/helper-nl.h | 2 + src/helper/helper-procfs.c | 4 +- src/monitor/stc-exception.c | 164 --------- src/monitor/stc-monitor.c | 21 +- src/stc-manager-gdbus.c | 11 +- ...ger-plugin.c => stc-manager-plugin-appstatus.c} | 96 +----- src/stc-manager-plugin-exception.c | 120 +++++++ src/stc-manager-plugin-procfs.c | 81 +++++ src/stc-manager.c | 18 +- 30 files changed, 817 insertions(+), 737 deletions(-) rename include/{stc-manager-plugin.h => stc-manager-plugin-appstatus.h} (51%) rename src/monitor/include/stc-app-lifecycle.h => include/stc-manager-plugin-exception.h (52%) create mode 100755 include/stc-manager-plugin-procfs.h create mode 100644 interfaces/CMakeLists.txt create mode 100755 plugin/appstatus/CMakeLists.txt rename plugin/{ => appstatus}/data/stc_noti_datausage.png (100%) rename include/stc-plugin.h => plugin/appstatus/include/stc-plugin-appstatus.h (62%) rename plugin/{ => appstatus}/stc-plugin-appstatus.c (75%) create mode 100755 plugin/exception/CMakeLists.txt create mode 100755 plugin/exception/include/stc-plugin-exception.h rename plugin/{ => exception}/stc-plugin-exception.c (93%) create mode 100755 plugin/procfs/CMakeLists.txt rename src/monitor/include/stc-exception.h => plugin/procfs/include/stc-plugin-procfs.h (50%) rename src/monitor/stc-app-lifecycle.c => plugin/procfs/stc-plugin-procfs.c (82%) delete mode 100755 plugin/stc-plugin-popup.c delete mode 100755 plugin/stc-plugin.c delete mode 100755 src/monitor/stc-exception.c rename src/{stc-manager-plugin.c => stc-manager-plugin-appstatus.c} (56%) create mode 100755 src/stc-manager-plugin-exception.c create mode 100755 src/stc-manager-plugin-procfs.c diff --git a/CMakeLists.txt b/CMakeLists.txt index 1e7fe23..3386c69 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -7,6 +7,7 @@ SET(LIBDIR ${PREFIX}/${LIB_PATH}) SET(DATA_DIR ${CMAKE_SOURCE_DIR}/data) +ADD_SUBDIRECTORY(interfaces) ADD_SUBDIRECTORY(src) ADD_SUBDIRECTORY(plugin) diff --git a/include/stc-manager-plugin.h b/include/stc-manager-plugin-appstatus.h similarity index 51% rename from include/stc-manager-plugin.h rename to include/stc-manager-plugin-appstatus.h index f0409b2..b177bd7 100755 --- a/include/stc-manager-plugin.h +++ b/include/stc-manager-plugin-appstatus.h @@ -14,28 +14,23 @@ * limitations under the License. */ -#ifndef __STC_MANAGER_PLUGIN_H__ -#define __STC_MANAGER_PLUGIN_H__ +#ifndef __STC_MANAGER_PLUGIN_APPSTATUS_H__ +#define __STC_MANAGER_PLUGIN_APPSTATUS_H__ -#define STC_PLUGIN_FILEPATH "/usr/lib/stc-manager-plugin.so" +#define STC_PLUGIN_APPSTATUS_FILEPATH "/usr/lib/stc-plugin-appstatus.so" -#include "stc-plugin.h" +#include "stc-plugin-appstatus.h" -int stc_manager_plugin_init(void); -int stc_manager_plugin_deinit(void); +int stc_plugin_appstatus_init(void); +int stc_plugin_appstatus_deinit(void); -int stc_manager_plugin_send_warn_message(const char *content, +int stc_plugin_appstatus_send_warn_message(const char *content, const char *type, const char *app_id, const char *iftype, const char *warn); -int stc_manager_plugin_send_restriction_message(const char *content, +int stc_plugin_appstatus_send_restriction_message(const char *content, const char *type, const char *app_id, const char *iftype, const char *limit); -int stc_manager_plugin_register_state_changed_cb(stc_s *stc, - stc_plugin_app_state_changed_cb cb, - void *data); -int stc_manager_plugin_deregister_state_changed_cb(stc_s *stc); +int stc_plugin_appstatus_register_state_changed_cb(stc_s *stc, + stc_plugin_app_state_changed_cb cb, void *data); +int stc_plugin_appstatus_deregister_state_changed_cb(stc_s *stc); -int stc_manager_plugin_fill_exception_list(void); -int stc_manager_plugin_update_exception_list(void); -int stc_manager_plugin_check_exception_by_cmdline(char *cmdline); - -#endif /* __STC_MANAGER_PLUGIN_H__ */ +#endif /* __STC_MANAGER_PLUGIN_APPSTATUS_H__ */ diff --git a/src/monitor/include/stc-app-lifecycle.h b/include/stc-manager-plugin-exception.h similarity index 52% rename from src/monitor/include/stc-app-lifecycle.h rename to include/stc-manager-plugin-exception.h index cb5c39e..d826e3c 100755 --- a/src/monitor/include/stc-app-lifecycle.h +++ b/include/stc-manager-plugin-exception.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017 Samsung Electronics Co., Ltd. + * Copyright (c) 2016 Samsung Electronics Co., Ltd. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,20 +14,18 @@ * limitations under the License. */ -#ifndef __STC_APP_LIFECYCLE_H__ -#define __STC_APP_LIFECYCLE_H__ +#ifndef __STC_MANAGER_PLUGIN_EXCEPTION_H__ +#define __STC_MANAGER_PLUGIN_EXCEPTION_H__ -#include "stc-error.h" -#include "stc-manager.h" -#include "stc-manager-util.h" -#include "stc-monitor.h" +#define STC_PLUGIN_EXCEPTION_FILEPATH "/usr/lib/stc-plugin-exception.so" -stc_error_e stc_manager_app_status_changed(stc_cmd_type_e cmd, - pid_t pid, - const gchar *app_id, - const gchar *pkg_id, - stc_app_type_e app_type); -void stc_app_lifecycle_monitor_init(void); -void stc_app_lifecycle_monitor_deinit(void); +#include "stc-plugin-exception.h" -#endif /* __STC_APP_LIFECYCLE_H__ */ +int stc_plugin_exception_init(void); +int stc_plugin_exception_deinit(void); + +int stc_plugin_fill_exception_list(void); +int stc_plugin_update_exception_list(void); +int stc_plugin_check_exception_by_cmdline(char *cmdline); + +#endif /* __STC_MANAGER_PLUGIN_EXCEPTION_H__ */ diff --git a/include/stc-manager-plugin-procfs.h b/include/stc-manager-plugin-procfs.h new file mode 100755 index 0000000..83e7332 --- /dev/null +++ b/include/stc-manager-plugin-procfs.h @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __STC_MANAGER_PLUGIN_PROCFS_H__ +#define __STC_MANAGER_PLUGIN_PROCFS_H__ + +#define STC_PLUGIN_PROCFS_FILEPATH "/usr/lib/stc-plugin-procfs.so" + +#include "stc-plugin-procfs.h" + +int stc_plugin_procfs_init(void); +int stc_plugin_procfs_deinit(void); + +stc_error_e stc_plugin_procfs_app_status_changed(stc_cmd_type_e cmd, + pid_t pid, const gchar *app_id, const gchar *pkg_id, stc_app_type_e app_type); + +#endif /* __STC_MANAGER_PLUGIN_PROCFS_H__ */ diff --git a/interfaces/CMakeLists.txt b/interfaces/CMakeLists.txt new file mode 100644 index 0000000..2e61a9e --- /dev/null +++ b/interfaces/CMakeLists.txt @@ -0,0 +1,14 @@ +ADD_CUSTOM_COMMAND( + WORKING_DIRECTORY + OUTPUT dbus + COMMAND gdbus-codegen --interface-prefix net.stc. + --generate-c-code generated-code + --c-namespace Stc + --c-generate-object-manager + --generate-docbook generated-code-docs + ${INTERFACES}/stcmanager-iface-manager.xml + ${INTERFACES}/stcmanager-iface-restriction.xml + ${INTERFACES}/stcmanager-iface-statistics.xml + COMMENT "Generating GDBus .c/.h") + +ADD_CUSTOM_TARGET(GENERATED_DBUS_CODE DEPENDS dbus) diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 3b6e441..40a18d8 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.48 +Version: 0.0.49 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 @@ -20,7 +20,6 @@ BuildRequires: pkgconfig(dlog) BuildRequires: pkgconfig(libtzplatform-config) BuildRequires: pkgconfig(vconf) BuildRequires: pkgconfig(capi-system-info) -BuildRequires: pkgconfig(pkgmgr-info) BuildRequires: pkgconfig(openssl) %if %{?enable_database} == YES @@ -37,13 +36,26 @@ BuildRequires: pkgconfig(gmock) %description A smart traffic control manager to manage traffic counting and bandwidth limitation -%package plugin -Summary: STC manager plugin +%package plugin-appstatus +Summary: STC manager application status plugin BuildRequires: pkgconfig(bundle) BuildRequires: pkgconfig(syspopup-caller) -%description plugin -A smart traffic control manager extension for plugin +%description plugin-appstatus +A smart traffic control manager extension for application status plugin + +%package plugin-exception +Summary: STC manager exception list plugin +BuildRequires: pkgconfig(pkgmgr-info) + +%description plugin-exception +A smart traffic control manager extension for exception list plugin + +%package plugin-procfs +Summary: STC manager exception proc file system plugin + +%description plugin-procfs +A smart traffic control manager extension for proc file system plugin %prep %setup -q @@ -118,7 +130,15 @@ cp resources/dbus/stc-manager.conf %{buildroot}%{_sysconfdir}/dbus-1/system.d/st %{_bindir}/gtest* %endif -%files plugin +%files plugin-appstatus %manifest %{name}.manifest %attr(644, -,-) %{_datadir}/icons/*.png -%attr(500,root,root) %{_libdir}/stc-manager-plugin.so +%attr(500,root,root) %{_libdir}/stc-plugin-appstatus.so + +%files plugin-exception +%manifest %{name}.manifest +%attr(500,root,root) %{_libdir}/stc-plugin-exception.so + +%files plugin-procfs +%manifest %{name}.manifest +%attr(500,root,root) %{_libdir}/stc-plugin-procfs.so diff --git a/plugin/CMakeLists.txt b/plugin/CMakeLists.txt index bad6651..ce92a27 100755 --- a/plugin/CMakeLists.txt +++ b/plugin/CMakeLists.txt @@ -1,43 +1,20 @@ -CMAKE_MINIMUM_REQUIRED(VERSION 2.6) -PROJECT(stc-manager-plugin C) - -# Set required packages -INCLUDE(FindPkgConfig) -PKG_CHECK_MODULES(pkgs_plugin REQUIRED - dlog - gio-2.0 - gio-unix-2.0 - glib-2.0 - bundle - syspopup-caller - ) - -FOREACH(flag ${pkgs_plugin_CFLAGS}) - SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") -ENDFOREACH(flag) +SET(SOURCE_DIR ${CMAKE_SOURCE_DIR}/src) +SET(HELPER_SOURCE_DIR ${SOURCE_DIR}/helper) +SET(DATABASE_SOURCE_DIR ${SOURCE_DIR}/database) +SET(MONITOR_SOURCE_DIR ${SOURCE_DIR}/monitor) INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include) -INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/src/monitor/include) -# INCLUDE_DIRECTORIES(SRCS include) - -SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} -g -Werror -fvisibility=hidden") -SET(CMAKE_C_FLAGS_DEBUG "-O0 -g") -SET(CMAKE_C_FLAGS_RELEASE "-O2") +INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/interfaces) -ADD_DEFINITIONS("-DUSE_DLOG") +INCLUDE_DIRECTORIES(${SOURCE_DIR}) +INCLUDE_DIRECTORIES(${HELPER_SOURCE_DIR}) -SET(SRCS_PLUGIN - stc-plugin.c - stc-plugin-popup.c - stc-plugin-appstatus.c - stc-plugin-exception.c - ) +INCLUDE_DIRECTORIES(${DATABASE_SOURCE_DIR}) +INCLUDE_DIRECTORIES(${DATABASE_SOURCE_DIR}/include) -# library build -ADD_LIBRARY(${PROJECT_NAME} SHARED ${SRCS_PLUGIN}) -TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${pkgs_plugin_LDFLAGS}) -SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES PREFIX "" OUTPUT_NAME ${PROJECT_NAME}) +INCLUDE_DIRECTORIES(${MONITOR_SOURCE_DIR}) +INCLUDE_DIRECTORIES(${MONITOR_SOURCE_DIR}/include) -# install -INSTALL(TARGETS ${PROJECT_NAME} LIBRARY DESTINATION ${LIBDIR}) -INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/data/stc_noti_datausage.png DESTINATION /usr/share/icons) +ADD_SUBDIRECTORY(appstatus) +ADD_SUBDIRECTORY(exception) +ADD_SUBDIRECTORY(procfs) diff --git a/plugin/appstatus/CMakeLists.txt b/plugin/appstatus/CMakeLists.txt new file mode 100755 index 0000000..d4d7428 --- /dev/null +++ b/plugin/appstatus/CMakeLists.txt @@ -0,0 +1,38 @@ +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT(stc-plugin-appstatus C) + +# Set required packages +INCLUDE(FindPkgConfig) +PKG_CHECK_MODULES(appstatus_plugin REQUIRED + dlog + gio-2.0 + gio-unix-2.0 + glib-2.0 + bundle + syspopup-caller + ) + +FOREACH(flag ${appstatus_plugin_CFLAGS}) + SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") +ENDFOREACH(flag) + +INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include) + +SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} -g -Werror -fvisibility=hidden") +SET(CMAKE_C_FLAGS_DEBUG "-O0 -g") +SET(CMAKE_C_FLAGS_RELEASE "-O2") + +ADD_DEFINITIONS("-DUSE_DLOG") + +SET(SRCS_PLUGIN + stc-plugin-appstatus.c + ) + +# library build +ADD_LIBRARY(${PROJECT_NAME} SHARED ${SRCS_PLUGIN}) +TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${appstatus_plugin_LDFLAGS}) +SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES PREFIX "" OUTPUT_NAME ${PROJECT_NAME}) + +# install +INSTALL(TARGETS ${PROJECT_NAME} LIBRARY DESTINATION ${LIBDIR}) +INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/data/stc_noti_datausage.png DESTINATION /usr/share/icons) diff --git a/plugin/data/stc_noti_datausage.png b/plugin/appstatus/data/stc_noti_datausage.png similarity index 100% rename from plugin/data/stc_noti_datausage.png rename to plugin/appstatus/data/stc_noti_datausage.png diff --git a/include/stc-plugin.h b/plugin/appstatus/include/stc-plugin-appstatus.h similarity index 62% rename from include/stc-plugin.h rename to plugin/appstatus/include/stc-plugin-appstatus.h index ffb5767..ed4a7b4 100755 --- a/include/stc-plugin.h +++ b/plugin/appstatus/include/stc-plugin-appstatus.h @@ -14,8 +14,8 @@ * limitations under the License. */ -#ifndef __STC_PLUGIN_H__ -#define __STC_PLUGIN_H__ +#ifndef __STC_PLUGIN_APPSTATUS_H__ +#define __STC_PLUGIN_APPSTATUS_H__ #include #include "stc-error.h" @@ -28,34 +28,16 @@ typedef stc_error_e (*stc_plugin_app_state_changed_cb)(stc_cmd_type_e cmd, stc_app_type_e app_type); typedef struct { - void (*initialize_plugin) (void); - void (*deinitialize_plugin) (void); /* popup */ int (*send_restriction_message_to_net_popup) (const char *, - const char *, - const char *, - const char *, - const char *); + const char *, const char *, const char *, const char *); int (*send_warn_message_to_net_popup) (const char *, - const char *, - const char *, - const char *, - const char *); - + const char *, const char *, const char *, const char *); /* app status */ int (*register_state_changed_cb) (stc_s *stc, - stc_plugin_app_state_changed_cb cb, - void *data); + stc_plugin_app_state_changed_cb cb, void *data); int (*deregister_state_changed_cb) (stc_s *stc); - - /* exception */ - int (*fill_exception_list) (void); - int (*update_exception_list) (void); - int (*check_exception_by_cmdline) (char *cmdline); -} stc_plugin_s; - -void stc_plugin_initialize(void); -void stc_plugin_deinitialize(void); +} stc_plugin_appstatus_s; int stc_plugin_popup_send_restriction_message(const char *content, const char *type, const char *app_id, const char *iftype, const char *limit); @@ -63,14 +45,7 @@ int stc_plugin_popup_send_restriction_message(const char *content, const char *type, const char *app_id, const char *iftype, const char *limit); int stc_plugin_appstatus_register_changed_cb(stc_s *stc, - stc_plugin_app_state_changed_cb cb, - void *data); + stc_plugin_app_state_changed_cb cb, void *data); int stc_plugin_appstatus_deregister_changed_cb(stc_s *stc); -int stc_plugin_exception_init(void); -int stc_plugin_exception_deinit(void); -int stc_plugin_exception_fill_list(void); -int stc_plugin_exception_update_list(void); -int stc_plugin_exception_check_by_cmdline(char *cmdline); - -#endif /* __STC_PLUGIN_H__ */ +#endif /* __STC_PLUGIN_APPSTATUS_H__ */ diff --git a/plugin/stc-plugin-appstatus.c b/plugin/appstatus/stc-plugin-appstatus.c similarity index 75% rename from plugin/stc-plugin-appstatus.c rename to plugin/appstatus/stc-plugin-appstatus.c index d642cd6..fb85dea 100755 --- a/plugin/stc-plugin-appstatus.c +++ b/plugin/appstatus/stc-plugin-appstatus.c @@ -24,7 +24,7 @@ #include #include -#include "stc-plugin.h" +#include "stc-plugin-appstatus.h" //LCOV_EXCL_START #define AUL_APP_STATUS_DBUS_PATH "/Org/Tizen/Aul/AppStatus" @@ -183,4 +183,59 @@ int stc_plugin_appstatus_deregister_changed_cb(stc_s *stc) __ground_status_monitor_deinit(stc); return 0; } + +int stc_plugin_popup_send_warn_message(const char *content, + const char *type, const char *app_id, const char *iftype, const char *warn) +{ + int ret = 0; + bundle *b = bundle_create(); + + STC_LOGD("Warn message : content[%s] type[%s] app_id[%s] warn[%s]", + content, type, app_id, warn); + + bundle_add(b, "_SYSPOPUP_CONTENT_", content); + bundle_add(b, "_SYSPOPUP_TYPE_", type); + bundle_add(b, "_APP_ID_", app_id); + bundle_add(b, "_IF_TYPE_", iftype); + bundle_add(b, "_WARN_LIMIT_", warn); + + ret = syspopup_launch("net-popup", b); + + bundle_free(b); + + return ret; +} + +int stc_plugin_popup_send_restriction_message(const char *content, + const char *type, const char *app_id, const char *iftype, const char *limit) +{ + int ret = 0; + bundle *b = bundle_create(); + + STC_LOGD("Restriction message : content[%s] type[%s] app_id[%s] limit[%s]", + content, type, app_id, limit); + + bundle_add(b, "_SYSPOPUP_CONTENT_", content); + bundle_add(b, "_SYSPOPUP_TYPE_", type); + bundle_add(b, "_APP_ID_", app_id); + bundle_add(b, "_IF_TYPE_", iftype); + bundle_add(b, "_RESTRICTION_LIMIT_", limit); + + ret = syspopup_launch("net-popup", b); + + bundle_free(b); + + return ret; +} + +API stc_plugin_appstatus_s stc_plugin_appstatus = { + .send_warn_message_to_net_popup = + stc_plugin_popup_send_warn_message, + .send_restriction_message_to_net_popup = + stc_plugin_popup_send_restriction_message, + .register_state_changed_cb = + stc_plugin_appstatus_register_changed_cb, + .deregister_state_changed_cb = + stc_plugin_appstatus_deregister_changed_cb +}; //LCOV_EXCL_STOP diff --git a/plugin/exception/CMakeLists.txt b/plugin/exception/CMakeLists.txt new file mode 100755 index 0000000..1ccf391 --- /dev/null +++ b/plugin/exception/CMakeLists.txt @@ -0,0 +1,36 @@ +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT(stc-plugin-exception C) + +# Set required packages +INCLUDE(FindPkgConfig) +PKG_CHECK_MODULES(exception_plugin REQUIRED + dlog + gio-2.0 + gio-unix-2.0 + glib-2.0 + pkgmgr-info + ) + +FOREACH(flag ${exception_plugin_CFLAGS}) + SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") +ENDFOREACH(flag) + +INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include) + +SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} -g -Werror -fvisibility=hidden") +SET(CMAKE_C_FLAGS_DEBUG "-O0 -g") +SET(CMAKE_C_FLAGS_RELEASE "-O2") + +ADD_DEFINITIONS("-DUSE_DLOG") + +SET(SRCS_PLUGIN + stc-plugin-exception.c + ) + +# library build +ADD_LIBRARY(${PROJECT_NAME} SHARED ${SRCS_PLUGIN}) +TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${exception_plugin_LDFLAGS}) +SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES PREFIX "" OUTPUT_NAME ${PROJECT_NAME}) + +# install +INSTALL(TARGETS ${PROJECT_NAME} LIBRARY DESTINATION ${LIBDIR}) diff --git a/plugin/exception/include/stc-plugin-exception.h b/plugin/exception/include/stc-plugin-exception.h new file mode 100755 index 0000000..70e38e0 --- /dev/null +++ b/plugin/exception/include/stc-plugin-exception.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __STC_PLUGIN_EXCEPTION_H__ +#define __STC_PLUGIN_EXCEPTION_H__ + +#include +#include "stc-error.h" +#include "stc-manager.h" + +typedef struct { + int (*initialize_plugin) (void); + int (*deinitialize_plugin) (void); + + int (*fill_exception_list) (void); + int (*update_exception_list) (void); + int (*check_exception_by_cmdline) (char *cmdline); +} stc_plugin_exception_s; + +int stc_plugin_exception_initialize(void); +int stc_plugin_exception_deinitialize(void); +int stc_plugin_exception_fill_list(void); +int stc_plugin_exception_update_list(void); +int stc_plugin_exception_check_by_cmdline(char *cmdline); + +#endif /* __STC_PLUGIN_EXCEPTION_H__ */ diff --git a/plugin/stc-plugin-exception.c b/plugin/exception/stc-plugin-exception.c similarity index 93% rename from plugin/stc-plugin-exception.c rename to plugin/exception/stc-plugin-exception.c index 9484d92..783bc4f 100755 --- a/plugin/stc-plugin-exception.c +++ b/plugin/exception/stc-plugin-exception.c @@ -25,7 +25,7 @@ #include #include -#include "stc-plugin.h" +#include "stc-plugin-exception.h" //LCOV_EXCL_START #define EXE_TYPE_APPLICATION "app" @@ -231,7 +231,7 @@ static stc_error_e table_exceptions_foreach(const stc_exceptions_info_cb excepti return error_code; } -int stc_plugin_exception_init(void) +int stc_plugin_exception_initialize(void) { g_excns_hash = g_hash_table_new_full(g_str_hash, g_str_equal, g_free, g_free); @@ -239,7 +239,7 @@ int stc_plugin_exception_init(void) return STC_ERROR_NONE; } -int stc_plugin_exception_deinit(void) +int stc_plugin_exception_deinitialize(void) { if (g_excns_timer_id > 0) { g_source_remove(g_excns_timer_id); @@ -259,7 +259,6 @@ int stc_plugin_exception_fill_list(void) if (STC_DEBUG_LOG) __excn_hash_printall(); - g_excns_timer_id = g_timeout_add_seconds(EXCNS_TIMER_INTERVAL, __update_exceptions_app_list, NULL); @@ -268,7 +267,7 @@ int stc_plugin_exception_fill_list(void) } int stc_plugin_exception_update_list(void) -{ +{ __remove_exception_appall(); pkginfo_exceptions_foreach(__insert_exception_cb, NULL); @@ -288,4 +287,17 @@ int stc_plugin_exception_check_by_cmdline(char *cmdline) return STC_ERROR_NONE; } + +API stc_plugin_exception_s stc_plugin_exception = { + .initialize_plugin = + stc_plugin_exception_initialize, + .deinitialize_plugin = + stc_plugin_exception_deinitialize, + .fill_exception_list = + stc_plugin_exception_fill_list, + .update_exception_list = + stc_plugin_exception_update_list, + .check_exception_by_cmdline = + stc_plugin_exception_check_by_cmdline +}; //LCOV_EXCL_STOP diff --git a/plugin/procfs/CMakeLists.txt b/plugin/procfs/CMakeLists.txt new file mode 100755 index 0000000..dc04ca8 --- /dev/null +++ b/plugin/procfs/CMakeLists.txt @@ -0,0 +1,36 @@ +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT(stc-plugin-procfs C) + +# Set required packages +INCLUDE(FindPkgConfig) +PKG_CHECK_MODULES(procfs_plugin REQUIRED + dlog + gio-2.0 + gio-unix-2.0 + glib-2.0 + ) + +FOREACH(flag ${procfs_plugin_CFLAGS}) + SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") +ENDFOREACH(flag) + +INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include) + +SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS} -g -Werror -fvisibility=hidden") +SET(CMAKE_C_FLAGS_DEBUG "-O0 -g") +SET(CMAKE_C_FLAGS_RELEASE "-O2") + +ADD_DEFINITIONS("-DUSE_DLOG") + +SET(SRCS_PLUGIN + stc-plugin-procfs.c + ) + +# library build +ADD_LIBRARY(${PROJECT_NAME} SHARED ${SRCS_PLUGIN}) +ADD_DEPENDENCIES(${PROJECT_NAME} GENERATED_DBUS_CODE) +TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${procfs_plugin_LDFLAGS}) +SET_TARGET_PROPERTIES(${PROJECT_NAME} PROPERTIES PREFIX "" OUTPUT_NAME ${PROJECT_NAME}) + +# install +INSTALL(TARGETS ${PROJECT_NAME} LIBRARY DESTINATION ${LIBDIR}) diff --git a/src/monitor/include/stc-exception.h b/plugin/procfs/include/stc-plugin-procfs.h similarity index 50% rename from src/monitor/include/stc-exception.h rename to plugin/procfs/include/stc-plugin-procfs.h index 38a2fd4..3a02bfe 100755 --- a/src/monitor/include/stc-exception.h +++ b/plugin/procfs/include/stc-plugin-procfs.h @@ -14,27 +14,24 @@ * limitations under the License. */ -#ifndef __STC_EXCEPTION_H__ -#define __STC_EXCEPTION_H__ +#ifndef __STC_PLUGIN_PROCFS_H__ +#define __STC_PLUGIN_PROCFS_H__ -#define EXE_TYPE_APPLICATION "app" -#define EXE_TYPE_INSTRUCTION "inst" -#define EXE_TYPE_SYSTEM "sys" -#define EXE_TYPE_SCRIPT "script" +#include +#include "stc-error.h" +#include "stc-manager.h" typedef struct { - char *process_name; - char *exe_type; -} stc_exceptions_info; + int (*initialize_plugin) (void); + int (*deinitialize_plugin) (void); + int (*procfs_status_changed) (stc_cmd_type_e cmd, pid_t pid, + const gchar *app_id, const gchar *pkg_id, stc_app_type_e app_type); +} stc_plugin_procfs_s; -typedef stc_cb_ret_e -(*stc_exceptions_info_cb)(const stc_exceptions_info *info, - void *user_data); +int stc_plugin_procfs_initialize(void); +int stc_plugin_procfs_deinitialize(void); -stc_error_e table_exceptions_foreach(const stc_exceptions_info_cb exception_cb, - void *user_data); +stc_error_e stc_plugin_procfs_status_changed(stc_cmd_type_e cmd, + pid_t pid, const gchar *app_id, const gchar *pkg_id, stc_app_type_e app_type); -stc_error_e pkginfo_exceptions_foreach(const stc_exceptions_info_cb exception_cb, - void *user_data); - -#endif /*__STC_EXCEPTION_H__ */ +#endif /* __STC_PLUGIN_PROCFS_H__ */ diff --git a/src/monitor/stc-app-lifecycle.c b/plugin/procfs/stc-plugin-procfs.c similarity index 82% rename from src/monitor/stc-app-lifecycle.c rename to plugin/procfs/stc-plugin-procfs.c index 2fcbfe6..28c5c9f 100755 --- a/src/monitor/stc-app-lifecycle.c +++ b/plugin/procfs/stc-plugin-procfs.c @@ -27,10 +27,11 @@ #include #include -#include "stc-manager-gdbus.h" -#include "stc-app-lifecycle.h" +#include "stc-plugin-procfs.h" +#include "stc-monitor.h" #include "helper-procfs.h" +//LCOV_EXCL_START typedef struct { pid_t pid; } proc_key_s; @@ -93,15 +94,14 @@ static proc_value_s * __proc_tree_lookup(const proc_key_s *key) proc_value_s *lookup; if (proc_tree == NULL) { - STC_LOGE("tree is null"); //LCOV_EXCL_LINE - return NULL; //LCOV_EXCL_LINE + STC_LOGE("tree is null"); + return NULL; } lookup = g_tree_lookup(proc_tree, key); return lookup; } -//LCOV_EXCL_START static gboolean __proc_tree_foreach_print(gpointer key, gpointer value, gpointer data) { @@ -114,11 +114,10 @@ static gboolean __proc_tree_foreach_print(gpointer key, gpointer value, return FALSE; } -//LCOV_EXCL_STOP static void __proc_tree_printall(void) { - g_tree_foreach(proc_tree, __proc_tree_foreach_print, NULL); //LCOV_EXCL_LINE + g_tree_foreach(proc_tree, __proc_tree_foreach_print, NULL); } static proc_value_s * __proc_tree_find_parent(proc_value_s *value) @@ -135,8 +134,8 @@ static proc_value_s * __proc_tree_find_parent(proc_value_s *value) } while (lookup); if (STC_DEBUG_LOG) { - if (parent != NULL) //LCOV_EXCL_LINE - STC_LOGD("\033[0;35mPARENT\033[0;m: tgid[\033[1;33m%s\033[0;m] pid[%s] " //LCOV_EXCL_LINE + if (parent != NULL) + STC_LOGD("\033[0;35mPARENT\033[0;m: tgid[\033[1;33m%s\033[0;m] pid[%s] " "ppid[\033[1;35m%s\033[0;m] cmdline[\033[0;34m%s\033[0;m] name[%s]", parent->status[PROC_STATUS_TGID], parent->status[PROC_STATUS_PID], parent->status[PROC_STATUS_PPID], parent->cmdline, @@ -153,14 +152,14 @@ static void __proc_tree_add(proc_key_s *key, proc_value_s *parent; if (proc_tree == NULL) { - STC_LOGE("tree is null"); //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE + STC_LOGE("tree is null"); + return; } lookup = g_tree_lookup(proc_tree, key); if (lookup) { if (STC_DEBUG_LOG) - STC_LOGD("LOOKUP: tgid[\033[1;33m%s\033[0;m] pid[%s] ppid[\033[1;35m%s\033[0;m] " //LCOV_EXCL_LINE + STC_LOGD("LOOKUP: tgid[\033[1;33m%s\033[0;m] pid[%s] ppid[\033[1;35m%s\033[0;m] " "cmdline[\033[0;34m%s\033[0;m] name[%s]", lookup->status[PROC_STATUS_TGID], lookup->status[PROC_STATUS_PID], lookup->status[PROC_STATUS_PPID], lookup->cmdline, lookup->status[PROC_STATUS_NAME]); @@ -177,27 +176,27 @@ static void __proc_tree_add(proc_key_s *key, parent = __proc_tree_find_parent(value); if (parent != NULL) - stc_manager_app_status_changed(STC_CMD_SET_SERVICE_LAUNCHED, key->pid, + stc_plugin_procfs_status_changed(STC_CMD_SET_SERVICE_LAUNCHED, key->pid, parent->cmdline, parent->cmdline, STC_APP_TYPE_SERVICE); else - stc_manager_app_status_changed(STC_CMD_SET_SERVICE_LAUNCHED, key->pid, + stc_plugin_procfs_status_changed(STC_CMD_SET_SERVICE_LAUNCHED, key->pid, value->cmdline, value->cmdline, STC_APP_TYPE_SERVICE); } static void __proc_tree_remove(const proc_key_s *key) { if (proc_tree == NULL) { - STC_LOGE("tree is null"); //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE + STC_LOGE("tree is null"); + return; } - stc_manager_app_status_changed(STC_CMD_SET_TERMINATED, key->pid, NULL, + stc_plugin_procfs_status_changed(STC_CMD_SET_TERMINATED, key->pid, NULL, NULL, STC_APP_TYPE_NONE); g_tree_remove(proc_tree, key); if (STC_DEBUG_LOG) - __proc_tree_printall(); //LCOV_EXCL_LINE + __proc_tree_printall(); } static gboolean __check_excn(char *cmdline) @@ -221,26 +220,26 @@ static void __open_nl_connector_sock(void) GIOChannel *gio = NULL; if (nl_connector_sock != -1 && - nl_connector_gsource_id != 0) { //LCOV_EXCL_LINE - STC_LOGE("Socket is already open"); //LCOV_EXCL_LINE - __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE + nl_connector_gsource_id != 0) { + STC_LOGE("Socket is already open"); + __STC_LOG_FUNC_EXIT__; + return; } if (nl_connector_sock != -1) { - close(nl_connector_sock); //LCOV_EXCL_LINE - nl_connector_sock = -1; //LCOV_EXCL_LINE + close(nl_connector_sock); + nl_connector_sock = -1; } if (nl_connector_gsource_id != 0) { - g_source_remove(nl_connector_gsource_id); //LCOV_EXCL_LINE - nl_connector_gsource_id = 0; //LCOV_EXCL_LINE + g_source_remove(nl_connector_gsource_id); + nl_connector_gsource_id = 0; } nl_connector_sock = create_netlink(NETLINK_CONNECTOR, CN_IDX_PROC); if (nl_connector_sock == -1) { - __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE + __STC_LOG_FUNC_EXIT__; + return; } gio = g_io_channel_unix_new(nl_connector_sock); @@ -269,131 +268,9 @@ static void __close_nl_connector_sock(void) static void __reopen_nl_connector_sock(void) { - __close_nl_connector_sock(); //LCOV_EXCL_LINE - __open_nl_connector_sock(); //LCOV_EXCL_LINE -} - -//LCOV_EXCL_START -stc_error_e stc_manager_app_status_changed(stc_cmd_type_e cmd, - pid_t pid, - const gchar *app_id, - const gchar *pkg_id, - stc_app_type_e app_type) -{ - stc_error_e ret = STC_ERROR_NONE; - - if (pkg_id && app_id) - STC_LOGD("cmd [%d] pkgid [%s] appid [%s] pid[%d] type [%d]", - cmd, pkg_id, app_id, pid, app_type); - - switch (cmd) { - case STC_CMD_SET_FOREGRD: - { - stc_app_key_s app_key; - stc_app_value_s app_value; - stc_process_key_s proc_key; - stc_process_value_s proc_value; - - memset(&app_key, 0, sizeof(stc_app_key_s)); - memset(&app_value, 0, sizeof(stc_app_value_s)); - memset(&proc_key, 0, sizeof(stc_process_key_s)); - memset(&proc_value, 0, sizeof(stc_process_value_s)); - - app_key.pkg_id = g_strdup(pkg_id); - app_key.app_id = g_strdup(app_id); - - app_value.type = app_type; - app_value.processes = NULL; - - proc_key.pid = pid; - - proc_value.ground = STC_APP_STATE_FOREGROUND; - - stc_monitor_application_add(app_key, app_value); - stc_monitor_process_add(app_key, proc_key, proc_value); - stc_monitor_process_update_ground(app_key, proc_key, - STC_APP_STATE_FOREGROUND); - - FREE(app_key.pkg_id); - FREE(app_key.app_id); - break; - } - case STC_CMD_SET_BACKGRD: - { - stc_app_key_s app_key; - stc_app_value_s app_value; - stc_process_key_s proc_key; - stc_process_value_s proc_value; - - memset(&app_key, 0, sizeof(stc_app_key_s)); - memset(&app_value, 0, sizeof(stc_app_value_s)); - memset(&proc_key, 0, sizeof(stc_process_key_s)); - memset(&proc_value, 0, sizeof(stc_process_value_s)); - - app_key.pkg_id = g_strdup(pkg_id); - app_key.app_id = g_strconcat(app_id, STC_BACKGROUND_APP_SUFFIX, - NULL); - - app_value.type = app_type; - app_value.processes = NULL; - - proc_key.pid = pid; - - proc_value.ground = STC_APP_STATE_BACKGROUND; - - stc_monitor_application_add(app_key, app_value); - stc_monitor_process_add(app_key, proc_key, proc_value); - stc_monitor_process_update_ground(app_key, proc_key, - STC_APP_STATE_BACKGROUND); - - FREE(app_key.pkg_id); - FREE(app_key.app_id); - break; - } - case STC_CMD_SET_SERVICE_LAUNCHED: - { - stc_app_key_s app_key; - stc_app_value_s app_value; - stc_process_key_s proc_key; - stc_process_value_s proc_value; - - memset(&app_key, 0, sizeof(stc_app_key_s)); - memset(&app_value, 0, sizeof(stc_app_value_s)); - memset(&proc_key, 0, sizeof(stc_process_key_s)); - memset(&proc_value, 0, sizeof(stc_process_value_s)); - - app_key.pkg_id = g_strdup(pkg_id); - app_key.app_id = g_strconcat(app_id, STC_BACKGROUND_APP_SUFFIX, - NULL); - - app_value.type = app_type; - app_value.processes = NULL; - - proc_key.pid = pid; - - /* services will run always in background. */ - proc_value.ground = STC_APP_STATE_BACKGROUND; - - stc_monitor_application_add(app_key, app_value); - stc_monitor_process_add(app_key, proc_key, proc_value); - - FREE(app_key.pkg_id); - g_free(app_key.app_id); - break; - } - case STC_CMD_SET_TERMINATED: - { - stc_monitor_process_remove(pid); - break; - } - default: - STC_LOGE("Unhandled command"); - ret = STC_ERROR_INVALID_PARAMETER; - } - - return ret; + __close_nl_connector_sock(); + __open_nl_connector_sock(); } -//LCOV_EXCL_STOP static void __process_event_fork(int tgid, int pid) { @@ -407,7 +284,7 @@ static void __process_event_fork(int tgid, int pid) if (__check_excn(cmdline)) { if (STC_DEBUG_LOG) - STC_LOGD("[%s] monitoring is excepted", cmdline); //LCOV_EXCL_LINE + STC_LOGD("[%s] monitoring is excepted", cmdline); return; } @@ -417,15 +294,15 @@ static void __process_event_fork(int tgid, int pid) key = MALLOC0(proc_key_s, 1); if (key == NULL) { - STC_LOGE("memory allocation failed"); //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE + STC_LOGE("memory allocation failed"); + return; } value = MALLOC0(proc_value_s, 1); if (value == NULL) { - STC_LOGE("memory allocation failed"); //LCOV_EXCL_LINE - FREE(key); //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE + STC_LOGE("memory allocation failed"); + FREE(key); + return; } key->pid = tgid; @@ -434,9 +311,9 @@ static void __process_event_fork(int tgid, int pid) g_strlcpy(value->cmdline, cmdline, sizeof(value->cmdline)); if (STC_DEBUG_LOG) { - STC_LOGD("\033[1;34mFORK\033[0;m: tgid[\033[1;33m%d\033[0;m] ppid=[\033[1;35m%s\033[0;m] " //LCOV_EXCL_LINE + STC_LOGD("\033[1;34mFORK\033[0;m: tgid[\033[1;33m%d\033[0;m] ppid=[\033[1;35m%s\033[0;m] " "cmdline[\033[0;34m%s\033[0;m] pid[%d]", tgid, status[PROC_STATUS_PPID], cmdline, pid); - STC_LOGD("STATUS: tgid[%s] pid[%s] ppid[%s] name[%s] state[%s] tracerpid[%s]", //LCOV_EXCL_LINE + STC_LOGD("STATUS: tgid[%s] pid[%s] ppid[%s] name[%s] state[%s] tracerpid[%s]", status[PROC_STATUS_TGID], status[PROC_STATUS_PID], status[PROC_STATUS_PPID], status[PROC_STATUS_NAME], status[PROC_STATUS_STATE], status[PROC_STATUS_TRACERPID]); } @@ -457,7 +334,7 @@ static void __process_event_exec(int tgid, int pid) if (__check_excn(cmdline)) { if (STC_DEBUG_LOG) - STC_LOGD("[%s] monitoring is excepted", cmdline); //LCOV_EXCL_LINE + STC_LOGD("[%s] monitoring is excepted", cmdline); return; } @@ -467,15 +344,15 @@ static void __process_event_exec(int tgid, int pid) key = MALLOC0(proc_key_s, 1); if (key == NULL) { - STC_LOGE("memory allocation failed"); //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE + STC_LOGE("memory allocation failed"); + return; } value = MALLOC0(proc_value_s, 1); if (value == NULL) { - STC_LOGE("memory allocation failed"); //LCOV_EXCL_LINE - FREE(key); //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE + STC_LOGE("memory allocation failed"); + FREE(key); + return; } key->pid = tgid; @@ -484,9 +361,9 @@ static void __process_event_exec(int tgid, int pid) g_strlcpy(value->cmdline, cmdline, sizeof(value->cmdline)); if (STC_DEBUG_LOG) { - STC_LOGD("\033[1;32mEXEC\033[0;m: tgid[\033[1;33m%d\033[0;m] ppid=[\033[1;35m%s\033[0;m] " //LCOV_EXCL_LINE + STC_LOGD("\033[1;32mEXEC\033[0;m: tgid[\033[1;33m%d\033[0;m] ppid=[\033[1;35m%s\033[0;m] " "cmdline[\033[0;34m%s\033[0;m] pid[%d]", tgid, status[PROC_STATUS_PPID], cmdline, pid); - STC_LOGD("STATUS: tgid[%s] pid[%s] ppid[%s] name[%s] state[%s] tracerpid[%s]", //LCOV_EXCL_LINE + STC_LOGD("STATUS: tgid[%s] pid[%s] ppid[%s] name[%s] state[%s] tracerpid[%s]", status[PROC_STATUS_TGID], status[PROC_STATUS_PID], status[PROC_STATUS_PPID], status[PROC_STATUS_NAME], status[PROC_STATUS_STATE], status[PROC_STATUS_TRACERPID]); } @@ -509,7 +386,7 @@ static void __process_event_exit(int tgid, int pid, int exit_code) return; if (STC_DEBUG_LOG) - STC_LOGD("\033[1;31mEXIT\033[0;m: tgid[\033[1;33m%d\033[0;m] " //LCOV_EXCL_LINE + STC_LOGD("\033[1;31mEXIT\033[0;m: tgid[\033[1;33m%d\033[0;m] " "pid[%d] exitcode[\033[0;31m%d\033[0;m]", tgid, pid, exit_code); __proc_tree_remove(&key); @@ -527,21 +404,21 @@ static gboolean __process_nl_connector_message(GIOChannel *source, (condition & G_IO_NVAL)) { /* G_IO_ERR/G_IO_HUP/G_IO_NVAL received */ - STC_LOGE("Netlink Connector socket received G_IO event, closing" //LCOV_EXCL_LINE + STC_LOGE("Netlink Connector socket received G_IO event, closing" " socket. G_IO_ERR [%d], G_IO_HUP [%d], G_IO_NVAL [%s]", (condition & G_IO_ERR), (condition & G_IO_HUP), (condition & G_IO_NVAL)); - __reopen_nl_connector_sock(); //LCOV_EXCL_LINE - __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE - return FALSE; //LCOV_EXCL_LINE + __reopen_nl_connector_sock(); + __STC_LOG_FUNC_EXIT__; + return FALSE; } memset(&msg, 0, sizeof(nl_connector_proc_event_s)); ret = read(sock, &msg, sizeof(nl_connector_proc_event_s)); if (ret == 0) { - __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE - return TRUE; //LCOV_EXCL_LINE + __STC_LOG_FUNC_EXIT__; + return TRUE; } switch (msg.proc_ev.what) { @@ -573,8 +450,8 @@ static int __subscribe_proc_events(void) int sock = nl_connector_sock; if (sock == -1) { - __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE - return -1; //LCOV_EXCL_LINE + __STC_LOG_FUNC_EXIT__; + return -1; } memset(&msg, 0, sizeof(nl_connector_msg_s)); @@ -591,9 +468,9 @@ static int __subscribe_proc_events(void) ret = send(sock, &msg, sizeof(nl_connector_msg_s), 0); if (ret == -1) { - STC_LOGE("Error sending netlink connector message"); //LCOV_EXCL_LINE - __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE - return -1; //LCOV_EXCL_LINE + STC_LOGE("Error sending netlink connector message"); + __STC_LOG_FUNC_EXIT__; + return -1; } __STC_LOG_FUNC_EXIT__; @@ -608,8 +485,8 @@ static int __unsubscribe_proc_events(void) int sock = nl_connector_sock; if (sock == -1) { - __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE - return -1; //LCOV_EXCL_LINE + __STC_LOG_FUNC_EXIT__; + return -1; } memset(&msg, 0, sizeof(nl_connector_msg_s)); @@ -626,16 +503,16 @@ static int __unsubscribe_proc_events(void) ret = send(sock, &msg, sizeof(nl_connector_msg_s), 0); if (ret == -1) { - STC_LOGE("Error sending netlink connector message"); //LCOV_EXCL_LINE - __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE - return -1; //LCOV_EXCL_LINE + STC_LOGE("Error sending netlink connector message"); + __STC_LOG_FUNC_EXIT__; + return -1; } __STC_LOG_FUNC_EXIT__; return 0; } -void stc_app_lifecycle_monitor_init(void) +int stc_plugin_procfs_initialize(void) { __STC_LOG_FUNC_ENTER__; @@ -648,15 +525,16 @@ void stc_app_lifecycle_monitor_init(void) __open_nl_connector_sock(); __subscribe_proc_events(); __STC_LOG_FUNC_EXIT__; + return STC_ERROR_NONE; } -void stc_app_lifecycle_monitor_deinit(void) +int stc_plugin_procfs_deinitialize(void) { __STC_LOG_FUNC_ENTER__; if (nl_connector_sock == -1) { - STC_LOGE("socket already closed"); //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE + STC_LOGD("socket already closed"); + return STC_ERROR_NONE; } __unsubscribe_proc_events(); @@ -666,4 +544,132 @@ void stc_app_lifecycle_monitor_deinit(void) proc_tree = NULL; __STC_LOG_FUNC_EXIT__; + return STC_ERROR_NONE; } + +stc_error_e stc_plugin_procfs_status_changed(stc_cmd_type_e cmd, + pid_t pid, const gchar *app_id, const gchar *pkg_id, stc_app_type_e app_type) +{ + stc_error_e ret = STC_ERROR_NONE; + + if (pkg_id && app_id) + STC_LOGD("cmd [%d] pkgid [%s] appid [%s] pid[%d] type [%d]", + cmd, pkg_id, app_id, pid, app_type); + + switch (cmd) { + case STC_CMD_SET_FOREGRD: + { + stc_app_key_s app_key; + stc_app_value_s app_value; + stc_process_key_s proc_key; + stc_process_value_s proc_value; + + memset(&app_key, 0, sizeof(stc_app_key_s)); + memset(&app_value, 0, sizeof(stc_app_value_s)); + memset(&proc_key, 0, sizeof(stc_process_key_s)); + memset(&proc_value, 0, sizeof(stc_process_value_s)); + + app_key.pkg_id = g_strdup(pkg_id); + app_key.app_id = g_strdup(app_id); + + app_value.type = app_type; + app_value.processes = NULL; + + proc_key.pid = pid; + + proc_value.ground = STC_APP_STATE_FOREGROUND; + + stc_monitor_application_add(app_key, app_value); + stc_monitor_process_add(app_key, proc_key, proc_value); + stc_monitor_process_update_ground(app_key, proc_key, + STC_APP_STATE_FOREGROUND); + + FREE(app_key.pkg_id); + FREE(app_key.app_id); + break; + } + case STC_CMD_SET_BACKGRD: + { + stc_app_key_s app_key; + stc_app_value_s app_value; + stc_process_key_s proc_key; + stc_process_value_s proc_value; + + memset(&app_key, 0, sizeof(stc_app_key_s)); + memset(&app_value, 0, sizeof(stc_app_value_s)); + memset(&proc_key, 0, sizeof(stc_process_key_s)); + memset(&proc_value, 0, sizeof(stc_process_value_s)); + + app_key.pkg_id = g_strdup(pkg_id); + app_key.app_id = g_strconcat(app_id, STC_BACKGROUND_APP_SUFFIX, + NULL); + + app_value.type = app_type; + app_value.processes = NULL; + + proc_key.pid = pid; + + proc_value.ground = STC_APP_STATE_BACKGROUND; + + stc_monitor_application_add(app_key, app_value); + stc_monitor_process_add(app_key, proc_key, proc_value); + stc_monitor_process_update_ground(app_key, proc_key, + STC_APP_STATE_BACKGROUND); + + FREE(app_key.pkg_id); + FREE(app_key.app_id); + break; + } + case STC_CMD_SET_SERVICE_LAUNCHED: + { + stc_app_key_s app_key; + stc_app_value_s app_value; + stc_process_key_s proc_key; + stc_process_value_s proc_value; + + memset(&app_key, 0, sizeof(stc_app_key_s)); + memset(&app_value, 0, sizeof(stc_app_value_s)); + memset(&proc_key, 0, sizeof(stc_process_key_s)); + memset(&proc_value, 0, sizeof(stc_process_value_s)); + + app_key.pkg_id = g_strdup(pkg_id); + app_key.app_id = g_strconcat(app_id, STC_BACKGROUND_APP_SUFFIX, + NULL); + + app_value.type = app_type; + app_value.processes = NULL; + + proc_key.pid = pid; + + /* services will run always in background. */ + proc_value.ground = STC_APP_STATE_BACKGROUND; + + stc_monitor_application_add(app_key, app_value); + stc_monitor_process_add(app_key, proc_key, proc_value); + + FREE(app_key.pkg_id); + g_free(app_key.app_id); + break; + } + case STC_CMD_SET_TERMINATED: + { + stc_monitor_process_remove(pid); + break; + } + default: + STC_LOGE("Unhandled command"); + ret = STC_ERROR_INVALID_PARAMETER; + } + + return ret; +} + +API stc_plugin_procfs_s stc_plugin_procfs = { + .initialize_plugin = + stc_plugin_procfs_initialize, + .deinitialize_plugin = + stc_plugin_procfs_deinitialize, + .procfs_status_changed = + stc_plugin_procfs_status_changed +}; +//LCOV_EXCL_STOP diff --git a/plugin/stc-plugin-popup.c b/plugin/stc-plugin-popup.c deleted file mode 100755 index 409c890..0000000 --- a/plugin/stc-plugin-popup.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "stc-plugin.h" - -//LCOV_EXCL_START -int stc_plugin_popup_send_warn_message(const char *content, - const char *type, const char *app_id, const char *iftype, const char *warn) -{ - int ret = 0; - bundle *b = bundle_create(); - - STC_LOGD("Warn message : content[%s] type[%s] app_id[%s] warn[%s]", - content, type, app_id, warn); - - bundle_add(b, "_SYSPOPUP_CONTENT_", content); - bundle_add(b, "_SYSPOPUP_TYPE_", type); - bundle_add(b, "_APP_ID_", app_id); - bundle_add(b, "_IF_TYPE_", iftype); - bundle_add(b, "_WARN_LIMIT_", warn); - - ret = syspopup_launch("net-popup", b); - - bundle_free(b); - - return ret; -} - -int stc_plugin_popup_send_restriction_message(const char *content, - const char *type, const char *app_id, const char *iftype, const char *limit) -{ - int ret = 0; - bundle *b = bundle_create(); - - STC_LOGD("Restriction message : content[%s] type[%s] app_id[%s] limit[%s]", - content, type, app_id, limit); - - bundle_add(b, "_SYSPOPUP_CONTENT_", content); - bundle_add(b, "_SYSPOPUP_TYPE_", type); - bundle_add(b, "_APP_ID_", app_id); - bundle_add(b, "_IF_TYPE_", iftype); - bundle_add(b, "_RESTRICTION_LIMIT_", limit); - - ret = syspopup_launch("net-popup", b); - - bundle_free(b); - - return ret; -} -//LCOV_EXCL_STOP diff --git a/plugin/stc-plugin.c b/plugin/stc-plugin.c deleted file mode 100755 index b1b4013..0000000 --- a/plugin/stc-plugin.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "stc-plugin.h" - -//LCOV_EXCL_START -void stc_plugin_initialize(void) -{ - stc_plugin_exception_init(); -} - -void stc_plugin_deinitialize(void) -{ - stc_plugin_exception_deinit(); -} - -API stc_plugin_s stc_plugin = { - .initialize_plugin = - stc_plugin_initialize, - .deinitialize_plugin = - stc_plugin_deinitialize, - .send_warn_message_to_net_popup = - stc_plugin_popup_send_restriction_message, - .send_restriction_message_to_net_popup = - stc_plugin_popup_send_restriction_message, - .register_state_changed_cb = - stc_plugin_appstatus_register_changed_cb, - .deregister_state_changed_cb = - stc_plugin_appstatus_deregister_changed_cb, - .fill_exception_list = - stc_plugin_exception_fill_list, - .update_exception_list = - stc_plugin_exception_update_list, - .check_exception_by_cmdline = - stc_plugin_exception_check_by_cmdline -}; -//LCOV_EXCL_STOP diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index d8bc359..f01f292 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -7,7 +7,6 @@ SET(REQUIRES_LIST ${REQUIRES_LIST} dlog vconf capi-system-info - pkgmgr-info openssl ) @@ -28,6 +27,10 @@ SET(DATABASE_SOURCE_DIR ${SOURCE_DIR}/database) SET(MONITOR_SOURCE_DIR ${SOURCE_DIR}/monitor) SET(CONFIGURE_SOURCE_DIR ${SOURCE_DIR}/configure) SET(LIMITATION_SOURCE_DIR ${SOURCE_DIR}/limitation) +SET(PLUGIN_DIR ${CMAKE_SOURCE_DIR}/plugin) +SET(APPSTATUS_SOURCE_DIR ${PLUGIN_DIR}/appstatus) +SET(EXCEPTION_SOURCE_DIR ${PLUGIN_DIR}/exception) +SET(PROCFS_SOURCE_DIR ${PLUGIN_DIR}/procfs) INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include) INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/interfaces) @@ -47,6 +50,10 @@ INCLUDE_DIRECTORIES(${CONFIGURE_SOURCE_DIR}/include) INCLUDE_DIRECTORIES(${LIMITATION_SOURCE_DIR}) INCLUDE_DIRECTORIES(${LIMITATION_SOURCE_DIR}/include) +INCLUDE_DIRECTORIES(${APPSTATUS_SOURCE_DIR}/include) +INCLUDE_DIRECTORIES(${EXCEPTION_SOURCE_DIR}/include) +INCLUDE_DIRECTORIES(${PROCFS_SOURCE_DIR}/include) + FILE(GLOB SOURCE_SRCS ${SOURCE_DIR}/*.c) FILE(GLOB HELPER_SRCS ${HELPER_SOURCE_DIR}/*.c) FILE(GLOB MONITOR_SRCS ${MONITOR_SOURCE_DIR}/*.c) @@ -80,22 +87,12 @@ IF(BUILD_GTESTS) ADD_DEFINITIONS(-DTIZEN_GTESTS) ENDIF(BUILD_GTESTS) -ADD_CUSTOM_COMMAND( - WORKING_DIRECTORY - OUTPUT ${CMAKE_SOURCE_DIR}/src/generated-code.c - COMMAND gdbus-codegen --interface-prefix net.stc. - --generate-c-code generated-code - --c-namespace Stc - --c-generate-object-manager - --generate-docbook generated-code-docs - ${INTERFACES}/stcmanager-iface-manager.xml - ${INTERFACES}/stcmanager-iface-restriction.xml - ${INTERFACES}/stcmanager-iface-statistics.xml - COMMENT "Generating GDBus .c/.h") - -SET(SRCS ${SRCS} ${SOURCE_DIR}/generated-code.c) +SET(SRCS ${SRCS} ${INTERFACES}/generated-code.c) +SET_SOURCE_FILES_PROPERTIES(${INTERFACES}/generated-code.c PROPERTIES GENERATED TRUE) + ADD_EXECUTABLE(${PROJECT_NAME} ${SRCS}) TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${stc_pkgs_LDFLAGS} -ldl) INSTALL(TARGETS ${PROJECT_NAME} RUNTIME DESTINATION ${BIN_DIR}) +ADD_DEPENDENCIES(${PROJECT_NAME} GENERATED_DBUS_CODE) ADD_SUBDIRECTORY(utils) diff --git a/src/helper/helper-nl.c b/src/helper/helper-nl.c index a42e565..2c3c8f9 100755 --- a/src/helper/helper-nl.c +++ b/src/helper/helper-nl.c @@ -25,7 +25,7 @@ * create_netlink(): Create netlink socket and returns it. * Returns: Created socket on success and -1 on failure. */ -int create_netlink(int protocol, uint32_t groups) +API int create_netlink(int protocol, uint32_t groups) { /** * TODO it's one socket, in future make set of sockets diff --git a/src/helper/helper-nl.h b/src/helper/helper-nl.h index fddb2aa..3df7da1 100755 --- a/src/helper/helper-nl.h +++ b/src/helper/helper-nl.h @@ -26,6 +26,8 @@ #include #include +#include "stc-manager.h" + #define NLA_BUF_MAX 65560 /*(65 * 1024) - used in tc_common, we'll do the same */ diff --git a/src/helper/helper-procfs.c b/src/helper/helper-procfs.c index 4cf1bb2..020987d 100755 --- a/src/helper/helper-procfs.c +++ b/src/helper/helper-procfs.c @@ -40,7 +40,7 @@ #define USRAPPS "/usr/apps/" -int proc_get_cmdline(pid_t pid, char *cmdline) +API int proc_get_cmdline(pid_t pid, char *cmdline) { char buf[PROC_BUF_MAX]; char cmdline_buf[PROC_NAME_MAX]; @@ -176,7 +176,7 @@ int proc_get_raw_cmdline(pid_t pid, char *buf, int len) } //LCOV_EXCL_STOP -int proc_get_status(pid_t pid, char status[][PROC_BUF_MAX]) +API int proc_get_status(pid_t pid, char status[][PROC_BUF_MAX]) { unsigned int i; unsigned int index = 0; diff --git a/src/monitor/stc-exception.c b/src/monitor/stc-exception.c deleted file mode 100755 index a9e3523..0000000 --- a/src/monitor/stc-exception.c +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright (c) 2016 Samsung Electronics Co., Ltd. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * This file implements exceptions entity handler methods. - * - * @file stc-exception.c - */ - -#include - -#include "stc-manager.h" -#include "stc-exception.h" - -#define EXCEPTION_BUF_MAX 64 -#define EXCEPTION_STORAGE "/var/lib/stc/exceptions" - -#define INTERNET_PRIVILEGE "http://tizen.org/privilege/internet" - -static GHashTable *g_pkginfo_filter_hash; - -stc_error_e table_exceptions_foreach(const stc_exceptions_info_cb exception_cb, - void *user_data) -{ - __STC_LOG_FUNC_ENTER__; - - stc_error_e error_code = STC_ERROR_NONE; - stc_exceptions_info data; - - FILE *fp = NULL; - char buf[EXCEPTION_BUF_MAX] = {0, }; - - fp = fopen(EXCEPTION_STORAGE, "r"); - ret_value_msg_if(!fp, STC_ERROR_FAIL, "Failed to open %s file"); - - while (fgets(buf, sizeof(buf), fp) != NULL) { - char *process_name, *exe_type; - char *save_ptr = NULL; - - process_name = strtok_r(buf, ":", &save_ptr); - if (process_name != NULL) - data.process_name = process_name; - else - data.process_name = "none"; //LCOV_EXCL_LINE - - exe_type = strtok_r(NULL, "\n", &save_ptr); - if (exe_type != NULL) - data.exe_type = exe_type; - else - data.exe_type = "none"; //LCOV_EXCL_LINE - - if (exception_cb(&data, user_data) == STC_CANCEL) - break; - } - fclose(fp); - - __STC_LOG_FUNC_EXIT__; - return error_code; -} - -static int __pkginfo_filter_list_cb(pkgmgrinfo_pkginfo_h handle, void *user_data) -{ - int ret = 0; - char *pkgname = NULL; - - ret = pkgmgrinfo_pkginfo_get_pkgname(handle, &pkgname); - if (ret == PMINFO_R_OK) { - if (g_hash_table_insert(g_pkginfo_filter_hash, - g_strdup(pkgname), g_strdup(EXE_TYPE_APPLICATION)) != TRUE) - STC_LOGE("Failed to insert hash table"); //LCOV_EXCL_LINE - } - - return STC_CONTINUE; -} - -static int __pkginfo_pkg_list_cb(pkgmgrinfo_pkginfo_h handle, void *user_data) -{ - int ret = 0; - char *pkgname = NULL; - char *exe_type = NULL; - stc_exceptions_info data; - const stc_exceptions_info_cb excn_cb = user_data; - - ret = pkgmgrinfo_pkginfo_get_pkgname(handle, &pkgname); - if (ret == PMINFO_R_OK) { - exe_type = g_hash_table_lookup(g_pkginfo_filter_hash, pkgname); - if (exe_type) - return STC_CONTINUE; - - data.process_name = pkgname; - data.exe_type = EXE_TYPE_APPLICATION; - - if (excn_cb(&data, NULL) == STC_CANCEL) - STC_LOGE("Failed to insert hash table"); //LCOV_EXCL_LINE - } - - return STC_CONTINUE; -} - -stc_error_e pkginfo_exceptions_foreach(const stc_exceptions_info_cb exception_cb, - void *user_data) -{ - __STC_LOG_FUNC_ENTER__; - - int ret = 0; - int err = STC_ERROR_NONE; - pkgmgrinfo_pkginfo_filter_h handle; - - g_pkginfo_filter_hash = g_hash_table_new_full(g_str_hash, - g_str_equal, g_free, g_free); - - ret = pkgmgrinfo_pkginfo_filter_create(&handle); - ret_value_msg_if(ret != PMINFO_R_OK, STC_ERROR_FAIL, - "Failed to create pkginfo filter"); - - ret = pkgmgrinfo_pkginfo_filter_add_string(handle, - PMINFO_PKGINFO_PROP_PACKAGE_PRIVILEGE, - INTERNET_PRIVILEGE); - if (ret != PMINFO_R_OK) { - STC_LOGE("Failed to add pkginfo filter string"); //LCOV_EXCL_LINE - err = STC_ERROR_FAIL; //LCOV_EXCL_LINE - goto out; //LCOV_EXCL_LINE - } - - ret = pkgmgrinfo_pkginfo_filter_foreach_pkginfo(handle, - __pkginfo_filter_list_cb, NULL); - if (ret != PMINFO_R_OK) { - STC_LOGE("Failed to foreach pkginfo filter"); //LCOV_EXCL_LINE - err = STC_ERROR_FAIL; //LCOV_EXCL_LINE - goto out; //LCOV_EXCL_LINE - } - - ret = pkgmgrinfo_pkginfo_get_list(__pkginfo_pkg_list_cb, exception_cb); - if (ret != PMINFO_R_OK) { - STC_LOGE("Failed to get pkginfo list"); //LCOV_EXCL_LINE - err = STC_ERROR_FAIL; //LCOV_EXCL_LINE - goto out; //LCOV_EXCL_LINE - } - -out: - if (g_pkginfo_filter_hash) { - g_hash_table_destroy(g_pkginfo_filter_hash); - g_pkginfo_filter_hash = NULL; - } - - if (handle) - pkgmgrinfo_pkginfo_filter_destroy(handle); - - __STC_LOG_FUNC_EXIT__; - return err; -} diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index b3edf39..b27c97f 100755 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -28,7 +28,8 @@ #include "table-statistics.h" #include "table-counters.h" #include "stc-monitor.h" -#include "stc-manager-plugin.h" +#include "stc-manager-plugin-appstatus.h" +#include "stc-manager-plugin-exception.h" #define MAX_INT_LENGTH 128 #define VCONFKEY_STC_BACKGROUND_STATE "db/stc/background_state" @@ -767,7 +768,7 @@ static gboolean __rstn_counter_update(stc_rstn_key_s *rstn_key, snprintf(iftype, MAX_INT_LENGTH, "%d", rstn_key->iftype); snprintf(byte, MAX_INT_LENGTH, "%lld", rstn_value->data_warn_limit); - stc_manager_plugin_send_warn_message("warn threshold crossed", + stc_plugin_appstatus_send_warn_message("warn threshold crossed", "warning_noti", rstn_key->app_id, iftype, byte); @@ -808,7 +809,7 @@ static gboolean __rstn_counter_update(stc_rstn_key_s *rstn_key, snprintf(iftype, MAX_INT_LENGTH, "%d", rstn_key->iftype); snprintf(byte, MAX_INT_LENGTH, "%lld", rstn_value->data_limit); - stc_manager_plugin_send_restriction_message("restriction threshold crossed", + stc_plugin_appstatus_send_restriction_message("restriction threshold crossed", "restriction_noti", rstn_key->app_id, iftype, byte); } @@ -1546,7 +1547,7 @@ static stc_error_e __process_update_background(void) static void __fill_exceptions_list(void) { - stc_manager_plugin_fill_exception_list(); + stc_plugin_fill_exception_list(); } stc_error_e stc_monitor_init(void) @@ -1642,7 +1643,7 @@ stc_error_e stc_monitor_deinit(void) return STC_ERROR_NONE; } -stc_error_e stc_monitor_application_add(const stc_app_key_s app_key, +API stc_error_e stc_monitor_application_add(const stc_app_key_s app_key, const stc_app_value_s app_value) { stc_error_e ret = STC_ERROR_NONE; @@ -1694,7 +1695,7 @@ stc_error_e stc_monitor_application_add(const stc_app_key_s app_key, return ret; } -stc_error_e stc_monitor_process_add(const stc_app_key_s app_key, +API stc_error_e stc_monitor_process_add(const stc_app_key_s app_key, const stc_process_key_s proc_key, const stc_process_value_s proc_value) { @@ -1746,7 +1747,7 @@ stc_error_e stc_monitor_process_add(const stc_app_key_s app_key, return ret; } -stc_error_e stc_monitor_process_remove(pid_t pid) +API stc_error_e stc_monitor_process_remove(pid_t pid) { stc_error_e ret = STC_ERROR_NONE; stc_process_key_s proc_key = { @@ -1774,7 +1775,7 @@ stc_error_e stc_monitor_process_remove(pid_t pid) } //LCOV_EXCL_START -stc_error_e stc_monitor_process_update_ground(const stc_app_key_s app_key, +API stc_error_e stc_monitor_process_update_ground(const stc_app_key_s app_key, const stc_process_key_s proc_key, stc_app_state_e ground) { @@ -1920,9 +1921,9 @@ stc_error_e stc_monitor_rstns_tree_remove(const table_restrictions_info *info) return ret; } -stc_error_e stc_monitor_check_excn_by_cmdline(char *cmdline) +API stc_error_e stc_monitor_check_excn_by_cmdline(char *cmdline) { - return stc_manager_plugin_check_exception_by_cmdline(cmdline); + return stc_plugin_check_exception_by_cmdline(cmdline); } int stc_monitor_get_counter_socket(void) diff --git a/src/stc-manager-gdbus.c b/src/stc-manager-gdbus.c index 46a3d42..a321a4c 100755 --- a/src/stc-manager-gdbus.c +++ b/src/stc-manager-gdbus.c @@ -19,8 +19,8 @@ #include "stc-statistics.h" #include "stc-restriction.h" #include "stc-default-connection.h" -#include "stc-manager-plugin.h" -#include "stc-app-lifecycle.h" +#include "stc-manager-plugin-appstatus.h" +#include "stc-manager-plugin-procfs.h" #include "helper-iptables.h" static gboolean __stc_manager_gdbus_statistics_init(stc_s *stc) @@ -194,8 +194,9 @@ static void __stc_manager_gdbus_on_bus_acquired(GDBusConnection *connection, iptables_init(); stc_default_connection_monitor_init(stc); - stc_manager_plugin_register_state_changed_cb(stc, - stc_manager_app_status_changed, NULL); + + stc_plugin_appstatus_register_state_changed_cb(stc, + stc_plugin_procfs_app_status_changed, NULL); __STC_LOG_FUNC_EXIT__; } @@ -238,7 +239,7 @@ void stc_manager_gdbus_deinit(gpointer stc_data) __STC_LOG_FUNC_ENTER__; stc_s *stc = (stc_s *)stc_data; - stc_manager_plugin_deregister_state_changed_cb(stc); + stc_plugin_appstatus_deregister_state_changed_cb(stc); stc_default_connection_monitor_deinit(stc); g_bus_unown_name(stc->gdbus_owner_id); diff --git a/src/stc-manager-plugin.c b/src/stc-manager-plugin-appstatus.c similarity index 56% rename from src/stc-manager-plugin.c rename to src/stc-manager-plugin-appstatus.c index f4aaae9..8bc067b 100755 --- a/src/stc-manager-plugin.c +++ b/src/stc-manager-plugin-appstatus.c @@ -17,25 +17,25 @@ #include #include "stc-manager.h" -#include "stc-manager-plugin.h" +#include "stc-manager-plugin-appstatus.h" static gboolean stc_plugin_enabled = FALSE; static void *handle_plugin; -static stc_plugin_s *stc_plugin; +static stc_plugin_appstatus_s *stc_plugin; //LCOV_EXCL_START -int stc_manager_plugin_init(void) +int stc_plugin_appstatus_init(void) { __STC_LOG_FUNC_ENTER__; - handle_plugin = dlopen(STC_PLUGIN_FILEPATH, RTLD_NOW); + handle_plugin = dlopen(STC_PLUGIN_APPSTATUS_FILEPATH, RTLD_NOW); if (!handle_plugin) { - STC_LOGE("Can't load %s: %s", STC_PLUGIN_FILEPATH, dlerror()); + STC_LOGE("Can't load %s: %s", STC_PLUGIN_APPSTATUS_FILEPATH, dlerror()); __STC_LOG_FUNC_EXIT__; return STC_ERROR_UNINITIALIZED; } - stc_plugin = dlsym(handle_plugin, "stc_plugin"); + stc_plugin = dlsym(handle_plugin, "stc_plugin_appstatus"); if (!stc_plugin) { STC_LOGE("Can't load symbol: %s", dlerror()); dlclose(handle_plugin); @@ -44,13 +44,12 @@ int stc_manager_plugin_init(void) } stc_plugin_enabled = TRUE; - stc_plugin->initialize_plugin(); __STC_LOG_FUNC_EXIT__; return STC_ERROR_NONE; } -int stc_manager_plugin_deinit(void) +int stc_plugin_appstatus_deinit(void) { __STC_LOG_FUNC_ENTER__; @@ -59,17 +58,14 @@ int stc_manager_plugin_deinit(void) return STC_ERROR_UNINITIALIZED; } - stc_plugin->deinitialize_plugin(); - stc_plugin_enabled = FALSE; dlclose(handle_plugin); __STC_LOG_FUNC_EXIT__; return STC_ERROR_NONE; } -int stc_manager_plugin_send_warn_message(const char *content, const char *type, - const char *app_id, const char *iftype, - const char *warn) +int stc_plugin_appstatus_send_warn_message(const char *content, + const char *type, const char *app_id, const char *iftype, const char *warn) { __STC_LOG_FUNC_ENTER__; @@ -86,15 +82,12 @@ int stc_manager_plugin_send_warn_message(const char *content, const char *type, } __STC_LOG_FUNC_EXIT__; - return stc_plugin->send_warn_message_to_net_popup(content, type, app_id, - iftype, warn); + return stc_plugin->send_warn_message_to_net_popup(content, + type, app_id, iftype, warn); } -int stc_manager_plugin_send_restriction_message(const char *content, - const char *type, - const char *app_id, - const char *iftype, - const char *limit) +int stc_plugin_appstatus_send_restriction_message(const char *content, + const char *type, const char *app_id, const char *iftype, const char *limit) { __STC_LOG_FUNC_ENTER__; @@ -111,14 +104,12 @@ int stc_manager_plugin_send_restriction_message(const char *content, } __STC_LOG_FUNC_EXIT__; - return stc_plugin->send_restriction_message_to_net_popup(content, type, - app_id, iftype, - limit); + return stc_plugin->send_restriction_message_to_net_popup(content, + type, app_id, iftype, limit); } -int stc_manager_plugin_register_state_changed_cb(stc_s *stc, - stc_plugin_app_state_changed_cb cb, - void *data) +int stc_plugin_appstatus_register_state_changed_cb(stc_s *stc, + stc_plugin_app_state_changed_cb cb, void *data) { __STC_LOG_FUNC_ENTER__; @@ -138,7 +129,7 @@ int stc_manager_plugin_register_state_changed_cb(stc_s *stc, return stc_plugin->register_state_changed_cb(stc, cb, data); } -int stc_manager_plugin_deregister_state_changed_cb(stc_s *stc) +int stc_plugin_appstatus_deregister_state_changed_cb(stc_s *stc) { __STC_LOG_FUNC_ENTER__; @@ -157,55 +148,4 @@ int stc_manager_plugin_deregister_state_changed_cb(stc_s *stc) __STC_LOG_FUNC_EXIT__; return stc_plugin->deregister_state_changed_cb(stc); } - -int stc_manager_plugin_fill_exception_list(void) -{ - __STC_LOG_FUNC_ENTER__; - - if (!stc_plugin_enabled) { - STC_LOGE("Plugin wasn't enabled"); - __STC_LOG_FUNC_EXIT__; - return STC_ERROR_UNINITIALIZED; - } - - if (!stc_plugin) { - STC_LOGE("Plugin wasn't loaded"); - __STC_LOG_FUNC_EXIT__; - return STC_ERROR_UNINITIALIZED; - } - - __STC_LOG_FUNC_EXIT__; - return stc_plugin->fill_exception_list(); -} - -int stc_manager_plugin_update_exception_list(void) -{ - __STC_LOG_FUNC_ENTER__; - - if (!stc_plugin_enabled) { - STC_LOGE("Plugin wasn't enabled"); - __STC_LOG_FUNC_EXIT__; - return STC_ERROR_UNINITIALIZED; - } - - if (!stc_plugin) { - STC_LOGE("Plugin wasn't loaded"); - __STC_LOG_FUNC_EXIT__; - return STC_ERROR_UNINITIALIZED; - } - - __STC_LOG_FUNC_EXIT__; - return stc_plugin->update_exception_list(); -} - -int stc_manager_plugin_check_exception_by_cmdline(char *cmdline) -{ - if (!stc_plugin_enabled) - return STC_ERROR_UNINITIALIZED; - - if (!stc_plugin) - return STC_ERROR_UNINITIALIZED; - - return stc_plugin->check_exception_by_cmdline(cmdline); -} //LCOV_EXCL_STOP diff --git a/src/stc-manager-plugin-exception.c b/src/stc-manager-plugin-exception.c new file mode 100755 index 0000000..bc0078d --- /dev/null +++ b/src/stc-manager-plugin-exception.c @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "stc-manager.h" +#include "stc-manager-plugin-exception.h" + +static gboolean stc_plugin_enabled = FALSE; +static void *handle_plugin; +static stc_plugin_exception_s *stc_plugin; + +//LCOV_EXCL_START +int stc_plugin_exception_init(void) +{ + __STC_LOG_FUNC_ENTER__; + + handle_plugin = dlopen(STC_PLUGIN_EXCEPTION_FILEPATH, RTLD_NOW); + if (!handle_plugin) { + STC_LOGE("Can't load %s: %s", STC_PLUGIN_EXCEPTION_FILEPATH, dlerror()); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + stc_plugin = dlsym(handle_plugin, "stc_plugin_exception"); + if (!stc_plugin) { + STC_LOGE("Can't load symbol: %s", dlerror()); + dlclose(handle_plugin); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + stc_plugin->initialize_plugin(); + stc_plugin_enabled = TRUE; + + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_NONE; +} + +int stc_plugin_exception_deinit(void) +{ + __STC_LOG_FUNC_ENTER__; + + if (!stc_plugin_enabled) { + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + stc_plugin->deinitialize_plugin(); + stc_plugin_enabled = FALSE; + dlclose(handle_plugin); + + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_NONE; +} + +int stc_plugin_fill_exception_list(void) +{ + __STC_LOG_FUNC_ENTER__; + + if (!stc_plugin_enabled) { + STC_LOGE("Plugin wasn't enabled"); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + if (!stc_plugin) { + STC_LOGE("Plugin wasn't loaded"); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + __STC_LOG_FUNC_EXIT__; + return stc_plugin->fill_exception_list(); +} + +int stc_plugin_update_exception_list(void) +{ + __STC_LOG_FUNC_ENTER__; + + if (!stc_plugin_enabled) { + STC_LOGE("Plugin wasn't enabled"); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + if (!stc_plugin) { + STC_LOGE("Plugin wasn't loaded"); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + __STC_LOG_FUNC_EXIT__; + return stc_plugin->update_exception_list(); +} + +int stc_plugin_check_exception_by_cmdline(char *cmdline) +{ + if (!stc_plugin_enabled) + return STC_ERROR_UNINITIALIZED; + + if (!stc_plugin) + return STC_ERROR_UNINITIALIZED; + + return stc_plugin->check_exception_by_cmdline(cmdline); +} +//LCOV_EXCL_STOP diff --git a/src/stc-manager-plugin-procfs.c b/src/stc-manager-plugin-procfs.c new file mode 100755 index 0000000..b83a7e8 --- /dev/null +++ b/src/stc-manager-plugin-procfs.c @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "stc-manager.h" +#include "stc-manager-plugin-procfs.h" + +static gboolean stc_plugin_enabled = FALSE; +static void *handle_plugin; +static stc_plugin_procfs_s *stc_plugin; + +//LCOV_EXCL_START +int stc_plugin_procfs_init(void) +{ + __STC_LOG_FUNC_ENTER__; + + handle_plugin = dlopen(STC_PLUGIN_PROCFS_FILEPATH, RTLD_NOW); + if (!handle_plugin) { + STC_LOGE("Can't load %s: %s", STC_PLUGIN_PROCFS_FILEPATH, dlerror()); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + stc_plugin = dlsym(handle_plugin, "stc_plugin_procfs"); + if (!stc_plugin) { + STC_LOGE("Can't load symbol: %s", dlerror()); + dlclose(handle_plugin); + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + stc_plugin->initialize_plugin(); + stc_plugin_enabled = TRUE; + + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_NONE; +} + +int stc_plugin_procfs_deinit(void) +{ + __STC_LOG_FUNC_ENTER__; + + if (!stc_plugin_enabled) { + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + stc_plugin->deinitialize_plugin(); + stc_plugin_enabled = FALSE; + dlclose(handle_plugin); + + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_NONE; +} + +stc_error_e stc_plugin_procfs_app_status_changed(stc_cmd_type_e cmd, + pid_t pid, const gchar *app_id, const gchar *pkg_id, stc_app_type_e app_type) +{ + if (!stc_plugin_enabled) + return STC_ERROR_UNINITIALIZED; + + if (!stc_plugin) + return STC_ERROR_UNINITIALIZED; + + return stc_plugin->procfs_status_changed(cmd, pid, app_id, pkg_id, app_type); +} +//LCOV_EXCL_STOP diff --git a/src/stc-manager.c b/src/stc-manager.c index b815400..8317d4f 100755 --- a/src/stc-manager.c +++ b/src/stc-manager.c @@ -25,8 +25,9 @@ #include "helper-nfacct-rule.h" #include "helper-iptables.h" #include "stc-monitor.h" -#include "stc-manager-plugin.h" -#include "stc-app-lifecycle.h" +#include "stc-manager-plugin-appstatus.h" +#include "stc-manager-plugin-exception.h" +#include "stc-manager-plugin-procfs.h" static stc_s *g_stc = NULL; @@ -61,9 +62,12 @@ static void __stc_manager_deinit(void) iptables_flush_chains(); iptables_deinit(); + stc_manager_gdbus_deinit((gpointer)g_stc); - stc_app_lifecycle_monitor_deinit(); - stc_manager_plugin_deinit(); + + stc_plugin_appstatus_deinit(); + stc_plugin_exception_deinit(); + stc_plugin_procfs_deinit(); STC_LOGI("stc manager deinitialized"); FREE(g_stc); @@ -88,13 +92,15 @@ static stc_s *__stc_manager_init(void) cgroup_set_release_agent(NET_CLS_SUBSYS, NET_RELEASE_AGENT); EXEC(STC_ERROR_NONE, stc_db_initialize()); - stc_manager_plugin_init(); + + stc_plugin_appstatus_init(); + stc_plugin_exception_init(); + stc_plugin_procfs_init(); err = stc_monitor_init(); if (err != STC_ERROR_NONE) goto handle_error; - stc_app_lifecycle_monitor_init(); stc_manager_gdbus_init((gpointer)stc); STC_LOGI("stc manager initialized"); -- 2.7.4 From 1a06acb1cd107bbb4e36163fd8164d1e6907ccd0 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Thu, 8 Feb 2018 16:29:17 +0900 Subject: [PATCH 04/16] Modified ip type to be properly monitored Change-Id: Ib08671b5c73a61418c6ad1643799f01efe97916b Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/helper/helper-iptables.c | 54 +++++++++++++++++++++++++---------------- src/helper/helper-iptables.h | 12 +++++++-- src/helper/helper-nfacct-rule.c | 6 +++-- src/helper/helper-nfacct-rule.h | 1 + 5 files changed, 49 insertions(+), 26 deletions(-) diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 40a18d8..98a493a 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.49 +Version: 0.0.50 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/helper/helper-iptables.c b/src/helper/helper-iptables.c index 06b9378..81cab4a 100755 --- a/src/helper/helper-iptables.c +++ b/src/helper/helper-iptables.c @@ -96,7 +96,7 @@ static int __iptables_rule_add(GDBusConnection *connection, } g_variant_get(message, "(i)", &result); - STC_LOGD("Successfully Add Rule [%d]", result); + STC_LOGD("Successfully Add Rule [%d:%s]", result, rule->nfacct_name); g_variant_unref(message); return STC_ERROR_NONE; @@ -128,7 +128,7 @@ static int __iptables_rule_remove(GDBusConnection *connection, } g_variant_get(message, "(i)", &result); - STC_LOGD("Successfully Remove Rule [%d]", result); + STC_LOGD("Successfully Remove Rule [%d:%s]", result, rule->nfacct_name); g_variant_unref(message); return STC_ERROR_NONE; @@ -160,7 +160,7 @@ static int __ip6tables_rule_add(GDBusConnection *connection, } g_variant_get(message, "(i)", &result); - STC_LOGD("Successfully Add 6 Rule [%d]", result); + STC_LOGD("Successfully Add 6 Rule [%d:%s]", result, rule->nfacct_name); g_variant_unref(message); return STC_ERROR_NONE; @@ -192,7 +192,7 @@ static int __ip6tables_rule_remove(GDBusConnection *connection, } g_variant_get(message, "(i)", &result); - STC_LOGD("Successfully Remove 6 Rule [%d]", result); + STC_LOGD("Successfully Remove 6 Rule [%d:%s]", result, rule->nfacct_name); g_variant_unref(message); return STC_ERROR_NONE; @@ -217,7 +217,7 @@ static int __iptables_add_chain(GDBusConnection *connection, } g_variant_get(message, "(i)", &result); - STC_LOGD("Successfully added ipv4 chain [%d]", result); + STC_LOGD("Successfully added ipv4 chain [%d:%s]", result, chain); g_variant_unref(message); return STC_ERROR_NONE; @@ -242,7 +242,7 @@ static int __ip6tables_add_chain(GDBusConnection *connection, } g_variant_get(message, "(i)", &result); - STC_LOGD("Successfully added ipv6 chain [%d]", result); + STC_LOGD("Successfully added ipv6 chain [%d:%s]", result, chain); g_variant_unref(message); return STC_ERROR_NONE; @@ -267,7 +267,7 @@ static int __iptables_remove_chain(GDBusConnection *connection, } g_variant_get(message, "(i)", &result); - STC_LOGD("Successfully removed ipv4 chain [%d]", result); + STC_LOGD("Successfully removed ipv4 chain [%d:%s]", result, chain); g_variant_unref(message); return STC_ERROR_NONE; @@ -292,7 +292,7 @@ static int __ip6tables_remove_chain(GDBusConnection *connection, } g_variant_get(message, "(i)", &result); - STC_LOGD("Successfully removed ipv6 chain [%d]", result); + STC_LOGD("Successfully removed ipv6 chain [%d:%s]", result, chain); g_variant_unref(message); return STC_ERROR_NONE; @@ -317,7 +317,7 @@ static int __iptables_flush_chain(GDBusConnection *connection, } g_variant_get(message, "(i)", &result); - STC_LOGD("Successfully flushed ipv4 chain [%d]", result); + STC_LOGD("Successfully flushed ipv4 chain [%d:%s]", result, chain); g_variant_unref(message); return STC_ERROR_NONE; @@ -342,7 +342,7 @@ static int __ip6tables_flush_chain(GDBusConnection *connection, } g_variant_get(message, "(i)", &result); - STC_LOGD("Successfully flushed ipv6 chain [%d]", result); + STC_LOGD("Successfully flushed ipv6 chain [%d:%s]", result, chain); g_variant_unref(message); return STC_ERROR_NONE; @@ -358,7 +358,7 @@ static int __iptables_add_chain_jump_rule(const char *chain, iptables_rule.target = g_strdup(target); iptables_rule.chain = g_strdup(chain); - ret = iptables_add(&iptables_rule); + ret = iptables_add(&iptables_rule, IP_TYPE_IPV4_IPV6); g_free(iptables_rule.target); g_free(iptables_rule.chain); @@ -366,7 +366,7 @@ static int __iptables_add_chain_jump_rule(const char *chain, return ret; } -stc_error_e iptables_add(iptables_rule_s *rule) +stc_error_e iptables_add(iptables_rule_s *rule, iptables_ip_type_e iptype) { stc_error_e ret = STC_ERROR_NONE; stc_s *stc = stc_get_manager(); @@ -374,16 +374,22 @@ stc_error_e iptables_add(iptables_rule_s *rule) if (!stc || !stc->connection) return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE - ret = __iptables_rule_add(stc->connection, rule); - if (ret != STC_ERROR_NONE) - goto done; //LCOV_EXCL_LINE + if (iptype == IP_TYPE_IPV4 || + iptype == IP_TYPE_IPV4_IPV6) { + ret = __iptables_rule_add(stc->connection, rule); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + } + + if (iptype == IP_TYPE_IPV6 || + iptype == IP_TYPE_IPV4_IPV6) + ret = __ip6tables_rule_add(stc->connection, rule); - ret = __ip6tables_rule_add(stc->connection, rule); done: return ret; } -stc_error_e iptables_remove(iptables_rule_s *rule) +stc_error_e iptables_remove(iptables_rule_s *rule, iptables_ip_type_e iptype) { stc_error_e ret = STC_ERROR_NONE; stc_s *stc = stc_get_manager(); @@ -391,11 +397,17 @@ stc_error_e iptables_remove(iptables_rule_s *rule) if (!stc || !stc->connection) return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE - ret = __iptables_rule_remove(stc->connection, rule); - if (ret != STC_ERROR_NONE) - goto done; //LCOV_EXCL_LINE + if (iptype == IP_TYPE_IPV4 || + iptype == IP_TYPE_IPV4_IPV6) { + ret = __iptables_rule_remove(stc->connection, rule); + if (ret != STC_ERROR_NONE) + goto done; //LCOV_EXCL_LINE + } + + if (iptype == IP_TYPE_IPV6 || + iptype == IP_TYPE_IPV4_IPV6) + ret = __ip6tables_rule_remove(stc->connection, rule); - ret = __ip6tables_rule_remove(stc->connection, rule); done: return ret; } diff --git a/src/helper/helper-iptables.h b/src/helper/helper-iptables.h index bdfedb1..b73e29f 100755 --- a/src/helper/helper-iptables.h +++ b/src/helper/helper-iptables.h @@ -29,6 +29,14 @@ typedef enum { IPTABLES_DIRECTION_OUT } iptables_rule_direction_e; +typedef enum { + IP_TYPE_UNKNOWN, + IP_TYPE_IPV4, + IP_TYPE_IPV6, + IP_TYPE_IPV4_IPV6, + IP_TYPE_LAST_ELEM +} iptables_ip_type_e; + typedef struct { char *chain; char *ifname; @@ -38,8 +46,8 @@ typedef struct { uint32_t classid; } iptables_rule_s; -stc_error_e iptables_add(iptables_rule_s *rule); -stc_error_e iptables_remove(iptables_rule_s *rule); +stc_error_e iptables_add(iptables_rule_s *rule, iptables_ip_type_e iptype); +stc_error_e iptables_remove(iptables_rule_s *rule, iptables_ip_type_e iptype); stc_error_e iptables_flush_chains(void); stc_error_e iptables_init(void); stc_error_e iptables_deinit(void); diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c index 8f5dfee..5944967 100755 --- a/src/helper/helper-nfacct-rule.c +++ b/src/helper/helper-nfacct-rule.c @@ -444,6 +444,7 @@ static char *choose_iftype_name(nfacct_rule_s *rule) static stc_error_e exec_iptables_cmd(nfacct_rule_s *rule) { stc_error_e ret = STC_ERROR_NONE; + iptables_ip_type_e iptype; iptables_rule_s iptables_rule; memset(&iptables_rule, 0, sizeof(iptables_rule_s)); @@ -453,13 +454,14 @@ static stc_error_e exec_iptables_cmd(nfacct_rule_s *rule) iptables_rule.chain = g_strdup(get_iptables_chain(rule->iotype)); iptables_rule.classid = rule->classid; iptables_rule.direction = (rule->iotype & NFACCT_COUNTER_IN) ? 0 : 1; + iptype = (iptables_ip_type_e)rule->iptype; if (rule->action == NFACCT_ACTION_DELETE) { /* delete interface rule */ - ret = iptables_remove(&iptables_rule); + ret = iptables_remove(&iptables_rule, iptype); } else { /* add interface rule */ - ret = iptables_add(&iptables_rule); + ret = iptables_add(&iptables_rule, iptype); } g_free(iptables_rule.nfacct_name); diff --git a/src/helper/helper-nfacct-rule.h b/src/helper/helper-nfacct-rule.h index 88b33ad..472cf29 100755 --- a/src/helper/helper-nfacct-rule.h +++ b/src/helper/helper-nfacct-rule.h @@ -62,6 +62,7 @@ typedef enum { NFACCT_TYPE_UNKNOWN, NFACCT_TYPE_IPV4, NFACCT_TYPE_IPV6, + NFACCT_TYPE_IPV4_IPV6, NFACCT_TYPE_LAST_ELEM } nfacct_rule_iptype; -- 2.7.4 From 03072c2b78962135ef801df23a52e32bf91cf7d0 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Thu, 8 Feb 2018 18:24:24 +0900 Subject: [PATCH 05/16] Fixed IPv4 and IPv6 monitoring issue Change-Id: I3fa0c4c550e21cbd87b5ef0e3f57de2487cf92c5 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- src/helper/helper-nfacct-rule.c | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 98a493a..a41f2c0 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.50 +Version: 0.0.51 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c index 5944967..87d2270 100755 --- a/src/helper/helper-nfacct-rule.c +++ b/src/helper/helper-nfacct-rule.c @@ -584,10 +584,9 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule) char *jump_cmd = get_iptables_jump(rule->jump); char nfacct_buf[sizeof(NFACCT_NAME_MOD) + 3*MAX_DEC_SIZE(int) + 4]; + uint32_t classid = rule->classid; stc_error_e ret; - rule->classid = 0; - if (rule->iotype & NFACCT_COUNTER_IN) { /* income part */ rule->iotype = NFACCT_COUNTER_IN; @@ -613,6 +612,9 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule) ret_value_msg_if(ret > sizeof(nfacct_buf) || ret < 0, STC_ERROR_FAIL, "Not enought buffer"); + classid = rule->classid; + rule->classid = 0; + ret = exec_iptables_cmd(rule); ret_value_msg_if(ret != STC_ERROR_NONE, STC_ERROR_FAIL, "Can't set conditional block for ingress" @@ -647,6 +649,8 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule) //LCOV_EXCL_STOP } + rule->classid = classid; + if (rule->iotype & NFACCT_COUNTER_OUT) { /* outcome part */ rule->iotype = NFACCT_COUNTER_OUT; @@ -672,6 +676,9 @@ static stc_error_e produce_iface_rule(nfacct_rule_s *rule) ret_value_msg_if(ret > sizeof(nfacct_buf) || ret < 0, STC_ERROR_FAIL, "Not enough buffer"); + classid = rule->classid; + rule->classid = 0; + ret = exec_iptables_cmd(rule); ret_value_msg_if(ret != STC_ERROR_NONE, STC_ERROR_FAIL, "Can't set conditional block for " -- 2.7.4 From f93b4376f74f2ea907594d826ccf9b5942753d15 Mon Sep 17 00:00:00 2001 From: Nishant Chaprana Date: Thu, 15 Feb 2018 15:56:24 +0530 Subject: [PATCH 06/16] Correct typo mistakes Change-Id: Ib03452f7d60b6f25f3e57bebe97dac0b4b1fecb3 Signed-off-by: Nishant Chaprana --- include/transmission.h | 2 +- packaging/stc-manager.spec | 2 +- src/database/include/stc-db.h | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/transmission.h b/include/transmission.h index 297d879..f94c9c1 100755 --- a/include/transmission.h +++ b/include/transmission.h @@ -33,7 +33,7 @@ /* Used both in kernel module and in control daemon */ /* - * @brief Entity for outgoing and incomming packet counter information. + * @brief Entity for outgoing and incoming packet counter information. * Used for serialization. */ struct traffic_event { diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index a41f2c0..d896960 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.51 +Version: 0.0.52 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/database/include/stc-db.h b/src/database/include/stc-db.h index 6255433..13ae916 100755 --- a/src/database/include/stc-db.h +++ b/src/database/include/stc-db.h @@ -76,22 +76,22 @@ typedef struct { } stc_db_classid_iftype_key; /** - * @desc This funciton init db oversize erase timer. + * @desc This function init db oversize erase timer. */ stc_error_e stc_init_db_guard(void); /** - * @desc This funciton deinit db oversize erase timer. + * @desc This function deinit db oversize erase timer. */ void stc_deinit_db_guard(void); /** - * @desc This funciton initializes storage module. + * @desc This function initializes storage module. */ gboolean stc_db_initialize(void); /** - * @desc This funciton deinitializes storage module. + * @desc This function deinitializes storage module. */ gboolean stc_db_deinitialize(void); -- 2.7.4 From 3c752514e81dd233f64ecaf84137b94fc7231c98 Mon Sep 17 00:00:00 2001 From: Nishant Chaprana Date: Wed, 21 Feb 2018 11:55:51 +0530 Subject: [PATCH 07/16] Separately identify restrictions by rst_type Description: This patch adds logic to separately identify restriction on basis of restriction type (Blocked/Excluded). Also it stores rst_type inplace of rst_state in restriction table because rst_state is only to check whether restriction is active or not and we are not required to store that information to database. Change-Id: I5f540c5b791634072d58c87e7eceda8e6f653e76 Signed-off-by: Nishant Chaprana --- data/traffic_db.sql | 2 +- include/stc-manager.h | 10 ++++++++++ packaging/stc-manager.spec | 2 +- src/database/include/table-restrictions.h | 2 +- src/database/tables/table-restrictions.c | 26 +++++++++++++------------- src/monitor/include/stc-monitor.h | 1 + src/monitor/stc-monitor.c | 17 +++++++++++------ src/stc-restriction.c | 10 +++++----- 8 files changed, 43 insertions(+), 27 deletions(-) diff --git a/data/traffic_db.sql b/data/traffic_db.sql index dd83d65..c305dbd 100644 --- a/data/traffic_db.sql +++ b/data/traffic_db.sql @@ -20,7 +20,7 @@ CREATE TABLE IF NOT EXISTS restrictions ( binpath TEXT, iftype INT, ifname TEXT, - rst_state INT, + rst_type INT, roaming INT, subscriber_id TEXT NOT NULL, data_limit BIGINT, diff --git a/include/stc-manager.h b/include/stc-manager.h index f2b9c97..bb23514 100755 --- a/include/stc-manager.h +++ b/include/stc-manager.h @@ -84,6 +84,16 @@ typedef enum { } stc_restriction_state_e; /** + * @brief Network restriction types + */ +typedef enum { + STC_RSTN_TYPE_UNKNOWN, + STC_RSTN_TYPE_EXCLUDED, /**< exclusion */ + STC_RSTN_TYPE_BLOCKED, /**< block */ + STC_RSTN_TYPE_LAST_ELEM +} stc_rstn_type_e; + +/** * @brief Network interface types */ typedef enum { diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index d896960..7762b06 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.52 +Version: 0.0.53 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/database/include/table-restrictions.h b/src/database/include/table-restrictions.h index d972b87..e006bdc 100755 --- a/src/database/include/table-restrictions.h +++ b/src/database/include/table-restrictions.h @@ -22,7 +22,7 @@ typedef struct { char *ifname; char *subscriber_id; stc_iface_type_e iftype; - stc_restriction_state_e rst_state; + stc_rstn_type_e rst_type; stc_roaming_type_e roaming; int64_t data_limit; int64_t data_warn_limit; diff --git a/src/database/tables/table-restrictions.c b/src/database/tables/table-restrictions.c index 1c717e4..2d64f9c 100755 --- a/src/database/tables/table-restrictions.c +++ b/src/database/tables/table-restrictions.c @@ -30,36 +30,36 @@ /* SELECT statements */ #define SELECT_RESTRICTIONS "SELECT binpath, data_limit, " \ - " iftype, rst_state, roaming, ifname, subscriber_id, " \ + " iftype, rst_type, roaming, ifname, subscriber_id, " \ " data_warn_limit, restriction_id FROM restrictions" #define SELECT_RESTRICTIONS_PER_APP "SELECT binpath, data_limit, " \ - " iftype, rst_state, roaming, ifname, subscriber_id, " \ + " iftype, rst_type, roaming, ifname, subscriber_id, " \ " data_warn_limit, restriction_id " \ " FROM restrictions INDEXED BY restrictions_index " \ " WHERE binpath = ?" -#define SELECT_RESTRICTION_STATE "SELECT rst_state " \ +#define SELECT_RESTRICTION_STATE "SELECT rst_type " \ " FROM restrictions INDEXED BY restrictions_index " \ " WHERE binpath = ? AND iftype = ?" -#define SELECT_RESTRICTION_STATE_SUBSCRIBER_ID "SELECT rst_state " \ +#define SELECT_RESTRICTION_STATE_SUBSCRIBER_ID "SELECT rst_type " \ " FROM restrictions INDEXED BY restrictions_index " \ " WHERE binpath = ? AND iftype = ? AND subscriber_id = ?" #define SELECT_RESTRICTION_ID "SELECT restriction_id FROM restrictions " \ " WHERE binpath = ? AND iftype = ? AND subscriber_id = ? AND " \ - " rst_state = ? AND roaming = ? AND ifname = ?" + " rst_type = ? AND roaming = ? AND ifname = ?" /* UPDATE statement */ #define UPDATE_NET_RESTRICTIONS "UPDATE restrictions " \ - " SET binpath = ?, data_limit = ?, iftype = ?, rst_state = ?, " \ + " SET binpath = ?, data_limit = ?, iftype = ?, rst_type = ?, " \ " roaming = ?, ifname = ?, subscriber_id = ?, data_warn_limit = ? " \ " WHERE restriction_id = ?" /* INSERT statement */ #define INSERT_NET_RESTRICTIONS "INSERT INTO restrictions " \ - " (binpath, data_limit, iftype, rst_state, " \ + " (binpath, data_limit, iftype, rst_type, " \ " roaming, ifname, subscriber_id, data_warn_limit) " \ " VALUES (?, ?, ?, ?, ?, ?, ?, ?)" @@ -285,8 +285,8 @@ stc_error_e table_restrictions_per_app(const gchar* app_id, data.app_id = (char *)sqlite3_column_text(stmt, 0); data.data_limit = sqlite3_column_int64(stmt, 1); data.iftype = (stc_iface_type_e)sqlite3_column_int(stmt, 2); - data.rst_state = - (stc_restriction_state_e)sqlite3_column_int(stmt, 3); + data.rst_type = + (stc_rstn_type_e)sqlite3_column_int(stmt, 3); data.roaming = sqlite3_column_int(stmt, 4); data.ifname = (char *)sqlite3_column_text(stmt, 5); data.subscriber_id = (char *)sqlite3_column_text(stmt, 6); @@ -333,8 +333,8 @@ stc_error_e table_restrictions_foreach(const table_restrictions_info_cb restrict data.app_id = (char *)sqlite3_column_text(stmt, 0); data.data_limit = sqlite3_column_int64(stmt, 1); data.iftype = (stc_iface_type_e)sqlite3_column_int(stmt, 2); - data.rst_state = - (stc_restriction_state_e)sqlite3_column_int(stmt, 3); + data.rst_type = + (stc_rstn_type_e)sqlite3_column_int(stmt, 3); data.roaming = sqlite3_column_int(stmt, 4); data.ifname = (char *)sqlite3_column_text(stmt, 5); data.subscriber_id = (char *)sqlite3_column_text(stmt, 6); @@ -475,7 +475,7 @@ stc_error_e __get_restriction_id(table_restrictions_info *info) DB_ACTION(sqlite3_bind_int(stmt, 2, info->iftype)); DB_ACTION(sqlite3_bind_text(stmt, 3, info->subscriber_id ? info->subscriber_id : "", -1, SQLITE_TRANSIENT)); - DB_ACTION(sqlite3_bind_int(stmt, 4, info->rst_state)); + DB_ACTION(sqlite3_bind_int(stmt, 4, info->rst_type)); DB_ACTION(sqlite3_bind_int(stmt, 5, info->roaming)); DB_ACTION(sqlite3_bind_text(stmt, 6, info->ifname ? info->ifname : "", -1, SQLITE_TRANSIENT)); @@ -519,7 +519,7 @@ stc_error_e table_restrictions_update(table_restrictions_info *info) -1, SQLITE_TRANSIENT)); DB_ACTION(sqlite3_bind_int64(stmt, 2, info->data_limit)); DB_ACTION(sqlite3_bind_int(stmt, 3, info->iftype)); - DB_ACTION(sqlite3_bind_int(stmt, 4, info->rst_state)); + DB_ACTION(sqlite3_bind_int(stmt, 4, info->rst_type)); DB_ACTION(sqlite3_bind_int(stmt, 5, info->roaming)); DB_ACTION(sqlite3_bind_text(stmt, 6, info->ifname ? info->ifname : "", -1, SQLITE_TRANSIENT)); diff --git a/src/monitor/include/stc-monitor.h b/src/monitor/include/stc-monitor.h index b8a7357..3437637 100755 --- a/src/monitor/include/stc-monitor.h +++ b/src/monitor/include/stc-monitor.h @@ -79,6 +79,7 @@ typedef struct { uint64_t restriction_id; uint32_t classid; stc_restriction_state_e rst_state; + stc_rstn_type_e rst_type; int64_t data_limit; int64_t data_warn_limit; int64_t data_counter; diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index b27c97f..50a917f 100755 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -257,6 +257,10 @@ static int __rstns_tree_key_compare(gconstpointer a, gconstpointer b, if (ret != 0) return ret; + ret = key_a->roaming - key_b->roaming; + if (ret != 0) + return ret; + return 0; } @@ -1346,6 +1350,7 @@ static stc_error_e __rstn_tree_add(stc_rstn_key_s *key, rstn_value->restriction_id = value->restriction_id; rstn_value->rst_state = value->rst_state; + rstn_value->rst_type = value->rst_type; rstn_value->classid = value->classid; rstn_value->data_limit = value->data_limit; rstn_value->data_warn_limit = value->data_warn_limit; @@ -1379,10 +1384,11 @@ static stc_cb_ret_e __insert_restriction_cb(const table_restrictions_info *info, key.iftype = info->iftype; key.roaming = info->roaming; - value.rst_state = info->rst_state; + value.rst_type = info->rst_type; + value.rst_state = STC_RESTRICTION_UNKNOWN; value.restriction_id = info->restriction_id; - if (value.rst_state != STC_RESTRICTION_EXCLUDED && info->app_id) + if (info->app_id) value.classid = get_classid_by_app_id(info->app_id, TRUE); else value.classid = STC_UNKNOWN_CLASSID; @@ -1868,12 +1874,11 @@ stc_error_e stc_monitor_rstns_tree_add(const table_restrictions_info *info) key.iftype = info->iftype; key.roaming = info->roaming; - value.rst_state = info->rst_state; + value.rst_type = info->rst_type; + value.rst_state = STC_RESTRICTION_UNKNOWN; value.restriction_id = info->restriction_id; - if (value.rst_state > STC_RESTRICTION_UNKNOWN && - value.rst_state < STC_RESTRICTION_LAST_ELEM && - info->app_id) + if (info->app_id) value.classid = get_classid_by_app_id(info->app_id, TRUE); else value.classid = STC_UNKNOWN_CLASSID; diff --git a/src/stc-restriction.c b/src/stc-restriction.c index e8a8a7d..cb3a382 100755 --- a/src/stc-restriction.c +++ b/src/stc-restriction.c @@ -43,7 +43,7 @@ void __initialize_rstn_rule(table_restrictions_info *rule) rule->app_id = NULL; rule->ifname = NULL; rule->iftype = STC_IFACE_ALL; - rule->rst_state = STC_RESTRICTION_REMOVED; + rule->rst_type = STC_RSTN_TYPE_UNKNOWN; rule->data_limit = 0; rule->data_warn_limit = 0; rule->roaming = STC_ROAMING_DISABLE; @@ -109,8 +109,8 @@ void __stc_restriction_app_info_builder_add(GVariantBuilder *builder, g_variant_builder_add(builder, "{sv}", "iftype", g_variant_new_uint16(info->iftype)); - g_variant_builder_add(builder, "{sv}", "rst_state", - g_variant_new_uint16(info->rst_state)); + g_variant_builder_add(builder, "{sv}", "rst_type", + g_variant_new_uint16(info->rst_type)); g_variant_builder_add(builder, "{sv}", "data_limit", g_variant_new_int64(info->data_limit)); @@ -239,7 +239,7 @@ gboolean handle_restriction_set(StcRestriction *object, g_variant_iter_free(iter); } - rule.rst_state = STC_RESTRICTION_REMOVED; + rule.rst_type = STC_RSTN_TYPE_BLOCKED; if (__validate_rstn_rule(&rule, RST_SET) == FALSE) { STC_RESTRICTION_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE @@ -277,7 +277,7 @@ gboolean handle_restriction_exclude(StcRestriction *object, g_variant_iter_free(iter); } - rule.rst_state = STC_RESTRICTION_EXCLUDED; + rule.rst_type = STC_RSTN_TYPE_EXCLUDED; if (__validate_rstn_rule(&rule, RST_EXCLUDE) == FALSE) { STC_RESTRICTION_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE -- 2.7.4 From 017d7950e8234e3aa78d41d1002dc8923335ee6e Mon Sep 17 00:00:00 2001 From: Nishant Chaprana Date: Mon, 26 Feb 2018 13:02:54 +0530 Subject: [PATCH 08/16] Add exclusion rule logic Description: This patch adds implementation below features for exclusion rule 1) add exclusion rule 2) delete exclusion rule 3) update exclusion rule Change-Id: I30a0e2602a53c6d76d501717a8428a2e077b0ea4 Signed-off-by: Nishant Chaprana --- include/stc-manager.h | 5 +- packaging/stc-manager.spec | 2 +- src/database/tables/table-restrictions.c | 7 +- src/helper/helper-nfacct-rule.c | 5 + src/helper/helper-nfacct-rule.h | 1 + src/monitor/stc-monitor.c | 215 +++++++++++++++++-------------- 6 files changed, 128 insertions(+), 107 deletions(-) diff --git a/include/stc-manager.h b/include/stc-manager.h index bb23514..1a84f69 100755 --- a/include/stc-manager.h +++ b/include/stc-manager.h @@ -77,9 +77,8 @@ typedef enum { */ typedef enum { STC_RESTRICTION_UNKNOWN, - STC_RESTRICTION_ACTIVATED, /** < restriction has been activated */ - STC_RESTRICTION_REMOVED, /** < restriction has been removed */ - STC_RESTRICTION_EXCLUDED, /** < restriction has been excluded */ + STC_RESTRICTION_ACTIVATED, /**< restriction has been activated */ + STC_RESTRICTION_DEACTIVATED, /**< restriction has been deactivated */ STC_RESTRICTION_LAST_ELEM } stc_restriction_state_e; diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 7762b06..7b9b87e 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.53 +Version: 0.0.54 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/database/tables/table-restrictions.c b/src/database/tables/table-restrictions.c index 2d64f9c..8452926 100755 --- a/src/database/tables/table-restrictions.c +++ b/src/database/tables/table-restrictions.c @@ -49,7 +49,7 @@ #define SELECT_RESTRICTION_ID "SELECT restriction_id FROM restrictions " \ " WHERE binpath = ? AND iftype = ? AND subscriber_id = ? AND " \ - " rst_type = ? AND roaming = ? AND ifname = ?" + " roaming = ? AND ifname = ?" /* UPDATE statement */ #define UPDATE_NET_RESTRICTIONS "UPDATE restrictions " \ @@ -475,9 +475,8 @@ stc_error_e __get_restriction_id(table_restrictions_info *info) DB_ACTION(sqlite3_bind_int(stmt, 2, info->iftype)); DB_ACTION(sqlite3_bind_text(stmt, 3, info->subscriber_id ? info->subscriber_id : "", -1, SQLITE_TRANSIENT)); - DB_ACTION(sqlite3_bind_int(stmt, 4, info->rst_type)); - DB_ACTION(sqlite3_bind_int(stmt, 5, info->roaming)); - DB_ACTION(sqlite3_bind_text(stmt, 6, info->ifname ? info->ifname : "", + DB_ACTION(sqlite3_bind_int(stmt, 4, info->roaming)); + DB_ACTION(sqlite3_bind_text(stmt, 5, info->ifname ? info->ifname : "", -1, SQLITE_TRANSIENT)); rc = sqlite3_step(stmt); diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c index 87d2270..4c12965 100755 --- a/src/helper/helper-nfacct-rule.c +++ b/src/helper/helper-nfacct-rule.c @@ -279,6 +279,9 @@ bool recreate_counter_by_name(char *cnt_name, nfacct_rule_s *cnt) case 'r': cnt->intend = NFACCT_BLOCK; break; + case 'a': + cnt->intend = NFACCT_ALLOW; + break; case 't': cnt->intend = NFACCT_TETH_COUNTER; //LCOV_EXCL_LINE break; //LCOV_EXCL_LINE @@ -756,6 +759,8 @@ void generate_counter_name(nfacct_rule_s *counter) warn_symbol = 'w'; else if (counter->intend == NFACCT_BLOCK) warn_symbol = 'r'; + else if (counter->intend == NFACCT_ALLOW) + warn_symbol = 'a'; snprintf(counter->name, NFACCT_NAME_MAX, "%c%d_%d_%d_%s", warn_symbol, counter->iotype, counter->iftype, counter->classid, counter->ifname); diff --git a/src/helper/helper-nfacct-rule.h b/src/helper/helper-nfacct-rule.h index 472cf29..c305246 100755 --- a/src/helper/helper-nfacct-rule.h +++ b/src/helper/helper-nfacct-rule.h @@ -54,6 +54,7 @@ typedef enum { NFACCT_COUNTER, NFACCT_WARN, NFACCT_BLOCK, + NFACCT_ALLOW, NFACCT_TETH_COUNTER, NFACCT_RULE_LAST_ELEM, } nfacct_rule_intend; diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index 50a917f..83d64d0 100755 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -54,6 +54,8 @@ static nfacct_rule_jump __get_jump_by_intend(struct nfacct_rule *counter) return NFACCT_JUMP_ACCEPT; else if (counter->intend == NFACCT_BLOCK) return NFACCT_JUMP_REJECT; + else if (counter->intend == NFACCT_ALLOW) + return NFACCT_JUMP_ACCEPT; return NFACCT_JUMP_UNKNOWN; } @@ -460,20 +462,94 @@ static void __print_rstn(stc_rstn_key_s *rstn_key, stc_rstn_value_s *rstn_value) { STC_LOGI("rstn info => rstn_id [%llu], " "app_id [%s], classid [%lu], ifname [%s], " - "iftype [%d], rst_state [%d], " + "iftype [%d], rst_state [%d], rst_type [%d], " "limit [ (%lld) bytes], " "warn_limit [ (%lld) bytes], " "counter [ (%lld) bytes], " "roaming [%d], subscriber_id [%s]", rstn_value->restriction_id, rstn_key->app_id, rstn_value->classid , rstn_key->ifname, - rstn_key->iftype, rstn_value->rst_state, + rstn_key->iftype, rstn_value->rst_state, rstn_value->rst_type, rstn_value->data_limit, rstn_value->data_warn_limit, rstn_value->data_counter, rstn_key->roaming, rstn_key->subscriber_id); } +static void __add_iptables_rule(int64_t classid, nfacct_rule_intend intend, + stc_iface_type_e iftype) +{ + char *default_ifname = stc_default_connection_get_ifname(); + struct nfacct_rule counter; + stc_s *stc = stc_get_manager(); + if (!stc) { + g_free(default_ifname); //LCOV_EXCL_LINE + return; //LCOV_EXCL_LINE + } + + if (!stc->carg) { + stc->carg = MALLOC0(counter_arg_s, 1); //LCOV_EXCL_LINE + if (stc->carg == NULL) { //LCOV_EXCL_LINE + g_free(default_ifname); //LCOV_EXCL_LINE + return; //LCOV_EXCL_LINE + } + + stc->carg->sock = stc_monitor_get_counter_socket(); //LCOV_EXCL_LINE + } + + counter.carg = stc->carg; + counter.classid = classid; + counter.intend = intend; + counter.iftype = iftype; + g_strlcpy(counter.ifname, default_ifname, MAX_IFACE_LENGTH); + g_free(default_ifname); + + /* iptables rule */ + __add_iptables_in(&counter); + __add_iptables_out(&counter); + + /* ip6tables rule */ + __add_ip6tables_in(&counter); + __add_ip6tables_out(&counter); +} + +static void __del_iptables_rule(int64_t classid, nfacct_rule_intend intend, + stc_iface_type_e iftype) +{ + char *default_ifname = stc_default_connection_get_ifname(); + struct nfacct_rule counter; + stc_s *stc = stc_get_manager(); + if (!stc) { + g_free(default_ifname); //LCOV_EXCL_LINE + return; //LCOV_EXCL_LINE + } + + if (!stc->carg) { + stc->carg = MALLOC0(counter_arg_s, 1); //LCOV_EXCL_LINE + if (stc->carg == NULL) { //LCOV_EXCL_LINE + g_free(default_ifname); //LCOV_EXCL_LINE + return; //LCOV_EXCL_LINE + } + + stc->carg->sock = stc_monitor_get_counter_socket(); //LCOV_EXCL_LINE + } + + counter.carg = stc->carg; + counter.classid = classid; + counter.intend = intend; + counter.iftype = iftype; + g_strlcpy(counter.ifname, default_ifname, MAX_IFACE_LENGTH); + g_free(default_ifname); + + /* iptables rule */ + __del_iptables_in(&counter); + __del_iptables_out(&counter); + + /* ip6tables rule */ + __del_ip6tables_in(&counter); + __del_ip6tables_out(&counter); +} + static void __process_restriction(enum traffic_restriction_type rst_type, stc_rstn_key_s *rstn_key, stc_rstn_value_s *rstn_value, void *data) @@ -531,87 +607,26 @@ static void __process_restriction(enum traffic_restriction_type rst_type, switch (rst_type) { case RST_SET: - if (effective_data_limit <= 0) { - char *default_ifname = stc_default_connection_get_ifname(); - struct nfacct_rule counter; - stc_s *stc = stc_get_manager(); - if (!stc) { - g_free(default_ifname); //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE - } - - if (!stc->carg) { - stc->carg = MALLOC0(counter_arg_s, 1); //LCOV_EXCL_LINE - if (stc->carg == NULL) { //LCOV_EXCL_LINE - g_free(default_ifname); //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE - } - - stc->carg->sock = stc_monitor_get_counter_socket(); //LCOV_EXCL_LINE - } - - counter.carg = stc->carg; - counter.classid = rstn_value->classid; - counter.intend = NFACCT_BLOCK; - counter.iftype = rstn_key->iftype; - g_strlcpy(counter.ifname, default_ifname, - MAX_IFACE_LENGTH); - g_free(default_ifname); - - /* iptables rule */ - __add_iptables_in(&counter); - __add_iptables_out(&counter); - - /* ip6tables rule */ - __add_ip6tables_in(&counter); - __add_ip6tables_out(&counter); - } + if (effective_data_limit <= 0) + __add_iptables_rule(rstn_value->classid, NFACCT_BLOCK, + rstn_key->iftype); rstn_value->rst_state = STC_RESTRICTION_ACTIVATED; rstn_value->data_limit_reached = FALSE; break; case RST_EXCLUDE: - ;//Do Nothing + __add_iptables_rule(rstn_value->classid, NFACCT_ALLOW, + rstn_key->iftype); + + rstn_value->rst_state = STC_RESTRICTION_ACTIVATED; + rstn_value->data_limit_reached = TRUE; break; case RST_UNSET: - { - char *default_ifname = stc_default_connection_get_ifname(); - struct nfacct_rule counter; - stc_s *stc = stc_get_manager(); - if (!stc) { - g_free(default_ifname); //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE - } - - if (!stc->carg) { - stc->carg = MALLOC0(counter_arg_s, 1); //LCOV_EXCL_LINE - if (stc->carg == NULL) { //LCOV_EXCL_LINE - g_free(default_ifname); //LCOV_EXCL_LINE - return; //LCOV_EXCL_LINE - } - - stc->carg->sock = stc_monitor_get_counter_socket(); //LCOV_EXCL_LINE - } - - counter.carg = stc->carg; - counter.classid = rstn_value->classid; - counter.intend = NFACCT_BLOCK; - counter.iftype = rstn_key->iftype; - g_strlcpy(counter.ifname, default_ifname, - MAX_IFACE_LENGTH); - g_free(default_ifname); - - /* iptables rule */ - __del_iptables_in(&counter); - __del_iptables_out(&counter); - - /* ip6tables rule */ - __del_ip6tables_in(&counter); - __del_ip6tables_out(&counter); - - rstn_value->rst_state = STC_RESTRICTION_REMOVED; - rstn_value->data_limit_reached = FALSE; - } + __del_iptables_rule(rstn_value->classid, rstn_value->rst_type, + rstn_key->iftype); + + rstn_value->rst_state = STC_RESTRICTION_DEACTIVATED; + rstn_value->data_limit_reached = FALSE; break; default: ;//Do Nothing @@ -636,7 +651,7 @@ static gboolean __remove_rstns_foreach_application(gpointer key, goto out; /* rstn rule is already removed */ - if (rstn_value->rst_state == STC_RESTRICTION_REMOVED) + if (rstn_value->rst_state == STC_RESTRICTION_DEACTIVATED) goto out; /* remove restriction from system */ @@ -1263,7 +1278,7 @@ static gboolean __add_restriction_debug(gpointer key, gpointer value, if (rstn_value->rst_state == STC_RESTRICTION_ACTIVATED) return FALSE; - if (rstn_value->rst_state == STC_RESTRICTION_EXCLUDED) + if (rstn_value->rst_type == STC_RSTN_TYPE_EXCLUDED) __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, data); else __process_restriction(RST_SET, rstn_key, rstn_value, data); @@ -1283,7 +1298,7 @@ static gboolean __add_restriction(gpointer key, gpointer value, gpointer data) if (rstn_value->rst_state == STC_RESTRICTION_ACTIVATED) return FALSE; - if (rstn_value->rst_state == STC_RESTRICTION_EXCLUDED) + if (rstn_value->rst_type == STC_RSTN_TYPE_EXCLUDED) __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, data); else __process_restriction(RST_SET, rstn_key, rstn_value, data); @@ -1320,34 +1335,36 @@ static stc_error_e __rstn_tree_remove(stc_rstn_key_s *key) static stc_error_e __rstn_tree_add(stc_rstn_key_s *key, stc_rstn_value_s *value, gboolean debug) { + stc_rstn_key_s *rstn_key; stc_rstn_value_s *rstn_value; ret_value_msg_if(g_system == NULL, STC_ERROR_FAIL, "stc monitor not initialized!"); rstn_value = __rstn_lookup(g_system->rstns, key); - if (!rstn_value) { - stc_rstn_key_s *rstn_key = MALLOC0(stc_rstn_key_s, 1); - if (!rstn_key) { - STC_LOGE("rstn_key allocation failed"); //LCOV_EXCL_LINE - return STC_ERROR_OUT_OF_MEMORY; //LCOV_EXCL_LINE - } - - rstn_value = MALLOC0(stc_rstn_value_s, 1); - if (!rstn_value) { - STC_LOGE("rstn_value allocation failed"); //LCOV_EXCL_LINE - FREE(rstn_key); //LCOV_EXCL_LINE - return STC_ERROR_OUT_OF_MEMORY; //LCOV_EXCL_LINE - } + if (rstn_value) + __rstn_tree_remove(key); - rstn_key->app_id = g_strdup(key->app_id); - rstn_key->ifname = g_strdup(key->ifname); - rstn_key->subscriber_id = g_strdup(key->subscriber_id); - rstn_key->iftype = key->iftype; - rstn_key->roaming = key->roaming; + rstn_key = MALLOC0(stc_rstn_key_s, 1); + if (!rstn_key) { + STC_LOGE("rstn_key allocation failed"); //LCOV_EXCL_LINE + return STC_ERROR_OUT_OF_MEMORY; //LCOV_EXCL_LINE + } - g_tree_insert(g_system->rstns, rstn_key, rstn_value); + rstn_value = MALLOC0(stc_rstn_value_s, 1); + if (!rstn_value) { + STC_LOGE("rstn_value allocation failed"); //LCOV_EXCL_LINE + FREE(rstn_key); //LCOV_EXCL_LINE + return STC_ERROR_OUT_OF_MEMORY; //LCOV_EXCL_LINE } + rstn_key->app_id = g_strdup(key->app_id); + rstn_key->ifname = g_strdup(key->ifname); + rstn_key->subscriber_id = g_strdup(key->subscriber_id); + rstn_key->iftype = key->iftype; + rstn_key->roaming = key->roaming; + + g_tree_insert(g_system->rstns, rstn_key, rstn_value); + rstn_value->restriction_id = value->restriction_id; rstn_value->rst_state = value->rst_state; rstn_value->rst_type = value->rst_type; @@ -1434,7 +1451,7 @@ static gboolean __add_rstn_foreach_application(gpointer key, goto out; /* add restriction to system */ - if (rstn_value->rst_state == STC_RESTRICTION_EXCLUDED) + if (rstn_value->rst_type == STC_RSTN_TYPE_EXCLUDED) __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, NULL); else __process_restriction(RST_SET, rstn_key, rstn_value, NULL); -- 2.7.4 From e95e1237650aa3e0e3a9a8f1cad968872ef49d52 Mon Sep 17 00:00:00 2001 From: taesub kim Date: Mon, 2 Apr 2018 18:02:59 +0900 Subject: [PATCH 09/16] Added dbus/cynara policy Change-Id: Ic6107087ddf2a21fcd874fd125e402a36988c0df Signed-off-by: Taesub Kim --- resources/dbus/stc-manager.conf | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/resources/dbus/stc-manager.conf b/resources/dbus/stc-manager.conf index 6732e96..385ce13 100755 --- a/resources/dbus/stc-manager.conf +++ b/resources/dbus/stc-manager.conf @@ -1,15 +1,17 @@ - - - - - - - - - - - + + + + + + + + + + + + + -- 2.7.4 From 425d447730625bc8d2ad31d4d6fc0b4fed57f11c Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Thu, 5 Apr 2018 15:25:28 +0900 Subject: [PATCH 10/16] Added firewall feature Change-Id: I9c71bc7af199d145509cbe0c7e935d16e85dfd8d Signed-off-by: hyunuktak --- data/firewall_db.sql | 35 + include/stc-error.h | 6 +- include/stc-firewall.h | 104 ++ include/stc-manager-gdbus.h | 1 + include/stc-manager.h | 53 +- interfaces/CMakeLists.txt | 1 + interfaces/stcmanager-iface-firewall.xml | 53 + packaging/stc-manager.spec | 4 +- src/CMakeLists.txt | 1 + src/database/db-common.c | 3 + src/database/include/table-firewall.h | 49 + src/database/tables/table-firewall.c | 843 ++++++++++++++++ src/database/tables/table-statistics.c | 2 +- src/helper/helper-firewall.c | 716 ++++++++++++++ src/helper/helper-firewall.h | 82 ++ src/helper/helper-iptables.c | 2 +- src/helper/helper-iptables.h | 1 + src/helper/helper-nfacct-rule.c | 3 +- src/monitor/stc-default-connection.c | 2 + src/stc-firewall.c | 1551 ++++++++++++++++++++++++++++++ src/stc-manager-gdbus.c | 90 ++ src/stc-manager.c | 5 + src/stc-restriction.c | 2 + src/stc-statistics.c | 5 +- 24 files changed, 3604 insertions(+), 10 deletions(-) create mode 100644 data/firewall_db.sql create mode 100755 include/stc-firewall.h create mode 100644 interfaces/stcmanager-iface-firewall.xml create mode 100755 src/database/include/table-firewall.h create mode 100755 src/database/tables/table-firewall.c create mode 100755 src/helper/helper-firewall.c create mode 100755 src/helper/helper-firewall.h create mode 100755 src/stc-firewall.c diff --git a/data/firewall_db.sql b/data/firewall_db.sql new file mode 100644 index 0000000..9a0bfdb --- /dev/null +++ b/data/firewall_db.sql @@ -0,0 +1,35 @@ +CREATE TABLE IF NOT EXISTS fw_lock ( + name TEXT PRIMARY KEY, + state INT +); + +CREATE TABLE IF NOT EXISTS fw_chains ( + chain TEXT PRIMARY KEY, + target INT, + priority INT +); + +CREATE TABLE IF NOT EXISTS fw_rules ( + key BIGINT PRIMARY KEY, + chain TEXT NOT NULL, + direction INT, + s_ip_type INT, + d_ip_type INT, + s_port_type INT, + d_port_type INT, + protocol INT, + family INT, + s_ip1 TEXT NOT NULL, + s_ip2 TEXT NOT NULL, + d_ip1 TEXT NOT NULL, + d_ip2 TEXT NOT NULL, + s_port1 INT, + s_port2 INT, + d_port1 INT, + d_port2 INT, + ifname TEXT NOT NULL, + target INT, + identifier TEXT NOT NULL +); + +CREATE INDEX IF NOT EXISTS rules_index ON fw_rules (chain, target); diff --git a/include/stc-error.h b/include/stc-error.h index ecb4e68..6bf1c40 100755 --- a/include/stc-error.h +++ b/include/stc-error.h @@ -18,8 +18,10 @@ #define __STC_ERROR_H__ typedef enum { - STC_ERROR_NOTIMPL = -7, /**< Not implemented yet error */ - STC_ERROR_UNINITIALIZED = -6, /**< Cgroup doen't mounted or daemon not started */ + STC_ERROR_NOTIMPL = -9, /**< Not implemented yet error */ + STC_ERROR_PERMISSION_DENIED = -8, /**< Permission denied */ + STC_ERROR_UNINITIALIZED = -7, /**< Not initialized */ + STC_ERROR_ALREADY_DATA = -6, /**< Success, but already data */ STC_ERROR_NO_DATA = -5, /**< Success, but no data */ STC_ERROR_INVALID_PARAMETER = -4, /**< Invalid parameter */ STC_ERROR_OUT_OF_MEMORY = -3, /**< Out of memory */ diff --git a/include/stc-firewall.h b/include/stc-firewall.h new file mode 100755 index 0000000..c857f9b --- /dev/null +++ b/include/stc-firewall.h @@ -0,0 +1,104 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __STC_FIREWALL_H__ +#define __STC_FIREWALL_H__ + +#include +#include "stc-manager.h" +#include "stc-manager-gdbus.h" +#include "table-firewall.h" + +/***************************************************************************** + * Macros and Typedefs + *****************************************************************************/ + +typedef struct { + stc_fw_chain_target_e target; + uint64_t priority; + GSList *rules; +} stc_fw_data_s; + +/***************************************************************************** + * Functions Declaration + *****************************************************************************/ + +void stc_firewall_init(void); +void stc_firewall_update(void); +void stc_firewall_deinit(void); + +gboolean handle_firewall_lock(StcFirewall *object, + GDBusMethodInvocation *invocation, + void *user_data); + +gboolean handle_firewall_unlock(StcFirewall *object, + GDBusMethodInvocation *invocation, + void *user_data); + +gboolean handle_firewall_get_lock(StcFirewall *object, + GDBusMethodInvocation *invocation, + void *user_data); + +gboolean handle_firewall_add_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + gchar *chain, + void *user_data); + +gboolean handle_firewall_remove_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + gchar *chain, + void *user_data); + +gboolean handle_firewall_flush_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + gchar *chain, + void *user_data); + +gboolean handle_firewall_get_all_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + void *user_data); + +gboolean handle_firewall_set_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + gchar *chain, + unsigned int target, + void *user_data); + +gboolean handle_firewall_unset_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + gchar *chain, + void *user_data); + +gboolean handle_firewall_add_rule(StcFirewall *object, + GDBusMethodInvocation *invocation, + GVariant *parameters, + void *user_data); + +gboolean handle_firewall_remove_rule(StcFirewall *object, + GDBusMethodInvocation *invocation, + GVariant *parameters, + void *user_data); + +gboolean handle_firewall_update_rule(StcFirewall *object, + GDBusMethodInvocation *invocation, + GVariant *parameters, + void *user_data); + +gboolean handle_firewall_get_all_rule(StcFirewall *object, + GDBusMethodInvocation *invocation, + void *user_data); + +#endif /* __STC_FIREWALL_H__ */ diff --git a/include/stc-manager-gdbus.h b/include/stc-manager-gdbus.h index 7803c6b..4b6a50f 100755 --- a/include/stc-manager-gdbus.h +++ b/include/stc-manager-gdbus.h @@ -25,6 +25,7 @@ #define STC_DBUS_SERVICE_PATH "/net/stc" #define STC_DBUS_SERVICE_STATISTICS_PATH "/net/stc/statistics" #define STC_DBUS_SERVICE_RESTRICTION_PATH "/net/stc/restriction" +#define STC_DBUS_SERVICE_FIREWALL_PATH "/net/stc/firewall" #define STC_DBUS_SERVICE_MANAGER_PATH "/net/stc/manager" #define STC_DBUS_REPLY_ERROR_NONE(invocation) \ diff --git a/include/stc-manager.h b/include/stc-manager.h index 1a84f69..c6a8f8e 100755 --- a/include/stc-manager.h +++ b/include/stc-manager.h @@ -48,6 +48,56 @@ typedef enum { STC_CMD_MAX_ELEM } stc_cmd_type_e; +typedef enum { + STC_FW_DIRECTION_NONE, + STC_FW_DIRECTION_IN, + STC_FW_DIRECTION_OUT +} stc_fw_direction_e; + +typedef enum { + STC_FW_FAMILY_NONE, + STC_FW_FAMILY_V4, + STC_FW_FAMILY_V6 +} stc_fw_family_type_e; + +typedef enum { + STC_FW_IP_NONE, + STC_FW_IP_SINGLE, + STC_FW_IP_MASK, + STC_FW_IP_RANGE +} stc_fw_ip_type_e; + +typedef enum { + STC_FW_PORT_NONE, + STC_FW_PORT_SINGLE, + STC_FW_PORT_RANGE +} stc_fw_port_type_e; + +typedef enum { + STC_FW_PROTOCOL_NONE, + STC_FW_PROTOCOL_TCP, + STC_FW_PROTOCOL_UDP, + STC_FW_PROTOCOL_ICMP, + STC_FW_PROTOCOL_ESP, + STC_FW_PROTOCOL_AH, + STC_FW_PROTOCOL_SCTP, + STC_FW_PROTOCOL_MH, + STC_FW_PROTOCOL_ALL, +} stc_fw_protocol_type_e; + +typedef enum { + STC_FW_CHAIN_TARGET_NONE, + STC_FW_CHAIN_TARGET_INPUT, + STC_FW_CHAIN_TARGET_OUTPUT +} stc_fw_chain_target_e; + +typedef enum { + STC_FW_RULE_TARGET_NONE, + STC_FW_RULE_TARGET_ACCEPT, + STC_FW_RULE_TARGET_DROP, + STC_FW_RULE_TARGET_LOG, +} stc_fw_rule_target_e; + /** * @brief Monitored application types */ @@ -121,7 +171,7 @@ typedef enum { * @brief Hardware network protocol types */ typedef enum { - STC_PROTOCOL_NONE, /**< Network unknown */ + STC_PROTOCOL_UNKNOWN, /**< Network unknown */ STC_PROTOCOL_DATACALL_NOSVC, /**< Network no service */ STC_PROTOCOL_DATACALL_EMERGENCY, /**< Network emergency */ STC_PROTOCOL_DATACALL_SEARCH, /**< Network search 1900 */ @@ -173,6 +223,7 @@ typedef struct { gpointer statistics_obj; gpointer restriction_obj; + gpointer firewall_obj; gpointer manager_obj; GDBusObjectManagerServer *obj_mgr; diff --git a/interfaces/CMakeLists.txt b/interfaces/CMakeLists.txt index 2e61a9e..8f03ebf 100644 --- a/interfaces/CMakeLists.txt +++ b/interfaces/CMakeLists.txt @@ -9,6 +9,7 @@ ADD_CUSTOM_COMMAND( ${INTERFACES}/stcmanager-iface-manager.xml ${INTERFACES}/stcmanager-iface-restriction.xml ${INTERFACES}/stcmanager-iface-statistics.xml + ${INTERFACES}/stcmanager-iface-firewall.xml COMMENT "Generating GDBus .c/.h") ADD_CUSTOM_TARGET(GENERATED_DBUS_CODE DEPENDS dbus) diff --git a/interfaces/stcmanager-iface-firewall.xml b/interfaces/stcmanager-iface-firewall.xml new file mode 100644 index 0000000..d5817cf --- /dev/null +++ b/interfaces/stcmanager-iface-firewall.xml @@ -0,0 +1,53 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 7b9b87e..6dca357 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.54 +Version: 0.0.55 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 @@ -88,7 +88,9 @@ rm -rf %{buildroot} %if %{?enable_database} == YES mkdir -p %{buildroot}/opt/usr/dbspace sqlite3 %{buildroot}%{database_full_path} < %{buildroot}/usr/share/traffic_db.sql + sqlite3 %{buildroot}%{database_full_path} < %{buildroot}/usr/share/firewall_db.sql rm %{buildroot}/usr/share/traffic_db.sql + rm %{buildroot}/usr/share/firewall_db.sql %endif #Exceptions file diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f01f292..809897a 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -69,6 +69,7 @@ IF("${ENABLE_DATABASE}" STREQUAL "YES") SET(SRCS ${SRCS} ${DATABASE_SRCS} ${DATABASE_TABLES_SRCS}) INSTALL(FILES ${DATA_DIR}/traffic_db.sql DESTINATION /usr/share) + INSTALL(FILES ${DATA_DIR}/firewall_db.sql DESTINATION /usr/share) ENDIF() IF(BUILD_GTESTS) diff --git a/src/database/db-common.c b/src/database/db-common.c index f5f1770..a4c2a3d 100755 --- a/src/database/db-common.c +++ b/src/database/db-common.c @@ -19,6 +19,7 @@ #include "table-statistics.h" #include "table-restrictions.h" #include "table-counters.h" +#include "table-firewall.h" #ifndef DATABASE_FULL_PATH #define DATABASE_FULL_PATH "/opt/usr/dbspace/.stc-manager-datausage.db" @@ -111,6 +112,7 @@ stc_error_e stc_db_initialize(void) EXEC(STC_ERROR_NONE, table_statistics_prepare(database)); EXEC(STC_ERROR_NONE, table_restrictions_prepare(database)); EXEC(STC_ERROR_NONE, table_counters_prepare(database)); + EXEC(STC_ERROR_NONE, table_firewall_prepare(database)); EXEC(STC_ERROR_NONE, stc_init_db_guard()); __STC_LOG_FUNC_EXIT__; @@ -133,6 +135,7 @@ gboolean stc_db_deinitialize(void) table_statistics_finalize(); table_restrictions_finalize(); table_counters_finalize(); + table_firewall_finalize(); sqlite3_close(database); __STC_LOG_FUNC_EXIT__; diff --git a/src/database/include/table-firewall.h b/src/database/include/table-firewall.h new file mode 100755 index 0000000..e15668f --- /dev/null +++ b/src/database/include/table-firewall.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __TABLE_FIREWALL_H__ +#define __TABLE_FIREWALL_H__ + +#include +#include "helper-firewall.h" + +typedef stc_cb_ret_e +(*firewall_chain_cb)(const firewall_chain_s *info, void *user_data); + +typedef stc_cb_ret_e +(*firewall_rule_cb)(const firewall_rule_s *info, void *user_data); + +stc_error_e table_firewall_insert_lock(char *name, int state); +stc_error_e table_firewall_update_lock(char *name, int state); +stc_error_e table_firewall_get_lock(char *name, int *state); + +stc_error_e table_firewall_insert_chain(firewall_chain_s *info); +stc_error_e table_firewall_delete_chain(firewall_chain_s *info); +stc_error_e table_firewall_flush_chain(firewall_chain_s *info); +stc_error_e table_firewall_update_chain(firewall_chain_s *info); +stc_error_e table_firewall_foreach_chain(firewall_chain_cb info_cb, + void *user_data); + +stc_error_e table_firewall_insert_rule(firewall_rule_s *info); +stc_error_e table_firewall_delete_rule(firewall_rule_s *info); +stc_error_e table_firewall_update_rule(firewall_rule_s *info); +stc_error_e table_firewall_foreach_rule(firewall_rule_cb info_cb, + void *user_data); + +stc_error_e table_firewall_prepare(sqlite3 *db); +void table_firewall_finalize(void); + +#endif /*__TABLE_FIREWALL_H__ */ diff --git a/src/database/tables/table-firewall.c b/src/database/tables/table-firewall.c new file mode 100755 index 0000000..3c811c7 --- /dev/null +++ b/src/database/tables/table-firewall.c @@ -0,0 +1,843 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * This file implements restrictions entity handler methods. + * + * @file table-restrictions.c + */ + +#include "stc-db.h" +#include "db-internal.h" +#include "table-firewall.h" + +#define BUF_SIZE_FOR_IP 64 + +/* DELETE statements */ +#define DELETE_FIREWALL_CHAIN "DELETE FROM fw_chains " \ + "WHERE chain = ?" + +#define DELETE_FIREWALL_RULE "DELETE FROM fw_rules " \ + "WHERE key = ?" + +#define DELETE_FIREWALL_RULE_PER_CHAIN "DELETE FROM fw_rules " \ + "WHERE chain = ?" + +/* SELECT statements */ +#define SELECT_FIREWALL_LOCK "SELECT state FROM fw_lock " \ + "WHERE name = ?" + +#define SELECT_FIREWALL_CHAIN "SELECT chain, " \ + "target, priority FROM fw_chains" + +#define SELECT_FIREWALL_RULE "SELECT key, " \ + "chain, direction, s_ip_type, d_ip_type, s_port_type, " \ + "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \ + "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier " \ + "FROM fw_rules" + +#define SELECT_FIREWALL_RULE_PER_CHAIN "SELECT key, " \ + "chain, direction, s_ip_type, d_ip_type, s_port_type, " \ + "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \ + "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier " \ + "FROM fw_rules INDEXED BY rules_index " \ + "WHERE chain = ?" + +/* UPDATE statement */ +#define UPDATE_FIREWALL_LOCK "UPDATE fw_lock " \ + "SET state = ? WHERE name = ?" + +#define UPDATE_FIREWALL_CHAIN "UPDATE fw_chains " \ + "SET target = ?, priority = ? " \ + "WHERE chain = ?" + +#define UPDATE_FIREWALL_RULE "UPDATE fw_rules " \ + "SET chain = ?, direction = ?, s_ip_type = ?, d_ip_type = ?, " \ + "s_port_type = ?, d_port_type = ?, protocol = ?, family = ?, " \ + "s_ip1 = ?, s_ip2 = ?, d_ip1 = ?, d_ip2 = ?, s_port1 = ?, " \ + "s_port2 = ?, d_port1 = ?, d_port2 = ?, ifname = ?, " \ + "target = ?, identifier = ? " \ + "WHERE key = ?" + +/* INSERT statement */ +#define INSERT_FIREWALL_LOCK "INSERT INTO fw_lock " \ + "(name, state) VALUES (?, ?)" + +#define INSERT_FIREWALL_CHAIN "INSERT INTO fw_chains " \ + "(chain, target, priority) " \ + "VALUES (?, ?, ?)" + +#define INSERT_FIREWALL_RULE "INSERT INTO fw_rules " \ + "(key, chain, direction, s_ip_type, d_ip_type, s_port_type, " \ + "d_port_type, protocol, family, s_ip1, s_ip2, d_ip1, d_ip2, " \ + "s_port1, s_port2, d_port1, d_port2, ifname, target, identifier) " \ + "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)" + +static void __finalize_delete(void); + +#define PREPARE_DELETE(stm, query) do { \ + rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \ + if (rc != SQLITE_OK) { \ + stm = NULL; \ + __finalize_delete(); \ + STC_LOGE("Failed to prepare \"%s\" query" \ + , query); \ + return rc; \ + } \ +} while (0) + +static void __finalize_select(void); + +#define PREPARE_SELECT(stm, query) do { \ + rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \ + if (rc != SQLITE_OK) { \ + stm = NULL; \ + __finalize_select(); \ + STC_LOGE("Failed to prepare \"%s\" query" \ + , query); \ + return rc; \ + } \ +} while (0) + +static void __finalize_update(void); + +#define PREPARE_UPDATE(stm, query) do { \ + rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \ + if (rc != SQLITE_OK) { \ + stm = NULL; \ + __finalize_update(); \ + STC_LOGE("Failed to prepare \"%s\" query" \ + , query); \ + return rc; \ + } \ +} while (0) + +static void __finalize_insert(void); + +#define PREPARE_INSERT(stm, query) do { \ + rc = sqlite3_prepare_v2(db, query, -1, &stm, NULL); \ + if (rc != SQLITE_OK) { \ + stm = NULL; \ + __finalize_insert(); \ + STC_LOGE("Failed to prepare \"%s\" query" \ + , query); \ + return rc; \ + } \ +} while (0) + +#define FINALIZE(stm) do { \ + if (stm) { \ + sqlite3_finalize(stm); \ + stm = NULL; \ + } \ +} while (0) + +/* DELETE statements */ +static sqlite3_stmt *delete_fw_chain; +static sqlite3_stmt *delete_fw_rule; +static sqlite3_stmt *delete_fw_rule_per_chain; + +/* SELECT statements */ +static sqlite3_stmt *select_fw_lock; +static sqlite3_stmt *select_fw_chain; +static sqlite3_stmt *select_fw_rule; +static sqlite3_stmt *select_fw_rule_per_chain; + +/* UPDATE statements */ +static sqlite3_stmt *update_fw_lock; +static sqlite3_stmt *update_fw_chain; +static sqlite3_stmt *update_fw_rule; + +/* INSERT statements */ +static sqlite3_stmt *insert_fw_lock; +static sqlite3_stmt *insert_fw_chain; +static sqlite3_stmt *insert_fw_rule; + +static int __prepare_delete(sqlite3 *db) +{ + __STC_LOG_FUNC_ENTER__; + int rc; + static int initialized; + + if (initialized) { + __STC_LOG_FUNC_EXIT__; + return SQLITE_OK; + } + + PREPARE_DELETE(delete_fw_chain, DELETE_FIREWALL_CHAIN); + PREPARE_DELETE(delete_fw_rule, DELETE_FIREWALL_RULE); + PREPARE_DELETE(delete_fw_rule_per_chain, DELETE_FIREWALL_RULE_PER_CHAIN); + + initialized = 1; + __STC_LOG_FUNC_EXIT__; + return rc; +} + +static void __finalize_delete(void) +{ + __STC_LOG_FUNC_ENTER__; + + FINALIZE(delete_fw_chain); + FINALIZE(delete_fw_rule); + FINALIZE(delete_fw_rule_per_chain); + + __STC_LOG_FUNC_EXIT__; +} + +static int __prepare_select(sqlite3 *db) +{ + __STC_LOG_FUNC_ENTER__; + int rc; + static int initialized; + + if (initialized) { + __STC_LOG_FUNC_EXIT__; + return SQLITE_OK; + } + + PREPARE_SELECT(select_fw_lock, SELECT_FIREWALL_LOCK); + PREPARE_SELECT(select_fw_chain, SELECT_FIREWALL_CHAIN); + PREPARE_SELECT(select_fw_rule, SELECT_FIREWALL_RULE); + PREPARE_SELECT(select_fw_rule_per_chain, SELECT_FIREWALL_RULE_PER_CHAIN); + + initialized = 1; + __STC_LOG_FUNC_EXIT__; + return rc; +} + +static void __finalize_select(void) +{ + __STC_LOG_FUNC_ENTER__; + + FINALIZE(select_fw_lock); + FINALIZE(select_fw_chain); + FINALIZE(select_fw_rule); + FINALIZE(select_fw_rule_per_chain); + + __STC_LOG_FUNC_EXIT__; +} + +static int __prepare_update(sqlite3 *db) +{ + __STC_LOG_FUNC_ENTER__; + int rc; + static int initialized; + + if (initialized) { + __STC_LOG_FUNC_EXIT__; + return SQLITE_OK; + } + + PREPARE_UPDATE(update_fw_lock, UPDATE_FIREWALL_LOCK); + PREPARE_UPDATE(update_fw_chain, UPDATE_FIREWALL_CHAIN); + PREPARE_UPDATE(update_fw_rule, UPDATE_FIREWALL_RULE); + + initialized = 1; + __STC_LOG_FUNC_EXIT__; + return rc; +} + +static void __finalize_update(void) +{ + __STC_LOG_FUNC_ENTER__; + + FINALIZE(update_fw_lock); + FINALIZE(update_fw_chain); + FINALIZE(update_fw_rule); + + __STC_LOG_FUNC_EXIT__; +} + +static int __prepare_insert(sqlite3 *db) +{ + __STC_LOG_FUNC_ENTER__; + int rc; + static int initialized; + + if (initialized) { + __STC_LOG_FUNC_EXIT__; + return SQLITE_OK; + } + + PREPARE_INSERT(insert_fw_lock, INSERT_FIREWALL_LOCK); + PREPARE_INSERT(insert_fw_chain, INSERT_FIREWALL_CHAIN); + PREPARE_INSERT(insert_fw_rule, INSERT_FIREWALL_RULE); + + initialized = 1; + __STC_LOG_FUNC_EXIT__; + return rc; +} + +static void __finalize_insert(void) +{ + __STC_LOG_FUNC_ENTER__; + + FINALIZE(insert_fw_lock); + FINALIZE(insert_fw_chain); + FINALIZE(insert_fw_rule); + + __STC_LOG_FUNC_EXIT__; +} + +stc_error_e table_firewall_insert_lock(char *name, int state) +{ + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = insert_fw_lock; + + DB_ACTION(sqlite3_bind_text(stmt, 1, name ? name : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 2, state)); + + if (sqlite3_step(stmt) != SQLITE_DONE) { + STC_LOGE("Failed to insert firewall lock state: %s\n", + sqlite3_errmsg(stc_db_get_database())); + + error_code = STC_ERROR_DB_FAILED; + goto handle_error; + } + + STC_LOGD("Firewall lock state inserted [%d]", state); + +handle_error: + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_update_lock(char *name, int state) +{ + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = update_fw_lock; + + DB_ACTION(sqlite3_bind_int(stmt, 1, state)); + DB_ACTION(sqlite3_bind_text(stmt, 2, name ? name : "", + -1, SQLITE_TRANSIENT)); + + if (sqlite3_step(stmt) != SQLITE_DONE) { + STC_LOGE("Failed to update firewall lock state: %s\n", + sqlite3_errmsg(stc_db_get_database())); + + error_code = STC_ERROR_DB_FAILED; + goto handle_error; + } + + STC_LOGD("Firewall lock state updated [%d]", state); + +handle_error: + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_get_lock(char *name, int *state) +{ + int rc; + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = select_fw_lock; + + if (!name) + return STC_ERROR_DB_FAILED; + + DB_ACTION(sqlite3_bind_text(stmt, 1, name, + -1, SQLITE_TRANSIENT)); + + rc = sqlite3_step(stmt); + + switch (rc) { + case SQLITE_DONE: + break; + case SQLITE_ROW: + *state = sqlite3_column_int(stmt, 0); + break; + case SQLITE_ERROR: + default: + STC_LOGE("Failed to get firewall lock state: %s\n", + sqlite3_errmsg(stc_db_get_database())); + + error_code = STC_ERROR_DB_FAILED; + goto handle_error; + } + + STC_LOGD("Firewall lock state [%d]", *state); + +handle_error: + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_insert_chain(firewall_chain_s *info) +{ + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = insert_fw_chain; + + if (!info) { + error_code = STC_ERROR_INVALID_PARAMETER; + goto handle_error; + } + + DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 2, info->target)); + DB_ACTION(sqlite3_bind_int(stmt, 3, info->priority)); + + if (sqlite3_step(stmt) != SQLITE_DONE) { + STC_LOGE("Failed to insert firewall chain: %s\n", + sqlite3_errmsg(stc_db_get_database())); + error_code = STC_ERROR_DB_FAILED; + goto handle_error; + } + + STC_LOGD("Firewall chain inserted [%s]", info->chain); + +handle_error: + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_delete_chain(firewall_chain_s *info) +{ + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = delete_fw_chain; + + if (!info) { + error_code = STC_ERROR_INVALID_PARAMETER; + goto handle_error; + } + + DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "", + -1, SQLITE_TRANSIENT)); + + if (sqlite3_step(stmt) != SQLITE_DONE) { + STC_LOGE("Failed to delete firewall chain %s\n", + sqlite3_errmsg(stc_db_get_database())); + error_code = STC_ERROR_DB_FAILED; + goto handle_error; + } + + STC_LOGD("Firewall chain deleted [%s]", info->chain); + +handle_error: + + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_flush_chain(firewall_chain_s *info) +{ + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = delete_fw_rule_per_chain; + + if (!info) { + error_code = STC_ERROR_INVALID_PARAMETER; + goto handle_error; + } + + DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "", + -1, SQLITE_TRANSIENT)); + + if (sqlite3_step(stmt) != SQLITE_DONE) { + STC_LOGE("Failed to flush firewall chain %s\n", + sqlite3_errmsg(stc_db_get_database())); + error_code = STC_ERROR_DB_FAILED; + goto handle_error; + } + + STC_LOGD("Firewall chain flushed [%s]", info->chain); + +handle_error: + + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_update_chain(firewall_chain_s *info) +{ + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = update_fw_chain; + + if (!info) { + error_code = STC_ERROR_INVALID_PARAMETER; + goto handle_error; + } + + DB_ACTION(sqlite3_bind_int(stmt, 1, info->target)); + DB_ACTION(sqlite3_bind_int(stmt, 2, info->priority)); + DB_ACTION(sqlite3_bind_text(stmt, 3, info->chain ? info->chain : "", + -1, SQLITE_TRANSIENT)); + + if (sqlite3_step(stmt) != SQLITE_DONE) { + STC_LOGE("Failed to update firewall chain: %s\n", + sqlite3_errmsg(stc_db_get_database())); + error_code = STC_ERROR_DB_FAILED; + goto handle_error; + } + + STC_LOGD("Firewall chain updated [%s]", info->chain); + +handle_error: + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_foreach_chain(firewall_chain_cb info_cb, + void *user_data) +{ + firewall_chain_s info; + int rc; + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = select_fw_chain; + + do { + rc = sqlite3_step(stmt); + + memset(&info, 0, sizeof(info)); + + switch (rc) { + case SQLITE_DONE: + break; + case SQLITE_ROW: + info.chain = (char *)sqlite3_column_text(stmt, 0); + info.target = sqlite3_column_int(stmt, 1); + info.priority = sqlite3_column_int(stmt, 2); + + if (info_cb(&info, user_data) == STC_CANCEL) + rc = SQLITE_DONE; + break; + case SQLITE_ERROR: + default: + STC_LOGE("Failed to enumerate firewall chains: %s\n", + sqlite3_errmsg(stc_db_get_database())); + + error_code = STC_ERROR_DB_FAILED; + } + } while (rc == SQLITE_ROW); + + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_insert_rule(firewall_rule_s *info) +{ + stc_error_e error_code = STC_ERROR_NONE; + char buf[BUF_SIZE_FOR_IP]; + sqlite3_stmt *stmt = insert_fw_rule; + + if (!info) { + error_code = STC_ERROR_INVALID_PARAMETER; + goto handle_error; + } + + DB_ACTION(sqlite3_bind_int64(stmt, 1, info->key)); + DB_ACTION(sqlite3_bind_text(stmt, 2, info->chain ? info->chain : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 3, info->direction)); + DB_ACTION(sqlite3_bind_int(stmt, 4, info->s_ip_type)); + DB_ACTION(sqlite3_bind_int(stmt, 5, info->d_ip_type)); + DB_ACTION(sqlite3_bind_int(stmt, 6, info->s_port_type)); + DB_ACTION(sqlite3_bind_int(stmt, 7, info->d_port_type)); + DB_ACTION(sqlite3_bind_int(stmt, 8, info->protocol)); + DB_ACTION(sqlite3_bind_int(stmt, 9, info->family)); + if (info->family == STC_FW_FAMILY_V4) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x", info->s_ip1.Ipv4.s_addr); + DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x", info->s_ip2.Ipv4.s_addr); + DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x", info->d_ip1.Ipv4.s_addr); + DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x", info->d_ip2.Ipv4.s_addr); + DB_ACTION(sqlite3_bind_text(stmt, 13, buf, -1, SQLITE_TRANSIENT)); + } else if (info->family == STC_FW_FAMILY_V6) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + info->s_ip1.Ipv6.s6_addr32[0], info->s_ip1.Ipv6.s6_addr32[1], + info->s_ip1.Ipv6.s6_addr32[2], info->s_ip1.Ipv6.s6_addr32[3]); + DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + info->s_ip2.Ipv6.s6_addr32[0], info->s_ip2.Ipv6.s6_addr32[1], + info->s_ip2.Ipv6.s6_addr32[2], info->s_ip2.Ipv6.s6_addr32[3]); + DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + info->d_ip1.Ipv6.s6_addr32[0], info->d_ip1.Ipv6.s6_addr32[1], + info->d_ip1.Ipv6.s6_addr32[2], info->d_ip1.Ipv6.s6_addr32[3]); + DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + info->d_ip2.Ipv6.s6_addr32[0], info->d_ip2.Ipv6.s6_addr32[1], + info->d_ip2.Ipv6.s6_addr32[2], info->d_ip2.Ipv6.s6_addr32[3]); + DB_ACTION(sqlite3_bind_text(stmt, 13, buf, -1, SQLITE_TRANSIENT)); + } else { + DB_ACTION(sqlite3_bind_text(stmt, 10, "", -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_text(stmt, 11, "", -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_text(stmt, 12, "", -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_text(stmt, 13, "", -1, SQLITE_TRANSIENT)); + } + DB_ACTION(sqlite3_bind_int(stmt, 14, info->s_port1)); + DB_ACTION(sqlite3_bind_int(stmt, 15, info->s_port2)); + DB_ACTION(sqlite3_bind_int(stmt, 16, info->d_port1)); + DB_ACTION(sqlite3_bind_int(stmt, 17, info->d_port2)); + DB_ACTION(sqlite3_bind_text(stmt, 18, info->ifname ? info->ifname : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 19, info->target)); + DB_ACTION(sqlite3_bind_text(stmt, 20, info->identifier ? info->identifier : "", + -1, SQLITE_TRANSIENT)); + + if (sqlite3_step(stmt) != SQLITE_DONE) { + STC_LOGE("Failed to insert firewall rule: %s\n", + sqlite3_errmsg(stc_db_get_database())); + error_code = STC_ERROR_DB_FAILED; + goto handle_error; + } + + STC_LOGD("Firewall rule inserted [%s]", info->chain); + +handle_error: + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_delete_rule(firewall_rule_s *info) +{ + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = delete_fw_rule; + + if (!info) { + error_code = STC_ERROR_INVALID_PARAMETER; + goto handle_error; + } + + DB_ACTION(sqlite3_bind_int64(stmt, 1, info->key)); + + if (sqlite3_step(stmt) != SQLITE_DONE) { + STC_LOGE("Failed to delete firewall rule %s\n", + sqlite3_errmsg(stc_db_get_database())); + error_code = STC_ERROR_DB_FAILED; + goto handle_error; + } + + STC_LOGD("Firewall rule deleted [%s]", info->chain); + +handle_error: + + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_update_rule(firewall_rule_s *info) +{ + stc_error_e error_code = STC_ERROR_NONE; + char buf[BUF_SIZE_FOR_IP]; + sqlite3_stmt *stmt = update_fw_rule; + + if (!info) { + error_code = STC_ERROR_INVALID_PARAMETER; + goto handle_error; + } + + DB_ACTION(sqlite3_bind_text(stmt, 1, info->chain ? info->chain : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 2, info->direction)); + DB_ACTION(sqlite3_bind_int(stmt, 3, info->s_ip_type)); + DB_ACTION(sqlite3_bind_int(stmt, 4, info->d_ip_type)); + DB_ACTION(sqlite3_bind_int(stmt, 5, info->s_port_type)); + DB_ACTION(sqlite3_bind_int(stmt, 6, info->d_port_type)); + DB_ACTION(sqlite3_bind_int(stmt, 7, info->protocol)); + DB_ACTION(sqlite3_bind_int(stmt, 8, info->family)); + if (info->family == STC_FW_FAMILY_V4) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x", info->s_ip1.Ipv4.s_addr); + DB_ACTION(sqlite3_bind_text(stmt, 9, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x", info->s_ip2.Ipv4.s_addr); + DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x", info->d_ip1.Ipv4.s_addr); + DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x", info->d_ip2.Ipv4.s_addr); + DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT)); + } else if (info->family == STC_FW_FAMILY_V6) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + info->s_ip1.Ipv6.s6_addr32[0], info->s_ip1.Ipv6.s6_addr32[1], + info->s_ip1.Ipv6.s6_addr32[2], info->s_ip1.Ipv6.s6_addr32[3]); + DB_ACTION(sqlite3_bind_text(stmt, 9, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + info->s_ip2.Ipv6.s6_addr32[0], info->s_ip2.Ipv6.s6_addr32[1], + info->s_ip2.Ipv6.s6_addr32[2], info->s_ip2.Ipv6.s6_addr32[3]); + DB_ACTION(sqlite3_bind_text(stmt, 10, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + info->d_ip1.Ipv6.s6_addr32[0], info->d_ip1.Ipv6.s6_addr32[1], + info->d_ip1.Ipv6.s6_addr32[2], info->d_ip1.Ipv6.s6_addr32[3]); + DB_ACTION(sqlite3_bind_text(stmt, 11, buf, -1, SQLITE_TRANSIENT)); + + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + info->d_ip2.Ipv6.s6_addr32[0], info->d_ip2.Ipv6.s6_addr32[1], + info->d_ip2.Ipv6.s6_addr32[2], info->d_ip2.Ipv6.s6_addr32[3]); + DB_ACTION(sqlite3_bind_text(stmt, 12, buf, -1, SQLITE_TRANSIENT)); + } else { + DB_ACTION(sqlite3_bind_text(stmt, 9, "", -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_text(stmt, 10, "", -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_text(stmt, 11, "", -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_text(stmt, 12, "", -1, SQLITE_TRANSIENT)); + } + DB_ACTION(sqlite3_bind_int(stmt, 13, info->s_port1)); + DB_ACTION(sqlite3_bind_int(stmt, 14, info->s_port2)); + DB_ACTION(sqlite3_bind_int(stmt, 15, info->d_port1)); + DB_ACTION(sqlite3_bind_int(stmt, 16, info->d_port2)); + DB_ACTION(sqlite3_bind_text(stmt, 17, info->ifname ? info->ifname : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int(stmt, 18, info->target)); + DB_ACTION(sqlite3_bind_text(stmt, 19, info->identifier ? info->identifier : "", + -1, SQLITE_TRANSIENT)); + DB_ACTION(sqlite3_bind_int64(stmt, 20, info->key)); + + if (sqlite3_step(stmt) != SQLITE_DONE) { + STC_LOGE("Failed to update firewall rule %s\n", + sqlite3_errmsg(stc_db_get_database())); + error_code = STC_ERROR_DB_FAILED; + goto handle_error; + } + + STC_LOGD("Firewall rule updated [%s]", info->chain); + +handle_error: + + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_foreach_rule(firewall_rule_cb info_cb, + void *user_data) +{ + firewall_rule_s info; + int rc; + stc_error_e error_code = STC_ERROR_NONE; + sqlite3_stmt *stmt = select_fw_rule; + + do { + rc = sqlite3_step(stmt); + + memset(&info, 0, sizeof(info)); + + switch (rc) { + case SQLITE_DONE: + break; + case SQLITE_ROW: + info.key = sqlite3_column_int64(stmt, 0); + info.chain = (char *)sqlite3_column_text(stmt, 1); + info.direction = sqlite3_column_int(stmt, 2); + info.s_ip_type = sqlite3_column_int(stmt, 3); + info.d_ip_type = sqlite3_column_int(stmt, 4); + info.s_port_type = sqlite3_column_int(stmt, 5); + info.d_port_type = sqlite3_column_int(stmt, 6); + info.protocol = sqlite3_column_int(stmt, 7); + info.family = sqlite3_column_int(stmt, 8); + if (info.family == STC_FW_FAMILY_V4) { + sscanf((char *)sqlite3_column_text(stmt, 9), "%08x", + &(info.s_ip1.Ipv4.s_addr)); + sscanf((char *)sqlite3_column_text(stmt, 10), "%08x", + &(info.s_ip2.Ipv4.s_addr)); + sscanf((char *)sqlite3_column_text(stmt, 11), "%08x", + &(info.d_ip1.Ipv4.s_addr)); + sscanf((char *)sqlite3_column_text(stmt, 12), "%08x", + &(info.d_ip2.Ipv4.s_addr)); + } else if (info.family == STC_FW_FAMILY_V6) { + sscanf((char *)sqlite3_column_text(stmt, 9), "%08x:%08x:%08x:%08x", + &(info.s_ip1.Ipv6.s6_addr32[0]), &(info.s_ip1.Ipv6.s6_addr32[1]), + &(info.s_ip1.Ipv6.s6_addr32[2]), &(info.s_ip1.Ipv6.s6_addr32[3])); + sscanf((char *)sqlite3_column_text(stmt, 10), "%08x:%08x:%08x:%08x", + &(info.s_ip2.Ipv6.s6_addr32[0]), &(info.s_ip2.Ipv6.s6_addr32[1]), + &(info.s_ip2.Ipv6.s6_addr32[2]), &(info.s_ip2.Ipv6.s6_addr32[3])); + sscanf((char *)sqlite3_column_text(stmt, 11), "%08x:%08x:%08x:%08x", + &(info.d_ip1.Ipv6.s6_addr32[0]), &(info.d_ip1.Ipv6.s6_addr32[1]), + &(info.d_ip1.Ipv6.s6_addr32[2]), &(info.d_ip1.Ipv6.s6_addr32[3])); + sscanf((char *)sqlite3_column_text(stmt, 12), "%08x:%08x:%08x:%08x", + &(info.d_ip2.Ipv6.s6_addr32[0]), &(info.d_ip2.Ipv6.s6_addr32[1]), + &(info.d_ip2.Ipv6.s6_addr32[2]), &(info.d_ip2.Ipv6.s6_addr32[3])); + } + info.s_port1 = sqlite3_column_int(stmt, 13); + info.s_port2 = sqlite3_column_int(stmt, 14); + info.d_port1 = sqlite3_column_int(stmt, 15); + info.d_port2 = sqlite3_column_int(stmt, 16); + info.ifname = (char *)sqlite3_column_text(stmt, 17); + info.target = sqlite3_column_int(stmt, 18); + info.identifier = (char *)sqlite3_column_text(stmt, 19); + + if (info_cb(&info, user_data) == STC_CANCEL) + rc = SQLITE_DONE; + break; + case SQLITE_ERROR: + default: + STC_LOGE("Failed to enumerate firewall rules: %s\n", + sqlite3_errmsg(stc_db_get_database())); + + error_code = STC_ERROR_DB_FAILED; + } + } while (rc == SQLITE_ROW); + + sqlite3_reset(stmt); + return error_code; +} + +stc_error_e table_firewall_prepare(sqlite3 *db) +{ + __STC_LOG_FUNC_ENTER__; + + stc_error_e error_code = STC_ERROR_NONE; + + if (db == NULL) { + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_FAIL; + } + + DB_ACTION(__prepare_delete(db)); + DB_ACTION(__prepare_select(db)); + DB_ACTION(__prepare_update(db)); + DB_ACTION(__prepare_insert(db)); + +handle_error: + + __STC_LOG_FUNC_EXIT__; + return error_code; +} + +void table_firewall_finalize(void) +{ + __STC_LOG_FUNC_ENTER__; + __finalize_delete(); + __finalize_select(); + __finalize_update(); + __finalize_insert(); + __STC_LOG_FUNC_EXIT__; +} diff --git a/src/database/tables/table-statistics.c b/src/database/tables/table-statistics.c index 49856b4..6f2fe03 100755 --- a/src/database/tables/table-statistics.c +++ b/src/database/tables/table-statistics.c @@ -594,7 +594,7 @@ stc_error_e table_statistics_insert(stc_db_classid_iftype_key *stat_key, { stc_error_e error_code = STC_ERROR_NONE; sqlite3_stmt *stmt = update_statistics_query; - stc_hw_net_protocol_type_e hw_net_protocol_type = STC_PROTOCOL_NONE; + stc_hw_net_protocol_type_e hw_net_protocol_type = STC_PROTOCOL_UNKNOWN; if (!stat->rcv_count && !stat->snd_count) { error_code = STC_ERROR_INVALID_PARAMETER; diff --git a/src/helper/helper-firewall.c b/src/helper/helper-firewall.c new file mode 100755 index 0000000..aab377f --- /dev/null +++ b/src/helper/helper-firewall.c @@ -0,0 +1,716 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "stc-manager-gdbus.h" +#include "helper-firewall.h" + +#define STC_FIREWALL_DBUS_SERVICE "net.stc.iptables" +#define STC_FIREWALL_DBUS_RULE_INTERFACE STC_FIREWALL_DBUS_SERVICE ".rule" +#define STC_FIREWALL_DBUS_CHAIN_INTERFACE STC_FIREWALL_DBUS_SERVICE ".chain" +#define STC_FIREWALL_DBUS_RULE_PATH "/net/stc/iptables/rule" +#define STC_FIREWALL_DBUS_CHAIN_PATH "/net/stc/iptables/chain" + +#define STC_FIREWALL_DBUS_METHOD_ADD_CHAIN "IptAddChain" +#define STC_FIREWALL_DBUS_METHOD_REMOVE_CHAIN "IptRemoveChain" +#define STC_FIREWALL_DBUS_METHOD_FLUSH_CHAIN "IptFlushChain" +#define STC_FIREWALL6_DBUS_METHOD_ADD_CHAIN "Ip6tAddChain" +#define STC_FIREWALL6_DBUS_METHOD_REMOVE_CHAIN "Ip6tRemoveChain" +#define STC_FIREWALL6_DBUS_METHOD_FLUSH_CHAIN "Ip6tFlushChain" + +#define STC_FIREWALL_DBUS_METHOD_ADD_RULE "IptAddRule" +#define STC_FIREWALL_DBUS_METHOD_REMOVE_RULE "IptRemoveRule" +#define STC_FIREWALL6_DBUS_METHOD_ADD_RULE "Ip6tAddRule" +#define STC_FIREWALL6_DBUS_METHOD_REMOVE_RULE "Ip6tRemoveRule" + +#define BUF_SIZE_FOR_IP 64 + +#define RULE_CHAIN "chain" +#define RULE_DIRECTION "type" +#define RULE_IFNAME "ifname" +#define RULE_PROTOCOL "protocol" +#define RULE_TARGET "target" + +#define RULE_FAMILY "family" +#define RULE_SIPTYPE "s_ip_type" +#define RULE_SIP1 "s_ip1" +#define RULE_SIP2 "s_ip2" +#define RULE_DIPTYPE "d_ip_type" +#define RULE_DIP1 "d_ip1" +#define RULE_DIP2 "d_ip2" +#define RULE_SPORTTYPE "s_port_type" +#define RULE_SPORT1 "s_port1" +#define RULE_SPORT2 "s_port2" +#define RULE_DPORTTYPE "d_port_type" +#define RULE_DPORT1 "d_port1" +#define RULE_DPORT2 "d_port2" + +static void __fw_add_rule_info_to_builder(GVariantBuilder *builder, + firewall_rule_s *rule) +{ + if (builder == NULL || rule == NULL) + return; + + g_variant_builder_add(builder, "{sv}", RULE_CHAIN, + g_variant_new_string(rule->chain)); + + if (rule->direction != STC_FW_DIRECTION_NONE) + g_variant_builder_add(builder, "{sv}", RULE_DIRECTION, + g_variant_new_uint16(rule->direction)); + + if (rule->s_ip_type != STC_FW_IP_NONE) + g_variant_builder_add(builder, "{sv}", RULE_SIPTYPE, + g_variant_new_uint16(rule->s_ip_type)); + + if (rule->d_ip_type != STC_FW_IP_NONE) + g_variant_builder_add(builder, "{sv}", RULE_DIPTYPE, + g_variant_new_uint16(rule->d_ip_type)); + + if (rule->s_port_type != STC_FW_PORT_NONE) + g_variant_builder_add(builder, "{sv}", RULE_SPORTTYPE, + g_variant_new_uint16(rule->s_port_type)); + + if (rule->d_port_type != STC_FW_PORT_NONE) + g_variant_builder_add(builder, "{sv}", RULE_DPORTTYPE, + g_variant_new_uint16(rule->d_port_type)); + + if (rule->protocol != STC_FW_PROTOCOL_NONE) + g_variant_builder_add(builder, "{sv}", RULE_PROTOCOL, + g_variant_new_uint16(rule->protocol)); + + switch (rule->family) { + case STC_FW_FAMILY_V4: + if (rule->s_ip1.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_SIP1, + g_variant_new_uint32(rule->s_ip1.Ipv4.s_addr)); + + if (rule->s_ip2.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_SIP2, + g_variant_new_uint32(rule->s_ip2.Ipv4.s_addr)); + + if (rule->d_ip1.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_DIP1, + g_variant_new_uint32(rule->d_ip1.Ipv4.s_addr)); + + if (rule->d_ip2.Ipv4.s_addr) + g_variant_builder_add(builder, "{sv}", RULE_DIP2, + g_variant_new_uint32(rule->d_ip2.Ipv4.s_addr)); + + break; + case STC_FW_FAMILY_V6: + { + char buf[BUF_SIZE_FOR_IP]; + + if (rule->s_ip1.Ipv6.s6_addr32[0] || rule->s_ip1.Ipv6.s6_addr32[1] || + rule->s_ip1.Ipv6.s6_addr32[2] || rule->s_ip1.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], + rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_SIP1, + g_variant_new_string(buf)); + } + + if (rule->s_ip2.Ipv6.s6_addr32[0] || rule->s_ip2.Ipv6.s6_addr32[1] || + rule->s_ip2.Ipv6.s6_addr32[2] || rule->s_ip2.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1], + rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_SIP2, + g_variant_new_string(buf)); + } + + if (rule->d_ip1.Ipv6.s6_addr32[0] || rule->d_ip1.Ipv6.s6_addr32[1] || + rule->d_ip1.Ipv6.s6_addr32[2] || rule->d_ip1.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], + rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_DIP1, + g_variant_new_string(buf)); + } + + if (rule->d_ip2.Ipv6.s6_addr32[0] || rule->d_ip2.Ipv6.s6_addr32[1] || + rule->d_ip2.Ipv6.s6_addr32[2] || rule->d_ip2.Ipv6.s6_addr32[3]) { + memset(buf, 0, sizeof(buf)); + snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x", + rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1], + rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]); + g_variant_builder_add(builder, "{sv}", RULE_DIP2, + g_variant_new_string(buf)); + } + } + break; + default: + break; + } + + if (rule->s_port1) + g_variant_builder_add(builder, "{sv}", RULE_SPORT1, + g_variant_new_uint32(rule->s_port1)); + + if (rule->s_port2) + g_variant_builder_add(builder, "{sv}", RULE_SPORT2, + g_variant_new_uint32(rule->s_port2)); + + if (rule->d_port1) + g_variant_builder_add(builder, "{sv}", RULE_DPORT1, + g_variant_new_uint32(rule->d_port1)); + + if (rule->d_port2) + g_variant_builder_add(builder, "{sv}", RULE_DPORT2, + g_variant_new_uint32(rule->d_port2)); + + if (rule->ifname) + g_variant_builder_add(builder, "{sv}", RULE_IFNAME, + g_variant_new_string(rule->ifname)); + + if (rule->target_str) + g_variant_builder_add(builder, "{sv}", RULE_TARGET, + g_variant_new_string(rule->target_str)); +} + +static int __fw_add_chain(GDBusConnection *connection, + const char *chain) +{ + int result = 0; + GVariant *message = NULL; + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_CHAIN_PATH, + STC_FIREWALL_DBUS_CHAIN_INTERFACE, + STC_FIREWALL_DBUS_METHOD_ADD_CHAIN, + g_variant_new("(s)", chain)); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully added firewall chain [%d:%s]", result, chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + +static int __fw6_add_chain(GDBusConnection *connection, + const char *chain) +{ + int result = 0; + GVariant *message = NULL; + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_CHAIN_PATH, + STC_FIREWALL_DBUS_CHAIN_INTERFACE, + STC_FIREWALL6_DBUS_METHOD_ADD_CHAIN, + g_variant_new("(s)", chain)); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully added firewall6 chain [%d:%s]", result, chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + +static int __fw_remove_chain(GDBusConnection *connection, + const char *chain) +{ + int result = 0; + GVariant *message = NULL; + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_CHAIN_PATH, + STC_FIREWALL_DBUS_CHAIN_INTERFACE, + STC_FIREWALL_DBUS_METHOD_REMOVE_CHAIN, + g_variant_new("(s)", chain)); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully removed firewall chain [%d:%s]", result, chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + +static int __fw6_remove_chain(GDBusConnection *connection, + const char *chain) +{ + int result = 0; + GVariant *message = NULL; + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_CHAIN_PATH, + STC_FIREWALL_DBUS_CHAIN_INTERFACE, + STC_FIREWALL6_DBUS_METHOD_REMOVE_CHAIN, + g_variant_new("(s)", chain)); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully removed firewall6 chain [%d:%s]", result, chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + +static int __fw_flush_chain(GDBusConnection *connection, + const char *chain) +{ + int result = 0; + GVariant *message = NULL; + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_CHAIN_PATH, + STC_FIREWALL_DBUS_CHAIN_INTERFACE, + STC_FIREWALL_DBUS_METHOD_FLUSH_CHAIN, + g_variant_new("(s)", chain)); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully flushed firewall chain [%d:%s]", result, chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + +static int __fw6_flush_chain(GDBusConnection *connection, + const char *chain) +{ + int result = 0; + GVariant *message = NULL; + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_CHAIN_PATH, + STC_FIREWALL_DBUS_CHAIN_INTERFACE, + STC_FIREWALL6_DBUS_METHOD_FLUSH_CHAIN, + g_variant_new("(s)", chain)); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully flushed firewall6 chain [%d:%s]", result, chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + +static int __fw_set_chain(firewall_chain_s *chain) +{ + stc_error_e ret = STC_ERROR_NONE; + firewall_rule_s rule; + memset(&rule, 0, sizeof(firewall_rule_s)); + + switch (chain->target) { + case STC_FW_CHAIN_TARGET_INPUT: + rule.chain = g_strdup(FIREWALL_CHAIN_TARGET_IN); + break; + case STC_FW_CHAIN_TARGET_OUTPUT: + rule.chain = g_strdup(FIREWALL_CHAIN_TARGET_OUT); + break; + default: + return STC_ERROR_INVALID_PARAMETER; + } + + rule.target_str = g_strdup(chain->chain); + ret = firewall_rule_add(&rule); + + g_free(rule.chain); + g_free(rule.target_str); + + return ret; +} + +static int __fw_unset_chain(firewall_chain_s *chain) +{ + stc_error_e ret = STC_ERROR_NONE; + firewall_rule_s rule; + memset(&rule, 0, sizeof(firewall_rule_s)); + + switch (chain->target) { + case STC_FW_CHAIN_TARGET_INPUT: + rule.chain = g_strdup(FIREWALL_CHAIN_TARGET_IN); + break; + case STC_FW_CHAIN_TARGET_OUTPUT: + rule.chain = g_strdup(FIREWALL_CHAIN_TARGET_OUT); + break; + default: + return STC_ERROR_INVALID_PARAMETER; + } + + rule.target_str = g_strdup(chain->chain); + ret = firewall_rule_remove(&rule); + + g_free(rule.chain); + g_free(rule.target_str); + + return ret; +} + +static int __fw_add_rule(GDBusConnection *connection, + firewall_rule_s *rule) +{ + int result = 0; + GVariantBuilder *builder = NULL; + GVariant *params = NULL; + GVariant *message = NULL; + + builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}")); + __fw_add_rule_info_to_builder(builder, rule); + params = g_variant_new("(a{sv})", builder); + g_variant_builder_unref(builder); + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_RULE_PATH, + STC_FIREWALL_DBUS_RULE_INTERFACE, + STC_FIREWALL_DBUS_METHOD_ADD_RULE, + params); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully added firewall rule [%d:%s]", + result, rule->chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + +static int __fw6_add_rule(GDBusConnection *connection, + firewall_rule_s *rule) +{ + int result = 0; + GVariantBuilder *builder = NULL; + GVariant *params = NULL; + GVariant *message = NULL; + + builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}")); + __fw_add_rule_info_to_builder(builder, rule); + params = g_variant_new("(a{sv})", builder); + g_variant_builder_unref(builder); + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_RULE_PATH, + STC_FIREWALL_DBUS_RULE_INTERFACE, + STC_FIREWALL6_DBUS_METHOD_ADD_RULE, + params); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully added firewall6 rule [%d:%s]", + result, rule->chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + +static int __fw_remove_rule(GDBusConnection *connection, + firewall_rule_s *rule) +{ + int result = 0; + GVariantBuilder *builder = NULL; + GVariant *params = NULL; + GVariant *message = NULL; + + builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}")); + __fw_add_rule_info_to_builder(builder, rule); + params = g_variant_new("(a{sv})", builder); + g_variant_builder_unref(builder); + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_RULE_PATH, + STC_FIREWALL_DBUS_RULE_INTERFACE, + STC_FIREWALL_DBUS_METHOD_REMOVE_RULE, + params); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully removed firewall rule [%d:%s]", + result, rule->chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + +static int __fw6_remove_rule(GDBusConnection *connection, + firewall_rule_s *rule) +{ + int result = 0; + GVariantBuilder *builder = NULL; + GVariant *params = NULL; + GVariant *message = NULL; + + builder = g_variant_builder_new(G_VARIANT_TYPE("a{sv}")); + __fw_add_rule_info_to_builder(builder, rule); + params = g_variant_new("(a{sv})", builder); + g_variant_builder_unref(builder); + + message = stc_manager_gdbus_call_sync(connection, + STC_FIREWALL_DBUS_SERVICE, + STC_FIREWALL_DBUS_RULE_PATH, + STC_FIREWALL_DBUS_RULE_INTERFACE, + STC_FIREWALL6_DBUS_METHOD_REMOVE_RULE, + params); + + if (message == NULL) { + STC_LOGE("Failed to invoke dbus method"); + return STC_ERROR_FAIL; + } + + g_variant_get(message, "(i)", &result); + STC_LOGD("Successfully removed firewall6 rule [%d:%s]", + result, rule->chain); + g_variant_unref(message); + + return STC_ERROR_NONE; +} + +stc_error_e firewall_chain_add(firewall_chain_s *chain) +{ + __STC_LOG_FUNC_ENTER__; + + stc_error_e ret = STC_ERROR_NONE; + stc_s *stc = stc_get_manager(); + + if (!stc || !stc->connection) { + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + ret = __fw_add_chain(stc->connection, chain->chain); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + + ret = __fw6_add_chain(stc->connection, chain->chain); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + + __STC_LOG_FUNC_EXIT__; + return ret; +} + +stc_error_e firewall_chain_remove(firewall_chain_s *chain) +{ + __STC_LOG_FUNC_ENTER__; + + stc_error_e ret = STC_ERROR_NONE; + stc_s *stc = stc_get_manager(); + + if (!stc || !stc->connection) { + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + ret = __fw_remove_chain(stc->connection, chain->chain); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + + ret = __fw6_remove_chain(stc->connection, chain->chain); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + + __STC_LOG_FUNC_EXIT__; + return ret; +} + +stc_error_e firewall_chain_flush(firewall_chain_s *chain) +{ + __STC_LOG_FUNC_ENTER__; + + stc_error_e ret = STC_ERROR_NONE; + stc_s *stc = stc_get_manager(); + + if (!stc || !stc->connection) { + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + ret = __fw_flush_chain(stc->connection, chain->chain); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + + ret = __fw6_flush_chain(stc->connection, chain->chain); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + + __STC_LOG_FUNC_EXIT__; + return ret; +} + +stc_error_e firewall_chain_set(firewall_chain_s *chain) +{ + __STC_LOG_FUNC_ENTER__; + + stc_error_e ret = STC_ERROR_NONE; + ret = __fw_set_chain(chain); + + __STC_LOG_FUNC_EXIT__; + return ret; +} + +stc_error_e firewall_chain_unset(firewall_chain_s *chain) +{ + __STC_LOG_FUNC_ENTER__; + + stc_error_e ret = STC_ERROR_NONE; + ret = __fw_unset_chain(chain); + + __STC_LOG_FUNC_EXIT__; + return ret; +} + +stc_error_e firewall_rule_add(firewall_rule_s *rule) +{ + __STC_LOG_FUNC_ENTER__; + + stc_error_e ret = STC_ERROR_NONE; + stc_s *stc = stc_get_manager(); + + if (!stc || !stc->connection) { + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + switch (rule->family) { + case STC_FW_FAMILY_V4: + ret = __fw_add_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + break; + case STC_FW_FAMILY_V6: + ret = __fw6_add_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + break; + default: + ret = __fw_add_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + + ret = __fw6_add_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + break; + } + + __STC_LOG_FUNC_EXIT__; + return ret; +} + +stc_error_e firewall_rule_remove(firewall_rule_s *rule) +{ + __STC_LOG_FUNC_ENTER__; + + stc_error_e ret = STC_ERROR_NONE; + stc_s *stc = stc_get_manager(); + + if (!stc || !stc->connection) { + __STC_LOG_FUNC_EXIT__; + return STC_ERROR_UNINITIALIZED; + } + + switch (rule->family) { + case STC_FW_FAMILY_V4: + ret = __fw_remove_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + break; + case STC_FW_FAMILY_V6: + ret = __fw6_remove_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + break; + default: + ret = __fw_remove_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + + ret = __fw6_remove_rule(stc->connection, rule); + if (ret != STC_ERROR_NONE) { + __STC_LOG_FUNC_EXIT__; + return ret; + } + break; + } + + __STC_LOG_FUNC_EXIT__; + return ret; +} diff --git a/src/helper/helper-firewall.h b/src/helper/helper-firewall.h new file mode 100755 index 0000000..8a1dbea --- /dev/null +++ b/src/helper/helper-firewall.h @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef __STC_HELPER_FIREWALL_H__ +#define __STC_HELPER_FIREWALL_H__ + +#include + +#include "stc-manager.h" +#include "stc-error.h" + +#define FIREWALL_CHAIN_TARGET_IN "STC_IN" +#define FIREWALL_CHAIN_TARGET_OUT "STC_OUT" + +#define FIREWALL_RULE_TARGET_ACCEPT "ACCEPT" +#define FIREWALL_RULE_TARGET_DROP "DROP" +#define FIREWALL_RULE_TARGET_LOG "LOG" + +typedef enum { + FIREWALL_UNKONWN, + FIREWALL_UNLOCKED, + FIREWALL_LOCKED +} firewall_lock_e; + +typedef union { + struct in_addr Ipv4; + struct in6_addr Ipv6; +} ip_addr_u; + +typedef struct { + char *chain; + stc_fw_chain_target_e target; + guint priority; +} firewall_chain_s; + +typedef struct { + guint key; + char *chain; + stc_fw_direction_e direction; + stc_fw_ip_type_e s_ip_type; + stc_fw_ip_type_e d_ip_type; + stc_fw_port_type_e s_port_type; + stc_fw_port_type_e d_port_type; + stc_fw_protocol_type_e protocol; + stc_fw_family_type_e family; + ip_addr_u s_ip1; + ip_addr_u s_ip2; + ip_addr_u d_ip1; + ip_addr_u d_ip2; + guint s_port1; + guint s_port2; + guint d_port1; + guint d_port2; + char *ifname; + stc_fw_rule_target_e target; + char *target_str; + char *identifier; +} firewall_rule_s; + +stc_error_e firewall_chain_add(firewall_chain_s *chain); +stc_error_e firewall_chain_remove(firewall_chain_s *chain); +stc_error_e firewall_chain_flush(firewall_chain_s *chain); +stc_error_e firewall_chain_set(firewall_chain_s *chain); +stc_error_e firewall_chain_unset(firewall_chain_s *chain); + +stc_error_e firewall_rule_add(firewall_rule_s *rule); +stc_error_e firewall_rule_remove(firewall_rule_s *rule); + +#endif /*__STC_HELPER_FIREWALL_H__*/ diff --git a/src/helper/helper-iptables.c b/src/helper/helper-iptables.c index 81cab4a..cfd8aaf 100755 --- a/src/helper/helper-iptables.c +++ b/src/helper/helper-iptables.c @@ -50,7 +50,7 @@ static void __add_rule_info_to_builder(GVariantBuilder *builder, g_variant_new_string(rule->chain)); g_variant_builder_add(builder, "{sv}", RULE_TYPE, - g_variant_new_uint32(rule->direction)); + g_variant_new_uint16(rule->direction)); if (rule->ifname) g_variant_builder_add(builder, "{sv}", RULE_IFNAME, diff --git a/src/helper/helper-iptables.h b/src/helper/helper-iptables.h index b73e29f..13db25b 100755 --- a/src/helper/helper-iptables.h +++ b/src/helper/helper-iptables.h @@ -25,6 +25,7 @@ #define STC_FRWD_CHAIN "STC_FRWD" typedef enum { + IPTABLES_DIRECTION_NONE, IPTABLES_DIRECTION_IN, IPTABLES_DIRECTION_OUT } iptables_rule_direction_e; diff --git a/src/helper/helper-nfacct-rule.c b/src/helper/helper-nfacct-rule.c index 4c12965..3923daf 100755 --- a/src/helper/helper-nfacct-rule.c +++ b/src/helper/helper-nfacct-rule.c @@ -456,7 +456,8 @@ static stc_error_e exec_iptables_cmd(nfacct_rule_s *rule) iptables_rule.target = g_strdup(get_iptables_jump(rule->jump)); iptables_rule.chain = g_strdup(get_iptables_chain(rule->iotype)); iptables_rule.classid = rule->classid; - iptables_rule.direction = (rule->iotype & NFACCT_COUNTER_IN) ? 0 : 1; + iptables_rule.direction = (rule->iotype & NFACCT_COUNTER_IN) ? + IPTABLES_DIRECTION_IN : IPTABLES_DIRECTION_OUT; iptype = (iptables_ip_type_e)rule->iptype; if (rule->action == NFACCT_ACTION_DELETE) { diff --git a/src/monitor/stc-default-connection.c b/src/monitor/stc-default-connection.c index 6128e02..9a359d4 100755 --- a/src/monitor/stc-default-connection.c +++ b/src/monitor/stc-default-connection.c @@ -18,6 +18,7 @@ #include #include "stc-monitor.h" +#include "stc-firewall.h" #include "stc-manager-gdbus.h" #include "stc-default-connection.h" @@ -414,6 +415,7 @@ static stc_error_e __get_default_profile(GDBusConnection *connection) __print_default_connection_info(); stc_monitor_update_rstn_by_default_connection(&g_default_connection); + stc_firewall_update(); return STC_ERROR_NONE; } diff --git a/src/stc-firewall.c b/src/stc-firewall.c new file mode 100755 index 0000000..b0a66bb --- /dev/null +++ b/src/stc-firewall.c @@ -0,0 +1,1551 @@ +/* + * Copyright (c) 2016 Samsung Electronics Co., Ltd. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "stc-db.h" +#include "table-firewall.h" +#include "helper-firewall.h" +#include "stc-firewall.h" +#include "stc-manager-gdbus.h" + +#define IDENTIFIER_LEN 512 + +#define LOCK_NAME "admin" + +#define CHAIN_NAME "chain" +#define CHAIN_TARGET "target" +#define CHAIN_PRIORITY "priority" + +#define RULE_CHAIN "chain" +#define RULE_DIRECTION "direction" +#define RULE_SIPTYPE "s_ip_type" +#define RULE_DIPTYPE "d_ip_type" +#define RULE_SPORTTYPE "s_port_type" +#define RULE_DPORTTYPE "d_port_type" +#define RULE_PROTOCOL "protocol" +#define RULE_FAMILY "family" +#define RULE_SIP1 "s_ip1" +#define RULE_SIP2 "s_ip2" +#define RULE_DIP1 "d_ip1" +#define RULE_DIP2 "d_ip2" +#define RULE_SPORT1 "s_port1" +#define RULE_SPORT2 "s_port2" +#define RULE_DPORT1 "d_port1" +#define RULE_DPORT2 "d_port2" +#define RULE_IFNAME "ifname" +#define RULE_TARGET "target" +#define RULE_IDENTIFIER "identifier" +#define RULE_KEY "key" + +#define RULE_TARGET_ACCEPT "ACCEPT" +#define RULE_TARGET_DROP "DROP" +#define RULE_TARGET_LOG "LOG" + +#define FIREWALL_DBUS_ERROR_NAME "net.stc.firewall.Error.Failed" + +#define STC_FIREWALL_DBUS_REPLY_ERROR(invocation, err_num) \ + g_dbus_method_invocation_return_dbus_error((invocation), \ + FIREWALL_DBUS_ERROR_NAME, \ + stc_err_strs[-(err_num)]) + +#define STC_FIREWALL_CHECK_LOCK_STATE(invocation) do { \ + if (g_lock_state == FIREWALL_LOCKED) { \ + STC_LOGD("Firewall is locked"); \ + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, \ + STC_ERROR_PERMISSION_DENIED); \ + __STC_LOG_FUNC_EXIT__; \ + return TRUE; \ + } \ +} while (0) + +static const gchar *stc_err_strs[] = { + "ERROR_NONE", + "FAIL", + "DB_FAILED", + "OUT_OF_MEMORY", + "INVALID_PARAMETER", + "NO_DATA", + "ALREADY_DATA", + "UNINITIALIZED", + "PERMISSION_DENIED", + "NOTIMPL" +}; + +static GHashTable *g_firewalls = NULL; +static int g_lock_state = FIREWALL_UNKONWN; +static uint g_chain_priority = 0; + +static void __fw_rule_copy(firewall_rule_s *rule, + const firewall_rule_s *info) +{ + if (info->chain) { + FREE(rule->chain); + rule->chain = g_strdup(info->chain); + } + + rule->direction = info->direction; + rule->s_ip_type = info->s_ip_type; + rule->d_ip_type = info->d_ip_type; + rule->s_port_type = info->s_port_type; + rule->d_port_type = info->d_port_type; + rule->protocol = info->protocol; + rule->family = info->family; + + rule->s_ip1 = info->s_ip1; + rule->s_ip2 = info->s_ip2; + rule->d_ip1 = info->d_ip1; + rule->d_ip2 = info->d_ip2; + + rule->s_port1 = info->s_port1; + rule->s_port2 = info->s_port2; + rule->d_port1 = info->d_port1; + rule->d_port2 = info->d_port2; + + if (info->ifname) { + FREE(rule->ifname); + rule->ifname = g_strdup(info->ifname); + } + + rule->target = info->target; + + if (info->target_str) { + FREE(rule->target_str); + rule->target_str = g_strdup(info->target_str); + } + + if (info->identifier) { + FREE(rule->identifier); + rule->identifier = g_strdup(info->identifier); + } + + rule->key = info->key; +} + +static void __fw_rule_make_key(firewall_rule_s *rule, + firewall_rule_s *info) +{ + GString *str; + + if (!rule->chain) + return; + + str = g_string_sized_new(IDENTIFIER_LEN); + if (!str) + return; + + g_string_append_printf(str, "%s", rule->chain); + + g_string_append_printf(str, "_%u%u%u%u%u%u%u", rule->direction, + rule->s_ip_type, rule->d_ip_type, rule->s_port_type, + rule->d_port_type, rule->protocol, rule->family); + + if (rule->family == STC_FW_FAMILY_V4) { + g_string_append_printf(str, "_"); + g_string_append_printf(str, "%08x", rule->s_ip1.Ipv4.s_addr); + g_string_append_printf(str, "%08x", rule->s_ip2.Ipv4.s_addr); + + g_string_append_printf(str, "_"); + g_string_append_printf(str, "%08x", rule->d_ip1.Ipv4.s_addr); + g_string_append_printf(str, "%08x", rule->d_ip2.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + g_string_append_printf(str, "_"); + g_string_append_printf(str, "%08x", rule->s_ip1.Ipv6.s6_addr32[0]); + g_string_append_printf(str, "%08x", rule->s_ip1.Ipv6.s6_addr32[1]); + g_string_append_printf(str, "%08x", rule->s_ip1.Ipv6.s6_addr32[2]); + g_string_append_printf(str, "%08x", rule->s_ip1.Ipv6.s6_addr32[3]); + g_string_append_printf(str, "%08x", rule->s_ip2.Ipv6.s6_addr32[0]); + g_string_append_printf(str, "%08x", rule->s_ip2.Ipv6.s6_addr32[1]); + g_string_append_printf(str, "%08x", rule->s_ip2.Ipv6.s6_addr32[2]); + g_string_append_printf(str, "%08x", rule->s_ip2.Ipv6.s6_addr32[3]); + + g_string_append_printf(str, "_"); + g_string_append_printf(str, "%08x", rule->d_ip1.Ipv6.s6_addr32[0]); + g_string_append_printf(str, "%08x", rule->d_ip1.Ipv6.s6_addr32[1]); + g_string_append_printf(str, "%08x", rule->d_ip1.Ipv6.s6_addr32[2]); + g_string_append_printf(str, "%08x", rule->d_ip1.Ipv6.s6_addr32[3]); + g_string_append_printf(str, "%08x", rule->d_ip2.Ipv6.s6_addr32[0]); + g_string_append_printf(str, "%08x", rule->d_ip2.Ipv6.s6_addr32[1]); + g_string_append_printf(str, "%08x", rule->d_ip2.Ipv6.s6_addr32[2]); + g_string_append_printf(str, "%08x", rule->d_ip2.Ipv6.s6_addr32[3]); + } + + g_string_append_printf(str, "_%04x", rule->s_port1); + g_string_append_printf(str, "%04x", rule->s_port2); + + g_string_append_printf(str, "_%04x", rule->d_port1); + g_string_append_printf(str, "%04x", rule->d_port2); + + g_string_append_printf(str, "_%s", (rule->ifname) ? rule->ifname : ""); + g_string_append_printf(str, "_%u", rule->target); + + rule->identifier = g_string_free(str, FALSE); + rule->key = g_str_hash(rule->identifier); + + info->identifier = g_strdup(rule->identifier); + info->key = rule->key; + + STC_LOGD("Identifier [%s]", rule->identifier); + STC_LOGD("Key [%u]", rule->key); +} + +static void __fw_rule_free(void *data) +{ + firewall_rule_s *rule = (firewall_rule_s *)data; + + FREE(rule->chain); + FREE(rule->ifname); + FREE(rule->identifier); + FREE(rule); +} + +static void __fw_data_free(gpointer value) +{ + stc_fw_data_s *data = (stc_fw_data_s *)value; + + g_slist_free_full(data->rules, __fw_rule_free); + data->rules = NULL; + + FREE(data); +} + +static gint __fw_rule_comp(gconstpointer a, gconstpointer b) +{ + firewall_rule_s *data = (firewall_rule_s *)a; + firewall_rule_s *rule = (firewall_rule_s *)b; + + if ((data->key == rule->key) && + (g_strcmp0(data->identifier, rule->identifier) == 0)) + return 0; + + return -1; +} + +static stc_error_e __fw_chain_add(const char *chain) +{ + stc_fw_data_s *data; + stc_fw_data_s *lookup; + + ret_value_msg_if(g_firewalls == NULL, + STC_ERROR_FAIL, + "firewall is not initialized!"); + + lookup = g_hash_table_lookup(g_firewalls, chain); + if (lookup) { + STC_LOGD("chain already present"); + return STC_ERROR_ALREADY_DATA; + } + + data = MALLOC0(stc_fw_data_s, 1); + if (!data) { + STC_LOGE("data allocation failed"); + return STC_ERROR_OUT_OF_MEMORY; + } + + data->target = STC_FW_CHAIN_TARGET_NONE; + data->priority = 0; + data->rules = NULL; + + g_hash_table_insert(g_firewalls, g_strdup(chain), data); + + return STC_ERROR_NONE; +} + +static stc_error_e __fw_chain_remove(const char *chain) +{ + stc_fw_data_s *lookup; + + ret_value_msg_if(g_firewalls == NULL, + STC_ERROR_FAIL, + "firewall is not initialized!"); + + lookup = g_hash_table_lookup(g_firewalls, chain); + if (!lookup) { + STC_LOGE("chain not found"); + return STC_ERROR_NO_DATA; + } + + if (lookup->target != STC_FW_CHAIN_TARGET_NONE) { + STC_LOGE("can't be applied bcz chain is set"); + return STC_ERROR_INVALID_PARAMETER; + } + + g_slist_free_full(lookup->rules, __fw_rule_free); + lookup->rules = NULL; + + g_hash_table_remove(g_firewalls, chain); + + return STC_ERROR_NONE; +} + +static stc_error_e __fw_chain_flush(const char *chain) +{ + stc_fw_data_s *lookup; + + ret_value_msg_if(g_firewalls == NULL, + STC_ERROR_FAIL, + "firewall is not initialized!"); + + lookup = g_hash_table_lookup(g_firewalls, chain); + if (!lookup) { + STC_LOGE("chain not found"); + return STC_ERROR_NO_DATA; + } + + if (lookup->target != STC_FW_CHAIN_TARGET_NONE) { + STC_LOGE("can't be applied bcz chain is set"); + return STC_ERROR_INVALID_PARAMETER; + } + + g_slist_free_full(lookup->rules, __fw_rule_free); + lookup->rules = NULL; + + return STC_ERROR_NONE; +} + +static stc_error_e __fw_chain_set(const char *chain, stc_fw_data_s value) +{ + stc_fw_data_s *lookup; + + ret_value_msg_if(g_firewalls == NULL, + STC_ERROR_FAIL, + "firewall is not initialized!"); + + lookup = g_hash_table_lookup(g_firewalls, chain); + if (!lookup) { + STC_LOGE("chain not found"); + return STC_ERROR_NO_DATA; + } + + lookup->target = value.target; + lookup->priority = value.priority; + + return STC_ERROR_NONE; +} + +static stc_fw_data_s *__fw_chain_get(const char *chain) +{ + stc_fw_data_s *lookup; + + ret_value_msg_if(g_firewalls == NULL, NULL, + "firewall is not initialized!"); + + lookup = g_hash_table_lookup(g_firewalls, chain); + if (!lookup) { + STC_LOGE("chain not found"); + return NULL; + } + + return lookup; +} + +static stc_error_e __fw_chain_unset(const char *chain) +{ + stc_error_e ret = STC_ERROR_NONE; + stc_fw_data_s *lookup; + + ret_value_msg_if(g_firewalls == NULL, + STC_ERROR_FAIL, + "firewall is not initialized!"); + + lookup = g_hash_table_lookup(g_firewalls, chain); + if (!lookup) { + STC_LOGE("chain not found"); + return STC_ERROR_NO_DATA; + } + + lookup->target = STC_FW_CHAIN_TARGET_NONE; + lookup->priority = 0; + + return ret; +} + +static void __fw_chain_make_params(gpointer key, gpointer value, + gpointer user_data) +{ + char *chain = (char *)key; + stc_fw_data_s *data = (stc_fw_data_s *)value; + GVariantBuilder *builder = (GVariantBuilder *)user_data; + GVariantBuilder sub_builder; + + g_variant_builder_init(&sub_builder, G_VARIANT_TYPE("a{sv}")); + + g_variant_builder_add(&sub_builder, "{sv}", CHAIN_NAME, + g_variant_new_string(chain)); + + g_variant_builder_add(&sub_builder, "{sv}", CHAIN_PRIORITY, + g_variant_new_uint32(data->priority)); + + g_variant_builder_add(&sub_builder, "{sv}", CHAIN_TARGET, + g_variant_new_uint16(data->target)); + + g_variant_builder_add_value(builder, g_variant_builder_end(&sub_builder)); +} + +static void __fw_rule_make_params(gpointer data, gpointer user_data) +{ + firewall_rule_s *rule = (firewall_rule_s *)data; + GVariantBuilder *builder = (GVariantBuilder *)user_data; + GVariantBuilder sub_builder; + + g_variant_builder_init(&sub_builder, G_VARIANT_TYPE("a{sv}")); + + g_variant_builder_add(&sub_builder, "{sv}", RULE_CHAIN, + g_variant_new_string(rule->chain)); + + if (rule->direction != STC_FW_DIRECTION_NONE) + g_variant_builder_add(&sub_builder, "{sv}", RULE_DIRECTION, + g_variant_new_uint16(rule->direction)); + + if (rule->s_ip_type != STC_FW_IP_NONE) + g_variant_builder_add(&sub_builder, "{sv}", RULE_SIPTYPE, + g_variant_new_uint16(rule->s_ip_type)); + + if (rule->d_ip_type != STC_FW_IP_NONE) + g_variant_builder_add(&sub_builder, "{sv}", RULE_DIPTYPE, + g_variant_new_uint16(rule->d_ip_type)); + + if (rule->s_port_type != STC_FW_PORT_NONE) + g_variant_builder_add(&sub_builder, "{sv}", RULE_SPORTTYPE, + g_variant_new_uint16(rule->s_port_type)); + + if (rule->d_port_type != STC_FW_PORT_NONE) + g_variant_builder_add(&sub_builder, "{sv}", RULE_DPORTTYPE, + g_variant_new_uint16(rule->d_port_type)); + + if (rule->protocol != STC_FW_PROTOCOL_NONE) + g_variant_builder_add(&sub_builder, "{sv}", RULE_PROTOCOL, + g_variant_new_uint16(rule->protocol)); + + if (rule->family != STC_FW_FAMILY_NONE) + g_variant_builder_add(&sub_builder, "{sv}", RULE_FAMILY, + g_variant_new_uint16(rule->family)); + + if (rule->family == STC_FW_FAMILY_V4) { + char *addr = NULL; + + switch (rule->s_ip_type) { + case STC_FW_IP_RANGE: + case STC_FW_IP_MASK: + addr = g_try_malloc0(INET_ADDRSTRLEN); + if (addr) { + inet_ntop(AF_INET, &(rule->s_ip2.Ipv4), addr, INET_ADDRSTRLEN); + g_variant_builder_add(&sub_builder, "{sv}", RULE_SIP2, + g_variant_new_string(addr)); + FREE(addr); + } + case STC_FW_IP_SINGLE: + addr = g_try_malloc0(INET_ADDRSTRLEN); + if (addr) { + inet_ntop(AF_INET, &(rule->s_ip1.Ipv4), addr, INET_ADDRSTRLEN); + g_variant_builder_add(&sub_builder, "{sv}", RULE_SIP1, + g_variant_new_string(addr)); + FREE(addr); + } + break; + default: + break; + } + + switch (rule->d_ip_type) { + case STC_FW_IP_RANGE: + case STC_FW_IP_MASK: + addr = g_try_malloc0(INET_ADDRSTRLEN); + if (addr) { + inet_ntop(AF_INET, &(rule->d_ip2.Ipv4), addr, INET_ADDRSTRLEN); + g_variant_builder_add(&sub_builder, "{sv}", RULE_DIP2, + g_variant_new_string(addr)); + FREE(addr); + } + case STC_FW_IP_SINGLE: + addr = g_try_malloc0(INET_ADDRSTRLEN); + if (addr) { + inet_ntop(AF_INET, &(rule->d_ip1.Ipv4), addr, INET_ADDRSTRLEN); + g_variant_builder_add(&sub_builder, "{sv}", RULE_DIP1, + g_variant_new_string(addr)); + FREE(addr); + } + break; + default: + break; + } + } else if (rule->family == STC_FW_FAMILY_V6) { + char *addr = NULL; + + switch (rule->s_ip_type) { + case STC_FW_IP_RANGE: + case STC_FW_IP_MASK: + addr = g_try_malloc0(INET6_ADDRSTRLEN); + if (addr) { + inet_ntop(AF_INET6, &(rule->s_ip2.Ipv6), addr, INET6_ADDRSTRLEN); + g_variant_builder_add(&sub_builder, "{sv}", RULE_SIP2, + g_variant_new_string(addr)); + FREE(addr); + } + case STC_FW_IP_SINGLE: + addr = g_try_malloc0(INET6_ADDRSTRLEN); + if (addr) { + inet_ntop(AF_INET6, &(rule->s_ip1.Ipv6), addr, INET6_ADDRSTRLEN); + g_variant_builder_add(&sub_builder, "{sv}", RULE_SIP1, + g_variant_new_string(addr)); + FREE(addr); + } + break; + default: + break; + } + + switch (rule->d_ip_type) { + case STC_FW_IP_RANGE: + case STC_FW_IP_MASK: + addr = g_try_malloc0(INET6_ADDRSTRLEN); + if (addr) { + inet_ntop(AF_INET6, &(rule->d_ip2.Ipv6), addr, INET6_ADDRSTRLEN); + g_variant_builder_add(&sub_builder, "{sv}", RULE_DIP2, + g_variant_new_string(addr)); + FREE(addr); + } + case STC_FW_IP_SINGLE: + addr = g_try_malloc0(INET6_ADDRSTRLEN); + if (addr) { + inet_ntop(AF_INET6, &(rule->d_ip1.Ipv6), addr, INET6_ADDRSTRLEN); + g_variant_builder_add(&sub_builder, "{sv}", RULE_DIP1, + g_variant_new_string(addr)); + FREE(addr); + } + break; + default: + break; + } + } + + g_variant_builder_add(&sub_builder, "{sv}", RULE_SPORT1, + g_variant_new_uint32(rule->s_port1)); + + g_variant_builder_add(&sub_builder, "{sv}", RULE_SPORT2, + g_variant_new_uint32(rule->s_port2)); + + g_variant_builder_add(&sub_builder, "{sv}", RULE_DPORT1, + g_variant_new_uint32(rule->d_port1)); + + g_variant_builder_add(&sub_builder, "{sv}", RULE_DPORT2, + g_variant_new_uint32(rule->d_port2)); + + if (rule->ifname) + g_variant_builder_add(&sub_builder, "{sv}", RULE_IFNAME, + g_variant_new_string(rule->ifname)); + + if (rule->target != STC_FW_RULE_TARGET_NONE) + g_variant_builder_add(&sub_builder, "{sv}", RULE_TARGET, + g_variant_new_uint16(rule->target)); + + g_variant_builder_add(&sub_builder, "{sv}", RULE_IDENTIFIER, + g_variant_new_string(rule->identifier)); + + g_variant_builder_add(&sub_builder, "{sv}", RULE_KEY, + g_variant_new_uint32(rule->key)); + + g_variant_builder_add_value(builder, g_variant_builder_end(&sub_builder)); +} + +static void __fw_rule_set_to_chain(gpointer data, gpointer user_data) +{ + firewall_rule_s *info = (firewall_rule_s *)data; + char *chain = (char *)user_data; + firewall_rule_s rule; + + if (chain && (g_strcmp0(info->chain, chain) != 0)) + return; + + memset(&rule, 0, sizeof(firewall_rule_s)); + memcpy(&rule, info, sizeof(firewall_rule_s)); + rule.chain = g_strdup(info->chain); + rule.ifname = g_strdup(info->ifname); + switch (rule.target) { + case STC_FW_RULE_TARGET_ACCEPT: + rule.target_str = g_strdup(FIREWALL_RULE_TARGET_ACCEPT); + break; + case STC_FW_RULE_TARGET_DROP: + rule.target_str = g_strdup(FIREWALL_RULE_TARGET_DROP); + break; + case STC_FW_RULE_TARGET_LOG: + rule.target_str = g_strdup(FIREWALL_RULE_TARGET_LOG); + break; + default: + break; + } + + firewall_rule_add(&rule); + + FREE(rule.chain); + FREE(rule.ifname); + FREE(rule.target_str); +} + +static void __fw_foreach_to_make_rule_param(gpointer key, gpointer value, + gpointer user_data) +{ + stc_fw_data_s *data = (stc_fw_data_s *)value; + + g_slist_foreach(data->rules, __fw_rule_make_params, user_data); +} + +static void __fw_foreach_to_set_rule_to_chain(gpointer key, gpointer value, + gpointer user_data) +{ + stc_fw_data_s *data = (stc_fw_data_s *)value; + char *chain = (char *)user_data; + + if (chain || (data->target != STC_FW_CHAIN_TARGET_NONE)) + g_slist_foreach(data->rules, __fw_rule_set_to_chain, user_data); +} + +static void __fw_foreach_to_set_chain(gpointer key, gpointer value, + gpointer user_data) +{ + char *chain = (char *)key; + stc_fw_data_s *data = (stc_fw_data_s *)value; + + if (data->target != STC_FW_CHAIN_TARGET_NONE) { + firewall_chain_s info; + memset(&info, 0, sizeof(firewall_chain_s)); + info.chain = chain; + info.target = data->target; + info.priority = data->priority; + firewall_chain_set(&info); + } +} + +static void __fw_foreach_to_add_chain(gpointer key, gpointer value, + gpointer user_data) +{ + char *chain = (char *)key; + stc_fw_data_s *data = (stc_fw_data_s *)value; + + if (data->target != STC_FW_CHAIN_TARGET_NONE) { + firewall_chain_s info; + memset(&info, 0, sizeof(firewall_chain_s)); + info.chain = chain; + info.target = data->target; + info.priority = data->priority; + firewall_chain_add(&info); + } +} + +static void __fw_chain_foreach(GHFunc func, void *user_data) +{ + g_hash_table_foreach(g_firewalls, func, user_data); +} + +stc_cb_ret_e __fw_table_chain_info_cb(const firewall_chain_s *info, + void *user_data) +{ + stc_fw_data_s *data; + + data = MALLOC0(stc_fw_data_s, 1); + if (!data) { + STC_LOGE("data allocation failed"); + return STC_CONTINUE; + } + + data->target = info->target; + data->priority = info->priority; + data->rules = NULL; + + g_hash_table_insert(g_firewalls, g_strdup(info->chain), data); + + return STC_CONTINUE; +} + +stc_cb_ret_e __fw_table_rule_info_cb(const firewall_rule_s *info, + void *user_data) +{ + stc_fw_data_s *lookup; + firewall_rule_s *rule; + + lookup = g_hash_table_lookup(g_firewalls, info->chain); + if (!lookup) { + STC_LOGE("chain not found"); + return STC_CONTINUE; + } + + rule = MALLOC0(firewall_rule_s, 1); + if (!rule) { + STC_LOGE("rule allocation failed"); + return STC_CONTINUE; + } + + memset(rule, 0, sizeof(firewall_rule_s)); + __fw_rule_copy(rule, info); + + lookup->rules = g_slist_append(lookup->rules, rule); + + return STC_CONTINUE; +} + +static stc_error_e __fw_rule_add(firewall_rule_s *info) +{ + stc_fw_data_s *lookup; + firewall_rule_s *rule; + GSList *comp; + + ret_value_msg_if(g_firewalls == NULL, + STC_ERROR_FAIL, + "firewall is not initialized!"); + + lookup = g_hash_table_lookup(g_firewalls, info->chain); + if (!lookup) { + STC_LOGE("chain not found"); + return STC_ERROR_NO_DATA; + } + + if (lookup->target != STC_FW_CHAIN_TARGET_NONE) { + STC_LOGE("can't be applied bcz chain is set"); + return STC_ERROR_INVALID_PARAMETER; + } + + rule = MALLOC0(firewall_rule_s, 1); + if (!rule) { + STC_LOGE("rule allocation failed"); + return STC_ERROR_OUT_OF_MEMORY; + } + + memset(rule, 0, sizeof(firewall_rule_s)); + __fw_rule_copy(rule, info); + __fw_rule_make_key(rule, info); + + comp = g_slist_find_custom(lookup->rules, rule, __fw_rule_comp); + if (comp) { + STC_LOGD("rule already present"); + return STC_ERROR_ALREADY_DATA; + } + + lookup->rules = g_slist_append(lookup->rules, rule); + + return STC_ERROR_NONE; +} + +static stc_error_e __fw_rule_remove(const firewall_rule_s *info) +{ + stc_fw_data_s *lookup; + GSList *rule_list; + GSList *comp; + firewall_rule_s *rule; + + ret_value_msg_if(g_firewalls == NULL, + STC_ERROR_FAIL, + "firewall is not initialized!"); + + lookup = g_hash_table_lookup(g_firewalls, info->chain); + if (!lookup) { + STC_LOGE("chain not found"); + return STC_ERROR_NO_DATA; + } + + if (lookup->target != STC_FW_CHAIN_TARGET_NONE) { + STC_LOGE("can't be applied bcz chain is set"); + return STC_ERROR_INVALID_PARAMETER; + } + + rule_list = lookup->rules; + comp = g_slist_find_custom(rule_list, info, __fw_rule_comp); + if (!comp) { + STC_LOGD("rule not found"); + return STC_ERROR_NO_DATA; + } + + rule = comp->data; + lookup->rules = g_slist_remove(lookup->rules, rule); + __fw_rule_free(rule); + + return STC_ERROR_NONE; +} + +static stc_error_e __fw_rule_update(const firewall_rule_s *info) +{ + stc_fw_data_s *lookup; + GSList *rule_list; + GSList *comp; + firewall_rule_s *rule; + + ret_value_msg_if(g_firewalls == NULL, + STC_ERROR_FAIL, + "firewall is not initialized!"); + + lookup = g_hash_table_lookup(g_firewalls, info->chain); + if (!lookup) { + STC_LOGE("chain not found"); + return STC_ERROR_NO_DATA; + } + + if (lookup->target != STC_FW_CHAIN_TARGET_NONE) { + STC_LOGE("can't be applied bcz chain is set"); + return STC_ERROR_INVALID_PARAMETER; + } + + rule_list = lookup->rules; + comp = g_slist_find_custom(rule_list, info, __fw_rule_comp); + if (!comp) { + STC_LOGD("rule not found"); + return STC_ERROR_NO_DATA; + } + + rule = comp->data; + __fw_rule_copy(rule, info); + + return STC_ERROR_NONE; +} + +static void __fw_rule_extract(const char *key, GVariant *value, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + + firewall_rule_s *rule = (firewall_rule_s *)user_data; + if (rule == NULL) { + __STC_LOG_FUNC_EXIT__; + return; + } + + if (g_strcmp0(key, RULE_CHAIN) == 0) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + rule->chain = g_strdup(str); + STC_LOGD("%s: [%s]", RULE_CHAIN, rule->chain); + + } else if (g_strcmp0(key, RULE_DIRECTION) == 0) { + rule->direction = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_DIRECTION, rule->direction); + + } else if (g_strcmp0(key, RULE_SIPTYPE) == 0) { + rule->s_ip_type = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_SIPTYPE, rule->s_ip_type); + + } else if (g_strcmp0(key, RULE_DIPTYPE) == 0) { + rule->d_ip_type = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_DIPTYPE, rule->d_ip_type); + + } else if (g_strcmp0(key, RULE_SPORTTYPE) == 0) { + rule->s_port_type = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_SPORTTYPE, rule->s_port_type); + + } else if (g_strcmp0(key, RULE_DPORTTYPE) == 0) { + rule->d_port_type = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_DPORTTYPE, rule->d_port_type); + + } else if (g_strcmp0(key, RULE_PROTOCOL) == 0) { + rule->protocol = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_PROTOCOL, rule->protocol); + + } else if (g_strcmp0(key, RULE_FAMILY) == 0) { + rule->family = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_FAMILY, rule->family); + + } else if (g_strcmp0(key, RULE_SIP1) == 0) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->s_ip1.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_SIP1, rule->s_ip1.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->s_ip1.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP1, + rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1], + rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]); + } + + } else if (g_strcmp0(key, RULE_SIP2) == 0) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->s_ip2.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_SIP2, rule->s_ip2.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->s_ip2.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_SIP2, + rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1], + rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]); + } + + } else if (g_strcmp0(key, RULE_DIP1) == 0) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->d_ip1.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_DIP1, rule->d_ip1.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->d_ip1.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP1, + rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1], + rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]); + } + + } else if (g_strcmp0(key, RULE_DIP2) == 0) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + if (rule->family == STC_FW_FAMILY_V4) { + inet_pton(AF_INET, str, &(rule->d_ip2.Ipv4)); + STC_LOGD("%s: [%08x]", RULE_DIP2, rule->d_ip2.Ipv4.s_addr); + } else if (rule->family == STC_FW_FAMILY_V6) { + inet_pton(AF_INET6, str, &(rule->d_ip2.Ipv6)); + STC_LOGD("%s: [%08x:%08x:%08x:%08x]", RULE_DIP2, + rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1], + rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]); + } + + } else if (g_strcmp0(key, RULE_SPORT1) == 0) { + rule->s_port1 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_SPORT1, rule->s_port1); + + } else if (g_strcmp0(key, RULE_SPORT2) == 0) { + rule->s_port2 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_SPORT2, rule->s_port2); + + } else if (g_strcmp0(key, RULE_DPORT1) == 0) { + rule->d_port1 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_DPORT1, rule->d_port1); + + } else if (g_strcmp0(key, RULE_DPORT2) == 0) { + rule->d_port2 = g_variant_get_uint32(value); + STC_LOGD("%s: [%04x]", RULE_DPORT2, rule->d_port2); + + } else if (g_strcmp0(key, RULE_IFNAME) == 0) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + rule->ifname = g_strdup(str); + STC_LOGD("%s: [%s]", RULE_IFNAME, rule->ifname); + + } else if (g_strcmp0(key, RULE_TARGET) == 0) { + rule->target = g_variant_get_uint16(value); + STC_LOGD("%s: [%u]", RULE_TARGET, rule->target); + + } else if (g_strcmp0(key, RULE_IDENTIFIER) == 0) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + rule->identifier = g_strdup(str); + STC_LOGD("%s: [%s]", RULE_IDENTIFIER, rule->identifier); + + } else if (g_strcmp0(key, RULE_KEY) == 0) { + rule->key = g_variant_get_uint32(value); + STC_LOGD("%s: [%u]", RULE_KEY, rule->key); + + } else { + STC_LOGD("Unknown rule [%s]", key); + } + + __STC_LOG_FUNC_EXIT__; +} + +gboolean __validate_fw_rule(firewall_rule_s *rule) +{ + __STC_LOG_FUNC_ENTER__; + + if (rule == NULL) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + + if (rule->chain == NULL) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + + if (rule->direction > STC_FW_DIRECTION_OUT) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + + if (rule->s_ip_type > STC_FW_IP_RANGE) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + + if (rule->d_ip_type > STC_FW_IP_RANGE) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + + if (rule->s_port_type > STC_FW_PORT_RANGE) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + + if (rule->d_port_type > STC_FW_PORT_RANGE) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + + if (rule->protocol > STC_FW_PROTOCOL_ALL) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + + if (rule->family > STC_FW_FAMILY_V6) { + __STC_LOG_FUNC_EXIT__; + return FALSE; + } + + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +void stc_firewall_init(void) +{ + int ret = STC_ERROR_NONE; + + g_firewalls = g_hash_table_new_full(g_str_hash, + g_str_equal, g_free, __fw_data_free); + + ret = table_firewall_get_lock(LOCK_NAME, &g_lock_state); + if (ret != STC_ERROR_NONE) + table_firewall_insert_lock(LOCK_NAME, FIREWALL_UNLOCKED); + + if (g_lock_state == FIREWALL_UNKONWN) + g_lock_state = FIREWALL_UNLOCKED; + + table_firewall_foreach_chain(__fw_table_chain_info_cb, NULL); + table_firewall_foreach_rule(__fw_table_rule_info_cb, NULL); +} + +void stc_firewall_update(void) +{ + __fw_chain_foreach(__fw_foreach_to_add_chain, NULL); + __fw_chain_foreach(__fw_foreach_to_set_rule_to_chain, NULL); + __fw_chain_foreach(__fw_foreach_to_set_chain, NULL); +} + +void stc_firewall_deinit(void) +{ + if (g_firewalls) { + g_hash_table_destroy(g_firewalls); + g_firewalls = NULL; + } +} + +gboolean handle_firewall_lock(StcFirewall *object, + GDBusMethodInvocation *invocation, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + int ret = STC_ERROR_NONE; + + ret = table_firewall_update_lock(LOCK_NAME, FIREWALL_LOCKED); + if (ret != STC_ERROR_NONE) + table_firewall_insert_lock(LOCK_NAME, FIREWALL_LOCKED); + + g_lock_state = FIREWALL_LOCKED; + + STC_DBUS_REPLY_ERROR_NONE(invocation); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_unlock(StcFirewall *object, + GDBusMethodInvocation *invocation, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + int ret = STC_ERROR_NONE; + + ret = table_firewall_update_lock(LOCK_NAME, FIREWALL_UNLOCKED); + if (ret != STC_ERROR_NONE) + table_firewall_insert_lock(LOCK_NAME, FIREWALL_UNLOCKED); + + g_lock_state = FIREWALL_UNLOCKED; + + STC_DBUS_REPLY_ERROR_NONE(invocation); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_get_lock(StcFirewall *object, + GDBusMethodInvocation *invocation, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + int ret = STC_ERROR_NONE; + GVariant *return_parameters = NULL; + + if (g_lock_state == FIREWALL_UNKONWN) { + ret = table_firewall_get_lock(LOCK_NAME, &g_lock_state); + if (ret != STC_ERROR_NONE) + table_firewall_insert_lock(LOCK_NAME, FIREWALL_UNLOCKED); + + if (g_lock_state == FIREWALL_UNKONWN) + g_lock_state = FIREWALL_UNLOCKED; + } + + return_parameters = g_variant_new("(i)", g_lock_state); + STC_DBUS_REPLY(invocation, return_parameters); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_add_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + gchar *chain, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + firewall_chain_s info; + int ret = STC_ERROR_NONE; + + STC_FIREWALL_CHECK_LOCK_STATE(invocation); + + if (chain == NULL) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_INVALID_PARAMETER); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + ret = __fw_chain_add(chain); + if (ret == STC_ERROR_NONE) { + memset(&info, 0, sizeof(firewall_chain_s)); + info.chain = chain; + info.priority = 0; + info.target = STC_FW_CHAIN_TARGET_NONE; + table_firewall_insert_chain(&info); + } else { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + STC_DBUS_REPLY_ERROR_NONE(invocation); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_remove_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + gchar *chain, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + firewall_chain_s info; + int ret = STC_ERROR_NONE; + + STC_FIREWALL_CHECK_LOCK_STATE(invocation); + + if (chain == NULL) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_INVALID_PARAMETER); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + ret = __fw_chain_remove(chain); + if (ret == STC_ERROR_NONE) { + memset(&info, 0, sizeof(firewall_chain_s)); + info.chain = chain; + table_firewall_flush_chain(&info); + table_firewall_delete_chain(&info); + } else { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + STC_DBUS_REPLY_ERROR_NONE(invocation); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_flush_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + gchar *chain, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + firewall_chain_s info; + int ret = STC_ERROR_NONE; + + STC_FIREWALL_CHECK_LOCK_STATE(invocation); + + if (chain == NULL) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_INVALID_PARAMETER); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + ret = __fw_chain_flush(chain); + if (ret == STC_ERROR_NONE) { + memset(&info, 0, sizeof(firewall_chain_s)); + info.chain = chain; + table_firewall_flush_chain(&info); + } else { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + STC_DBUS_REPLY_ERROR_NONE(invocation); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_get_all_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + GVariantBuilder *builder = NULL; + GVariant *return_parameters = NULL; + + STC_FIREWALL_CHECK_LOCK_STATE(invocation); + + builder = g_variant_builder_new(G_VARIANT_TYPE("aa{sv}")); + + __fw_chain_foreach(__fw_chain_make_params, builder); + + return_parameters = g_variant_new("(aa{sv})", builder); + g_variant_builder_unref(builder); + + DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters); + STC_DBUS_REPLY(invocation, return_parameters); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_set_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + gchar *chain, + unsigned int target, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + stc_fw_data_s *lookup = NULL; + stc_fw_data_s data; + firewall_chain_s info; + uint priority; + int ret = STC_ERROR_NONE; + + STC_FIREWALL_CHECK_LOCK_STATE(invocation); + + if (chain == NULL || + target > STC_FW_CHAIN_TARGET_OUTPUT) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_INVALID_PARAMETER); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + lookup = __fw_chain_get(chain); + if (lookup == NULL) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_NO_DATA); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + if (lookup->target != STC_FW_CHAIN_TARGET_NONE) { + STC_LOGE("chain is already set"); + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_INVALID_PARAMETER); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + /* stc-iptables */ + memset(&info, 0, sizeof(firewall_chain_s)); + info.chain = chain; + info.target = target; + + ret = firewall_chain_add(&info); + if (ret != STC_ERROR_NONE) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + __fw_chain_foreach(__fw_foreach_to_set_rule_to_chain, chain); + + ret = firewall_chain_set(&info); + if (ret != STC_ERROR_NONE) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + /* stc-iptables */ + + priority = g_chain_priority + 1; + + memset(&data, 0, sizeof(stc_fw_data_s)); + data.target = target; + data.priority = priority; + + ret = __fw_chain_set(chain, data); + if (ret == STC_ERROR_NONE) { + info.priority = priority; + table_firewall_update_chain(&info); + g_chain_priority = priority; + } else { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + STC_DBUS_REPLY_ERROR_NONE(invocation); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_unset_chain(StcFirewall *object, + GDBusMethodInvocation *invocation, + gchar *chain, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + stc_fw_data_s *lookup = NULL; + firewall_chain_s info; + int ret = STC_ERROR_NONE; + + STC_FIREWALL_CHECK_LOCK_STATE(invocation); + + if (chain == NULL) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_INVALID_PARAMETER); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + lookup = __fw_chain_get(chain); + if (lookup == NULL) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_NO_DATA); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + if (lookup->target == STC_FW_CHAIN_TARGET_NONE) { + STC_LOGE("chain is not set"); + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_INVALID_PARAMETER); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + /* stc-iptables */ + memset(&info, 0, sizeof(firewall_chain_s)); + info.chain = chain; + info.target = lookup->target; + + ret = firewall_chain_unset(&info); + if (ret != STC_ERROR_NONE) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + ret = firewall_chain_remove(&info); + if (ret != STC_ERROR_NONE) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + /* stc-iptables */ + + ret = __fw_chain_unset(chain); + if (ret == STC_ERROR_NONE) { + info.target = STC_FW_CHAIN_TARGET_NONE; + info.priority = 0; + table_firewall_update_chain(&info); + } else { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + STC_DBUS_REPLY_ERROR_NONE(invocation); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_add_rule(StcFirewall *object, + GDBusMethodInvocation *invocation, + GVariant *parameters, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + GVariantIter *iter = NULL; + firewall_rule_s *rule; + int ret = STC_ERROR_NONE; + + STC_FIREWALL_CHECK_LOCK_STATE(invocation); + + rule = MALLOC0(firewall_rule_s, 1); + if (!rule) { + STC_LOGE("rule allocation failed"); + return STC_ERROR_OUT_OF_MEMORY; + } + + memset(rule, 0, sizeof(firewall_rule_s)); + + g_variant_get(parameters, "a{sv}", &iter); + if (iter != NULL) { + stc_manager_gdbus_dict_foreach(iter, + __fw_rule_extract, + rule); + g_variant_iter_free(iter); + } + + if (__validate_fw_rule(rule) == FALSE) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_INVALID_PARAMETER); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + ret = __fw_rule_add(rule); + if (ret == STC_ERROR_NONE) { + table_firewall_insert_rule(rule); + } else { + __fw_rule_free(rule); + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + __fw_rule_free(rule); + STC_DBUS_REPLY_ERROR_NONE(invocation); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_remove_rule(StcFirewall *object, + GDBusMethodInvocation *invocation, + GVariant *parameters, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + GVariantIter *iter = NULL; + firewall_rule_s *rule; + int ret = STC_ERROR_NONE; + + STC_FIREWALL_CHECK_LOCK_STATE(invocation); + + rule = MALLOC0(firewall_rule_s, 1); + if (!rule) { + STC_LOGE("rule allocation failed"); + return STC_ERROR_OUT_OF_MEMORY; + } + + memset(rule, 0, sizeof(firewall_rule_s)); + + g_variant_get(parameters, "a{sv}", &iter); + if (iter != NULL) { + stc_manager_gdbus_dict_foreach(iter, + __fw_rule_extract, + rule); + g_variant_iter_free(iter); + } + + if (__validate_fw_rule(rule) == FALSE) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_INVALID_PARAMETER); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + ret = __fw_rule_remove(rule); + if (ret == STC_ERROR_NONE) { + table_firewall_delete_rule(rule); + } else { + __fw_rule_free(rule); + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + __fw_rule_free(rule); + STC_DBUS_REPLY_ERROR_NONE(invocation); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_update_rule(StcFirewall *object, + GDBusMethodInvocation *invocation, + GVariant *parameters, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + GVariantIter *iter = NULL; + firewall_rule_s *rule; + int ret = STC_ERROR_NONE; + + STC_FIREWALL_CHECK_LOCK_STATE(invocation); + + rule = MALLOC0(firewall_rule_s, 1); + if (!rule) { + STC_LOGE("rule allocation failed"); + return STC_ERROR_OUT_OF_MEMORY; + } + + memset(rule, 0, sizeof(firewall_rule_s)); + + g_variant_get(parameters, "a{sv}", &iter); + if (iter != NULL) { + stc_manager_gdbus_dict_foreach(iter, + __fw_rule_extract, + rule); + g_variant_iter_free(iter); + } + + if (__validate_fw_rule(rule) == FALSE) { + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, + STC_ERROR_INVALID_PARAMETER); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + ret = __fw_rule_update(rule); + if (ret == STC_ERROR_NONE) { + table_firewall_update_rule(rule); + } else { + __fw_rule_free(rule); + STC_FIREWALL_DBUS_REPLY_ERROR(invocation, ret); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + __fw_rule_free(rule); + STC_DBUS_REPLY_ERROR_NONE(invocation); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} + +gboolean handle_firewall_get_all_rule(StcFirewall *object, + GDBusMethodInvocation *invocation, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + GVariantBuilder *builder = NULL; + GVariant *return_parameters = NULL; + + STC_FIREWALL_CHECK_LOCK_STATE(invocation); + + builder = g_variant_builder_new(G_VARIANT_TYPE("aa{sv}")); + + __fw_chain_foreach(__fw_foreach_to_make_rule_param, builder); + + return_parameters = g_variant_new("(aa{sv})", builder); + g_variant_builder_unref(builder); + + DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters); + STC_DBUS_REPLY(invocation, return_parameters); + __STC_LOG_FUNC_EXIT__; + return TRUE; +} diff --git a/src/stc-manager-gdbus.c b/src/stc-manager-gdbus.c index a321a4c..75b93b1 100755 --- a/src/stc-manager-gdbus.c +++ b/src/stc-manager-gdbus.c @@ -18,6 +18,7 @@ #include "stc-manager.h" #include "stc-statistics.h" #include "stc-restriction.h" +#include "stc-firewall.h" #include "stc-default-connection.h" #include "stc-manager-plugin-appstatus.h" #include "stc-manager-plugin-procfs.h" @@ -130,6 +131,89 @@ static gboolean __stc_manager_gdbus_restriction_init(stc_s *stc) return ret; } +static gboolean __stc_manager_gdbus_firewall_init(stc_s *stc) +{ + __STC_LOG_FUNC_ENTER__; + gboolean ret = TRUE; + gchar *s = NULL; + + StcObjectSkeleton *object = NULL; + StcFirewall *firewall = NULL; + s = g_strdup_printf(STC_DBUS_SERVICE_FIREWALL_PATH); + + /* Add interface to default object path */ + object = stc_object_skeleton_new(s); + g_free(s); + + firewall = stc_firewall_skeleton_new(); + stc_object_skeleton_set_firewall(object, firewall); + g_object_unref(firewall); + + /* Register for method callbacks as signal callbacks */ + + g_signal_connect(firewall, "handle-lock", + G_CALLBACK(handle_firewall_lock), + stc); + + g_signal_connect(firewall, "handle-unlock", + G_CALLBACK(handle_firewall_unlock), + stc); + + g_signal_connect(firewall, "handle-get-lock", + G_CALLBACK(handle_firewall_get_lock), + stc); + + g_signal_connect(firewall, "handle-add-chain", + G_CALLBACK(handle_firewall_add_chain), + stc); + + g_signal_connect(firewall, "handle-remove-chain", + G_CALLBACK(handle_firewall_remove_chain), + stc); + + g_signal_connect(firewall, "handle-flush-chain", + G_CALLBACK(handle_firewall_flush_chain), + stc); + + g_signal_connect(firewall, "handle-get-all-chain", + G_CALLBACK(handle_firewall_get_all_chain), + stc); + + g_signal_connect(firewall, "handle-set-chain", + G_CALLBACK(handle_firewall_set_chain), + stc); + + g_signal_connect(firewall, "handle-unset-chain", + G_CALLBACK(handle_firewall_unset_chain), + stc); + + g_signal_connect(firewall, "handle-add-rule", + G_CALLBACK(handle_firewall_add_rule), + stc); + + g_signal_connect(firewall, "handle-remove-rule", + G_CALLBACK(handle_firewall_remove_rule), + stc); + + g_signal_connect(firewall, "handle-update-rule", + G_CALLBACK(handle_firewall_update_rule), + stc); + + g_signal_connect(firewall, "handle-get-all-rule", + G_CALLBACK(handle_firewall_get_all_rule), + stc); + + /* Export the object (@manager takes its own reference to @object) */ + g_dbus_object_manager_server_export(stc->obj_mgr, + G_DBUS_OBJECT_SKELETON(object)); + g_object_unref(object); + + stc->firewall_obj = (gpointer)firewall; + + __STC_LOG_FUNC_EXIT__; + return ret; +} + static gboolean __stc_manager_gdbus_manager_init(stc_s *stc) { __STC_LOG_FUNC_ENTER__; @@ -184,6 +268,11 @@ static void __stc_manager_gdbus_on_bus_acquired(GDBusConnection *connection, /* Deinitialize and quit manager */ } + if (__stc_manager_gdbus_firewall_init(stc) == FALSE) { + STC_LOGE("Cannot signal connect to firewall"); //LCOV_EXCL_LINE + /* Deinitialize and quit manager */ + } + if (__stc_manager_gdbus_manager_init(stc) == FALSE) { STC_LOGE("Cannot signal connect to manager"); //LCOV_EXCL_LINE /* Deinitialize and quit manager */ @@ -246,6 +335,7 @@ void stc_manager_gdbus_deinit(gpointer stc_data) stc->statistics_obj = NULL; stc->restriction_obj = NULL; + stc->firewall_obj = NULL; stc->manager_obj = NULL; __STC_LOG_FUNC_EXIT__; } diff --git a/src/stc-manager.c b/src/stc-manager.c index 8317d4f..0da9bf4 100755 --- a/src/stc-manager.c +++ b/src/stc-manager.c @@ -25,6 +25,7 @@ #include "helper-nfacct-rule.h" #include "helper-iptables.h" #include "stc-monitor.h" +#include "stc-firewall.h" #include "stc-manager-plugin-appstatus.h" #include "stc-manager-plugin-exception.h" #include "stc-manager-plugin-procfs.h" @@ -65,6 +66,8 @@ static void __stc_manager_deinit(void) stc_manager_gdbus_deinit((gpointer)g_stc); + stc_firewall_deinit(); + stc_plugin_appstatus_deinit(); stc_plugin_exception_deinit(); stc_plugin_procfs_deinit(); @@ -97,6 +100,8 @@ static stc_s *__stc_manager_init(void) stc_plugin_exception_init(); stc_plugin_procfs_init(); + stc_firewall_init(); + err = stc_monitor_init(); if (err != STC_ERROR_NONE) goto handle_error; diff --git a/src/stc-restriction.c b/src/stc-restriction.c index cb3a382..e39575a 100755 --- a/src/stc-restriction.c +++ b/src/stc-restriction.c @@ -34,7 +34,9 @@ static const gchar *stc_err_strs[] = { "OUT_OF_MEMORY", "INVALID_PARAMETER", "NO_DATA", + "ALREADY_DATA", "UNINITIALIZED", + "PERMISSION_DENIED", "NOTIMPL" }; diff --git a/src/stc-statistics.c b/src/stc-statistics.c index 70cf48c..f2ff8e9 100755 --- a/src/stc-statistics.c +++ b/src/stc-statistics.c @@ -21,9 +21,6 @@ #define STATISTICS_DBUS_ERROR_NAME "net.stc.statistics.Error.Failed" -#define STC_DBUS_REPLY(invocation, parameters) \ - g_dbus_method_invocation_return_value((invocation), parameters); - #define STC_STATISTICS_DBUS_REPLY_ERROR(invocation, err_num) \ g_dbus_method_invocation_return_dbus_error((invocation), \ STATISTICS_DBUS_ERROR_NAME, \ @@ -36,7 +33,9 @@ static const gchar *stc_err_strs[] = { "OUT_OF_MEMORY", "INVALID_PARAMETER", "NO_DATA", + "ALREADY_DATA", "UNINITIALIZED", + "PERMISSION_DENIED", "NOTIMPL" }; -- 2.7.4 From d57d0ad0edf5d766390dd7b8e59f1f75f48a00f9 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Thu, 12 Apr 2018 15:36:05 +0900 Subject: [PATCH 11/16] Added dbus method to commit iptables Change-Id: I20c7623d92421a7d04c23e9a96ebc6708340f047 Signed-off-by: hyunuktak --- include/stc-manager-gdbus.h | 5 +++ include/stc-manager.h | 6 ++++ interfaces/stcmanager-iface-manager.xml | 6 ++++ packaging/stc-manager.spec | 2 +- src/stc-manager-gdbus.c | 57 +++++++++++++++++++++++++++++ src/stc-manager.c | 63 +++++++++++++++++++++++++++++++++ 6 files changed, 138 insertions(+), 1 deletion(-) diff --git a/include/stc-manager-gdbus.h b/include/stc-manager-gdbus.h index 4b6a50f..b422b62 100755 --- a/include/stc-manager-gdbus.h +++ b/include/stc-manager-gdbus.h @@ -83,4 +83,9 @@ gboolean stc_manager_dbus_emit_signal(GDBusConnection *connection, gboolean handle_manager_stop(StcManager *object, GDBusMethodInvocation *invocation); +gboolean handle_manager_commit_iptables(StcManager *object, + GDBusMethodInvocation *invocation, + const gchar *option, + void *user_data); + #endif /* __STC_MANAGER_GDBUS_H__ */ diff --git a/include/stc-manager.h b/include/stc-manager.h index c6a8f8e..e084037 100755 --- a/include/stc-manager.h +++ b/include/stc-manager.h @@ -31,6 +31,11 @@ #define STC_TOTAL_IPV4 "TOTAL_IPV4" #define STC_TOTAL_IPV6 "TOTAL_IPV6" +#define STC_IPTABLES "/usr/sbin/iptables" +#define STC_IP6TABLES "/usr/sbin/ip6tables" + +#define STC_CMD_SIZE 256 + #define STC_DEBUG_LOG (stc_util_get_debuglog()) typedef enum { @@ -236,5 +241,6 @@ typedef struct { stc_s *stc_get_manager(void); void stc_stop_manager(void); +int stc_commit_iptables(char *cmd, int *err_num, char **err_str); #endif /* __STC_MANAGER__ */ diff --git a/interfaces/stcmanager-iface-manager.xml b/interfaces/stcmanager-iface-manager.xml index f5a9167..33697b4 100644 --- a/interfaces/stcmanager-iface-manager.xml +++ b/interfaces/stcmanager-iface-manager.xml @@ -3,5 +3,11 @@ + + + + + + diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 6dca357..6ce22de 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.55 +Version: 0.0.56 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/stc-manager-gdbus.c b/src/stc-manager-gdbus.c index 75b93b1..2abe2c1 100755 --- a/src/stc-manager-gdbus.c +++ b/src/stc-manager-gdbus.c @@ -20,10 +20,31 @@ #include "stc-restriction.h" #include "stc-firewall.h" #include "stc-default-connection.h" +#include "stc-manager-util.h" #include "stc-manager-plugin-appstatus.h" #include "stc-manager-plugin-procfs.h" #include "helper-iptables.h" +#define MANAGER_DBUS_ERROR_NAME "net.stc.manager.Error.Failed" + +#define STC_MANAGER_DBUS_REPLY_ERROR(invocation, err_num) \ + g_dbus_method_invocation_return_dbus_error((invocation), \ + MANAGER_DBUS_ERROR_NAME, \ + stc_err_strs[-(err_num)]) + +static const gchar *stc_err_strs[] = { + "ERROR_NONE", + "FAIL", + "DB_FAILED", + "OUT_OF_MEMORY", + "INVALID_PARAMETER", + "NO_DATA", + "ALREADY_DATA", + "UNINITIALIZED", + "PERMISSION_DENIED", + "NOTIMPL" +}; + static gboolean __stc_manager_gdbus_statistics_init(stc_s *stc) { __STC_LOG_FUNC_ENTER__; @@ -234,6 +255,9 @@ static gboolean __stc_manager_gdbus_manager_init(stc_s *stc) g_signal_connect(manager, "handle-stop", G_CALLBACK(handle_manager_stop), stc); + g_signal_connect(manager, "handle-commit-iptables", + G_CALLBACK(handle_manager_commit_iptables), stc); + g_dbus_object_manager_server_export(stc->obj_mgr, G_DBUS_OBJECT_SKELETON(object)); g_object_unref(object); @@ -494,3 +518,36 @@ gboolean handle_manager_stop(StcManager *object, __STC_LOG_FUNC_EXIT__; return TRUE; } + +gboolean handle_manager_commit_iptables(StcManager *object, + GDBusMethodInvocation *invocation, + const gchar *option, + void *user_data) +{ + __STC_LOG_FUNC_ENTER__; + GVariant *return_parameters = NULL; + int ret = STC_ERROR_NONE; + int err_num = 0; + char *err_str = NULL; + char cmd[STC_CMD_SIZE] = { 0, }; + + if (option == NULL) { + STC_MANAGER_DBUS_REPLY_ERROR(invocation, + STC_ERROR_INVALID_PARAMETER); + __STC_LOG_FUNC_EXIT__; + return TRUE; + } + + STC_LOGD("[%s]", option); + g_snprintf(cmd, STC_CMD_SIZE, "%s %s", STC_IPTABLES, option); + + ret = stc_commit_iptables(cmd, &err_num, &err_str); + + return_parameters = g_variant_new("(iis)", ret, err_num, err_str); + + DEBUG_GDBUS_VARIANT("Return parameters: ", return_parameters); + STC_DBUS_REPLY(invocation, return_parameters); + + __STC_LOG_FUNC_EXIT__; + return TRUE; +} diff --git a/src/stc-manager.c b/src/stc-manager.c index 0da9bf4..799839e 100755 --- a/src/stc-manager.c +++ b/src/stc-manager.c @@ -15,6 +15,8 @@ */ #include +#include +#include #include "stc-manager.h" #include "stc-emulator.h" #include "stc-manager-gdbus.h" @@ -30,6 +32,8 @@ #include "stc-manager-plugin-exception.h" #include "stc-manager-plugin-procfs.h" +#define BUF_SIZE_FOR_ERR 100 + static stc_s *g_stc = NULL; /* @@ -129,6 +133,65 @@ void stc_stop_manager(void) g_main_loop_quit(g_stc->main_loop); } +int stc_commit_iptables(char *cmd, int *err_num, char **err_str) +{ + pid_t pid = 0; + int status = 0; + int ret = 0; + char err_buf[BUF_SIZE_FOR_ERR] = { 0, }; + gchar **args = NULL; + + if (cmd == NULL) { + STC_LOGE("Invalid arguments"); + return STC_ERROR_INVALID_PARAMETER; + } + + args = g_strsplit_set(cmd, " ", -1); + + errno = 0; + pid = fork(); + + if (pid == 0) { + errno = 0; + if (execv(args[0], args) == -1) { + STC_LOGE("Failed to execute [%s]", err_str); + g_strfreev(args); + exit(-1); + } + } else if (pid > 0) { + if (waitpid(pid, &status, 0) == -1) + STC_LOGD("wait pid [%u] status [%d] ", pid, status); + + if (WIFEXITED(status)) { + ret = WEXITSTATUS(status); + STC_LOGD("exited, status [%d]", status); + } else if (WIFSIGNALED(status)) { + STC_LOGD("killed by signal [%d]", WTERMSIG(status)); + } else if (WIFSTOPPED(status)) { + STC_LOGD("stopped by signal [%d]", WSTOPSIG(status)); + } else if (WIFCONTINUED(status)) { + STC_LOGD("continued"); + } + + *err_num = ret; + *err_str = strerror_r(ret, err_buf, BUF_SIZE_FOR_ERR); + STC_LOGD("return err_num [%d] err_str [%s]", *err_num, *err_str); + + g_strfreev(args); + if (ret == 0) + return STC_ERROR_NONE; + else + return STC_ERROR_FAIL; + } + + *err_num = errno; + *err_str = strerror_r(errno, err_buf, BUF_SIZE_FOR_ERR); + STC_LOGD("Failed to fork [%d:%s]", *err_num, *err_str); + + g_strfreev(args); + return STC_ERROR_FAIL; +} + gint32 main(gint32 argc, gchar *argv[]) { GMainLoop *main_loop = NULL; -- 2.7.4 From ad1f412253fd6206aa1bd9ccb8f2a63c6e12365f Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 18 Apr 2018 14:43:53 +0900 Subject: [PATCH 12/16] Fixed dbus/cynara policy Change-Id: I6949b1926c998302975eb21fe05270221ef21b88 Signed-off-by: hyunuktak --- packaging/stc-manager.spec | 2 +- resources/dbus/stc-manager.conf | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 6ce22de..3242bd4 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.56 +Version: 0.0.57 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/resources/dbus/stc-manager.conf b/resources/dbus/stc-manager.conf index 385ce13..9143506 100755 --- a/resources/dbus/stc-manager.conf +++ b/resources/dbus/stc-manager.conf @@ -4,12 +4,15 @@ - - + + + + + -- 2.7.4 From 3937fa06fa5d18d697e25e9ec71a06cf6fb782c3 Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Thu, 19 Apr 2018 11:15:31 +0900 Subject: [PATCH 13/16] Fixed coverity issues for resource leak Change-Id: Ic47d2c90497432236c69595b3d0b20a8bbce5a96 Signed-off-by: hyunuktak --- src/stc-firewall.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/stc-firewall.c b/src/stc-firewall.c index b0a66bb..236169b 100755 --- a/src/stc-firewall.c +++ b/src/stc-firewall.c @@ -1403,6 +1403,7 @@ gboolean handle_firewall_add_rule(StcFirewall *object, } if (__validate_fw_rule(rule) == FALSE) { + __fw_rule_free(rule); STC_FIREWALL_DBUS_REPLY_ERROR(invocation, STC_ERROR_INVALID_PARAMETER); __STC_LOG_FUNC_EXIT__; @@ -1454,6 +1455,7 @@ gboolean handle_firewall_remove_rule(StcFirewall *object, } if (__validate_fw_rule(rule) == FALSE) { + __fw_rule_free(rule); STC_FIREWALL_DBUS_REPLY_ERROR(invocation, STC_ERROR_INVALID_PARAMETER); __STC_LOG_FUNC_EXIT__; @@ -1505,6 +1507,7 @@ gboolean handle_firewall_update_rule(StcFirewall *object, } if (__validate_fw_rule(rule) == FALSE) { + __fw_rule_free(rule); STC_FIREWALL_DBUS_REPLY_ERROR(invocation, STC_ERROR_INVALID_PARAMETER); __STC_LOG_FUNC_EXIT__; -- 2.7.4 From 8d39291058bd5e6c9c40fb81a7e51f75b7a091ca Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Fri, 20 Apr 2018 13:55:23 +0900 Subject: [PATCH 14/16] Set debug log state in procfs Change-Id: Ie87afa1d649a3a4f4a029d5b76a3737eb1600afc Signed-off-by: hyunuktak --- plugin/procfs/stc-plugin-procfs.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/plugin/procfs/stc-plugin-procfs.c b/plugin/procfs/stc-plugin-procfs.c index 28c5c9f..df69301 100755 --- a/plugin/procfs/stc-plugin-procfs.c +++ b/plugin/procfs/stc-plugin-procfs.c @@ -166,8 +166,9 @@ static void __proc_tree_add(proc_key_s *key, return; } - STC_LOGD("cmdline [%s] pid[%s] ppid[%s]", value->cmdline, - value->status[PROC_STATUS_PID], value->status[PROC_STATUS_PPID]); + if (STC_DEBUG_LOG) + STC_LOGD("cmdline [%s] pid[%s] ppid[%s]", value->cmdline, + value->status[PROC_STATUS_PID], value->status[PROC_STATUS_PPID]); g_tree_insert(proc_tree, key, value); @@ -552,7 +553,7 @@ stc_error_e stc_plugin_procfs_status_changed(stc_cmd_type_e cmd, { stc_error_e ret = STC_ERROR_NONE; - if (pkg_id && app_id) + if ((pkg_id && app_id) && STC_DEBUG_LOG) STC_LOGD("cmd [%d] pkgid [%s] appid [%s] pid[%d] type [%d]", cmd, pkg_id, app_id, pid, app_type); -- 2.7.4 From a7c17169d5077788c3ce785cc144f827742642cb Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 2 May 2018 15:28:54 +0900 Subject: [PATCH 15/16] Replaced type from state for restriction Change-Id: Ib2575dc03a4447a4dd1878625580f353b474c927 Signed-off-by: hyunuktak --- data/traffic_db.sql | 2 +- include/stc-manager.h | 14 +++--- include/stc-restriction.h | 12 ++--- interfaces/stcmanager-iface-firewall.xml | 1 + interfaces/stcmanager-iface-restriction.xml | 4 +- packaging/stc-manager.spec | 2 +- plugin/appstatus/stc-plugin-appstatus.c | 1 - src/database/include/table-restrictions.h | 10 ++-- src/database/tables/table-restrictions.c | 74 ++++++++++++++--------------- src/helper/helper-nfacct-rule.h | 4 +- src/monitor/include/stc-monitor.h | 4 +- src/monitor/stc-monitor.c | 44 ++++++++--------- src/stc-manager-gdbus.c | 4 +- src/stc-restriction.c | 22 ++++----- 14 files changed, 99 insertions(+), 99 deletions(-) diff --git a/data/traffic_db.sql b/data/traffic_db.sql index c305dbd..1444598 100644 --- a/data/traffic_db.sql +++ b/data/traffic_db.sql @@ -20,7 +20,7 @@ CREATE TABLE IF NOT EXISTS restrictions ( binpath TEXT, iftype INT, ifname TEXT, - rst_type INT, + rstn_type INT, roaming INT, subscriber_id TEXT NOT NULL, data_limit BIGINT, diff --git a/include/stc-manager.h b/include/stc-manager.h index e084037..f3cee74 100755 --- a/include/stc-manager.h +++ b/include/stc-manager.h @@ -131,19 +131,19 @@ typedef enum { * @brief Network restriction states */ typedef enum { - STC_RESTRICTION_UNKNOWN, - STC_RESTRICTION_ACTIVATED, /**< restriction has been activated */ - STC_RESTRICTION_DEACTIVATED, /**< restriction has been deactivated */ - STC_RESTRICTION_LAST_ELEM -} stc_restriction_state_e; + STC_RSTN_STATE_UNKNOWN, + STC_RSTN_STATE_ACTIVATED, + STC_RSTN_STATE_DEACTIVATED, + STC_RSTN_STATE_LAST_ELEM +} stc_rstn_state_e; /** * @brief Network restriction types */ typedef enum { STC_RSTN_TYPE_UNKNOWN, - STC_RSTN_TYPE_EXCLUDED, /**< exclusion */ - STC_RSTN_TYPE_BLOCKED, /**< block */ + STC_RSTN_TYPE_ACCEPT, + STC_RSTN_TYPE_DROP, STC_RSTN_TYPE_LAST_ELEM } stc_rstn_type_e; diff --git a/include/stc-restriction.h b/include/stc-restriction.h index e804e0f..9fcc7e3 100755 --- a/include/stc-restriction.h +++ b/include/stc-restriction.h @@ -52,6 +52,11 @@ gboolean handle_restriction_exclude(StcRestriction *object, GVariant *parameters, void *user_data); +gboolean handle_restriction_unset(StcRestriction *object, + GDBusMethodInvocation *invocation, + GVariant *parameters, + void *user_data); + gboolean handle_restriction_get(StcRestriction *object, GDBusMethodInvocation *invocation, const gchar *app_id, @@ -61,15 +66,10 @@ gboolean handle_restriction_get_all(StcRestriction *object, GDBusMethodInvocation *invocation, void *user_data); -gboolean handle_restriction_get_state(StcRestriction *object, +gboolean handle_restriction_get_type(StcRestriction *object, GDBusMethodInvocation *invocation, const gchar *app_id, int iftype, void *user_data); -gboolean handle_restriction_unset(StcRestriction *object, - GDBusMethodInvocation *invocation, - GVariant *parameters, - void *user_data); - #endif /* __STC_RESTRICTION_H__ */ diff --git a/interfaces/stcmanager-iface-firewall.xml b/interfaces/stcmanager-iface-firewall.xml index d5817cf..d74a7a4 100644 --- a/interfaces/stcmanager-iface-firewall.xml +++ b/interfaces/stcmanager-iface-firewall.xml @@ -6,6 +6,7 @@ + diff --git a/interfaces/stcmanager-iface-restriction.xml b/interfaces/stcmanager-iface-restriction.xml index 93b81af..3ecc542 100644 --- a/interfaces/stcmanager-iface-restriction.xml +++ b/interfaces/stcmanager-iface-restriction.xml @@ -21,11 +21,11 @@ - + - + diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index 3242bd4..afafa95 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.57 +Version: 0.0.58 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/plugin/appstatus/stc-plugin-appstatus.c b/plugin/appstatus/stc-plugin-appstatus.c index fb85dea..d9764b4 100755 --- a/plugin/appstatus/stc-plugin-appstatus.c +++ b/plugin/appstatus/stc-plugin-appstatus.c @@ -124,7 +124,6 @@ signal_map_s signal_map[] = { } }; - static stc_error_e __ground_status_monitor_init(stc_s *stc) { guint i = 0; diff --git a/src/database/include/table-restrictions.h b/src/database/include/table-restrictions.h index e006bdc..77793d1 100755 --- a/src/database/include/table-restrictions.h +++ b/src/database/include/table-restrictions.h @@ -22,7 +22,7 @@ typedef struct { char *ifname; char *subscriber_id; stc_iface_type_e iftype; - stc_rstn_type_e rst_type; + stc_rstn_type_e rstn_type; stc_roaming_type_e roaming; int64_t data_limit; int64_t data_warn_limit; @@ -41,14 +41,14 @@ stc_error_e table_restrictions_per_app(const gchar *app_id, void *user_data); -stc_error_e table_restrictions_get_restriction_state_subscriber_id(const char *app_id, +stc_error_e table_restrictions_get_restriction_type_subscriber_id(const char *app_id, stc_iface_type_e iftype, const char *subscriber_id, - stc_restriction_state_e *state); + stc_rstn_type_e *type); -stc_error_e table_restrictions_get_restriction_state(const char *app_id, +stc_error_e table_restrictions_get_restriction_type(const char *app_id, stc_iface_type_e iftype, - stc_restriction_state_e *state); + stc_rstn_type_e *type); stc_error_e table_restrictions_update(table_restrictions_info *info); diff --git a/src/database/tables/table-restrictions.c b/src/database/tables/table-restrictions.c index 8452926..5c7e4ee 100755 --- a/src/database/tables/table-restrictions.c +++ b/src/database/tables/table-restrictions.c @@ -30,20 +30,20 @@ /* SELECT statements */ #define SELECT_RESTRICTIONS "SELECT binpath, data_limit, " \ - " iftype, rst_type, roaming, ifname, subscriber_id, " \ + " iftype, rstn_type, roaming, ifname, subscriber_id, " \ " data_warn_limit, restriction_id FROM restrictions" #define SELECT_RESTRICTIONS_PER_APP "SELECT binpath, data_limit, " \ - " iftype, rst_type, roaming, ifname, subscriber_id, " \ + " iftype, rstn_type, roaming, ifname, subscriber_id, " \ " data_warn_limit, restriction_id " \ " FROM restrictions INDEXED BY restrictions_index " \ " WHERE binpath = ?" -#define SELECT_RESTRICTION_STATE "SELECT rst_type " \ +#define SELECT_RESTRICTION_TYPE "SELECT rstn_type " \ " FROM restrictions INDEXED BY restrictions_index " \ " WHERE binpath = ? AND iftype = ?" -#define SELECT_RESTRICTION_STATE_SUBSCRIBER_ID "SELECT rst_type " \ +#define SELECT_RESTRICTION_TYPE_SUBSCRIBER_ID "SELECT rstn_type " \ " FROM restrictions INDEXED BY restrictions_index " \ " WHERE binpath = ? AND iftype = ? AND subscriber_id = ?" @@ -53,13 +53,13 @@ /* UPDATE statement */ #define UPDATE_NET_RESTRICTIONS "UPDATE restrictions " \ - " SET binpath = ?, data_limit = ?, iftype = ?, rst_type = ?, " \ + " SET binpath = ?, data_limit = ?, iftype = ?, rstn_type = ?, " \ " roaming = ?, ifname = ?, subscriber_id = ?, data_warn_limit = ? " \ " WHERE restriction_id = ?" /* INSERT statement */ #define INSERT_NET_RESTRICTIONS "INSERT INTO restrictions " \ - " (binpath, data_limit, iftype, rst_type, " \ + " (binpath, data_limit, iftype, rstn_type, " \ " roaming, ifname, subscriber_id, data_warn_limit) " \ " VALUES (?, ?, ?, ?, ?, ?, ?, ?)" @@ -128,8 +128,8 @@ static sqlite3_stmt *delete_restrictions; /* SELECT statements */ static sqlite3_stmt *select_restriction; static sqlite3_stmt *select_restriction_per_app; -static sqlite3_stmt *select_restriction_state; -static sqlite3_stmt *select_restriction_state_subscriber_id; +static sqlite3_stmt *select_restriction_type; +static sqlite3_stmt *select_restriction_type_subscriber_id; static sqlite3_stmt *select_restriction_id; /* REPLACE statements */ @@ -178,8 +178,8 @@ static int __prepare_select(sqlite3 *db) PREPARE_SELECT(select_restriction, SELECT_RESTRICTIONS); PREPARE_SELECT(select_restriction_per_app, SELECT_RESTRICTIONS_PER_APP); - PREPARE_SELECT(select_restriction_state, SELECT_RESTRICTION_STATE); - PREPARE_SELECT(select_restriction_state_subscriber_id, SELECT_RESTRICTION_STATE_SUBSCRIBER_ID); + PREPARE_SELECT(select_restriction_type, SELECT_RESTRICTION_TYPE); + PREPARE_SELECT(select_restriction_type_subscriber_id, SELECT_RESTRICTION_TYPE_SUBSCRIBER_ID); PREPARE_SELECT(select_restriction_id, SELECT_RESTRICTION_ID); initialized = 1; @@ -193,8 +193,8 @@ static void __finalize_select(void) FINALIZE(select_restriction); FINALIZE(select_restriction_per_app); - FINALIZE(select_restriction_state); - FINALIZE(select_restriction_state_subscriber_id); + FINALIZE(select_restriction_type); + FINALIZE(select_restriction_type_subscriber_id); FINALIZE(select_restriction_id); __STC_LOG_FUNC_EXIT__; @@ -285,7 +285,7 @@ stc_error_e table_restrictions_per_app(const gchar* app_id, data.app_id = (char *)sqlite3_column_text(stmt, 0); data.data_limit = sqlite3_column_int64(stmt, 1); data.iftype = (stc_iface_type_e)sqlite3_column_int(stmt, 2); - data.rst_type = + data.rstn_type = (stc_rstn_type_e)sqlite3_column_int(stmt, 3); data.roaming = sqlite3_column_int(stmt, 4); data.ifname = (char *)sqlite3_column_text(stmt, 5); @@ -333,7 +333,7 @@ stc_error_e table_restrictions_foreach(const table_restrictions_info_cb restrict data.app_id = (char *)sqlite3_column_text(stmt, 0); data.data_limit = sqlite3_column_int64(stmt, 1); data.iftype = (stc_iface_type_e)sqlite3_column_int(stmt, 2); - data.rst_type = + data.rstn_type = (stc_rstn_type_e)sqlite3_column_int(stmt, 3); data.roaming = sqlite3_column_int(stmt, 4); data.ifname = (char *)sqlite3_column_text(stmt, 5); @@ -359,44 +359,44 @@ stc_error_e table_restrictions_foreach(const table_restrictions_info_cb restrict return error_code; } -stc_error_e table_restrictions_get_restriction_state_subscriber_id(const char *app_id, +stc_error_e table_restrictions_get_restriction_type_subscriber_id(const char *app_id, stc_iface_type_e iftype, const char *subscriber_id, - stc_restriction_state_e *state) + stc_rstn_type_e *type) { __STC_LOG_FUNC_ENTER__; int error_code = STC_ERROR_NONE; int ret; bool state_subscriber_id = 0; - if (state == NULL) { + if (type == NULL) { STC_LOGE("Please provide valid argument!"); //LCOV_EXCL_LINE __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE return STC_ERROR_INVALID_PARAMETER; //LCOV_EXCL_LINE } - *state = STC_RESTRICTION_UNKNOWN; - sqlite3_reset(select_restriction_state_subscriber_id); - sqlite3_reset(select_restriction_state); + *type = STC_RSTN_TYPE_UNKNOWN; + sqlite3_reset(select_restriction_type_subscriber_id); + sqlite3_reset(select_restriction_type); if (subscriber_id == NULL) { state_subscriber_id = 0; - DB_ACTION(sqlite3_bind_text(select_restriction_state, 1, + DB_ACTION(sqlite3_bind_text(select_restriction_type, 1, app_id ? app_id : "", -1, SQLITE_STATIC)); - DB_ACTION(sqlite3_bind_int(select_restriction_state, 2, + DB_ACTION(sqlite3_bind_int(select_restriction_type, 2, iftype)); - ret = sqlite3_step(select_restriction_state); + ret = sqlite3_step(select_restriction_type); } else { state_subscriber_id = 1; - DB_ACTION(sqlite3_bind_text(select_restriction_state_subscriber_id, 1, + DB_ACTION(sqlite3_bind_text(select_restriction_type_subscriber_id, 1, app_id ? app_id : "", -1, SQLITE_STATIC)); - DB_ACTION(sqlite3_bind_int(select_restriction_state_subscriber_id, 2, + DB_ACTION(sqlite3_bind_int(select_restriction_type_subscriber_id, 2, iftype)); - DB_ACTION(sqlite3_bind_text(select_restriction_state_subscriber_id, 3, + DB_ACTION(sqlite3_bind_text(select_restriction_type_subscriber_id, 3, subscriber_id, -1, SQLITE_STATIC)); - ret = sqlite3_step(select_restriction_state_subscriber_id); + ret = sqlite3_step(select_restriction_type_subscriber_id); } switch (ret) { @@ -404,32 +404,32 @@ stc_error_e table_restrictions_get_restriction_state_subscriber_id(const char *a break; case SQLITE_ROW: if (state_subscriber_id) - *state = (stc_restriction_state_e)sqlite3_column_int(select_restriction_state_subscriber_id, 0); + *type = (stc_rstn_type_e)sqlite3_column_int(select_restriction_type_subscriber_id, 0); else - *state = (stc_restriction_state_e)sqlite3_column_int(select_restriction_state, 0); + *type = (stc_rstn_type_e)sqlite3_column_int(select_restriction_type, 0); break; case SQLITE_ERROR: default: STC_LOGE("Can't perform sql query: %s \n%s", //LCOV_EXCL_LINE - SELECT_RESTRICTION_STATE, + SELECT_RESTRICTION_TYPE, sqlite3_errmsg(stc_db_get_database())); error_code = STC_ERROR_DB_FAILED; //LCOV_EXCL_LINE } handle_error: - sqlite3_reset(select_restriction_state); - sqlite3_reset(select_restriction_state_subscriber_id); + sqlite3_reset(select_restriction_type); + sqlite3_reset(select_restriction_type_subscriber_id); return error_code; } -stc_error_e table_restrictions_get_restriction_state(const char *app_id, +stc_error_e table_restrictions_get_restriction_type(const char *app_id, stc_iface_type_e iftype, - stc_restriction_state_e *state) + stc_rstn_type_e *type) { __STC_LOG_FUNC_ENTER__; __STC_LOG_FUNC_EXIT__; - return table_restrictions_get_restriction_state_subscriber_id(app_id, iftype, - NULL, state); + return table_restrictions_get_restriction_type_subscriber_id(app_id, iftype, + NULL, type); } stc_error_e table_restrictions_delete(const char *app_id, @@ -518,7 +518,7 @@ stc_error_e table_restrictions_update(table_restrictions_info *info) -1, SQLITE_TRANSIENT)); DB_ACTION(sqlite3_bind_int64(stmt, 2, info->data_limit)); DB_ACTION(sqlite3_bind_int(stmt, 3, info->iftype)); - DB_ACTION(sqlite3_bind_int(stmt, 4, info->rst_type)); + DB_ACTION(sqlite3_bind_int(stmt, 4, info->rstn_type)); DB_ACTION(sqlite3_bind_int(stmt, 5, info->roaming)); DB_ACTION(sqlite3_bind_text(stmt, 6, info->ifname ? info->ifname : "", -1, SQLITE_TRANSIENT)); diff --git a/src/helper/helper-nfacct-rule.h b/src/helper/helper-nfacct-rule.h index c305246..9d80afb 100755 --- a/src/helper/helper-nfacct-rule.h +++ b/src/helper/helper-nfacct-rule.h @@ -80,7 +80,7 @@ enum nfnl_acct_flags { * * and inherited nfacct_rule_counter and nfacct_rule_restriction * with additional field: - * quota, quota_id, roaming, rst_state + * quota, quota_id, roaming, rstn_state * * But ANSI C doesn't support inheritance. */ @@ -95,7 +95,7 @@ struct nfacct_rule { nfacct_rule_direction iotype; nfacct_rule_intend intend; nfacct_rule_jump jump; /* in most cases jump is evalutation based on intend, but not always */ - stc_restriction_state_e rst_state; + stc_rstn_state_e rstn_state; nfacct_rule_iptype iptype; struct counter_arg *carg; diff --git a/src/monitor/include/stc-monitor.h b/src/monitor/include/stc-monitor.h index 3437637..a102ea3 100755 --- a/src/monitor/include/stc-monitor.h +++ b/src/monitor/include/stc-monitor.h @@ -78,8 +78,8 @@ typedef struct { typedef struct { uint64_t restriction_id; uint32_t classid; - stc_restriction_state_e rst_state; - stc_rstn_type_e rst_type; + stc_rstn_state_e rstn_state; + stc_rstn_type_e rstn_type; int64_t data_limit; int64_t data_warn_limit; int64_t data_counter; diff --git a/src/monitor/stc-monitor.c b/src/monitor/stc-monitor.c index 83d64d0..b73a889 100755 --- a/src/monitor/stc-monitor.c +++ b/src/monitor/stc-monitor.c @@ -462,14 +462,14 @@ static void __print_rstn(stc_rstn_key_s *rstn_key, stc_rstn_value_s *rstn_value) { STC_LOGI("rstn info => rstn_id [%llu], " "app_id [%s], classid [%lu], ifname [%s], " - "iftype [%d], rst_state [%d], rst_type [%d], " + "iftype [%d], rstn_state [%d], rstn_type [%d], " "limit [ (%lld) bytes], " "warn_limit [ (%lld) bytes], " "counter [ (%lld) bytes], " "roaming [%d], subscriber_id [%s]", rstn_value->restriction_id, rstn_key->app_id, rstn_value->classid , rstn_key->ifname, - rstn_key->iftype, rstn_value->rst_state, rstn_value->rst_type, + rstn_key->iftype, rstn_value->rstn_state, rstn_value->rstn_type, rstn_value->data_limit, rstn_value->data_warn_limit, rstn_value->data_counter, @@ -550,7 +550,7 @@ static void __del_iptables_rule(int64_t classid, nfacct_rule_intend intend, __del_ip6tables_out(&counter); } -static void __process_restriction(enum traffic_restriction_type rst_type, +static void __process_restriction(enum traffic_restriction_type rstn_type, stc_rstn_key_s *rstn_key, stc_rstn_value_s *rstn_value, void *data) { @@ -579,7 +579,7 @@ static void __process_restriction(enum traffic_restriction_type rst_type, effective_data_limit = rstn_value->data_limit; effective_data_warn_limit = rstn_value->data_warn_limit; - if (rst_type == RST_SET) { + if (rstn_type == RST_SET) { /* TODO: Change this to runtime memory */ table_counters_info info; @@ -605,27 +605,27 @@ static void __process_restriction(enum traffic_restriction_type rst_type, rstn_value->restriction_id, effective_data_limit, effective_data_warn_limit); - switch (rst_type) { + switch (rstn_type) { case RST_SET: if (effective_data_limit <= 0) __add_iptables_rule(rstn_value->classid, NFACCT_BLOCK, rstn_key->iftype); - rstn_value->rst_state = STC_RESTRICTION_ACTIVATED; + rstn_value->rstn_state = STC_RSTN_STATE_ACTIVATED; rstn_value->data_limit_reached = FALSE; break; case RST_EXCLUDE: __add_iptables_rule(rstn_value->classid, NFACCT_ALLOW, rstn_key->iftype); - rstn_value->rst_state = STC_RESTRICTION_ACTIVATED; + rstn_value->rstn_state = STC_RSTN_STATE_ACTIVATED; rstn_value->data_limit_reached = TRUE; break; case RST_UNSET: - __del_iptables_rule(rstn_value->classid, rstn_value->rst_type, + __del_iptables_rule(rstn_value->classid, rstn_value->rstn_type, rstn_key->iftype); - rstn_value->rst_state = STC_RESTRICTION_DEACTIVATED; + rstn_value->rstn_state = STC_RSTN_STATE_DEACTIVATED; rstn_value->data_limit_reached = FALSE; break; default: @@ -651,7 +651,7 @@ static gboolean __remove_rstns_foreach_application(gpointer key, goto out; /* rstn rule is already removed */ - if (rstn_value->rst_state == STC_RESTRICTION_DEACTIVATED) + if (rstn_value->rstn_state == STC_RSTN_STATE_DEACTIVATED) goto out; /* remove restriction from system */ @@ -1275,10 +1275,10 @@ static gboolean __add_restriction_debug(gpointer key, gpointer value, stc_rstn_value_s *rstn_value = (stc_rstn_value_s *)value; /* rstn rule is activated */ - if (rstn_value->rst_state == STC_RESTRICTION_ACTIVATED) + if (rstn_value->rstn_state == STC_RSTN_STATE_ACTIVATED) return FALSE; - if (rstn_value->rst_type == STC_RSTN_TYPE_EXCLUDED) + if (rstn_value->rstn_type == STC_RSTN_TYPE_ACCEPT) __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, data); else __process_restriction(RST_SET, rstn_key, rstn_value, data); @@ -1295,10 +1295,10 @@ static gboolean __add_restriction(gpointer key, gpointer value, gpointer data) stc_rstn_value_s *rstn_value = (stc_rstn_value_s *)value; /* rstn rule is activated */ - if (rstn_value->rst_state == STC_RESTRICTION_ACTIVATED) + if (rstn_value->rstn_state == STC_RSTN_STATE_ACTIVATED) return FALSE; - if (rstn_value->rst_type == STC_RSTN_TYPE_EXCLUDED) + if (rstn_value->rstn_type == STC_RSTN_TYPE_ACCEPT) __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, data); else __process_restriction(RST_SET, rstn_key, rstn_value, data); @@ -1366,8 +1366,8 @@ static stc_error_e __rstn_tree_add(stc_rstn_key_s *key, g_tree_insert(g_system->rstns, rstn_key, rstn_value); rstn_value->restriction_id = value->restriction_id; - rstn_value->rst_state = value->rst_state; - rstn_value->rst_type = value->rst_type; + rstn_value->rstn_state = value->rstn_state; + rstn_value->rstn_type = value->rstn_type; rstn_value->classid = value->classid; rstn_value->data_limit = value->data_limit; rstn_value->data_warn_limit = value->data_warn_limit; @@ -1401,8 +1401,8 @@ static stc_cb_ret_e __insert_restriction_cb(const table_restrictions_info *info, key.iftype = info->iftype; key.roaming = info->roaming; - value.rst_type = info->rst_type; - value.rst_state = STC_RESTRICTION_UNKNOWN; + value.rstn_type = info->rstn_type; + value.rstn_state = STC_RSTN_STATE_UNKNOWN; value.restriction_id = info->restriction_id; if (info->app_id) @@ -1447,11 +1447,11 @@ static gboolean __add_rstn_foreach_application(gpointer key, goto out; /* rstn rule is already applied */ - if (rstn_value->rst_state == STC_RESTRICTION_ACTIVATED) + if (rstn_value->rstn_state == STC_RSTN_STATE_ACTIVATED) goto out; /* add restriction to system */ - if (rstn_value->rst_type == STC_RSTN_TYPE_EXCLUDED) + if (rstn_value->rstn_type == STC_RSTN_TYPE_ACCEPT) __process_restriction(RST_EXCLUDE, rstn_key, rstn_value, NULL); else __process_restriction(RST_SET, rstn_key, rstn_value, NULL); @@ -1891,8 +1891,8 @@ stc_error_e stc_monitor_rstns_tree_add(const table_restrictions_info *info) key.iftype = info->iftype; key.roaming = info->roaming; - value.rst_type = info->rst_type; - value.rst_state = STC_RESTRICTION_UNKNOWN; + value.rstn_type = info->rstn_type; + value.rstn_state = STC_RSTN_STATE_UNKNOWN; value.restriction_id = info->restriction_id; if (info->app_id) diff --git a/src/stc-manager-gdbus.c b/src/stc-manager-gdbus.c index 2abe2c1..3170c42 100755 --- a/src/stc-manager-gdbus.c +++ b/src/stc-manager-gdbus.c @@ -134,8 +134,8 @@ static gboolean __stc_manager_gdbus_restriction_init(stc_s *stc) g_signal_connect(restriction, "handle-get-all", G_CALLBACK(handle_restriction_get_all), stc); - g_signal_connect(restriction, "handle-get-state", - G_CALLBACK(handle_restriction_get_state), + g_signal_connect(restriction, "handle-get-type", + G_CALLBACK(handle_restriction_get_type), stc); g_signal_connect(restriction, "handle-unset", diff --git a/src/stc-restriction.c b/src/stc-restriction.c index e39575a..05d7544 100755 --- a/src/stc-restriction.c +++ b/src/stc-restriction.c @@ -45,7 +45,7 @@ void __initialize_rstn_rule(table_restrictions_info *rule) rule->app_id = NULL; rule->ifname = NULL; rule->iftype = STC_IFACE_ALL; - rule->rst_type = STC_RSTN_TYPE_UNKNOWN; + rule->rstn_type = STC_RSTN_TYPE_UNKNOWN; rule->data_limit = 0; rule->data_warn_limit = 0; rule->roaming = STC_ROAMING_DISABLE; @@ -53,7 +53,7 @@ void __initialize_rstn_rule(table_restrictions_info *rule) } gboolean __validate_rstn_rule(table_restrictions_info *rule, - enum traffic_restriction_type rst_type) + enum traffic_restriction_type rstn_type) { __STC_LOG_FUNC_ENTER__; @@ -62,7 +62,7 @@ gboolean __validate_rstn_rule(table_restrictions_info *rule, return FALSE; //LCOV_EXCL_LINE } - if (rst_type <= RST_UNDEFINDED || rst_type >= RST_MAX_VALUE) { + if (rstn_type <= RST_UNDEFINDED || rstn_type >= RST_MAX_VALUE) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE return FALSE; //LCOV_EXCL_LINE } @@ -111,8 +111,8 @@ void __stc_restriction_app_info_builder_add(GVariantBuilder *builder, g_variant_builder_add(builder, "{sv}", "iftype", g_variant_new_uint16(info->iftype)); - g_variant_builder_add(builder, "{sv}", "rst_type", - g_variant_new_uint16(info->rst_type)); + g_variant_builder_add(builder, "{sv}", "rstn_type", + g_variant_new_uint16(info->rstn_type)); g_variant_builder_add(builder, "{sv}", "data_limit", g_variant_new_int64(info->data_limit)); @@ -241,7 +241,7 @@ gboolean handle_restriction_set(StcRestriction *object, g_variant_iter_free(iter); } - rule.rst_type = STC_RSTN_TYPE_BLOCKED; + rule.rstn_type = STC_RSTN_TYPE_DROP; if (__validate_rstn_rule(&rule, RST_SET) == FALSE) { STC_RESTRICTION_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE @@ -279,7 +279,7 @@ gboolean handle_restriction_exclude(StcRestriction *object, g_variant_iter_free(iter); } - rule.rst_type = STC_RSTN_TYPE_EXCLUDED; + rule.rstn_type = STC_RSTN_TYPE_ACCEPT; if (__validate_rstn_rule(&rule, RST_EXCLUDE) == FALSE) { STC_RESTRICTION_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE @@ -393,7 +393,7 @@ gboolean handle_restriction_get_all(StcRestriction *object, return TRUE; } -gboolean handle_restriction_get_state(StcRestriction *object, +gboolean handle_restriction_get_type(StcRestriction *object, GDBusMethodInvocation *invocation, const gchar *app_id, int iftype, @@ -401,17 +401,17 @@ gboolean handle_restriction_get_state(StcRestriction *object, { __STC_LOG_FUNC_ENTER__; GVariant *return_parameters = NULL; - stc_restriction_state_e state = STC_RESTRICTION_UNKNOWN; + stc_rstn_type_e type = STC_RSTN_TYPE_UNKNOWN; stc_error_e ret; - ret = table_restrictions_get_restriction_state(app_id, iftype, &state); + ret = table_restrictions_get_restriction_type(app_id, iftype, &type); if (ret < STC_ERROR_NONE) { STC_RESTRICTION_DBUS_REPLY_ERROR(invocation, ret); //LCOV_EXCL_LINE __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE return TRUE; } - return_parameters = g_variant_new("(ii)", STC_ERROR_NONE, state); + return_parameters = g_variant_new("(ii)", STC_ERROR_NONE, type); STC_DBUS_REPLY(invocation, return_parameters); __STC_LOG_FUNC_EXIT__; return TRUE; -- 2.7.4 From 1793fa4cbbdb014706bdbdc58e84c400c5f52a2b Mon Sep 17 00:00:00 2001 From: hyunuktak Date: Wed, 2 May 2018 17:05:10 +0900 Subject: [PATCH 16/16] Removed exclude restriction method Change-Id: Id61aa10111a725ce19197896a982496c4ad0f75e --- include/stc-restriction.h | 5 --- interfaces/stcmanager-iface-restriction.xml | 5 --- packaging/stc-manager.spec | 2 +- src/stc-manager-gdbus.c | 3 -- src/stc-restriction.c | 56 ++++------------------------- 5 files changed, 8 insertions(+), 63 deletions(-) diff --git a/include/stc-restriction.h b/include/stc-restriction.h index 9fcc7e3..9f5560a 100755 --- a/include/stc-restriction.h +++ b/include/stc-restriction.h @@ -47,11 +47,6 @@ gboolean handle_restriction_set(StcRestriction *object, GVariant *parameters, void *user_data); -gboolean handle_restriction_exclude(StcRestriction *object, - GDBusMethodInvocation *invocation, - GVariant *parameters, - void *user_data); - gboolean handle_restriction_unset(StcRestriction *object, GDBusMethodInvocation *invocation, GVariant *parameters, diff --git a/interfaces/stcmanager-iface-restriction.xml b/interfaces/stcmanager-iface-restriction.xml index 3ecc542..1fbfc3f 100644 --- a/interfaces/stcmanager-iface-restriction.xml +++ b/interfaces/stcmanager-iface-restriction.xml @@ -5,11 +5,6 @@ - - - - - diff --git a/packaging/stc-manager.spec b/packaging/stc-manager.spec index afafa95..65d6175 100644 --- a/packaging/stc-manager.spec +++ b/packaging/stc-manager.spec @@ -1,6 +1,6 @@ Name: stc-manager Summary: STC(Smart Traffic Control) manager -Version: 0.0.58 +Version: 0.0.59 Release: 0 Group: Network & Connectivity/Other License: Apache-2.0 diff --git a/src/stc-manager-gdbus.c b/src/stc-manager-gdbus.c index 3170c42..a31deb0 100755 --- a/src/stc-manager-gdbus.c +++ b/src/stc-manager-gdbus.c @@ -125,9 +125,6 @@ static gboolean __stc_manager_gdbus_restriction_init(stc_s *stc) g_signal_connect(restriction, "handle-set", G_CALLBACK(handle_restriction_set), stc); - g_signal_connect(restriction, "handle-exclude", - G_CALLBACK(handle_restriction_exclude), stc); - g_signal_connect(restriction, "handle-get", G_CALLBACK(handle_restriction_get), stc); diff --git a/src/stc-restriction.c b/src/stc-restriction.c index 05d7544..242cdcb 100755 --- a/src/stc-restriction.c +++ b/src/stc-restriction.c @@ -52,8 +52,7 @@ void __initialize_rstn_rule(table_restrictions_info *rule) rule->subscriber_id = NULL; } -gboolean __validate_rstn_rule(table_restrictions_info *rule, - enum traffic_restriction_type rstn_type) +gboolean __validate_rstn_rule(table_restrictions_info *rule) { __STC_LOG_FUNC_ENTER__; @@ -62,11 +61,6 @@ gboolean __validate_rstn_rule(table_restrictions_info *rule, return FALSE; //LCOV_EXCL_LINE } - if (rstn_type <= RST_UNDEFINDED || rstn_type >= RST_MAX_VALUE) { - __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE - return FALSE; //LCOV_EXCL_LINE - } - if (rule->iftype <= STC_IFACE_UNKNOWN || rule->iftype >= STC_IFACE_LAST_ELEM) { __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE @@ -214,6 +208,10 @@ static void __stc_extract_restriction_rule(const char *key, GVariant *value, rule->subscriber_id = g_strdup(str); STC_LOGD("subscriber_id: [%s]", rule->subscriber_id); + } else if (!g_strcmp0(key, "type")) { + rule->rstn_type = g_variant_get_uint16(value); + STC_LOGD("type: [%u]", (unsigned int) rule->rstn_type); + } else { STC_LOGD("Unknown select rule"); //LCOV_EXCL_LINE } @@ -241,47 +239,7 @@ gboolean handle_restriction_set(StcRestriction *object, g_variant_iter_free(iter); } - rule.rstn_type = STC_RSTN_TYPE_DROP; - - if (__validate_rstn_rule(&rule, RST_SET) == FALSE) { - STC_RESTRICTION_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE - STC_ERROR_INVALID_PARAMETER); - __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE - return TRUE; - } - - table_restrictions_update(&rule); - /* update restriction rule in runtime structure */ - stc_monitor_rstns_tree_add(&rule); - - STC_DBUS_REPLY_ERROR_NONE(invocation); - __STC_LOG_FUNC_EXIT__; - return TRUE; -} - -gboolean handle_restriction_exclude(StcRestriction *object, - GDBusMethodInvocation *invocation, - GVariant *parameters, - void *user_data) -{ - __STC_LOG_FUNC_ENTER__; - GVariantIter *iter = NULL; - table_restrictions_info rule; - - memset(&rule, 0, sizeof(table_restrictions_info)); - __initialize_rstn_rule(&rule); - - g_variant_get(parameters, "a{sv}", &iter); - if (iter != NULL) { - stc_manager_gdbus_dict_foreach(iter, - __stc_extract_restriction_rule, - &rule); - g_variant_iter_free(iter); - } - - rule.rstn_type = STC_RSTN_TYPE_ACCEPT; - - if (__validate_rstn_rule(&rule, RST_EXCLUDE) == FALSE) { + if (__validate_rstn_rule(&rule) == FALSE) { STC_RESTRICTION_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE STC_ERROR_INVALID_PARAMETER); __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE @@ -317,7 +275,7 @@ gboolean handle_restriction_unset(StcRestriction *object, g_variant_iter_free(iter); } - if (__validate_rstn_rule(&rule, RST_UNSET) == FALSE) { + if (__validate_rstn_rule(&rule) == FALSE) { STC_RESTRICTION_DBUS_REPLY_ERROR(invocation, //LCOV_EXCL_LINE STC_ERROR_INVALID_PARAMETER); __STC_LOG_FUNC_EXIT__; //LCOV_EXCL_LINE -- 2.7.4