Policy update: server side implementation

[platform/core/security/security-manager.git] / src / common / cynara.cpp

diff --git a/src/common/cynara.cpp b/src/common/cynara.cpp
index 030041f..6620708 100644 (file)
--- a/src/common/cynara.cpp
+++ b/src/common/cynara.cpp
@@ -113,7 +113,7 @@ CynaraAdmin::BucketsMap CynaraAdmin::Buckets =
 
 
 CynaraAdminPolicy::CynaraAdminPolicy(const std::string &client, const std::string &user,
-        const std::string &privilege, Operation operation,
+        const std::string &privilege, int operation,
         const std::string &bucket)
 {
     this->client = strdup(client.c_str());
@@ -131,7 +131,7 @@ CynaraAdminPolicy::CynaraAdminPolicy(const std::string &client, const std::strin
                 std::string("Error in CynaraAdminPolicy allocation."));
     }
 
-    this->result = static_cast<int>(operation);
+    this->result = operation;
     this->result_extra = nullptr;
 }
 
@@ -175,6 +175,26 @@ CynaraAdminPolicy::CynaraAdminPolicy(CynaraAdminPolicy &&that)
     that.result_extra = nullptr;
 }
 
+CynaraAdminPolicy& CynaraAdminPolicy::operator=(CynaraAdminPolicy &&that)
+{
+    if (this != &that) {
+        bucket = that.bucket;
+        client = that.client;
+        user = that.user;
+        privilege = that.privilege;
+        result_extra = that.result_extra;
+        result = that.result;
+
+        that.bucket = nullptr;
+        that.client = nullptr;
+        that.user = nullptr;
+        that.privilege = nullptr;
+        that.result_extra = nullptr;
+    };
+
+    return *this;
+}
+
 CynaraAdminPolicy::~CynaraAdminPolicy()
 {
     free(this->bucket);
@@ -205,7 +225,11 @@ static bool checkCynaraError(int result, const std::string &msg)
     }
 }
 
+CynaraAdmin::TypeToDescriptionMap CynaraAdmin::TypeToDescription;
+CynaraAdmin::DescriptionToTypeMap CynaraAdmin::DescriptionToType;
+
 CynaraAdmin::CynaraAdmin()
+    : m_policyDescriptionsInitialized(false)
 {
     checkCynaraError(
         cynara_admin_initialize(&m_CynaraAdmin),
@@ -271,14 +295,14 @@ void CynaraAdmin::UpdateAppPolicy(
             LogDebug("(user = " << user << " label = " << label << ") " <<
                 "removing privilege " << *oldIter);
             policies.push_back(CynaraAdminPolicy(label, user, *oldIter,
-                    CynaraAdminPolicy::Operation::Delete,
+                    static_cast<int>(CynaraAdminPolicy::Operation::Delete),
                     Buckets.at(Bucket::MANIFESTS)));
             ++oldIter;
         } else {
             LogDebug("(user = " << user << " label = " << label << ") " <<
                 "adding privilege " << *newIter);
             policies.push_back(CynaraAdminPolicy(label, user, *newIter,
-                    CynaraAdminPolicy::Operation::Allow,
+                    static_cast<int>(CynaraAdminPolicy::Operation::Allow),
                     Buckets.at(Bucket::MANIFESTS)));
             ++newIter;
         }
@@ -288,7 +312,7 @@ void CynaraAdmin::UpdateAppPolicy(
         LogDebug("(user = " << user << " label = " << label << ") " <<
             "removing privilege " << *oldIter);
         policies.push_back(CynaraAdminPolicy(label, user, *oldIter,
-                    CynaraAdminPolicy::Operation::Delete,
+                    static_cast<int>(CynaraAdminPolicy::Operation::Delete),
                     Buckets.at(Bucket::MANIFESTS)));
     }
 
@@ -296,7 +320,7 @@ void CynaraAdmin::UpdateAppPolicy(
         LogDebug("(user = " << user << " label = " << label << ") " <<
             "adding privilege " << *newIter);
         policies.push_back(CynaraAdminPolicy(label, user, *newIter,
-                    CynaraAdminPolicy::Operation::Allow,
+                    static_cast<int>(CynaraAdminPolicy::Operation::Allow),
                     Buckets.at(Bucket::MANIFESTS)));
     }
 
@@ -380,6 +404,67 @@ void CynaraAdmin::EmptyBucket(const std::string &bucketName, bool recursive, con
             client + ", " + user + ", " + privilege);
 }
 
+void CynaraAdmin::FetchCynaraPolicyDescriptions(bool forceRefresh)
+{
+    struct cynara_admin_policy_descr **descriptions = nullptr;
+
+    if (!forceRefresh && m_policyDescriptionsInitialized)
+        return;
+
+    // fetch
+    checkCynaraError(
+        cynara_admin_list_policies_descriptions(m_CynaraAdmin, &descriptions),
+        "Error while getting list of policies descriptions from Cynara.");
+
+    if (descriptions[0] == nullptr) {
+        LogError("Fetching policies levels descriptions from Cynara returned empty list. "
+                "There should be at least 2 entries - Allow and Deny");
+        return;
+    }
+
+    // reset the state
+    m_policyDescriptionsInitialized = false;
+    DescriptionToType.clear();
+    TypeToDescription.clear();
+
+    // extract strings
+    for (int i = 0; descriptions[i] != nullptr; i++) {
+        std::string descriptionName(descriptions[i]->name);
+
+        DescriptionToType[descriptionName] = descriptions[i]->result;
+        TypeToDescription[descriptions[i]->result] = std::move(descriptionName);
+
+        free(descriptions[i]->name);
+        free(descriptions[i]);
+    }
+
+    free(descriptions);
+
+    m_policyDescriptionsInitialized = true;
+}
+
+void CynaraAdmin::ListPoliciesDescriptions(std::vector<std::string> &policiesDescriptions)
+{
+    FetchCynaraPolicyDescriptions(false);
+
+    for (auto it = TypeToDescription.rbegin(); it != TypeToDescription.rend(); ++it)
+        policiesDescriptions.push_back(it->second);
+}
+
+std::string CynaraAdmin::convertToPolicyDescription(const int policyType, bool forceRefresh)
+{
+    FetchCynaraPolicyDescriptions(forceRefresh);
+
+    return TypeToDescription.at(policyType);
+}
+
+int CynaraAdmin::convertToPolicyType(const std::string &policy, bool forceRefresh)
+{
+    FetchCynaraPolicyDescriptions(forceRefresh);
+
+    return DescriptionToType.at(policy);
+}
+
 Cynara::Cynara()
 {
     checkCynaraError(