Home | History | Annotate | Download | only in util 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_INSTALLER_UTIL_ADVANCED_FIREWALL_MANAGER_WIN_H_
      6 #define CHROME_INSTALLER_UTIL_ADVANCED_FIREWALL_MANAGER_WIN_H_
      7 
      8 #include <windows.h>
      9 #include <netfw.h>
     10 #include <vector>
     11 
     12 #include "base/files/file_path.h"
     13 #include "base/strings/string16.h"
     14 #include "base/win/scoped_comptr.h"
     15 
     16 namespace installer {
     17 
     18 // Manages firewall rules using Advanced Security Windows API. The API is
     19 // available on Windows Vista and later. Most methods need elevation.
     20 class AdvancedFirewallManager {
     21  public:
     22   AdvancedFirewallManager();
     23   ~AdvancedFirewallManager();
     24 
     25   // Initializes object to manage application win name |app_name| and path
     26   // |app_path|.
     27   bool Init(const base::string16& app_name, const base::FilePath& app_path);
     28 
     29   // Returns true if firewall is enabled.
     30   bool IsFirewallEnabled();
     31 
     32   // Returns true if there is any rule for the application.
     33   bool HasAnyRule();
     34 
     35   // Adds a firewall rule allowing inbound connections to the application on UDP
     36   // port |port|. Replaces the rule if it already exists. Needs elevation.
     37   bool AddUDPRule(const base::string16& rule_name,
     38                   const base::string16& description,
     39                   uint16_t port);
     40 
     41   // Deletes all rules with specified name. Needs elevation.
     42   void DeleteRuleByName(const base::string16& rule_name);
     43 
     44   // Deletes all rules for current app. Needs elevation.
     45   void DeleteAllRules();
     46 
     47  private:
     48   friend class AdvancedFirewallManagerTest;
     49 
     50   // Creates a firewall rule allowing inbound connections to UDP port |port|.
     51   base::win::ScopedComPtr<INetFwRule> CreateUDPRule(
     52       const base::string16& rule_name,
     53       const base::string16& description,
     54       uint16_t port);
     55 
     56   // Returns the list of rules applying to the application.
     57   void GetAllRules(std::vector<base::win::ScopedComPtr<INetFwRule> >* rules);
     58 
     59   // Deletes rules. Needs elevation.
     60   void DeleteRule(base::win::ScopedComPtr<INetFwRule> rule);
     61 
     62   base::string16 app_name_;
     63   base::FilePath app_path_;
     64   base::win::ScopedComPtr<INetFwPolicy2> firewall_policy_;
     65   base::win::ScopedComPtr<INetFwRules> firewall_rules_;
     66 
     67   DISALLOW_COPY_AND_ASSIGN(AdvancedFirewallManager);
     68 };
     69 
     70 }  // namespace installer
     71 
     72 #endif  // CHROME_INSTALLER_UTIL_ADVANCED_FIREWALL_MANAGER_WIN_H_
     73