Add firewalld implementation for FirewallProxyInterface

This implementation wiil be used on Android, where permission_broker
doesn't exist.

Bug: 23757625
TEST=Manually update apmanager.gyp to compile firewalld_dbus_proxy.cc

Change-Id: I7bf0ee2377bcb89730587ee4ab4c5d8b21badf53

2 files changed, 186 insertions, 0 deletions

diff --git a/firewalld_dbus_proxy.cc b/firewalld_dbus_proxy.cc
new file mode 100644
index 0000000..3207b1d
--- /dev/null
+++ b/firewalld_dbus_proxy.cc
@@ -0,0 +1,121 @@
+//
+// Copyright (C) 2015 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#include "apmanager/firewalld_dbus_proxy.h"
+
+#include <base/bind.h>
+#include <chromeos/errors/error.h>
+
+#include "apmanager/event_dispatcher.h"
+
+using std::string;
+
+namespace apmanager {
+
+FirewalldDBusProxy::FirewalldDBusProxy(
+    const scoped_refptr<dbus::Bus>& bus,
+    const base::Closure& service_appeared_callback,
+    const base::Closure& service_vanished_callback)
+    : proxy_(new org::chromium::FirewalldProxy(bus)),
+      dispatcher_(EventDispatcher::GetInstance()),
+      service_appeared_callback_(service_appeared_callback),
+      service_vanished_callback_(service_vanished_callback),
+      service_available_(false) {
+  // Monitor service owner changes. This callback lives for the lifetime of
+  // the ObjectProxy.
+  proxy_->GetObjectProxy()->SetNameOwnerChangedCallback(
+      base::Bind(&FirewalldDBusProxy::OnServiceOwnerChanged,
+                 weak_factory_.GetWeakPtr()));
+
+  // One time callback when service becomes available.
+  proxy_->GetObjectProxy()->WaitForServiceToBeAvailable(
+      base::Bind(&FirewalldDBusProxy::OnServiceAvailable,
+                 weak_factory_.GetWeakPtr()));
+}
+
+FirewalldDBusProxy::~FirewalldDBusProxy() {}
+
+bool FirewalldDBusProxy::RequestUdpPortAccess(const string& interface,
+                                                     uint16_t port) {
+  if (!service_available_) {
+    LOG(ERROR) << "firewalld service not available";
+    return false;
+  }
+
+  bool success = false;
+  chromeos::ErrorPtr error;
+  if (!proxy_->PunchUdpHole(port, interface, &success, &error)) {
+    LOG(ERROR) << "Failed to request UDP port access: "
+               << error->GetCode() << " " << error->GetMessage();
+    return false;
+  }
+  if (!success) {
+    LOG(ERROR) << "Access request for UDP port " << port
+               << " on interface " << interface << " is denied";
+    return false;
+  }
+  LOG(INFO) << "Access granted for UDP port " << port
+            << " on interface " << interface;
+  return true;
+}
+
+bool FirewalldDBusProxy::ReleaseUdpPortAccess(const string& interface,
+                                                     uint16_t port) {
+  if (!service_available_) {
+    LOG(ERROR) << "firewalld service not available";
+    return false;
+  }
+
+  chromeos::ErrorPtr error;
+  bool success;
+  if (!proxy_->PlugUdpHole(port, interface, &success, &error)) {
+    LOG(ERROR) << "Failed to release UDP port access: "
+               << error->GetCode() << " " << error->GetMessage();
+    return false;
+  }
+  if (!success) {
+    LOG(ERROR) << "Release request for UDP port " << port
+               << " on interface " << interface << " is denied";
+    return false;
+  }
+  LOG(INFO) << "Access released for UDP port " << port
+            << " on interface " << interface;
+  return true;
+}
+
+void FirewalldDBusProxy::OnServiceAvailable(bool available) {
+  LOG(INFO) << __func__ << ": " << available;
+  // The callback might invoke calls to the ObjectProxy, so defer the callback
+  // to event loop.
+  if (available && !service_appeared_callback_.is_null()) {
+    dispatcher_->PostTask(service_appeared_callback_);
+  } else if (!available && !service_vanished_callback_.is_null()) {
+    dispatcher_->PostTask(service_vanished_callback_);
+  }
+  service_available_ = available;
+}
+
+void FirewalldDBusProxy::OnServiceOwnerChanged(const string& old_owner,
+                                               const string& new_owner) {
+  LOG(INFO) << __func__ << " old: " << old_owner << " new: " << new_owner;
+  if (new_owner.empty()) {
+    OnServiceAvailable(false);
+  } else {
+    OnServiceAvailable(true);
+  }
+}
+
+}  // namespace apmanager
diff --git a/firewalld_dbus_proxy.h b/firewalld_dbus_proxy.h
new file mode 100644
index 0000000..9cb305b
--- /dev/null
+++ b/firewalld_dbus_proxy.h
@@ -0,0 +1,65 @@
+//
+// Copyright (C) 2015 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#ifndef APMANAGER_FIREWALLD_DBUS_PROXY_H_
+#define APMANAGER_FIREWALLD_DBUS_PROXY_H_
+
+#include <string>
+
+#include <base/macros.h>
+#include <base/memory/scoped_ptr.h>
+#include <firewalld/dbus-proxies.h>
+
+#include "apmanager/firewall_proxy_interface.h"
+
+namespace apmanager {
+
+class EventDispatcher;
+
+class FirewalldDBusProxy : public FirewallProxyInterface {
+ public:
+  FirewalldDBusProxy(const scoped_refptr<dbus::Bus>& bus,
+                            const base::Closure& service_appeared_callback,
+                            const base::Closure& service_vanished_callback);
+  ~FirewalldDBusProxy() override;
+
+  // Request/release access for an UDP port |port} on an interface |interface|.
+  bool RequestUdpPortAccess(const std::string& interface,
+                            uint16_t port) override;
+  bool ReleaseUdpPortAccess(const std::string& interface,
+                            uint16_t port) override;
+
+ private:
+  // Called when service appeared or vanished.
+  void OnServiceAvailable(bool service_available);
+
+  // Service name owner changed handler.
+  void OnServiceOwnerChanged(const std::string& old_owner,
+                            const std::string& new_owner);
+
+  std::unique_ptr<org::chromium::FirewalldProxy> proxy_;
+  EventDispatcher* dispatcher_;
+  base::Closure service_appeared_callback_;
+  base::Closure service_vanished_callback_;
+  bool service_available_;
+
+  base::WeakPtrFactory<FirewalldDBusProxy> weak_factory_{this};
+  DISALLOW_COPY_AND_ASSIGN(FirewalldDBusProxy);
+};
+
+}  // namespace apmanager
+
+#endif  // APMANAGER_FIREWALLD_DBUS_PROXY_H_