1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_INSTALLER_UTIL_ADVANCED_FIREWALL_MANAGER_WIN_H_
6#define CHROME_INSTALLER_UTIL_ADVANCED_FIREWALL_MANAGER_WIN_H_
7
8#include <windows.h>
9#include <netfw.h>
10#include <vector>
11
12#include "base/files/file_path.h"
13#include "base/strings/string16.h"
14#include "base/win/scoped_comptr.h"
15
16namespace installer {
17
18// Manages firewall rules using Advanced Security Windows API. The API is
19// available on Windows Vista and later. Most methods need elevation.
20class AdvancedFirewallManager {
21 public:
22  AdvancedFirewallManager();
23  ~AdvancedFirewallManager();
24
25  // Initializes object to manage application win name |app_name| and path
26  // |app_path|.
27  bool Init(const base::string16& app_name, const base::FilePath& app_path);
28
29  // Returns true if firewall is enabled.
30  bool IsFirewallEnabled();
31
32  // Returns true if there is any rule for the application.
33  bool HasAnyRule();
34
35  // Adds a firewall rule allowing inbound connections to the application on UDP
36  // port |port|. Replaces the rule if it already exists. Needs elevation.
37  bool AddUDPRule(const base::string16& rule_name,
38                  const base::string16& description,
39                  uint16_t port);
40
41  // Deletes all rules with specified name. Needs elevation.
42  void DeleteRuleByName(const base::string16& rule_name);
43
44  // Deletes all rules for current app. Needs elevation.
45  void DeleteAllRules();
46
47 private:
48  friend class AdvancedFirewallManagerTest;
49
50  // Creates a firewall rule allowing inbound connections to UDP port |port|.
51  base::win::ScopedComPtr<INetFwRule> CreateUDPRule(
52      const base::string16& rule_name,
53      const base::string16& description,
54      uint16_t port);
55
56  // Returns the list of rules applying to the application.
57  void GetAllRules(std::vector<base::win::ScopedComPtr<INetFwRule> >* rules);
58
59  // Deletes rules. Needs elevation.
60  void DeleteRule(base::win::ScopedComPtr<INetFwRule> rule);
61
62  base::string16 app_name_;
63  base::FilePath app_path_;
64  base::win::ScopedComPtr<INetFwPolicy2> firewall_policy_;
65  base::win::ScopedComPtr<INetFwRules> firewall_rules_;
66
67  DISALLOW_COPY_AND_ASSIGN(AdvancedFirewallManager);
68};
69
70}  // namespace installer
71
72#endif  // CHROME_INSTALLER_UTIL_ADVANCED_FIREWALL_MANAGER_WIN_H_
73