2 * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file src/service/logic/Logic.cpp
18 * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
19 * @author Zofia Abramowska <z.abramowska@samsung.com>
20 * @author Pawel Wieczorek <p.wieczorek2@samsung.com>
22 * @brief This file implements main class of logic layer in cynara service
34 #include <exceptions/BucketNotExistsException.h>
35 #include <exceptions/DatabaseException.h>
36 #include <exceptions/DefaultBucketDeletionException.h>
37 #include <exceptions/DefaultBucketSetNoneException.h>
38 #include <exceptions/InvalidBucketIdException.h>
39 #include <exceptions/PluginErrorException.h>
40 #include <exceptions/PluginNotFoundException.h>
41 #include <exceptions/UnexpectedErrorException.h>
42 #include <exceptions/UnknownPolicyTypeException.h>
43 #include <request/AdminCheckRequest.h>
44 #include <request/AgentActionRequest.h>
45 #include <request/AgentRegisterRequest.h>
46 #include <request/CancelRequest.h>
47 #include <request/CheckRequest.h>
48 #include <request/DescriptionListRequest.h>
49 #include <request/EraseRequest.h>
50 #include <request/InsertOrUpdateBucketRequest.h>
51 #include <request/ListRequest.h>
52 #include <request/RemoveBucketRequest.h>
53 #include <request/RequestContext.h>
54 #include <request/SetPoliciesRequest.h>
55 #include <request/SignalRequest.h>
56 #include <request/SimpleCheckRequest.h>
57 #include <response/AdminCheckResponse.h>
58 #include <response/AgentRegisterResponse.h>
59 #include <response/CancelResponse.h>
60 #include <response/CheckResponse.h>
61 #include <response/CodeResponse.h>
62 #include <response/DescriptionListResponse.h>
63 #include <response/ListResponse.h>
64 #include <response/SimpleCheckResponse.h>
65 #include <types/Policy.h>
67 #include <main/Cynara.h>
68 #include <agent/AgentManager.h>
69 #include <sockets/SocketManager.h>
70 #include <storage/Storage.h>
72 #include <cynara-plugin.h>
74 #include <cynara-agent.h>
80 Logic::Logic() : m_dbCorrupted(false) {
86 void Logic::execute(RequestContextPtr context UNUSED, SignalRequestPtr request) {
87 LOGD("Processing signal: [%d]", request->signalNumber());
89 switch (request->signalNumber()) {
91 LOGI("SIGTERM received!");
92 m_socketManager->mainLoopStop();
97 void Logic::execute(RequestContextPtr context, AdminCheckRequestPtr request) {
99 bool bucketValid = true;
105 result = m_storage->checkPolicy(request->key(), request->startBucket(),
106 request->recursive());
107 } catch (const BucketNotExistsException &ex) {
112 context->returnResponse(context, std::make_shared<AdminCheckResponse>(result, bucketValid,
113 m_dbCorrupted, request->sequenceNumber()));
116 void Logic::execute(RequestContextPtr context, AgentActionRequestPtr request) {
117 AgentTalkerPtr talkerPtr = m_agentManager->getTalker(context->responseQueue(),
118 request->sequenceNumber());
120 LOGD("Received response from agent with invalid request id: [%" PRIu16 "]",
121 request->sequenceNumber());
125 CheckContextPtr checkContextPtr = m_checkRequestManager.getContext(talkerPtr);
126 if (!checkContextPtr) {
127 LOGE("No matching check context for agent talker.");
128 m_agentManager->removeTalker(talkerPtr);
132 if (!checkContextPtr->cancelled()) {
133 PluginData data(request->data().begin(), request->data().end());
134 if (request->type() == CYNARA_MSG_TYPE_CANCEL) {
135 // Nothing to do for now
136 } else if (request->type() == CYNARA_MSG_TYPE_ACTION) {
137 update(checkContextPtr->m_key, checkContextPtr->m_checkId, data,
138 checkContextPtr->m_requestContext, checkContextPtr->m_plugin);
140 LOGE("Invalid response type [%d] in response from agent <%s>",
141 static_cast<int>(request->type()), talkerPtr->agentType().c_str());
142 // TODO: disconnect agent
146 m_agentManager->removeTalker(talkerPtr);
147 m_checkRequestManager.removeRequest(checkContextPtr);
150 void Logic::execute(RequestContextPtr context, AgentRegisterRequestPtr request) {
151 auto result = m_agentManager->registerAgent(request->agentType(), context->responseQueue());
152 context->returnResponse(context, std::make_shared<AgentRegisterResponse>(
153 result, request->sequenceNumber()));
156 void Logic::execute(RequestContextPtr context, CancelRequestPtr request) {
157 CheckContextPtr checkContextPtr = m_checkRequestManager.getContext(context->responseQueue(),
158 request->sequenceNumber());
159 if (!checkContextPtr) {
160 LOGD("Cancel request id: [%" PRIu16 "] with no matching request in progress.",
161 request->sequenceNumber());
165 if (checkContextPtr->cancelled())
168 checkContextPtr->cancel();
169 checkContextPtr->m_agentTalker->cancel();
171 LOGD("Returning response for cancel request id: [%" PRIu16 "].", request->sequenceNumber());
172 context->returnResponse(context, std::make_shared<CancelResponse>(request->sequenceNumber()));
175 void Logic::execute(RequestContextPtr context, CheckRequestPtr request) {
176 PolicyResult result(PredefinedPolicyType::DENY);
177 if (check(context, request->key(), request->sequenceNumber(), result)) {
178 m_auditLog.log(request->key(), result);
179 context->returnResponse(context, std::make_shared<CheckResponse>(result,
180 request->sequenceNumber()));
184 bool Logic::check(const RequestContextPtr &context, const PolicyKey &key,
185 ProtocolFrameSequenceNumber checkId, PolicyResult &result) {
187 if (m_checkRequestManager.getContext(context->responseQueue(), checkId)) {
188 LOGE("Check request for checkId: [%" PRIu16 "] is already processing", checkId);
192 result = (m_dbCorrupted ? PredefinedPolicyType::DENY : m_storage->checkPolicy(key));
194 switch (result.policyType()) {
195 case PredefinedPolicyType::ALLOW :
196 LOGD("check of policy key <%s> returned ALLOW", key.toString().c_str());
198 case PredefinedPolicyType::DENY :
199 LOGD("check of policy key <%s> returned DENY", key.toString().c_str());
203 return pluginCheck(context, key, checkId, result);
206 bool Logic::pluginCheck(const RequestContextPtr &context, const PolicyKey &key,
207 ProtocolFrameSequenceNumber checkId, PolicyResult &result) {
209 LOGD("Trying to check policy: <%s> in plugin.", key.toString().c_str());
211 ExternalPluginPtr plugin = m_pluginManager->getPlugin(result.policyType());
213 LOGE("Plugin not found for policy: [0x%x]", result.policyType());
214 result = PolicyResult(PredefinedPolicyType::DENY);
218 ServicePluginInterfacePtr servicePlugin =
219 std::dynamic_pointer_cast<ServicePluginInterface>(plugin);
220 if (!servicePlugin) {
221 result = PolicyResult(PredefinedPolicyType::DENY);
225 AgentType requiredAgent;
226 PluginData pluginData;
228 auto ret = servicePlugin->check(key.client().toString(), key.user().toString(),
229 key.privilege().toString(), result, requiredAgent, pluginData);
232 case ServicePluginInterface::PluginStatus::ANSWER_READY:
234 case ServicePluginInterface::PluginStatus::ANSWER_NOTREADY: {
235 result = PolicyResult(PredefinedPolicyType::DENY);
236 AgentTalkerPtr agentTalker = m_agentManager->createTalker(requiredAgent);
238 LOGE("Required agent talker for: <%s> could not be created.",
239 requiredAgent.c_str());
243 if (!m_checkRequestManager.createContext(key, context, checkId, servicePlugin,
245 LOGE("Check context for checkId: [%" PRIu16 "] could not be created.",
247 m_agentManager->removeTalker(agentTalker);
250 agentTalker->send(pluginData);
254 result = PolicyResult(PredefinedPolicyType::DENY);
259 bool Logic::update(const PolicyKey &key, ProtocolFrameSequenceNumber checkId,
260 const PluginData &agentData, const RequestContextPtr &context,
261 const ServicePluginInterfacePtr &plugin) {
263 LOGD("Check update: <%s>:[%" PRIu16 "]", key.toString().c_str(), checkId);
266 bool answerReady = false;
267 auto ret = plugin->update(key.client().toString(), key.user().toString(),
268 key.privilege().toString(), agentData, result);
270 case ServicePluginInterface::PluginStatus::SUCCESS:
273 case ServicePluginInterface::PluginStatus::ERROR:
274 result = PolicyResult(PredefinedPolicyType::DENY);
278 throw PluginErrorException(key);
281 if (answerReady && context->responseQueue()) {
282 m_auditLog.log(key, result);
283 context->returnResponse(context, std::make_shared<CheckResponse>(result, checkId));
290 void Logic::execute(RequestContextPtr context, DescriptionListRequestPtr request) {
291 auto descriptions = m_pluginManager->getPolicyDescriptions();
292 descriptions.insert(descriptions.begin(), predefinedPolicyDescr.begin(),
293 predefinedPolicyDescr.end());
294 context->returnResponse(context, std::make_shared<DescriptionListResponse>(descriptions,
295 m_dbCorrupted, request->sequenceNumber()));
298 void Logic::execute(RequestContextPtr context, EraseRequestPtr request) {
299 auto code = CodeResponse::Code::OK;
302 code = CodeResponse::Code::DB_CORRUPTED;
305 m_storage->erasePolicies(request->startBucket(), request->recursive(), request->filter());
307 } catch (const DatabaseException &ex) {
308 code = CodeResponse::Code::FAILED;
309 } catch (const BucketNotExistsException &ex) {
310 code = CodeResponse::Code::NO_BUCKET;
314 context->returnResponse(context, std::make_shared<CodeResponse>(code,
315 request->sequenceNumber()));
318 void Logic::execute(RequestContextPtr context, InsertOrUpdateBucketRequestPtr request) {
319 auto code = CodeResponse::Code::OK;
322 code = CodeResponse::Code::DB_CORRUPTED;
325 checkSinglePolicyType(request->result().policyType(), true, true);
326 m_storage->addOrUpdateBucket(request->bucketId(), request->result());
328 } catch (const DatabaseException &ex) {
329 code = CodeResponse::Code::FAILED;
330 } catch (const DefaultBucketSetNoneException &ex) {
331 code = CodeResponse::Code::NOT_ALLOWED;
332 } catch (const InvalidBucketIdException &ex) {
333 code = CodeResponse::Code::NOT_ALLOWED;
334 } catch (const UnknownPolicyTypeException &ex) {
335 code = CodeResponse::Code::NO_POLICY_TYPE;
339 context->returnResponse(context, std::make_shared<CodeResponse>(code,
340 request->sequenceNumber()));
343 void Logic::execute(RequestContextPtr context, ListRequestPtr request) {
344 bool bucketValid = true;
345 std::vector<Policy> policies;
351 policies = m_storage->listPolicies(request->bucket(), request->filter());
352 } catch (const BucketNotExistsException &ex) {
357 context->returnResponse(context, std::make_shared<ListResponse>(policies, bucketValid,
358 m_dbCorrupted, request->sequenceNumber()));
361 void Logic::execute(RequestContextPtr context, RemoveBucketRequestPtr request) {
362 auto code = CodeResponse::Code::OK;
365 code = CodeResponse::Code::DB_CORRUPTED;
368 m_storage->deleteBucket(request->bucketId());
370 } catch (const DatabaseException &ex) {
371 code = CodeResponse::Code::FAILED;
372 } catch (const BucketNotExistsException &ex) {
373 code = CodeResponse::Code::NO_BUCKET;
374 } catch (const DefaultBucketDeletionException &ex) {
375 code = CodeResponse::Code::NOT_ALLOWED;
379 context->returnResponse(context, std::make_shared<CodeResponse>(code,
380 request->sequenceNumber()));
383 void Logic::execute(RequestContextPtr context, SetPoliciesRequestPtr request) {
384 auto code = CodeResponse::Code::OK;
387 code = CodeResponse::Code::DB_CORRUPTED;
390 checkPoliciesTypes(request->policiesToBeInsertedOrUpdated(), true, false);
391 m_storage->insertPolicies(request->policiesToBeInsertedOrUpdated());
392 m_storage->deletePolicies(request->policiesToBeRemoved());
394 } catch (const DatabaseException &ex) {
395 code = CodeResponse::Code::FAILED;
396 } catch (const BucketNotExistsException &ex) {
397 code = CodeResponse::Code::NO_BUCKET;
398 } catch (const UnknownPolicyTypeException &ex) {
399 code = CodeResponse::Code::NO_POLICY_TYPE;
403 context->returnResponse(context, std::make_shared<CodeResponse>(code,
404 request->sequenceNumber()));
407 void Logic::execute(RequestContextPtr context, SimpleCheckRequestPtr request) {
408 int retValue = CYNARA_API_SUCCESS;
410 PolicyKey key = request->key();
411 result = m_storage->checkPolicy(key);
413 switch (result.policyType()) {
414 case PredefinedPolicyType::ALLOW:
415 LOGD("simple check of policy key <%s> returned ALLOW", key.toString().c_str());
417 case PredefinedPolicyType::DENY:
418 LOGD("simple check of policy key <%s> returned DENY", key.toString().c_str());
421 ExternalPluginPtr plugin = m_pluginManager->getPlugin(result.policyType());
423 LOGE("Plugin not found for policy: [0x%x]", result.policyType());
424 result = PolicyResult(PredefinedPolicyType::DENY);
425 retValue = CYNARA_API_SUCCESS;
429 ServicePluginInterfacePtr servicePlugin =
430 std::dynamic_pointer_cast<ServicePluginInterface>(plugin);
431 if (!servicePlugin) {
432 LOGE("Couldn't cast plugin pointer to ServicePluginInterface");
433 result = PolicyResult(PredefinedPolicyType::DENY);
434 retValue = CYNARA_API_SUCCESS;
438 AgentType requiredAgent;
439 PluginData pluginData;
440 auto ret = servicePlugin->check(key.client().toString(), key.user().toString(),
441 key.privilege().toString(), result, requiredAgent,
444 case ServicePluginInterface::PluginStatus::ANSWER_READY:
445 LOGD("simple check of policy key <%s> in plugin returned [" PRIu16 "]",
446 key.toString().c_str(), result.policyType());
448 case ServicePluginInterface::PluginStatus::ANSWER_NOTREADY:
449 retValue = CYNARA_API_ACCESS_NOT_RESOLVED;
452 result = PolicyResult(PredefinedPolicyType::DENY);
453 retValue = CYNARA_API_SUCCESS;
457 m_auditLog.log(request->key(), result);
458 context->returnResponse(context, std::make_shared<SimpleCheckResponse>(retValue, result,
459 request->sequenceNumber()));
462 void Logic::checkPoliciesTypes(const std::map<PolicyBucketId, std::vector<Policy>> &policies,
463 bool allowBucket, bool allowNone) {
464 for (const auto &group : policies) {
465 for (const auto &policy : group.second) {
466 checkSinglePolicyType(policy.result().policyType(), allowBucket, allowNone);
471 void Logic::checkSinglePolicyType(const PolicyType &policyType, bool allowBucket, bool allowNone) {
472 if (allowBucket && policyType == PredefinedPolicyType::BUCKET)
474 if (allowNone && policyType == PredefinedPolicyType::NONE)
476 for (const auto &descr : predefinedPolicyDescr) {
477 if (descr.type == policyType)
480 m_pluginManager->checkPolicyType(policyType);
483 void Logic::contextClosed(RequestContextPtr context) {
484 LOGD("context closed");
486 LinkId linkId = context->responseQueue();
488 m_agentManager->cleanupAgent(linkId, [&](const AgentTalkerPtr &talker) -> void {
489 handleAgentTalkerDisconnection(talker); });
491 m_checkRequestManager.cancelRequests(linkId,
492 [&](const CheckContextPtr &checkContextPtr) -> void {
493 handleClientDisconnection(checkContextPtr); });
496 void Logic::onPoliciesChanged(void) {
498 m_socketManager->disconnectAllClients();
499 m_pluginManager->invalidateAll();
500 //todo remove all saved contexts (if there will be any saved contexts)
503 void Logic::handleAgentTalkerDisconnection(const AgentTalkerPtr &agentTalkerPtr) {
504 CheckContextPtr checkContextPtr = m_checkRequestManager.getContext(agentTalkerPtr);
505 if (checkContextPtr == nullptr) {
506 LOGE("No matching check context for agent talker.");
510 if (!checkContextPtr->cancelled() && checkContextPtr->m_requestContext->responseQueue()) {
511 PolicyResult result(PredefinedPolicyType::DENY);
512 m_auditLog.log(checkContextPtr->m_key, result);
513 checkContextPtr->m_requestContext->returnResponse(checkContextPtr->m_requestContext,
514 std::make_shared<CheckResponse>(result, checkContextPtr->m_checkId));
517 m_checkRequestManager.removeRequest(checkContextPtr);
520 void Logic::handleClientDisconnection(const CheckContextPtr &checkContextPtr) {
521 LOGD("Handle client disconnection");
523 if (!checkContextPtr->cancelled()) {
524 checkContextPtr->cancel();
525 checkContextPtr->m_agentTalker->cancel();
529 } // namespace Cynara
projects / platform / core / security / cynara.git / blob