auto provider = PolicyLoader::load(iter->getPath());
DEBUG(DPM, "Loaded provider: " << provider->getName());
this->providers.emplace_back(std::move(provider));
- } catch (const std::exception&) {
+ } catch (const std::exception& e) {
++failed;
- ERROR(DPM, "Failed to load: " << iter->getPath());
+ ERROR(DPM, "Failed to load: " << iter->getPath() << e.what());
continue;
}
return global.size() + domain.size();
}
+void PolicyManager::enroll(const std::string& admin, uid_t uid)
+{
+ this->storage.enroll(admin, uid);
+}
+
+void PolicyManager::disenroll(const std::string& admin, uid_t uid)
+{
+ this->storage.disenroll(admin, uid);
+}
+
+void PolicyManager::set(const std::string& policy, const PolicyValue& value,
+ const std::string& admin, uid_t uid)
+{
+ storage.update(admin, uid, policy, value);
+
+ if (global.find(policy) != global.end()) {
+ global[policy]->set(value);
+ return;
+ }
+
+ if (domain.find(policy) != domain.end()) {
+ domain[policy]->set(uid, value);
+ return;
+ }
+
+ throw std::runtime_error("Cannot set policy." + policy);
+}
+
+PolicyValue PolicyManager::get(const std::string& policy, uid_t uid)
+{
+ return storage.strictest(policy, uid);
+}
+
} // namespace policyd
#pragma once
#include <policyd/sdk/policy-provider.h>
+#include <policyd/sdk/policy-value.h>
#include "policy-storage.h"
std::pair<int, int> loadProviders(const std::string& path);
int loadPolicies();
+ void enroll(const std::string& admin, uid_t uid);
+ void disenroll(const std::string& admin, uid_t uid);
+
+ void set(const std::string& policy, const PolicyValue& value,
+ const std::string& admin, uid_t uid);
+ PolicyValue get(const std::string& policy, uid_t uid);
+
+
private:
explicit PolicyManager() : storage(DB_PATH) {}
~PolicyManager() = default;
for (auto iter = range.first; iter != range.second; iter++) {
if (uid != 0) {
int ret = getUid(iter->second.aid);
- if (ret == -1 || ret != uid)
+ if (ret == -1 || ret != static_cast<int>(uid))
continue;
}
std::shared_ptr<klay::database::Connection> database;
/// DB Cache objects
+ /// TODO(Sangwan): add locking mechanism
std::unordered_map<std::string, PolicyDefinition> definitions;
std::unordered_map<std::string, Admin> admins;
std::unordered_multimap<int, ManagedPolicy> managedPolicies;
auto size = manager.loadPolicies();
EXPECT_TRUE(size > 0);
}
+
+TEST_F(PolicyCoreTests, policy_set_get) {
+ auto& manager = PolicyManager::instance();
+ manager.enroll("testAdmin", 0);
+ manager.set("bluetooth", PolicyValue(5), "testAdmin", 0);
+
+ auto policy = manager.get("bluetooth", 0);
+ EXPECT_EQ(policy.value, 5);
+
+ manager.enroll("testAdmin1", 0);
+ manager.set("bluetooth", PolicyValue(10), "testAdmin1", 0);
+
+ /// Manager should return the strongest policy.
+ policy = manager.get("bluetooth", 0);
+ EXPECT_EQ(policy.value, 5);
+
+ manager.disenroll("testAdmin", 0);
+ manager.disenroll("testAdmin1", 0);
+}
projects / platform / core / security / vist.git / commitdiff