| Peter Qiu | 1810c01 | 2015-02-05 14:35:41 -0800 | [diff] [blame] | 1 | // Copyright 2015 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef APMANAGER_FIREWALL_MANAGER_H_ |
| 6 | #define APMANAGER_FIREWALL_MANAGER_H_ |
| 7 | |
| Peter Qiu | 943cf3a | 2015-02-24 10:59:17 -0800 | [diff] [blame^] | 8 | #include <set> |
| Peter Qiu | 1810c01 | 2015-02-05 14:35:41 -0800 | [diff] [blame] | 9 | #include <string> |
| 10 | |
| 11 | #include <base/macros.h> |
| 12 | #include <base/memory/scoped_ptr.h> |
| 13 | |
| 14 | #include "permission_broker/dbus-proxies.h" |
| 15 | |
| 16 | // Class for managing required firewall rules for apmanager. |
| 17 | namespace apmanager { |
| 18 | |
| 19 | class FirewallManager final { |
| 20 | public: |
| 21 | FirewallManager(); |
| 22 | ~FirewallManager(); |
| 23 | |
| Peter Qiu | 943cf3a | 2015-02-24 10:59:17 -0800 | [diff] [blame^] | 24 | void Init(const scoped_refptr<dbus::Bus>& bus); |
| 25 | |
| 26 | // Request/release DHCP port access for the specified interface. |
| 27 | void RequestDHCPPortAccess(const std::string& interface); |
| 28 | void ReleaseDHCPPortAccess(const std::string& interface); |
| Peter Qiu | 1810c01 | 2015-02-05 14:35:41 -0800 | [diff] [blame] | 29 | |
| 30 | private: |
| 31 | // Setup lifeline pipe to allow the remote firewall server |
| 32 | // (permission_broker) to monitor this process, so it can remove the firewall |
| 33 | // rules in case this process crashes. |
| 34 | bool SetupLifelinePipe(); |
| 35 | |
| 36 | void OnServiceAvailable(bool service_available); |
| 37 | void OnServiceNameChanged(const std::string& old_owner, |
| 38 | const std::string& new_owner); |
| 39 | |
| Peter Qiu | 943cf3a | 2015-02-24 10:59:17 -0800 | [diff] [blame^] | 40 | // This is called when a new instance of permission_broker is detected. Since |
| 41 | // the new instance doesn't have any knowledge of previously port access |
| 42 | // requests, re-issue those requests to permission_broker to get in sync. |
| 43 | void RequestAllPortsAccess(); |
| Peter Qiu | 1810c01 | 2015-02-05 14:35:41 -0800 | [diff] [blame] | 44 | |
| Peter Qiu | 943cf3a | 2015-02-24 10:59:17 -0800 | [diff] [blame^] | 45 | // Request/release UDP port access for the specified interface and port. |
| 46 | void RequestUdpPortAccess(const std::string& interface, uint16_t port); |
| 47 | void ReleaseUdpPortAccess(const std::string& interface, uint16_t port); |
| 48 | |
| 49 | // DBus proxy for permission_broker. |
| Peter Qiu | 1810c01 | 2015-02-05 14:35:41 -0800 | [diff] [blame] | 50 | std::unique_ptr<org::chromium::PermissionBrokerProxy> |
| 51 | permission_broker_proxy_; |
| 52 | // File descriptors for the two end of the pipe use for communicating with |
| 53 | // remote firewall server (permission_broker), where the remote firewall |
| 54 | // server will use the read end of the pipe to detect when this process exits. |
| 55 | int lifeline_read_fd_; |
| 56 | int lifeline_write_fd_; |
| 57 | |
| Peter Qiu | 943cf3a | 2015-02-24 10:59:17 -0800 | [diff] [blame^] | 58 | // List of interfaces with DHCP port access. |
| 59 | std::set<std::string> dhcp_access_interfaces_; |
| 60 | |
| Peter Qiu | 1810c01 | 2015-02-05 14:35:41 -0800 | [diff] [blame] | 61 | DISALLOW_COPY_AND_ASSIGN(FirewallManager); |
| 62 | }; |
| 63 | |
| 64 | } // namespace apmanager |
| 65 | |
| 66 | #endif // APMANAGER_FIREWALL_MANAGER_H_ |