2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
16 #include <cynara-client.h>
17 #include <cynara-session.h>
19 #include <klay/audit/dlog-sink.h>
22 #include "rmi/secure-erase.h"
23 #include "rmi/internal-encryption.h"
24 #include "rmi/external-encryption.h"
25 #include "rmi/extension-encryption.h"
26 #include "key-manager/key-generator.h"
30 using namespace std::placeholders;
34 const std::string ODE_MANAGER_ADDRESS = "/tmp/.ode.sock";
36 std::unique_ptr<ode::SecureErase> secureErase;
37 std::unique_ptr<ode::InternalEncryption> internalEncryption;
38 std::unique_ptr<ode::ExternalEncryption> externalEncryption;
39 std::unique_ptr<ode::ExtensionEncryption> extensionEncryption;
40 std::unique_ptr<audit::DlogLogSink> _sink = nullptr;
44 audit::LogSink *SINK = nullptr;
48 _sink.reset(new audit::DlogLogSink("ODE"));
49 SINK = dynamic_cast<audit::LogSink*>((_sink).get());
51 INFO(SINK, "ODE server starting.");
53 service.reset(new rmi::Service(ODE_MANAGER_ADDRESS));
55 service->setPrivilegeChecker(std::bind(&Server::checkPeerPrivilege, this, _1, _2));
57 service->expose(this, "", (runtime::FileDescriptor)(Server::registerNotificationSubscriber)(std::string));
58 service->expose(this, "", (int)(Server::unregisterNotificationSubscriber)(std::string, int));
60 secureErase.reset(new ode::SecureErase(*this));
61 internalEncryption.reset(new ode::InternalEncryption(*this));
62 externalEncryption.reset(new ode::ExternalEncryption(*this));
63 extensionEncryption.reset(new ode::ExtensionEncryption(*this));
65 ode::KeyGenerator::init();
70 ode::KeyGenerator::cleanup();
75 // Prepare execution environment
79 void Server::terminate()
84 bool Server::checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege)
88 if (privilege.empty()) {
92 if (::cynara_initialize(&p_cynara, NULL) != CYNARA_API_SUCCESS) {
93 ERROR(SINK, "Failure in cynara API");
97 if (::cynara_check(p_cynara, cred.security.c_str(), "",
98 std::to_string(cred.uid).c_str(),
99 privilege.c_str()) != CYNARA_API_ACCESS_ALLOWED) {
100 ::cynara_finish(p_cynara);
101 ERROR(SINK, "Access denied: " + cred.security + " : " + privilege);
105 ::cynara_finish(p_cynara);
110 runtime::FileDescriptor Server::registerNotificationSubscriber(const std::string& name)
112 INFO(SINK, "registerNotificationSubscriber");
114 return runtime::FileDescriptor(service->subscribeNotification(name), true);
117 int Server::unregisterNotificationSubscriber(const std::string& name, int id)
119 return service->unsubscribeNotification(name, id);