projects / platform / core / security / security-manager.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Policy update: server side implementation
[platform/core/security/security-manager.git] / src / common / cynara.cpp
diff --git a/src/common/cynara.cpp b/src/common/cynara.cpp
index c29f426..6620708 100644 (file)
--- a/src/common/cynara.cpp
+++ b/src/common/cynara.cpp
@@ -113,7 +113,7 @@ CynaraAdmin::BucketsMap CynaraAdmin::Buckets =
 
 
 CynaraAdminPolicy::CynaraAdminPolicy(const std::string &client, const std::string &user,
-        const std::string &privilege, Operation operation,
+        const std::string &privilege, int operation,
         const std::string &bucket)
 {
     this->client = strdup(client.c_str());
@@ -131,7 +131,7 @@ CynaraAdminPolicy::CynaraAdminPolicy(const std::string &client, const std::strin
                 std::string("Error in CynaraAdminPolicy allocation."));
     }
 
-    this->result = static_cast<int>(operation);
+    this->result = operation;
     this->result_extra = nullptr;
 }
 
@@ -175,6 +175,26 @@ CynaraAdminPolicy::CynaraAdminPolicy(CynaraAdminPolicy &&that)
     that.result_extra = nullptr;
 }
 
+CynaraAdminPolicy& CynaraAdminPolicy::operator=(CynaraAdminPolicy &&that)
+{
+    if (this != &that) {
+        bucket = that.bucket;
+        client = that.client;
+        user = that.user;
+        privilege = that.privilege;
+        result_extra = that.result_extra;
+        result = that.result;
+
+        that.bucket = nullptr;
+        that.client = nullptr;
+        that.user = nullptr;
+        that.privilege = nullptr;
+        that.result_extra = nullptr;
+    };
+
+    return *this;
+}
+
 CynaraAdminPolicy::~CynaraAdminPolicy()
 {
     free(this->bucket);
@@ -198,12 +218,18 @@ static bool checkCynaraError(int result, const std::string &msg)
             ThrowMsg(CynaraException::InvalidParam, msg);
         case CYNARA_API_SERVICE_NOT_AVAILABLE:
             ThrowMsg(CynaraException::ServiceNotAvailable, msg);
+        case CYNARA_API_BUCKET_NOT_FOUND:
+            ThrowMsg(CynaraException::BucketNotFound, msg);
         default:
             ThrowMsg(CynaraException::UnknownError, msg);
     }
 }
 
+CynaraAdmin::TypeToDescriptionMap CynaraAdmin::TypeToDescription;
+CynaraAdmin::DescriptionToTypeMap CynaraAdmin::DescriptionToType;
+
 CynaraAdmin::CynaraAdmin()
+    : m_policyDescriptionsInitialized(false)
 {
     checkCynaraError(
         cynara_admin_initialize(&m_CynaraAdmin),
@@ -269,14 +295,14 @@ void CynaraAdmin::UpdateAppPolicy(
             LogDebug("(user = " << user << " label = " << label << ") " <<
                 "removing privilege " << *oldIter);
             policies.push_back(CynaraAdminPolicy(label, user, *oldIter,
-                    CynaraAdminPolicy::Operation::Delete,
+                    static_cast<int>(CynaraAdminPolicy::Operation::Delete),
                     Buckets.at(Bucket::MANIFESTS)));
             ++oldIter;
         } else {
             LogDebug("(user = " << user << " label = " << label << ") " <<
                 "adding privilege " << *newIter);
             policies.push_back(CynaraAdminPolicy(label, user, *newIter,
-                    CynaraAdminPolicy::Operation::Allow,
+                    static_cast<int>(CynaraAdminPolicy::Operation::Allow),
                     Buckets.at(Bucket::MANIFESTS)));
             ++newIter;
         }
@@ -286,7 +312,7 @@ void CynaraAdmin::UpdateAppPolicy(
         LogDebug("(user = " << user << " label = " << label << ") " <<
             "removing privilege " << *oldIter);
         policies.push_back(CynaraAdminPolicy(label, user, *oldIter,
-                    CynaraAdminPolicy::Operation::Delete,
+                    static_cast<int>(CynaraAdminPolicy::Operation::Delete),
                     Buckets.at(Bucket::MANIFESTS)));
     }
 
@@ -294,7 +320,7 @@ void CynaraAdmin::UpdateAppPolicy(
         LogDebug("(user = " << user << " label = " << label << ") " <<
             "adding privilege " << *newIter);
         policies.push_back(CynaraAdminPolicy(label, user, *newIter,
-                    CynaraAdminPolicy::Operation::Allow,
+                    static_cast<int>(CynaraAdminPolicy::Operation::Allow),
                     Buckets.at(Bucket::MANIFESTS)));
     }
 
@@ -335,6 +361,15 @@ void CynaraAdmin::UserInit(uid_t uid, security_manager_user_type userType)
     CynaraAdmin::getInstance().SetPolicies(policies);
 }
 
+void CynaraAdmin::UserRemove(uid_t uid)
+{
+    std::vector<CynaraAdminPolicy> policies;
+    std::string user = std::to_string(static_cast<unsigned int>(uid));
+
+    EmptyBucket(Buckets.at(Bucket::PRIVACY_MANAGER),true,
+            CYNARA_ADMIN_ANY, user, CYNARA_ADMIN_ANY);
+}
+
 void CynaraAdmin::ListPolicies(
     const std::string &bucketName,
     const std::string &appId,
@@ -359,6 +394,77 @@ void CynaraAdmin::ListPolicies(
 
 }
 
+void CynaraAdmin::EmptyBucket(const std::string &bucketName, bool recursive, const std::string &client,
+    const std::string &user, const std::string &privilege)
+{
+    checkCynaraError(
+        cynara_admin_erase(m_CynaraAdmin, bucketName.c_str(), static_cast<int>(recursive),
+            client.c_str(), user.c_str(), privilege.c_str()),
+        "Error while emptying bucket: " + bucketName + ", filter (C, U, P): " +
+            client + ", " + user + ", " + privilege);
+}
+
+void CynaraAdmin::FetchCynaraPolicyDescriptions(bool forceRefresh)
+{
+    struct cynara_admin_policy_descr **descriptions = nullptr;
+
+    if (!forceRefresh && m_policyDescriptionsInitialized)
+        return;
+
+    // fetch
+    checkCynaraError(
+        cynara_admin_list_policies_descriptions(m_CynaraAdmin, &descriptions),
+        "Error while getting list of policies descriptions from Cynara.");
+
+    if (descriptions[0] == nullptr) {
+        LogError("Fetching policies levels descriptions from Cynara returned empty list. "
+                "There should be at least 2 entries - Allow and Deny");
+        return;
+    }
+
+    // reset the state
+    m_policyDescriptionsInitialized = false;
+    DescriptionToType.clear();
+    TypeToDescription.clear();
+
+    // extract strings
+    for (int i = 0; descriptions[i] != nullptr; i++) {
+        std::string descriptionName(descriptions[i]->name);
+
+        DescriptionToType[descriptionName] = descriptions[i]->result;
+        TypeToDescription[descriptions[i]->result] = std::move(descriptionName);
+
+        free(descriptions[i]->name);
+        free(descriptions[i]);
+    }
+
+    free(descriptions);
+
+    m_policyDescriptionsInitialized = true;
+}
+
+void CynaraAdmin::ListPoliciesDescriptions(std::vector<std::string> &policiesDescriptions)
+{
+    FetchCynaraPolicyDescriptions(false);
+
+    for (auto it = TypeToDescription.rbegin(); it != TypeToDescription.rend(); ++it)
+        policiesDescriptions.push_back(it->second);
+}
+
+std::string CynaraAdmin::convertToPolicyDescription(const int policyType, bool forceRefresh)
+{
+    FetchCynaraPolicyDescriptions(forceRefresh);
+
+    return TypeToDescription.at(policyType);
+}
+
+int CynaraAdmin::convertToPolicyType(const std::string &policy, bool forceRefresh)
+{
+    FetchCynaraPolicyDescriptions(forceRefresh);
+
+    return DescriptionToType.at(policy);
+}
+
 Cynara::Cynara()
 {
     checkCynaraError(
Domain: Security / Access Control;