2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
16 #include <cynara-client.h>
17 #include <cynara-session.h>
19 #include <klay/audit/logger.h>
20 #include <klay/audit/dlog-sink.h>
22 #include "rmi/secure-erase.h"
23 #include "rmi/internal-encryption.h"
24 #include "rmi/external-encryption.h"
25 #include "rmi/extension-encryption.h"
26 #include "key-manager/key-generator.h"
30 using namespace std::placeholders;
34 const std::string ODE_MANAGER_ADDRESS = "/tmp/.ode.sock";
36 std::unique_ptr<ode::SecureErase> secureErase;
37 std::unique_ptr<ode::InternalEncryption> internalEncryption;
38 std::unique_ptr<ode::ExternalEncryption> externalEncryption;
39 std::unique_ptr<ode::ExtensionEncryption> extensionEncryption;
45 audit::Logger::setBackend(new audit::DlogLogSink());
46 audit::Logger::setTag("ODE");
48 INFO("ODE server starting.");
50 service.reset(new rmi::Service(ODE_MANAGER_ADDRESS));
52 service->setPrivilegeChecker(std::bind(&Server::checkPeerPrivilege, this, _1, _2));
54 service->expose(this, "", (runtime::FileDescriptor)(Server::registerNotificationSubscriber)(std::string));
55 service->expose(this, "", (int)(Server::unregisterNotificationSubscriber)(std::string, int));
57 secureErase.reset(new ode::SecureErase(*this));
58 internalEncryption.reset(new ode::InternalEncryption(*this));
59 externalEncryption.reset(new ode::ExternalEncryption(*this));
60 extensionEncryption.reset(new ode::ExtensionEncryption(*this));
62 ode::KeyGenerator::init();
67 ode::KeyGenerator::cleanup();
72 // Prepare execution environment
76 void Server::terminate()
81 bool Server::checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege)
85 if (privilege.empty()) {
89 if (::cynara_initialize(&p_cynara, NULL) != CYNARA_API_SUCCESS) {
90 ERROR("Failure in cynara API");
94 if (::cynara_check(p_cynara, cred.security.c_str(), "",
95 std::to_string(cred.uid).c_str(),
96 privilege.c_str()) != CYNARA_API_ACCESS_ALLOWED) {
97 ::cynara_finish(p_cynara);
98 ERROR("Access denied: " + cred.security + " : " + privilege);
102 ::cynara_finish(p_cynara);
107 runtime::FileDescriptor Server::registerNotificationSubscriber(const std::string& name)
109 INFO("registerNotificationSubscriber");
111 return runtime::FileDescriptor(service->subscribeNotification(name), true);
114 int Server::unregisterNotificationSubscriber(const std::string& name, int id)
116 return service->unsubscribeNotification(name, id);