if (command.size() < 4) /* apdu header size */
return false;
- if (listFilters.size() > 0)
- {
+ if (command.getBuffer() == NULL)
+ return false;
+
+ if (listFilters.size() > 0) {
unsigned int cmd, mask, rule;
vector<pair<ByteArray, ByteArray> >::const_iterator item;
cmd = *(unsigned int *)command.getBuffer();
- for (item = listFilters.begin(); item != listFilters.end(); item++)
- {
- mask = *(unsigned int *)item->second.getBuffer();
- rule = *(unsigned int *)item->first.getBuffer();
+ for (item = listFilters.begin(); item != listFilters.end(); item++) {
+ unsigned int *temp1 = NULL;
+ unsigned int *temp2 = NULL;
+
+ temp1 = (unsigned int *)item->second.getBuffer();
+ temp2 = (unsigned int *)item->first.getBuffer();
+
+ if (temp1 == NULL || temp2 == NULL)
+ continue;
- if ((cmd & mask) == rule)
- {
+ mask = *temp1;
+ rule = *temp2;
+
+ if ((cmd & mask) == rule) {
result = true;
break;
}
}
- }
- else
- {
+ } else {
/* no filter entry. if permission is true, all access will be granted, if not, all access will be denied */
result = apduRule;
}
return result;
}
+ void AccessRule::printAccessRules() const
+ {
+ if (listFilters.size() > 0) {
+ vector<pair<ByteArray, ByteArray> >::const_iterator item;
+
+ _DBG(" +---- Granted APDUs");
+
+ for (item = listFilters.begin(); item != listFilters.end(); item++) {
+ _DBG(" +----- APDU: %s, Mask: %s", item->first.toString().c_str(), item->second.toString().c_str());
+ }
+ } else {
+ _DBG(" +---- APDU Access ALLOW: %s", apduRule ? "ALWAYS": "NEVER");
+ }
+
+ _DBG(" +---- NFC Access ALLOW: %s", nfcRule ? "ALWAYS": "NEVER");
+ }
+
bool AccessRule::isAuthorizedNFCAccess(void) const
{
return nfcRule;
mapRules.insert(item);
}
+ void AccessCondition::setAccessCondition(bool rule)
+ {
+ AccessRule *result;
+
+ result = getAccessRule(AccessControlList::ALL_DEVICE_APPS);
+ if (result == NULL) {
+ addAccessRule(AccessControlList::ALL_DEVICE_APPS);
+ result = getAccessRule(AccessControlList::ALL_DEVICE_APPS);
+ if (result == NULL)
+ return;
+ }
+
+ result->setAPDUAccessRule(rule);
+ result->setNFCAccessRule(rule);
+ }
+
bool AccessCondition::isAuthorizedAccess(const ByteArray &certHash) const
{
- bool result = permission;
+ bool result = false;
const AccessRule *rule = getAccessRule(certHash);
if (rule != NULL) {
- result = true;
+ result = rule->isAuthorizedAccess();
}
return result;
}
+ void AccessCondition::printAccessConditions() const
+ {
+ _DBG(" +-- Access Condition");
+
+ if (mapRules.size() > 0) {
+ map<ByteArray, AccessRule>::const_iterator item;
+
+ for (item = mapRules.begin(); item != mapRules.end(); item++) {
+ ByteArray temp = item->first;
+
+ _DBG(" +--- hash: %s", (temp == AccessControlList::ALL_DEVICE_APPS) ? "All device applications": temp.toString().c_str());
+ item->second.printAccessRules();
+ }
+ } else {
+ _DBG(" +--- no rule found");
+ }
+ }
+
void AccessCondition::setAPDUAccessRule(const ByteArray &certHash,
bool rule)
{