firewall_manager.h

// Copyright 2015 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef APMANAGER_FIREWALL_MANAGER_H_
#define APMANAGER_FIREWALL_MANAGER_H_

#include <string>

#include <base/macros.h>
#include <base/memory/scoped_ptr.h>

#include "permission_broker/dbus-proxies.h"

// Class for managing required firewall rules for apmanager.
namespace apmanager {

class FirewallManager final {
 public:
  FirewallManager();
  ~FirewallManager();

  void Start(const scoped_refptr<dbus::Bus>& bus);

 private:
  // Setup lifeline pipe to allow the remote firewall server
  // (permission_broker) to monitor this process, so it can remove the firewall
  // rules in case this process crashes.
  bool SetupLifelinePipe();

  void OnServiceAvailable(bool service_available);
  void OnServiceNameChanged(const std::string& old_owner,
                            const std::string& new_owner);

  // Add all required firewall rules for apmanager.
  void AddFirewallRules();
  void AddUdpPortRule(uint16_t port);

  // DBus proxy for shill manager.
  std::unique_ptr<org::chromium::PermissionBrokerProxy>
      permission_broker_proxy_;
  // File descriptors for the two end of the pipe use for communicating with
  // remote firewall server (permission_broker), where the remote firewall
  // server will use the read end of the pipe to detect when this process exits.
  int lifeline_read_fd_;
  int lifeline_write_fd_;

  DISALLOW_COPY_AND_ASSIGN(FirewallManager);
};

}  // namespace apmanager

#endif  // APMANAGER_FIREWALL_MANAGER_H_