[IOT-1524] Added check to reject unsecure request for selected SVR resources

ALL SVR resources other than DOXM & PSTAT resource should reject request over coap.

Change-Id: Idcf0ff22d7c676bef2480fe9b32a9e7b22c2317a
Signed-off-by: Randeep Singh <randeep.s@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/14137
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Chul Lee <chuls.lee@samsung.com>
(cherry picked from commit c9e82ceebe5ac962ec5ef0a42b1d6e62d9476f5d)
Reviewed-on: https://gerrit.iotivity.org/gerrit/14323

diff --git a/resource/csdk/security/src/secureresourcemanager.c b/resource/csdk/security/src/secureresourcemanager.c
index 373bd09..fd13eff 100644 (file)
--- a/resource/csdk/security/src/secureresourcemanager.c
+++ b/resource/csdk/security/src/secureresourcemanager.c
@@ -186,9 +186,13 @@ void SRMRequestHandler(const CAEndpoint_t *endPoint, const CARequestInfo_t *requ
     OCResource *resPtr = FindResourceByUri(newUri);
     if (NULL != resPtr)
     {
-        // check whether request is for secure resource or not and it should not be a SVR resource
-        if (((resPtr->resourceProperties) & OC_SECURE)
+        // All vertical secure resources and SVR resources other than DOXM & PSTAT should reject request
+        // over coap.
+        if ((((resPtr->resourceProperties) & OC_SECURE)
                             && (g_policyEngineContext.resourceType == NOT_A_SVR_RESOURCE))
+                            || ((g_policyEngineContext.resourceType < OIC_SEC_SVR_TYPE_COUNT)
+                            &&  (g_policyEngineContext.resourceType != OIC_R_DOXM_TYPE)
+                            &&  (g_policyEngineContext.resourceType != OIC_R_PSTAT_TYPE)))
         {
            // if resource is secure and request is over insecure channel
             if (!isRequestOverSecureChannel)