10529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// Copyright 2014 The Chromium Authors. All rights reserved.
20529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// Use of this source code is governed by a BSD-style license that can be
30529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// found in the LICENSE file.
40529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
50529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#ifndef CHROME_INSTALLER_UTIL_LEGACY_FIREWALL_MANAGER_WIN_H_
60529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#define CHROME_INSTALLER_UTIL_LEGACY_FIREWALL_MANAGER_WIN_H_
70529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
80529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <windows.h>
90529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include <netfw.h>
100529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
110529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "base/files/file_path.h"
120529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "base/strings/string16.h"
130529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#include "base/win/scoped_comptr.h"
140529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
150529e5d033099cbfc42635f6f6183833b09dff6eBen Murdochnamespace installer {
160529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
170529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// Manages firewall rules using Windows Firewall API. The API is
180529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// available on Windows XP with SP2 and later. Applications should use
190529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// |AdvancedFirewallManager| instead of this class on Windows Vista and later.
200529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch// Most methods need elevation.
210529e5d033099cbfc42635f6f6183833b09dff6eBen Murdochclass LegacyFirewallManager {
220529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch public:
230529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  LegacyFirewallManager();
240529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  ~LegacyFirewallManager();
250529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
260529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  // Initializes object to manage application win name |app_name| and path
270529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  // |app_path|.
280529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  bool Init(const base::string16& app_name, const base::FilePath& app_path);
290529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
300529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  // Returns true if firewall is enabled.
310529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  bool IsFirewallEnabled();
320529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
330529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  // Returns true if function can read rule for the current app. Sets |value|
340529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  // true, if rule allows incoming connections, or false otherwise.
350529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  bool GetAllowIncomingConnection(bool* value);
360529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
370529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  // Allows or blocks all incoming connection for current app. Needs elevation.
380529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  bool SetAllowIncomingConnection(bool allow);
390529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
400529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  // Deletes rule for current app. Needs elevation.
410529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  void DeleteRule();
420529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
430529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch private:
440529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  // Returns the authorized applications collection for the local firewall
450529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  // policy's current profile or an empty pointer in case of error.
460529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  base::win::ScopedComPtr<INetFwAuthorizedApplications>
470529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch      GetAuthorizedApplications();
480529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
490529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  // Creates rule for the current application. If |allow| is true, incoming
500529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  // connections are allowed, blocked otherwise.
510529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  base::win::ScopedComPtr<INetFwAuthorizedApplication>
520529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch      CreateChromeAuthorization(bool allow);
530529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
540529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  base::string16 app_name_;
550529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  base::FilePath app_path_;
560529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  base::win::ScopedComPtr<INetFwProfile> current_profile_;
570529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
580529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch  DISALLOW_COPY_AND_ASSIGN(LegacyFirewallManager);
590529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch};
600529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
610529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch}  // namespace installer
620529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch
630529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch#endif  // CHROME_INSTALLER_UTIL_LEGACY_FIREWALL_MANAGER_WIN_H_
64