LIST(APPEND TABLE_FILES ${TABLE_FILES_UTILITY})
IF(DEFINED GBS_BUILD)
-# FILE(GLOB TABLE_FILES_TIZEN "${CMAKE_SOURCE_DIR}/specs/tizen/*.table")
-# LIST(APPEND TABLE_FILES ${TABLE_FILES_TIZEN})
+ FILE(GLOB TABLE_FILES_TIZEN "${CMAKE_SOURCE_DIR}/specs/tizen/*.table")
+ LIST(APPEND TABLE_FILES ${TABLE_FILES_TIZEN})
ENDIF(DEFINED GBS_BUILD)
FILE(GLOB TABLE_FILES_TEMPLATES "${CMAKE_SOURCE_DIR}/tools/codegen/templates/*.in")
+++ /dev/null
-table_name("bluetooth_policy")
-description("A single row containing the bluetooth policy.")
-schema([
- Column("mode_change_state", INTEGER, "Bluetooth policy state"),
- Column("desktop_connectivity_state", INTEGER, "Desktop connectivity policy state"),
- Column("tethering_state", INTEGER, "Tethering policy state"),
- Column("paring_state", INTEGER, "Paring policy state"),
-])
-implementation("bluetooth_policy@genBluetoothPolicy")
--- /dev/null
+table_name("policy")
+description("Device polices.")
+schema([
+ Column("name", TEXT, "Policy name"),
+ Column("value", TEXT, "Policy value"),
+])
+implementation("tizen/policy@genPolicy")
+examples([
+ "select * from policy where name = 'bluetooth'",
+])
+++ /dev/null
-table_name("usb_policy")
-description("A single row containing the usb policy.")
-schema([
- Column("usb_debugging", INTEGER, "USB debugging mode policy state"),
- Column("usb_tethering", INTEGER, "USB tethering policy state"),
- Column("usb_client", INTEGER, "USB client policy state"),
-])
-implementation("usb_policy@genUsbPolicy")
+++ /dev/null
-table_name("wifi_policy")
-description("A single row containing the wifi policy.")
-schema([
- Column("wifi", INTEGER, "Wi-Fi policy state"),
- Column("wifi_profile_change", INTEGER, "Profile policy state"),
- Column("wifi_hotspot", INTEGER, "Hotspot policy state"),
-])
-implementation("wifi_policy@genWifiPolicy")
LOG(INFO) << "\t seconds: " << rows[0]["seconds"];
}
+TEST_F(ManagerTests, test_manager_execute_policy) {
+ std::string query = "SELECT * FROM policy";
+ auto rows = OsqueryManager::execute(query);
+ EXPECT_TRUE(rows.size() > 0);
+
+ LOG(INFO) << "[Test] policy table rows:";
+ for (auto& r : rows) {
+ LOG(INFO) << "\t name: " << r["name"];
+ LOG(INFO) << "\t value: " << r["value"];
+ }
+
+ query = "SELECT * FROM policy WHERE name = 'bluetooth'";
+ rows = OsqueryManager::execute(query);
+
+ LOG(INFO) << "[Test] policy table rows with where clause:";
+ for (auto& r : rows) {
+ LOG(INFO) << "\t name: " << r["name"];
+ LOG(INFO) << "\t value: " << r["value"];
+ }
+
+ EXPECT_EQ(rows.size(), 1);
+}
+
TEST_F(ManagerTests, test_manager_subscribe) {
int called = 0;
auto callback = [&](const Row& row) {
STATIC $<TARGET_OBJECTS:osquery_generated_tables>
$<TARGET_OBJECTS:osquery_sqlite>
${${TARGET_OSQUERY_LIB}_SRCS})
-TARGET_LINK_LIBRARIES(${TARGET_OSQUERY_LIB} ${${TARGET_OSQUERY_LIB}_DEPS})
+TARGET_LINK_LIBRARIES(${TARGET_OSQUERY_LIB} ${${TARGET_OSQUERY_LIB}_DEPS}
+ ${TARGET_POLICYD_LIB})
SET_TARGET_PROPERTIES(${TARGET_OSQUERY_LIB} PROPERTIES OUTPUT_NAME ${TARGET_OSQUERY_LIB})
-
ADD_EXECUTABLE(${TARGET_OSQUERY_TEST} main/tests.cpp
${${TARGET_OSQUERY_LIB}_TESTS})
TARGET_LINK_WHOLE(${TARGET_OSQUERY_TEST} ${TARGET_OSQUERY_LIB})
ADD_OSQUERY_TEST(${OSQUERY_CROSS_TABLES_TESTS})
IF(DEFINED GBS_BUILD)
-# FILE(GLOB OSQUERY_TIZEN_TABLES "tizen/*.cpp")
-# ADD_OSQUERY_LIBRARY(osquery_tizen_tables ${OSQUERY_TIZEN_TABLES})
+ FILE(GLOB OSQUERY_TIZEN_TABLES "tizen/*.cpp")
+ ADD_OSQUERY_LIBRARY(osquery_tizen_tables ${OSQUERY_TIZEN_TABLES})
-# FILE(GLOB OSQUERY_TIZEN_TESTS "tizen/tests/*.cpp")
-# ADD_OSQUERY_TEST(${OSQUERY_TIZEN_TESTS})
+ FILE(GLOB OSQUERY_TIZEN_TESTS "tizen/tests/*.cpp")
+ ADD_OSQUERY_TEST(${OSQUERY_TIZEN_TESTS})
ENDIF(DEFINED GBS_BUILD)
+++ /dev/null
-/*
- * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file bluetooth_policy.cpp
- * @author Sangwan Kwon (sangwan.kwon@samsung.com)
- * @brief Implementation of bluetooth_policy table
- */
-
-#include <string>
-#include <memory>
-#include <stdexcept>
-
-#include <osquery/sql.h>
-#include <osquery/logger.h>
-#include <osquery/tables.h>
-
-#include <dpm/device-policy-manager.h>
-#include <dpm/pil/policy-client.h>
-
-namespace osquery {
-namespace tables {
-
-QueryData genBluetoothPolicy(QueryContext& context) try {
- std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
- if (handle == nullptr)
- throw std::runtime_error("Cannot create dpm-client handle.");
-
- /// This status is defined at DPM
- ::Status<bool> status { true };
- Row r;
-
- DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
- status = client.methodCall<bool>("Bluetooth::getModeChangeState");
- r["mode_change_state"] = INTEGER(status.get());
-
- status = client.methodCall<bool>("Bluetooth::getDesktopConnectivityState");
- r["desktop_connectivity_state"] = INTEGER(status.get());
-
- status = client.methodCall<bool>("Bluetooth::getTetheringState");
- r["tethering_state"] = INTEGER(status.get());
-
- status = client.methodCall<bool>("Bluetooth::getPairingState");
- r["paring_state"] = INTEGER(status.get());
-
- return { r };
-} catch (...) {
-// TODO(Sangwan): Resolve duplicated "ERROR" macro with DPM
-// LOG(ERROR) << "Exception occured";
- Row r;
- return { r };
-}
-
-} // namespace tables
-} // namespace osquery
--- /dev/null
+/*
+ * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file bluetooth_policy.cpp
+ * @author Sangwan Kwon (sangwan.kwon@samsung.com)
+ * @brief Implementation of bluetooth_policy table
+ */
+
+#include <string>
+#include <memory>
+#include <stdexcept>
+
+#include <osquery/sql.h>
+#include <osquery/logger.h>
+#include <osquery/tables.h>
+
+#include <policyd/core/policy-manager.h>
+
+using namespace policyd;
+
+namespace osquery {
+namespace tables {
+
+QueryData genPolicy(QueryContext& context) try {
+ auto& manager = PolicyManager::Instance();
+
+ QueryData results;
+ if (context.constraints["name"].exists(EQUALS)) { /// where clause
+ auto names = context.constraints["name"].getAll(EQUALS);
+ for (const auto& name : names) {
+ auto ret = manager.get(name);
+
+ Row r;
+ r["name"] = TEXT(name);
+ r["value"] = TEXT(ret.value);
+
+ results.emplace_back(std::move(r));
+ }
+ } else { /// select *;
+ auto policies = manager.getAll();
+ for (auto& policy : policies) {
+ Row r;
+ r["name"] = TEXT(policy.first);
+ r["value"] = TEXT(policy.second);
+
+ results.emplace_back(std::move(r));
+ }
+ }
+
+ return results;
+} catch (...) {
+// TODO(Sangwan): Resolve duplicated "ERROR" macro with DPM
+// LOG(ERROR) << "Exception occured";
+ Row r;
+ return { r };
+}
+
+} // namespace tables
+} // namespace osquery
#include <gtest/gtest.h>
-#include <osquery/sql.h>
-#include <osquery/logger.h>
-
-#include <dpm/device-policy-manager.h>
-#include <dpm/pil/policy-client.h>
+#include <policyd/core/policy-manager.h>
class PolicyTests : public testing::Test {};
-using namespace osquery;
-
-TEST_F(PolicyTests, Bluetooth) {
- std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
- if (handle == nullptr)
- throw std::runtime_error("Cannot create dpm-client handle.");
-
- ::Status<bool> status { true };
-
- DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
- status = client.methodCall<bool>("Bluetooth::getModeChangeState");
- EXPECT_EQ(true, status.get());
-
- status = client.methodCall<bool>("Bluetooth::getDesktopConnectivityState");
- EXPECT_EQ(true, status.get());
-
- status = client.methodCall<bool>("Bluetooth::getTetheringState");
- EXPECT_EQ(true, status.get());
-
- status = client.methodCall<bool>("Bluetooth::getPairingState");
- EXPECT_EQ(true, status.get());
-}
-
-TEST_F(PolicyTests, Wifi) {
- std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
- if (handle == nullptr)
- throw std::runtime_error("Cannot create dpm-client handle.");
-
- ::Status<bool> status { true };
-
- DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
- status = client.methodCall<bool>("Wifi::getState");
- EXPECT_EQ(true, status.get());
-
- status = client.methodCall<bool>("Wifi::isProfileChangeRestricted");
- EXPECT_EQ(true, status.get());
-
- status = client.methodCall<bool>("Wifi::getHotspotState");
- EXPECT_EQ(true, status.get());
-}
-
-TEST_F(PolicyTests, Usb) {
- std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
- if (handle == nullptr)
- throw std::runtime_error("Cannot create dpm-client handle.");
-
- ::Status<bool> status { true };
-
- DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
- status = client.methodCall<bool>("Usb::getDebuggingState");
- EXPECT_EQ(true, status.get());
+using namespace policyd;
- status = client.methodCall<bool>("Usb::getTetheringState");
- EXPECT_EQ(true, status.get());
+TEST_F(PolicyTests, get_all) {
+ auto& manager = PolicyManager::Instance();
+ auto policies = manager.getAll();
- status = client.methodCall<bool>("Usb::getClientState");
- EXPECT_EQ(true, status.get());
+ EXPECT_TRUE(policies.size() > 0);
}
+++ /dev/null
-/*
- * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file usb_policy.cpp
- * @author Sangwan Kwon (sangwan.kwon@samsung.com)
- * @brief Implementation of usb_policy table
- */
-
-#include <string>
-#include <memory>
-#include <stdexcept>
-
-#include <osquery/sql.h>
-#include <osquery/logger.h>
-#include <osquery/tables.h>
-
-#include <dpm/device-policy-manager.h>
-#include <dpm/pil/policy-client.h>
-
-namespace osquery {
-namespace tables {
-
-QueryData genUsbPolicy(QueryContext& context) try {
- std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
- if (handle == nullptr)
- throw std::runtime_error("Cannot create dpm-client handle.");
-
- /// This status is defined at DPM
- ::Status<bool> status { true };
- Row r;
-
- DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
- status = client.methodCall<bool>("Usb::getDebuggingState");
- r["usb_debugging"] = INTEGER(status.get());
-
- status = client.methodCall<bool>("Usb::getTetheringState");
- r["usb_tethering"] = INTEGER(status.get());
-
- status = client.methodCall<bool>("Usb::getClientState");
- r["usb_client"] = INTEGER(status.get());
-
- return { r };
-} catch (...) {
-// TODO(Sangwan): Resolve duplicated "ERROR" macro with DPM
- Row r;
- return { r };
-}
-
-} // namespace tables
-} // namespace osquery
+++ /dev/null
-/*
- * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file wifi_policy.cpp
- * @author Sangwan Kwon (sangwan.kwon@samsung.com)
- * @brief Implementation of wifi_policy table
- */
-
-#include <string>
-#include <memory>
-#include <stdexcept>
-
-#include <osquery/sql.h>
-#include <osquery/logger.h>
-#include <osquery/tables.h>
-
-#include <dpm/device-policy-manager.h>
-#include <dpm/pil/policy-client.h>
-
-namespace osquery {
-namespace tables {
-
-QueryData genWifiPolicy(QueryContext& context) try {
- std::shared_ptr<void> handle(dpm_manager_create(), dpm_manager_destroy);
- if (handle == nullptr)
- throw std::runtime_error("Cannot create dpm-client handle.");
-
- /// This status is defined at DPM
- ::Status<bool> status { true };
- Row r;
-
- DevicePolicyClient &client = GetDevicePolicyClient(handle.get());
- status = client.methodCall<bool>("Wifi::getState");
- r["wifi"] = INTEGER(status.get());
-
- status = client.methodCall<bool>("Wifi::isProfileChangeRestricted");
- r["wifi_profile_change"] = INTEGER(status.get());
-
- status = client.methodCall<bool>("Wifi::getHotspotState");
- r["wifi_hotspot"] = INTEGER(status.get());
-
- return { r };
-} catch (...) {
-// TODO(Sangwan): Resolve duplicated "ERROR" macro with DPM
- Row r;
- return { r };
-}
-
-} // namespace tables
-} // namespace osquery
namespace policyd {
+PolicyManager::PolicyManager() : storage(DB_PATH)
+{
+ loadProviders(PLUGIN_INSTALL_DIR);
+ int cnt = loadPolicies();
+ INFO(DPM, std::to_string(cnt) + "-policies loaded");
+}
+
std::pair<int, int> PolicyManager::loadProviders(const std::string& path)
{
INFO(DPM, "Load policies from :" << path);
return storage.strictest(policy, uid);
}
+std::unordered_map<std::string, PolicyValue> PolicyManager::getAll(uid_t uid)
+{
+ return storage.strictest(uid);
+}
+
} // namespace policyd
#include "policy-storage.h"
-#include <string>
#include <exception>
#include <memory>
+#include <string>
+#include <unordered_map>
#include <vector>
+#include <gtest/gtest_prod.h>
+
namespace policyd {
class PolicyManager final {
PolicyManager(PolicyManager&&) = delete;
PolicyManager& operator=(PolicyManager&&) = delete;
- static PolicyManager& instance() {
+ static PolicyManager& Instance() {
static PolicyManager manager;
return manager;
}
- std::pair<int, int> loadProviders(const std::string& path);
- int loadPolicies();
-
void enroll(const std::string& admin, uid_t uid);
void disenroll(const std::string& admin, uid_t uid);
void set(const std::string& policy, const PolicyValue& value,
- const std::string& admin, uid_t uid);
- PolicyValue get(const std::string& policy, uid_t uid);
+ const std::string& admin, uid_t uid = 0);
+ PolicyValue get(const std::string& policy, uid_t uid = 0);
+ std::unordered_map<std::string, PolicyValue> getAll(uid_t uid = 0);
private:
- explicit PolicyManager() : storage(DB_PATH) {}
+ explicit PolicyManager();
~PolicyManager() = default;
+ std::pair<int, int> loadProviders(const std::string& path);
+ int loadPolicies();
+
PolicyStorage storage;
std::vector<std::shared_ptr<PolicyProvider>> providers;
std::unordered_map<std::string, std::shared_ptr<GlobalPolicy>> global;
std::unordered_map<std::string, std::shared_ptr<DomainPolicy>> domain;
+
+ FRIEND_TEST(PolicyCoreTests, policy_loader);
};
} // namespace policyd
if (definitions.find(policy) == definitions.end())
throw std::runtime_error("Not exist policy: " + policy);
+ // There is no enrolled admins.
+ if (managedPolicies.size() == 0)
+ return PolicyValue(definitions[policy].ivalue);
+
std::shared_ptr<PolicyValue> strictest = nullptr;
int policyId = definitions[policy].id;
auto range = managedPolicies.equal_range(policyId);
return std::move(*strictest);
}
+std::unordered_map<std::string, PolicyValue> PolicyStorage::strictest(uid_t uid)
+{
+ std::unordered_map<std::string, PolicyValue> policies;
+ for (const auto& pair : definitions) {
+ std::string name = pair.first;
+ auto value = this->strictest(name, uid);
+
+ policies.emplace(std::move(name), std::move(value));
+ }
+
+ return policies;
+}
+
std::string PolicyStorage::getAlias(const std::string& name, uid_t uid) const noexcept
{
return name + std::to_string(uid);
void update(const std::string& admin, uid_t uid,
const std::string& policy, const PolicyValue& value);
+
PolicyValue strictest(const std::string& policy, uid_t uid = 0);
+ /// Return all strictest policy values
+ std::unordered_map<std::string, PolicyValue> strictest(uid_t uid = 0);
private:
void syncPolicyDefinition();
#include "../policy-manager.h"
-using namespace policyd;
+namespace policyd {
class PolicyCoreTests : public testing::Test {};
TEST_F(PolicyCoreTests, policy_loader) {
- auto& manager = PolicyManager::instance();
- auto result = manager.loadProviders(PLUGIN_INSTALL_DIR);
+ auto& manager = PolicyManager::Instance();
+
+ /// Clearing for test
+ manager.providers.clear();
+ manager.global.clear();
+ manager.domain.clear();
+ auto result = manager.loadProviders(PLUGIN_INSTALL_DIR);
EXPECT_TRUE(result.first > 0);
EXPECT_TRUE(result.second == 0);
}
TEST_F(PolicyCoreTests, policy_set_get) {
- auto& manager = PolicyManager::instance();
+ auto& manager = PolicyManager::Instance();
manager.enroll("testAdmin", 0);
manager.set("bluetooth", PolicyValue(5), "testAdmin", 0);
manager.disenroll("testAdmin", 0);
manager.disenroll("testAdmin1", 0);
}
+
+} // namespace policyd
storage->disenroll("testAdmin", 0);
storage->disenroll("testAdmin", 1);
}
+
+TEST_F(PolicyStorageTests, strictest_all) {
+ auto storage = getStorage();
+ storage->enroll("testAdmin", 1);
+
+ /// as global policy
+ auto policies = storage->strictest();
+ EXPECT_TRUE(policies.size() > 0);
+
+ /// as domain policy
+ policies = storage->strictest(1);
+ EXPECT_TRUE(policies.size() > 0);
+
+ storage->disenroll("testAdmin", 1);
+}
projects / platform / core / security / vist.git / commitdiff