docker run --rm -it --net=host --privileged -v $(shell pwd):/usr/src tizen-osquery
gbs_run:
- gbs lb -A armv7l --include-all -P standard
+ gbs lb -A armv7l --include-all --define="build_type DEBUG" -P standard
%::
mkdir -p build
ADD_DEFINITIONS(-DDATA_PATH="${DATA_INSTALL_DIR}"
-DRUN_PATH="${RUN_INSTALL_DIR}"
- -DDB_PATH="${DB_INSTALL_DIR}"
+ -DDB_PATH="${DB_INSTALL_DIR}/.dpm.db"
-DPLUGIN_INSTALL_DIR="${PLUGIN_INSTALL_DIR}"
-DEVENT_CONFIGURE_DIR="${EVENT_CONFIGURE_DIR}")
ADD_DEFINITIONS(-DUG_WAYLAND)
ADD_POLICYD_LIBRARY(policyd_core policy-manager.cpp
policy-loader.cpp
+ policy-storage.cpp
logger.cpp)
FILE(GLOB SDK_TESTS "tests/*.cpp")
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+#pragma once
+
+#include <string>
+
+namespace policyd {
+namespace schema {
+
+struct Admin {
+ int id;
+ std::string pkg;
+ int uid;
+ std::string key;
+ int removable;
+};
+
+struct ManagedPolicy {
+ int id;
+ int aid;
+ int pid;
+ int value;
+};
+
+struct PolicyDefinition {
+ int id;
+ int scope;
+ std::string name;
+ int ivalue;
+};
+
+} // namespace schema
+} // namespace policyd
namespace policyd {
-std::pair<int, int> PolicyManager::loadPolicy(const std::string& path) {
+std::pair<int, int> PolicyManager::loadProviders(const std::string& path)
+{
INFO(DPM, "Load policies from :" << path);
klay::File dir(path);
if (!dir.exists() || !dir.isDirectory())
return std::make_pair(passed, failed);
}
+int PolicyManager::loadPolicies()
+{
+ for (const auto& p : providers) {
+ this->global.insert(p->global.cbegin(), p->global.cend());
+ this->domain.insert(p->domain.cbegin(), p->domain.cend());
+ }
+
+ for (const auto& g : global) {
+ if (!storage.exists(g.first))
+ throw std::runtime_error("Policy does not exist.: " + g.first);
+ }
+
+ for (const auto& d : domain) {
+ if (!storage.exists(d.first))
+ throw std::runtime_error("Policy does not exist.: " + d.first);
+ }
+
+ return global.size() + domain.size();
+}
+
} // namespace policyd
#include <policyd/sdk/policy-provider.h>
+#include "policy-storage.h"
+
#include <string>
#include <exception>
#include <memory>
class PolicyManager final {
public:
- std::pair<int, int> loadPolicy(const std::string& path);
+ explicit PolicyManager() : storage(DB_PATH) {}
+
+ std::pair<int, int> loadProviders(const std::string& path);
+ int loadPolicies();
+private:
+ PolicyStorage storage;
std::vector<std::shared_ptr<PolicyProvider>> providers;
+
+ std::unordered_map<std::string, std::shared_ptr<GlobalPolicy>> global;
+ std::unordered_map<std::string, std::shared_ptr<DomainPolicy>> domain;
};
} // namespace policyd
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include "policy-storage.h"
+#include "logger.h"
+
+#include <klay/db/column.h>
+#include <klay/db/query-builder.h>
+#include <klay/db/statement.h>
+#include <klay/exception.h>
+
+using namespace query_builder;
+using namespace policyd::schema;
+
+namespace {
+
+auto _admin = make_table("admin",
+ make_column("id", &Admin::id),
+ make_column("pkg", &Admin::pkg),
+ make_column("uid", &Admin::uid),
+ make_column("key", &Admin::key),
+ make_column("removable", &Admin::removable));
+
+auto _managedPolicy = make_table("managed_policy",
+ make_column("id", &ManagedPolicy::id),
+ make_column("aid", &ManagedPolicy::aid),
+ make_column("pid", &ManagedPolicy::pid),
+ make_column("value", &ManagedPolicy::value));
+
+auto _policyDefinition = make_table("policy_definition",
+ make_column("id", &PolicyDefinition::id),
+ make_column("scope", &PolicyDefinition::scope),
+ make_column("name", &PolicyDefinition::name),
+ make_column("ivalue", &PolicyDefinition::ivalue));
+
+auto _dpm = make_database("dpm", _admin, _managedPolicy, _policyDefinition);
+
+} // anonymous namespace
+
+namespace policyd {
+
+PolicyStorage::PolicyStorage(const std::string& path) :
+ database(std::make_shared<database::Connection>(path,
+ database::Connection::ReadWrite |
+ database::Connection::Create))
+{
+ sync();
+}
+
+void PolicyStorage::sync()
+{
+ DEBUG(DPM, "Sync policy storage to cache object.");
+ syncPolicyDefinition();
+ syncAdmin();
+ syncManagedPolicy();
+}
+
+void PolicyStorage::syncPolicyDefinition()
+{
+ std::string query = _policyDefinition.selectAll();
+ database::Statement stmt(*database, query);
+
+ while (stmt.step()) {
+ PolicyDefinition pd;
+ pd.id = stmt.getColumn(0);
+ pd.scope = stmt.getColumn(1);
+ pd.name = std::string(stmt.getColumn(2));
+ pd.ivalue = stmt.getColumn(3);
+ DEBUG(DPM, "Sync policy:" + pd.name);
+ this->definitions.emplace(pd.name, std::move(pd));
+ }
+}
+
+void PolicyStorage::syncAdmin()
+{
+ std::string query = _admin.selectAll();
+ database::Statement stmt(*database, query);
+
+ while (stmt.step()) {
+ Admin admin;
+ admin.id = stmt.getColumn(0);
+ admin.pkg = std::string(stmt.getColumn(1));
+ admin.uid = stmt.getColumn(2);
+ admin.key = std::string(stmt.getColumn(3));
+ admin.removable = stmt.getColumn(4);
+ this->admins.emplace_back(std::move(admin));
+ }
+}
+
+void PolicyStorage::syncManagedPolicy()
+{
+ std::string query = _managedPolicy.selectAll();
+ database::Statement stmt(*database, query);
+
+ while (stmt.step()) {
+ ManagedPolicy mp;
+ mp.id = stmt.getColumn(0);
+ mp.aid = stmt.getColumn(1);
+ mp.pid = stmt.getColumn(2);
+ mp.value = stmt.getColumn(3);
+ this->managedPolicies.emplace_back(std::move(mp));
+ }
+}
+
+} // namespace policyd
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * ttp://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#pragma once
+
+#include "db-schema.h"
+
+#include <memory>
+#include <vector>
+#include <unordered_map>
+
+#include <klay/db/connection.h>
+
+namespace policyd {
+
+using namespace schema;
+
+class PolicyStorage final {
+public:
+ explicit PolicyStorage(const std::string& path);
+
+ void sync();
+
+ inline bool exists(const std::string& policy) noexcept {
+ return definitions.find(policy) != definitions.end();
+ }
+
+private:
+ void syncPolicyDefinition();
+ void syncAdmin();
+ void syncManagedPolicy();
+
+ std::shared_ptr<klay::database::Connection> database;
+
+ /// DB Cache objects
+ std::unordered_map<std::string, PolicyDefinition> definitions;
+ std::vector<Admin> admins;
+ std::vector<ManagedPolicy> managedPolicies;
+};
+
+} // namespace policyd
TEST_F(PolicyCoreTests, policy_loader) {
PolicyManager pm;
- auto result = pm.loadPolicy(PLUGIN_INSTALL_DIR);
+ auto result = pm.loadProviders(PLUGIN_INSTALL_DIR);
EXPECT_TRUE(result.first > 0);
EXPECT_TRUE(result.second == 0);
+
+ auto size = pm.loadPolicies();
+ EXPECT_TRUE(size > 0);
}
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#include <gtest/gtest.h>
+
+#include "../policy-storage.h"
+
+using namespace policyd;
+
+class PolicyStorageTests : public testing::Test {};
+
+TEST_F(PolicyStorageTests, policy_storage) {
+ bool isRaised = false;
+
+ try {
+ PolicyStorage storage(DB_PATH);
+ } catch (const std::exception&) {
+ isRaised = true;
+ }
+
+ EXPECT_TRUE(!isRaised);
+
+ isRaised = false;
+ try {
+ PolicyStorage storage("/tmp/dummy");
+ } catch (const std::exception&) {
+ isRaised = true;
+ }
+
+ EXPECT_TRUE(isRaised);
+}
std::string name;
std::unordered_map<std::string, std::shared_ptr<GlobalPolicy>> global;
std::unordered_map<std::string, std::shared_ptr<DomainPolicy>> domain;
+
+ friend class PolicyManager;
};
} // namespace policyd
projects / platform / core / security / vist.git / commitdiff