X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=resource%2Fcsdk%2Fsecurity%2Fsrc%2Fpolicyengine.c;h=e38fc38848668dc86d91ee5c5756de8908261046;hb=refs%2Ftags%2Fsubmit%2Ftizen_4.0%2F20171010.021147;hp=d5ba721e16f03f19b05da1d8805c34574bafa614;hpb=edcfc3d2329da7b914771c0dcff5f42c9b74fd93;p=platform%2Fupstream%2Fiotivity.git diff --git a/resource/csdk/security/src/policyengine.c b/resource/csdk/security/src/policyengine.c index d5ba721..e38fc38 100644 --- a/resource/csdk/security/src/policyengine.c +++ b/resource/csdk/security/src/policyengine.c @@ -152,7 +152,7 @@ static bool IsRequestFromDevOwner(PEContext_t *context) } -#ifdef _ENABLE_MULTIPLE_OWNER_ +#ifdef MULTIPLE_OWNER /** * Compare the request's subject to SubOwner. * @@ -209,8 +209,8 @@ static bool IsValidRequestFromSubOwner(PEContext_t *context) } break; case OIC_R_PSTAT_TYPE: - //SubOwner has full permsion for PSTAT - isValidRequest = true; + //SubOwner has full permsion for PSTAT except RESET + isValidRequest = IsValidPstatAccessForSubOwner(context->payload, context->payloadSize); break; case OIC_R_CRED_TYPE: //SubOwner can only access the credential which is registered as the eowner. @@ -237,7 +237,7 @@ static bool IsValidRequestFromSubOwner(PEContext_t *context) return isValidRequest; } -#endif //_ENABLE_MULTIPLE_OWNER_ +#endif //MULTIPLE_OWNER // TODO - remove these function placeholders as they are implemented @@ -262,13 +262,6 @@ OCStackResult GetSaclRownerId(OicUuid_t *rowner) return OC_STACK_ERROR; } -OCStackResult GetSvcRownerId(OicUuid_t *rowner) -{ - OC_UNUSED(rowner); - rowner = NULL; - return OC_STACK_ERROR; -} - static GetSvrRownerId_t GetSvrRownerId[OIC_SEC_SVR_TYPE_COUNT] = { GetAclRownerId, GetAmaclRownerId, @@ -279,7 +272,6 @@ static GetSvrRownerId_t GetSvrRownerId[OIC_SEC_SVR_TYPE_COUNT] = { GetPconfRownerId, GetPstatRownerId, GetSaclRownerId, - GetSvcRownerId }; /** @@ -494,6 +486,17 @@ static void ProcessAccessRequest(PEContext_t *context) // Start out assuming subject not found. context->retVal = ACCESS_DENIED_SUBJECT_NOT_FOUND; + char *strUuid = NULL; + if (OC_STACK_OK == ConvertUuidToStr(&context->subject, &strUuid)) + { + OIC_LOG_V(DEBUG, TAG, "%s: subject : %s" ,__func__, strUuid); + OICFree(strUuid); + } + else + { + OIC_LOG(ERROR, TAG, "Can't convert subject uuid to string"); + } + // Loop through all ACLs with a matching Subject searching for the right // ACL for this request. do @@ -587,7 +590,13 @@ SRMAccessResponse_t CheckPermission(PEContext_t *context, { context->retVal = ACCESS_GRANTED; } -#ifdef _ENABLE_MULTIPLE_OWNER_ + // If not granted via DevOwner status and not a subowner, + // then check if request is for a SVR and coming from rowner + else if (IsRequestFromResourceOwner(context)) + { + context->retVal = ACCESS_GRANTED; + } +#ifdef MULTIPLE_OWNER //Then check if request from SubOwner else if(IsRequestFromSubOwner(context)) { @@ -596,13 +605,7 @@ SRMAccessResponse_t CheckPermission(PEContext_t *context, context->retVal = ACCESS_GRANTED; } } -#endif //_ENABLE_MULTIPLE_OWNER_ - // If not granted via DevOwner status and not a subowner, - // then check if request is for a SVR and coming from rowner - else if (IsRequestFromResourceOwner(context)) - { - context->retVal = ACCESS_GRANTED; - } +#endif //MULTIPLE_OWNER // Else request is a "normal" request that must be tested against ACL else {