2 * Copyright (c) 2012, 2013 Samsung Electronics Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 /* standard library header */
20 /* SLP library header */
24 #include "SimpleTLV.h"
25 #include "AccessControlList.h"
26 #include "AccessCondition.h"
28 namespace smartcard_service_api
30 void AccessRule::addAPDUAccessRule(const ByteArray &apdu,
31 const ByteArray &mask)
33 pair<ByteArray, ByteArray> item(apdu, mask);
35 listFilters.push_back(item);
38 bool AccessRule::isAuthorizedAPDUAccess(const ByteArray &command) const
42 if (command.size() < 4) /* apdu header size */
45 if (listFilters.size() > 0)
47 unsigned int cmd, mask, rule;
48 vector<pair<ByteArray, ByteArray> >::const_iterator item;
50 cmd = *(unsigned int *)command.getBuffer();
51 for (item = listFilters.begin(); item != listFilters.end(); item++)
53 mask = *(unsigned int *)item->second.getBuffer();
54 rule = *(unsigned int *)item->first.getBuffer();
56 if ((cmd & mask) == rule)
65 /* no filter entry. if permission is true, all access will be granted, if not, all access will be denied */
72 void AccessRule::printAccessRules() const
74 if (listFilters.size() > 0)
76 vector<pair<ByteArray, ByteArray> >::const_iterator item;
78 _DBG(" +---- Granted APDUs");
80 for (item = listFilters.begin(); item != listFilters.end(); item++)
82 _DBG(" +----- APDU : %s, Mask : %s", item->first.toString().c_str(), item->second.toString().c_str());
87 _DBG(" +---- APDU Access ALLOW : %s", apduRule ? "ALWAYS" : "NEVER");
90 _DBG(" +---- NFC Access ALLOW : %s", nfcRule ? "ALWAYS" : "NEVER");
93 bool AccessRule::isAuthorizedNFCAccess(void) const
98 AccessRule *AccessCondition::getAccessRule(const ByteArray &certHash)
100 AccessRule *result = NULL;
101 map<ByteArray, AccessRule>::iterator item;
103 item = mapRules.find(certHash);
104 if (item != mapRules.end()) {
105 result = &item->second;
111 const AccessRule *AccessCondition::getAccessRule(const ByteArray &certHash) const
113 const AccessRule *result = NULL;
114 map<ByteArray, AccessRule>::const_iterator item;
116 item = mapRules.find(certHash);
117 if (item != mapRules.end()) {
118 result = &item->second;
124 void AccessCondition::addAccessRule(const ByteArray &hash)
128 pair<ByteArray, AccessRule> item(hash, rule);
130 mapRules.insert(item);
133 bool AccessCondition::isAuthorizedAccess(const ByteArray &certHash) const
135 bool result = permission;
136 const AccessRule *rule = getAccessRule(certHash);
145 void AccessCondition::printAccessConditions() const
147 _DBG(" +-- Access Condition");
149 if (mapRules.size() > 0)
151 map<ByteArray, AccessRule>::const_iterator item;
153 for (item = mapRules.begin(); item != mapRules.end(); item++)
155 ByteArray temp = item->first;
157 _DBG(" +--- hash : %s", (temp == AccessControlList::ALL_DEVICE_APPS) ? "All device applications" : temp.toString().c_str());
158 item->second.printAccessRules();
163 _DBG(" +--- permission : %s", permission ? "granted all" : "denied all");
167 void AccessCondition::setAPDUAccessRule(const ByteArray &certHash,
170 AccessRule *access = getAccessRule(certHash);
172 if (access != NULL) {
173 access->setAPDUAccessRule(rule);
177 void AccessCondition::addAPDUAccessRule(const ByteArray &certHash,
178 const ByteArray &apdu, const ByteArray &mask)
180 AccessRule *access = getAccessRule(certHash);
182 if (access != NULL) {
183 access->addAPDUAccessRule(apdu, mask);
187 void AccessCondition::addAPDUAccessRule(const ByteArray &certHash,
188 const ByteArray &rule)
190 if (rule.size() != 8)
193 addAPDUAccessRule(certHash, rule.sub(0, 4), rule.sub(4, 4));
196 void AccessCondition::setNFCAccessRule(const ByteArray &certHash,
199 AccessRule *access = getAccessRule(certHash);
201 if (access != NULL) {
202 access->setNFCAccessRule(rule);
206 bool AccessCondition::isAuthorizedAPDUAccess(const ByteArray &certHash,
207 const ByteArray &command) const
210 const AccessRule *rule = getAccessRule(certHash);
213 result = rule->isAuthorizedAPDUAccess(command);
219 bool AccessCondition::isAuthorizedNFCAccess(const ByteArray &certHash) const
222 const AccessRule *rule = getAccessRule(certHash);
225 result = rule->isAuthorizedNFCAccess();
230 } /* namespace smartcard_service_api */