2 * Copyright (c) 2012, 2013 Samsung Electronics Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 /* standard library header */
20 /* SLP library header */
24 #include "SimpleTLV.h"
25 #include "AccessControlList.h"
26 #include "AccessCondition.h"
28 namespace smartcard_service_api
30 void AccessRule::addAPDUAccessRule(const ByteArray &apdu,
31 const ByteArray &mask)
33 pair<ByteArray, ByteArray> item(apdu, mask);
35 listFilters.push_back(item);
38 bool AccessRule::isAuthorizedAPDUAccess(const ByteArray &command) const
42 if (command.size() < 4) /* apdu header size */
45 if (command.getBuffer() == NULL)
48 if (listFilters.size() > 0) {
49 unsigned int cmd, mask, rule;
50 vector<pair<ByteArray, ByteArray> >::const_iterator item;
52 cmd = *(unsigned int *)command.getBuffer();
53 for (item = listFilters.begin(); item != listFilters.end(); item++) {
54 unsigned int *temp1 = NULL;
55 unsigned int *temp2 = NULL;
57 temp1 = (unsigned int *)item->second.getBuffer();
58 temp2 = (unsigned int *)item->first.getBuffer();
60 if (temp1 == NULL || temp2 == NULL)
66 if ((cmd & mask) == rule) {
72 /* no filter entry. if permission is true, all access will be granted, if not, all access will be denied */
79 void AccessRule::printAccessRules() const
81 if (listFilters.size() > 0) {
82 vector<pair<ByteArray, ByteArray> >::const_iterator item;
84 _DBG(" +---- Granted APDUs");
86 for (item = listFilters.begin(); item != listFilters.end(); item++) {
87 _DBG(" +----- APDU: %s, Mask: %s", item->first.toString().c_str(), item->second.toString().c_str());
90 _DBG(" +---- APDU Access ALLOW: %s", apduRule ? "ALWAYS": "NEVER");
93 _DBG(" +---- NFC Access ALLOW: %s", nfcRule ? "ALWAYS": "NEVER");
96 bool AccessRule::isAuthorizedNFCAccess(void) const
101 AccessRule *AccessCondition::getAccessRule(const ByteArray &certHash)
103 AccessRule *result = NULL;
104 map<ByteArray, AccessRule>::iterator item;
106 item = mapRules.find(certHash);
107 if (item != mapRules.end()) {
108 result = &item->second;
114 const AccessRule *AccessCondition::getAccessRule(const ByteArray &certHash) const
116 const AccessRule *result = NULL;
117 map<ByteArray, AccessRule>::const_iterator item;
119 item = mapRules.find(certHash);
120 if (item != mapRules.end()) {
121 result = &item->second;
127 void AccessCondition::addAccessRule(const ByteArray &hash)
131 pair<ByteArray, AccessRule> item(hash, rule);
133 mapRules.insert(item);
136 void AccessCondition::setAccessCondition(bool rule)
140 result = getAccessRule(AccessControlList::ALL_DEVICE_APPS);
141 if (result == NULL) {
142 addAccessRule(AccessControlList::ALL_DEVICE_APPS);
143 result = getAccessRule(AccessControlList::ALL_DEVICE_APPS);
148 result->setAPDUAccessRule(rule);
149 result->setNFCAccessRule(rule);
152 bool AccessCondition::isAuthorizedAccess(const ByteArray &certHash) const
155 const AccessRule *rule = getAccessRule(certHash);
158 result = rule->isAuthorizedAccess();
164 void AccessCondition::printAccessConditions() const
166 _DBG(" +-- Access Condition");
168 if (mapRules.size() > 0) {
169 map<ByteArray, AccessRule>::const_iterator item;
171 for (item = mapRules.begin(); item != mapRules.end(); item++) {
172 ByteArray temp = item->first;
174 _DBG(" +--- hash: %s", (temp == AccessControlList::ALL_DEVICE_APPS) ? "All device applications": temp.toString().c_str());
175 item->second.printAccessRules();
178 _DBG(" +--- no rule found");
182 void AccessCondition::setAPDUAccessRule(const ByteArray &certHash,
185 AccessRule *access = getAccessRule(certHash);
187 if (access != NULL) {
188 access->setAPDUAccessRule(rule);
192 void AccessCondition::addAPDUAccessRule(const ByteArray &certHash,
193 const ByteArray &apdu, const ByteArray &mask)
195 AccessRule *access = getAccessRule(certHash);
197 if (access != NULL) {
198 access->addAPDUAccessRule(apdu, mask);
202 void AccessCondition::addAPDUAccessRule(const ByteArray &certHash,
203 const ByteArray &rule)
205 if (rule.size() != 8)
208 addAPDUAccessRule(certHash, rule.sub(0, 4), rule.sub(4, 4));
211 void AccessCondition::setNFCAccessRule(const ByteArray &certHash,
214 AccessRule *access = getAccessRule(certHash);
216 if (access != NULL) {
217 access->setNFCAccessRule(rule);
221 bool AccessCondition::isAuthorizedAPDUAccess(const ByteArray &certHash,
222 const ByteArray &command) const
225 const AccessRule *rule = getAccessRule(certHash);
228 result = rule->isAuthorizedAPDUAccess(command);
234 bool AccessCondition::isAuthorizedNFCAccess(const ByteArray &certHash) const
237 const AccessRule *rule = getAccessRule(certHash);
240 result = rule->isAuthorizedNFCAccess();
245 } /* namespace smartcard_service_api */