common/AccessCondition.cpp

   1 /*
   2  * Copyright (c) 2012, 2013 Samsung Electronics Co., Ltd.
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  * http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #include <stdio.h>
  18
  19 #include "Debug.h"
  20 #include "SimpleTLV.h"
  21 #include "AccessControlList.h"
  22 #include "AccessCondition.h"
  23
  24 namespace smartcard_service_api
  25 {
  26         void AccessRule::addAPDUAccessRule(const ByteArray &apdu,
  27                 const ByteArray &mask)
  28         {
  29                 pair<ByteArray, ByteArray> item(apdu, mask);
  30
  31                 listFilters.push_back(item);
  32         }
  33
  34         bool AccessRule::isAuthorizedAPDUAccess(const ByteArray &command) const
  35         {
  36                 bool result = false;
  37
  38                 if (command.size() < 4) /* apdu header size */
  39                         return false;
  40
  41                 if (listFilters.size() > 0)
  42                 {
  43                         unsigned int cmd, mask, rule;
  44                         vector<pair<ByteArray, ByteArray> >::const_iterator item;
  45
  46                         cmd = *(unsigned int *)command.getBuffer();
  47                         for (item = listFilters.begin(); item != listFilters.end(); item++)
  48                         {
  49                                 mask = *(unsigned int *)item->second.getBuffer();
  50                                 rule = *(unsigned int *)item->first.getBuffer();
  51
  52                                 if ((cmd & mask) == rule)
  53                                 {
  54                                         result = true;
  55                                         break;
  56                                 }
  57                         }
  58                 }
  59                 else
  60                 {
  61                         /* no filter entry. if permission is true, all access will be granted, if not, all access will be denied */
  62                         result = apduRule;
  63                 }
  64
  65                 return result;
  66         }
  67
  68         bool AccessRule::isAuthorizedNFCAccess(void) const
  69         {
  70                 return nfcRule;
  71         }
  72
  73         AccessRule *AccessCondition::getAccessRule(const ByteArray &certHash)
  74         {
  75                 AccessRule *result = NULL;
  76                 map<ByteArray, AccessRule>::iterator item;
  77
  78                 item = mapRules.find(certHash);
  79                 if (item != mapRules.end()) {
  80                         result = &item->second;
  81                 }
  82
  83                 return result;
  84         }
  85
  86         const AccessRule *AccessCondition::getAccessRule(const ByteArray &certHash) const
  87         {
  88                 const AccessRule *result = NULL;
  89                 map<ByteArray, AccessRule>::const_iterator item;
  90
  91                 item = mapRules.find(certHash);
  92                 if (item != mapRules.end()) {
  93                         result = &item->second;
  94                 }
  95
  96                 return result;
  97         }
  98
  99         void AccessCondition::addAccessRule(const ByteArray &hash)
 100         {
 101                 AccessRule rule;
 102
 103                 pair<ByteArray, AccessRule> item(hash, rule);
 104
 105                 mapRules.insert(item);
 106         }
 107
 108         void AccessCondition::setAccessCondition(bool rule)
 109         {
 110                 AccessRule *result;
 111
 112                 result = getAccessRule(AccessControlList::ALL_DEVICE_APPS);
 113                 if (result == NULL) {
 114                         addAccessRule(AccessControlList::ALL_DEVICE_APPS);
 115                         result = getAccessRule(AccessControlList::ALL_DEVICE_APPS);
 116                         if (result == NULL)
 117                                 return;
 118                 }
 119
 120                 result->setAPDUAccessRule(rule);
 121                 result->setNFCAccessRule(rule);
 122         }
 123
 124         bool AccessCondition::isAuthorizedAccess(const ByteArray &certHash) const
 125         {
 126                 bool result = false;
 127                 const AccessRule *rule = getAccessRule(certHash);
 128
 129                 if (rule != NULL) {
 130                         result = rule->isAuthorizedAccess();
 131                 }
 132
 133                 return result;
 134         }
 135
 136         void AccessCondition::setAPDUAccessRule(const ByteArray &certHash,
 137                 bool rule)
 138         {
 139                 AccessRule *access = getAccessRule(certHash);
 140
 141                 if (access != NULL) {
 142                         access->setAPDUAccessRule(rule);
 143                 }
 144         }
 145
 146         void AccessCondition::addAPDUAccessRule(const ByteArray &certHash,
 147                 const ByteArray &apdu, const ByteArray &mask)
 148         {
 149                 AccessRule *access = getAccessRule(certHash);
 150
 151                 if (access != NULL) {
 152                         access->addAPDUAccessRule(apdu, mask);
 153                 }
 154         }
 155
 156         void AccessCondition::addAPDUAccessRule(const ByteArray &certHash,
 157                 const ByteArray &rule)
 158         {
 159                 if (rule.size() != 8)
 160                         return;
 161
 162                 addAPDUAccessRule(certHash, rule.sub(0, 4), rule.sub(4, 4));
 163         }
 164
 165         void AccessCondition::setNFCAccessRule(const ByteArray &certHash,
 166                         bool rule)
 167         {
 168                 AccessRule *access = getAccessRule(certHash);
 169
 170                 if (access != NULL) {
 171                         access->setNFCAccessRule(rule);
 172                 }
 173         }
 174
 175         bool AccessCondition::isAuthorizedAPDUAccess(const ByteArray &certHash,
 176                 const ByteArray &command) const
 177         {
 178                 bool result = false;
 179                 const AccessRule *rule = getAccessRule(certHash);
 180
 181                 if (rule != NULL) {
 182                         result = rule->isAuthorizedAPDUAccess(command);
 183                 }
 184
 185                 return result;
 186         }
 187
 188         bool AccessCondition::isAuthorizedNFCAccess(const ByteArray &certHash) const
 189         {
 190                 bool result = false;
 191                 const AccessRule *rule = getAccessRule(certHash);
 192
 193                 if (rule != NULL) {
 194                         result = rule->isAuthorizedNFCAccess();
 195                 }
 196
 197                 return result;
 198         }
 199 } /* namespace smartcard_service_api */