[IOT-1441] Update DevOwner access policy to remove implicit access in RFPROV.

With this patch, the DevOwner now will only be able to access SVRs during
RFOTM or RESET states, unless of course there is an ACE installed allowing
explicit access to the DevOwner.

This behavior change is required by the Security Test Matrix v7, published
by the Security WG.

Patch 2: updated with JIRA ticket #

Patch 3: fixed logic bug found by Kevin

Patch 4: corrected commitmsg

Change-Id: I267c9eb78682bc810b7b2399f6606b8379d6e718
Signed-off-by: Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/13117
Reviewed-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Greg Zaverucha <gregz@microsoft.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>

diff --git a/resource/csdk/security/include/internal/doxmresource.h b/resource/csdk/security/include/internal/doxmresource.h
index fb8843f..70cf357 100644 (file)
--- a/resource/csdk/security/include/internal/doxmresource.h
+++ b/resource/csdk/security/include/internal/doxmresource.h
@@ -103,6 +103,14 @@ OCStackResult SetDoxmDeviceID(const OicUuid_t *deviceID);
 OCStackResult GetDoxmDevOwnerId(OicUuid_t *devownerid);
 
 /**
+ * Gets the bool state of "isOwned" property on the doxm resource.
+ *
+ * @param isOwned a pointer to be assigned to isOwned property
+ * @return ::OC_STACK_OK if isOwned is assigned correctly, else ::OC_STACK_ERROR. 
+ */
+OCStackResult GetDoxmIsOwned(bool *isOwned);
+
+/**
  * Gets the OicUuid_t value for the rowneruuid of the doxm resource.
  *
  * @param rowneruuid a pointer to be assigned to the rowneruuid property

diff --git a/resource/csdk/security/src/doxmresource.c b/resource/csdk/security/src/doxmresource.c
index 4955acd..080450a 100644 (file)
--- a/resource/csdk/security/src/doxmresource.c
+++ b/resource/csdk/security/src/doxmresource.c
@@ -1189,6 +1189,16 @@ OCStackResult GetDoxmDeviceID(OicUuid_t *deviceID)
     return OC_STACK_ERROR;
 }
 
+OCStackResult GetDoxmIsOwned(bool *isOwned)
+{
+    if (isOwned && gDoxm)
+    {
+       *isOwned = gDoxm->owned;
+        return OC_STACK_OK;
+    }
+    return OC_STACK_ERROR;
+}
+
 OCStackResult SetDoxmDeviceID(const OicUuid_t *deviceID)
 {
     bool isPT = false;

diff --git a/resource/csdk/security/src/policyengine.c b/resource/csdk/security/src/policyengine.c
index 43b721e..2baf6f9 100644 (file)
--- a/resource/csdk/security/src/policyengine.c
+++ b/resource/csdk/security/src/policyengine.c
@@ -477,16 +477,25 @@ SRMAccessResponse_t CheckPermission(PEContext_t     *context,
         }
 
         // Before doing any ACL processing, check if request a) coming
-        // from DevOwner AND b) the device is not in Ready for Normal Operation
-        // state (which in IoTivity is equivalent to isOp == true) AND c)
-        // the request is for a SVR resource.  If all 3 are met, grant request.
-        if (IsRequestFromDevOwner(context) // if from DevOwner
-            && (GetPstatIsop() == false) // AND if isOp == false
-            && (context->resourceType != NOT_A_SVR_RESOURCE)) // AND if SVR type
+        // from DevOwner AND b) the device is in Ready for OTM or Reset state
+        // (which in IoTivity is equivalent to isOp == false && owned == false) 
+        // AND c) the request is for a SVR resource.  
+        // If all 3 conditions are met, grant request.
+        bool isDeviceOwned = true; // default to value that will not grant access
+        if (OC_STACK_OK == GetDoxmIsOwned(&isDeviceOwned)) // if runtime error, don't grant
         {
-            context->retVal = ACCESS_GRANTED;
+            // If we were able to get the value of doxm->isOwned, proceed with
+            // test for implicit access...
+            if (IsRequestFromDevOwner(context) // if from DevOwner
+            && (GetPstatIsop() == false) // AND if pstat->isOp == false
+            && (isDeviceOwned == false) // AND if doxm->isOwned == false
+            && (context->resourceType != NOT_A_SVR_RESOURCE)) // AND if SVR type
+            {
+                context->retVal = ACCESS_GRANTED;
+            }        
         }
-        // Then check if request is for a SVR and coming from rowner
+        // If not granted via DevOwner status, 
+        // then check if request is for a SVR and coming from rowner
         else if (IsRequestFromResourceOwner(context))
         {
             context->retVal = ACCESS_GRANTED;