Send (correct) response to client when cynara danied access

Change-Id: I53b11b0149725dc88679febb6706af42b8d37cb3

diff --git a/simulatordaemon/inc/TEEContext.h b/simulatordaemon/inc/TEEContext.h
index 4db8506..ab68665 100644 (file)
--- a/simulatordaemon/inc/TEEContext.h
+++ b/simulatordaemon/inc/TEEContext.h
@@ -61,6 +61,7 @@ public:
        uint32_t mContextID;
        /* Security context wich stores info about low-level connection data*/
        SecurityContext secContext;
+       bool cynara_check_result;
 
        /* For TA internal APIs support, dummy Context is created and for recognizing
         * the context as dummy isInternal member variable is used

diff --git a/simulatordaemon/src/ConnectionSession.cpp b/simulatordaemon/src/ConnectionSession.cpp
index 31fb181..8fadf2f 100644 (file)
--- a/simulatordaemon/src/ConnectionSession.cpp
+++ b/simulatordaemon/src/ConnectionSession.cpp
@@ -48,22 +48,23 @@ void ConnectionSession::start() {
        // init SecurityContext of current session after initializing socket
        this->secContext = SecurityContext(clientSocket.native());
 
+       // Create a new Context
+       pthread_rwlock_wrlock(&ctxIDLock);
+       TEECtx = new TEEContext(ctxID, this);
+       // Increment the Context ID to be assigned to next Context
+       ctxID++;
+       if (ctxID == 0) ctxID++;
+       pthread_rwlock_unlock(&ctxIDLock);
+
 #ifdef _CYNARA_INTEGRATION
        /* Check if client has cynara permission */
        const string privilege("http://tizen.org/privilege/tee.client");
        if (!secContext.clientHasCynaraPermission(privilege)) {
                LOGE(SIM_DAEMON, "Client has no permission to use TEE");
-               return;
+               TEECtx->cynara_check_result = false;
        }
 #endif /* _CYNARA_INTEGRATION */
 
-       // Create a new Context
-       pthread_rwlock_wrlock(&ctxIDLock);
-       TEECtx = new TEEContext(ctxID, this);
-       // Increment the Context ID to be assigned to next Context
-       ctxID++;
-       if (ctxID == 0) ctxID++;
-       pthread_rwlock_unlock(&ctxIDLock);
        currentState = CMD_READ;
 
        // read exactly 1 byte to identify the command and execute callback when

diff --git a/simulatordaemon/src/TEEContext.cpp b/simulatordaemon/src/TEEContext.cpp
index f85729c..189f918 100644 (file)
--- a/simulatordaemon/src/TEEContext.cpp
+++ b/simulatordaemon/src/TEEContext.cpp
@@ -57,6 +57,8 @@ TEEContext::TEEContext(uint32_t contextID, IConnectionSession* connSession):
        /* Clear the shared memory list (mShmList) and Session map (mSessionMap) */
        mSessionMap.clear();
        mShmList.clear();
+
+       cynara_check_result = true;
 }
 
 /**
@@ -75,6 +77,17 @@ TEEC_Result TEEContext::initContext(InitContextData* data) {
         */
        isInternal = false;
 
+       if (!cynara_check_result) {
+               result = TEEC_ERROR_ACCESS_DENIED;
+               data->returnValue = result;
+               result = mConnSess->write(INITIALIZE_CONTEXT, (char*)data,
+                   sizeof(InitContextData));
+               if (result != TEEC_SUCCESS) {
+                       LOGE(SIM_DAEMON, "Initialize Context response write to CA FAILED");
+               }
+               return result;
+       }
+
        /* Check if the TEEName is proper or not */
        if (data->nameLength != 0) {
                string TName(data->TEEName);
@@ -167,6 +180,7 @@ TEEC_Result TEEContext::openSession(OpenSessionData data) {
        LOGD(SIM_DAEMON, "Entry");
        data.returnOrigin = TEEC_ORIGIN_TEE;
        data.returnValue = TEEC_ERROR_GENERIC;
+
        pthread_rwlock_wrlock(&sessIDLock);
        data.sessionID = sessID;
        sessID++;