1 //******************************************************************
3 // Copyright 2015 Intel Mobile Communications GmbH All Rights Reserved.
5 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
7 // Licensed under the Apache License, Version 2.0 (the "License");
8 // you may not use this file except in compliance with the License.
9 // You may obtain a copy of the License at
11 // http://www.apache.org/licenses/LICENSE-2.0
13 // Unless required by applicable law or agreed to in writing, software
14 // distributed under the License is distributed on an "AS IS" BASIS,
15 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 // See the License for the specific language governing permissions and
17 // limitations under the License.
19 //-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
23 #include "oic_malloc.h"
24 #include "policyengine.h"
26 #include "resourcemanager.h"
27 #include "securevirtualresourcetypes.h"
28 #include "srmresourcestrings.h"
30 #include "aclresource.h"
31 #include "srmutility.h"
32 #include "doxmresource.h"
33 #include "iotvticalendar.h"
34 #include "pstatresource.h"
35 #include "dpairingresource.h"
36 #include "pconfresource.h"
37 #include "amaclresource.h"
38 #include "credresource.h"
40 #define TAG "OIC_SRM_PE"
42 uint16_t GetPermissionFromCAMethod_t(const CAMethod_t method)
48 perm = (uint16_t)PERMISSION_READ;
50 case CA_POST: // Treat all POST as Write (Update) because
51 // we don't know if resource exists yet.
52 // This will be addressed in IoTivity impl of OCF 1.0
53 perm = (uint16_t)PERMISSION_WRITE;
55 case CA_PUT: // Per convention, OIC/OCF uses PUT only for Create,
57 perm = (uint16_t)PERMISSION_CREATE;
60 perm = (uint16_t)PERMISSION_DELETE;
62 default: // if not recognized, must assume requesting full control
63 perm = (uint16_t)PERMISSION_FULL_CONTROL;
70 * Compares two OicUuid_t structs.
72 * @return true if the two OicUuid_t structs are equal, else false.
74 static bool UuidCmp(OicUuid_t *firstId, OicUuid_t *secondId)
76 // TODO use VERIFY macros to check for null when they are merged.
77 if(NULL == firstId || NULL == secondId)
81 // Check empty uuid string
82 if('\0' == firstId->id[0] || '\0' == secondId->id[0])
86 for(int i = 0; i < UUID_LENGTH; i++)
88 if(firstId->id[i] != secondId->id[i])
96 void SetPolicyEngineState(PEContext_t *context, const PEState_t state)
103 // Clear stateful context variables.
104 memset(&context->subject, 0, sizeof(context->subject));
105 memset(&context->resource, 0, sizeof(context->resource));
106 context->permission = 0x0;
107 context->amsProcessing = false;
108 context->retVal = ACCESS_DENIED_POLICY_ENGINE_ERROR;
110 if (context->amsMgrContext)
112 if (context->amsMgrContext->requestInfo)
114 FreeCARequestInfo(context->amsMgrContext->requestInfo);
116 OICFree(context->amsMgrContext->endpoint);
117 memset(context->amsMgrContext, 0, sizeof(AmsMgrContext_t));
121 context->state = state;
125 * Compare the request's subject to DevOwner.
127 * @return true if context->subjectId == GetDoxmDevOwner(), else false.
129 static bool IsRequestFromDevOwner(PEContext_t *context)
139 if(OC_STACK_OK == GetDoxmDevOwnerId(&ownerid))
141 retVal = UuidCmp(&context->subject, &ownerid);
145 // TODO: Added as workaround for CTT
146 OicSecDoxm_t* doxm = (OicSecDoxm_t*) GetDoxmResourceData();
149 retVal = UuidCmp(&doxm->owner, &context->subject);
155 #ifdef MULTIPLE_OWNER
157 * Compare the request's subject to SubOwner.
159 * @return true if context->subjectId exist subowner list, else false.
161 static bool IsRequestFromSubOwner(PEContext_t *context)
170 if(IsSubOwner(&context->subject))
177 OIC_LOG(INFO, TAG, "PE.IsRequestFromSubOwner(): returning true");
181 OIC_LOG(INFO, TAG, "PE.IsRequestFromSubOwner(): returning false");
189 * Verify the SubOwner's request.
191 * @return true if request is valid, else false.
193 static bool IsValidRequestFromSubOwner(PEContext_t *context)
195 bool isValidRequest = false;
199 return isValidRequest;
202 switch(context->resourceType)
204 case OIC_R_DOXM_TYPE:
205 //SubOwner has READ permission only for DOXM
206 if(PERMISSION_READ == context->permission)
208 isValidRequest = true;
211 case OIC_R_PSTAT_TYPE:
212 //SubOwner has full permsion for PSTAT except RESET
213 isValidRequest = IsValidPstatAccessForSubOwner(context->payload, context->payloadSize);
215 case OIC_R_CRED_TYPE:
216 //SubOwner can only access the credential which is registered as the eowner.
217 isValidRequest = IsValidCredentialAccessForSubOwner(&context->subject, context->payload, context->payloadSize);
220 //SubOwner can only access the ACL which is registered as the eowner.
221 isValidRequest = IsValidAclAccessForSubOwner(&context->subject, context->payload, context->payloadSize);
224 //SubOwner has full permission for all resource except the security resource
225 isValidRequest = true;
231 OIC_LOG(INFO, TAG, "PE.IsValidRequestFromSubOwner(): returning true");
235 OIC_LOG(INFO, TAG, "PE.IsValidRequestFromSubOwner(): returning false");
238 return isValidRequest;
240 #endif //MULTIPLE_OWNER
243 // TODO - remove these function placeholders as they are implemented
244 // in the resource entity handler code.
245 // Note that because many SVRs do not have a rowner, in those cases we
246 // just return "OC_STACK_ERROR" which results in a "false" return by
247 // IsRequestFromResourceOwner().
248 // As these SVRs are revised to have a rowner, these functions should be
249 // replaced (see pstatresource.c for example of GetPstatRownerId).
251 OCStackResult GetCrlRownerId(OicUuid_t *rowner)
255 return OC_STACK_ERROR;
258 OCStackResult GetSaclRownerId(OicUuid_t *rowner)
262 return OC_STACK_ERROR;
265 static GetSvrRownerId_t GetSvrRownerId[OIC_SEC_SVR_TYPE_COUNT] = {
278 * Compare the request's subject to resource.ROwner.
280 * @return true if context->subjectId equals SVR rowner id, else return false
282 bool IsRequestFromResourceOwner(PEContext_t *context)
285 OicUuid_t resourceOwner;
292 if((OIC_R_ACL_TYPE <= context->resourceType) && \
293 (OIC_SEC_SVR_TYPE_COUNT > context->resourceType))
295 if(OC_STACK_OK == GetSvrRownerId[(int)context->resourceType](&resourceOwner))
297 retVal = UuidCmp(&context->subject, &resourceOwner);
303 OIC_LOG(INFO, TAG, "PE.IsRequestFromResourceOwner(): returning true");
307 OIC_LOG(INFO, TAG, "PE.IsRequestFromResourceOwner(): returning false");
313 INLINE_API bool IsRequestSubjectEmpty(PEContext_t *context)
315 OicUuid_t emptySubject = {.id={0}};
322 return (memcmp(&context->subject, &emptySubject, sizeof(OicUuid_t)) == 0) ?
327 * Bitwise check to see if 'permission' contains 'request'.
329 * @param permission is the allowed CRUDN permission.
330 * @param request is the CRUDN permission being requested.
332 * @return true if 'permission' bits include all 'request' bits.
334 INLINE_API bool IsPermissionAllowingRequest(const uint16_t permission,
335 const uint16_t request)
337 if (request == (request & permission))
348 * Compare the passed subject to the wildcard (aka anonymous) subjectId.
350 * @return true if 'subject' is the wildcard, false if it is not.
352 INLINE_API bool IsWildCardSubject(OicUuid_t *subject)
359 // Because always comparing to string literal, use strcmp()
360 if(0 == memcmp(subject, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)))
371 * Copy the subject, resource and permission into the context fields.
373 static void CopyParamsToContext(PEContext_t *context,
374 const OicUuid_t *subjectId,
375 const char *resource,
376 const uint16_t requestedPermission)
380 if (NULL == context || NULL == subjectId || NULL == resource)
385 memcpy(&context->subject, subjectId, sizeof(OicUuid_t));
387 // Copy the resource string into context.
388 length = sizeof(context->resource) - 1;
389 strncpy(context->resource, resource, length);
390 context->resource[length] = '\0';
393 // Assign the permission field.
394 context->permission = requestedPermission;
398 * Check whether 'resource' is getting accessed within the valid time period.
400 * @param acl is the ACL to check.
402 * @return true if access is within valid time period or if the period or recurrence is not present.
403 * false if period and recurrence present and the access is not within valid time period.
405 static bool IsAccessWithinValidTime(const OicSecAce_t *ace)
407 #ifndef WITH_ARDUINO //Period & Recurrence not supported on Arduino due
408 //lack of absolute time
409 if (NULL== ace || NULL == ace->validities)
414 //periods & recurrences rules are paired.
415 if (NULL == ace->validities->recurrences)
420 OicSecValidity_t* validity = NULL;
421 LL_FOREACH(ace->validities, validity)
423 for(size_t i = 0; i < validity->recurrenceLen; i++)
425 if (IOTVTICAL_VALID_ACCESS == IsRequestWithinValidTime(validity->period,
426 validity->recurrences[i]))
428 OIC_LOG(INFO, TAG, "Access request is in allowed time period");
433 OIC_LOG(ERROR, TAG, "Access request is in invalid time period");
442 * Check whether 'resource' is in the passed ACE.
444 * @param resource is the resource being searched.
445 * @param ace is the ACE to check.
447 * @return true if 'resource' found, otherwise false.
449 static bool IsResourceInAce(const char *resource, const OicSecAce_t *ace)
451 if (NULL== ace || NULL == resource)
456 OicSecRsrc_t* rsrc = NULL;
457 LL_FOREACH(ace->resources, rsrc)
459 if (0 == strcmp(resource, rsrc->href) || // TODO null terms?
460 0 == strcmp(WILDCARD_RESOURCE_URI, rsrc->href))
470 * Find ACLs containing context->subject.
471 * Search each ACL for requested resource.
472 * If resource found, check for context->permission and period validity.
473 * If the ACL is not found locally and AMACL for the resource is found
474 * then sends the request to AMS service for the ACL.
475 * Set context->retVal to result from first ACL found which contains
476 * correct subject AND resource.
478 static void ProcessAccessRequest(PEContext_t *context)
480 OIC_LOG(DEBUG, TAG, "Entering ProcessAccessRequest()");
483 const OicSecAce_t *currentAce = NULL;
484 OicSecAce_t *savePtr = NULL;
486 // Start out assuming subject not found.
487 context->retVal = ACCESS_DENIED_SUBJECT_NOT_FOUND;
489 char *strUuid = NULL;
490 if (OC_STACK_OK == ConvertUuidToStr(&context->subject, &strUuid))
492 OIC_LOG_V(DEBUG, TAG, "%s: subject : %s" ,__func__, strUuid);
497 OIC_LOG(ERROR, TAG, "Can't convert subject uuid to string");
500 // Loop through all ACLs with a matching Subject searching for the right
501 // ACL for this request.
504 OIC_LOG_V(DEBUG, TAG, "%s: getting ACE..." ,__func__);
505 currentAce = GetACLResourceData(&context->subject, &savePtr);
507 if (NULL != currentAce)
509 // Found the subject, so how about resource?
510 OIC_LOG_V(DEBUG, TAG, "%s:found ACE matching subject" ,__func__);
512 // Subject was found, so err changes to Rsrc not found for now.
513 context->retVal = ACCESS_DENIED_RESOURCE_NOT_FOUND;
514 OIC_LOG_V(DEBUG, TAG, "%s:Searching for resource..." ,__func__);
515 if (IsResourceInAce(context->resource, currentAce))
517 OIC_LOG_V(INFO, TAG, "%s:found matching resource in ACE" ,__func__);
519 // Found the resource, so it's down to valid period & permission.
520 context->retVal = ACCESS_DENIED_INVALID_PERIOD;
521 if (IsAccessWithinValidTime(currentAce))
523 context->retVal = ACCESS_DENIED_INSUFFICIENT_PERMISSION;
524 if (IsPermissionAllowingRequest(currentAce->permission, context->permission))
526 context->retVal = ACCESS_GRANTED;
533 OIC_LOG_V(INFO, TAG, "%s:no ACL found matching subject for resource %s",__func__, context->resource);
535 } while ((NULL != currentAce) && (ACCESS_GRANTED != context->retVal));
537 if (IsAccessGranted(context->retVal))
539 OIC_LOG_V(INFO, TAG, "%s:Leaving ProcessAccessRequest(ACCESS_GRANTED)", __func__);
543 OIC_LOG_V(INFO, TAG, "%s:Leaving ProcessAccessRequest(ACCESS_DENIED)", __func__);
548 OIC_LOG_V(ERROR, TAG, "%s:Leaving ProcessAccessRequest(context is NULL)", __func__);
552 SRMAccessResponse_t CheckPermission(PEContext_t *context,
553 const OicUuid_t *subjectId,
554 const char *resource,
555 const uint16_t requestedPermission)
557 SRMAccessResponse_t retVal = ACCESS_DENIED_POLICY_ENGINE_ERROR;
559 VERIFY_NON_NULL(TAG, context, ERROR);
560 VERIFY_NON_NULL(TAG, subjectId, ERROR);
561 VERIFY_NON_NULL(TAG, resource, ERROR);
563 // Each state machine context can only be processing one request at a time.
564 // Therefore if the context is not in AWAITING_REQUEST or AWAITING_AMS_RESPONSE
565 // state, return error. Otherwise, change to BUSY state and begin processing request.
566 if (AWAITING_REQUEST == context->state || AWAITING_AMS_RESPONSE == context->state)
568 if (AWAITING_REQUEST == context->state)
570 SetPolicyEngineState(context, BUSY);
571 CopyParamsToContext(context, subjectId, resource, requestedPermission);
574 // Before doing any ACL processing, check if request a) coming
575 // from DevOwner AND b) the device is in Ready for OTM or Reset state
576 // (which in IoTivity is equivalent to isOp == false && owned == false)
577 // AND c) the request is for a SVR resource.
578 // If all 3 conditions are met, grant request.
579 bool isDeviceOwned = true; // default to value that will not grant access
580 if (OC_STACK_OK != GetDoxmIsOwned(&isDeviceOwned)) // if runtime error, don't grant
582 context->retVal = ACCESS_DENIED_POLICY_ENGINE_ERROR;
584 // If we were able to get the value of doxm->isOwned, proceed with
585 // test for implicit access...
586 else if (IsRequestFromDevOwner(context) // if from DevOwner
587 && (GetPstatIsop() == false) // AND if pstat->isOp == false
588 && (isDeviceOwned == false) // AND if doxm->isOwned == false
589 && (context->resourceType != NOT_A_SVR_RESOURCE)) // AND if SVR type
591 context->retVal = ACCESS_GRANTED;
593 // If not granted via DevOwner status and not a subowner,
594 // then check if request is for a SVR and coming from rowner
595 else if (IsRequestFromResourceOwner(context))
597 context->retVal = ACCESS_GRANTED;
599 #ifdef MULTIPLE_OWNER
600 //Then check if request from SubOwner
601 else if(IsRequestFromSubOwner(context))
603 if(IsValidRequestFromSubOwner(context))
605 context->retVal = ACCESS_GRANTED;
608 #endif //MULTIPLE_OWNER
609 // Else request is a "normal" request that must be tested against ACL
612 OicUuid_t saveSubject = {.id={0}};
613 bool isSubEmpty = IsRequestSubjectEmpty(context);
615 ProcessAccessRequest(context);
617 // If access not already granted, and requested subject != wildcard,
618 // try looking for a wildcard ACE that grants access.
619 if ((ACCESS_GRANTED != context->retVal) && \
620 (false == IsWildCardSubject(&context->subject)))
622 //Saving subject for Amacl check
623 memcpy(&saveSubject, &context->subject,sizeof(OicUuid_t));
625 //Setting context subject to WILDCARD_SUBJECT_ID
626 //TODO: change ProcessAccessRequest method signature to
627 //ProcessAccessRequest(context, subject) so that context
628 //subject is not tempered.
629 memset(&context->subject, 0, sizeof(context->subject));
630 memcpy(&context->subject, &WILDCARD_SUBJECT_ID,sizeof(OicUuid_t));
631 ProcessAccessRequest(context); // TODO anonymous subj can result
632 // in confusing err code return.
635 //No local ACE found for the request so checking Amacl resource
636 if (ACCESS_GRANTED != context->retVal)
638 //If subject is not empty then restore the original subject
639 //else keep the subject to WILDCARD_SUBJECT_ID
642 memcpy(&context->subject, &saveSubject, sizeof(OicUuid_t));
645 //FoundAmaclForRequest method checks for Amacl and fills up
646 //context->amsMgrContext->amsDeviceId with the AMS deviceId
647 //if Amacl was found for the requested resource.
648 if(FoundAmaclForRequest(context))
650 ProcessAMSRequest(context);
657 context->retVal = ACCESS_DENIED_POLICY_ENGINE_ERROR;
660 // Capture retVal before resetting state for next request.
661 retVal = context->retVal;
663 if (!context->amsProcessing)
665 OIC_LOG(INFO, TAG, "Resetting PE context and PE State to AWAITING_REQUEST");
666 SetPolicyEngineState(context, AWAITING_REQUEST);
673 OCStackResult InitPolicyEngine(PEContext_t *context)
677 return OC_STACK_ERROR;
680 context->amsMgrContext = (AmsMgrContext_t *)OICCalloc(1, sizeof(AmsMgrContext_t));
681 if(NULL == context->amsMgrContext)
683 return OC_STACK_ERROR;
686 SetPolicyEngineState(context, AWAITING_REQUEST);
690 void DeInitPolicyEngine(PEContext_t *context)
694 SetPolicyEngineState(context, STOPPED);
695 OICFree(context->amsMgrContext);