review.tizen.org Git - platform/upstream/iotivity.git/commit

[IOT-1595] Change Policy Engine to us ACE Union behavior.

The current Policy Engine logic is to assess the permissions on the first matching ACE for a
request (matched via Subject and Resource), and respond to the request (Grant or Deny) based on
that ACE.

The new OCF 1.0 behavior specifies that if any ACE allows a request, it should be Granted (so-called "Union" behavior).

To allow consistency we must fix this in 1.2.1.

This patch changes the Policy Engine to keep searching for an ACE that Grants the request,
until either the request is granted, or the end of the ACL is reached.

Change-Id: Idd4e90c37c7e0fcf963105b34b3e82dfde2ccfd2
Signed-off-by: Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/14701
Reviewed-by: Kevin Kane <kkane@microsoft.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Greg Zaverucha <gregz@microsoft.com>

author	Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
	Wed, 23 Nov 2016 20:20:52 +0000 (12:20 -0800)
committer	Randeep Singh <randeep.s@samsung.com>
	Thu, 24 Nov 2016 04:22:00 +0000 (04:22 +0000)
commit	9524976da93a87f1b74e550a672a431e63e858f3
tree	309e07edd597c43ea9fd257f67ad89e7bdc4dba9	tree \| snapshot
parent	9dae1cd32d99938b6f86e2337229d54cac26bb5e	commit \| diff

resource/csdk/security/include/internal/policyengine.h		diff \| blob \| history
resource/csdk/security/src/amsmgr.c		diff \| blob \| history
resource/csdk/security/src/policyengine.c		diff \| blob \| history
resource/csdk/security/unittest/policyengine.cpp		diff \| blob \| history