add_subdirectory(tests)
-target_link_libraries (${PROJECT_NAME} jsoncpp agent_policy pthread)
+target_link_libraries (${PROJECT_NAME} jsoncpp agent_policy pthread dpm)
install(TARGETS ${PROJECT_NAME} DESTINATION ${TESTS_DIR})
install(FILES agent.manifest DESTINATION ${MANIFESTDIR})
TvPolicy();
void setUsbSate(bool on);
-
Json::Value getUsbPolicy() const;
void setWiFiSate(bool on);
-
Json::Value getWiFiPolicy() const;
void setScreenCaptureState(bool on);
-
Json::Value getScreenCapturePolicy() const;
void setBluetoothState(bool on);
-
Json::Value getBluetoothPolicy() const;
- void setIptablesState(bool on);
+ void setSoundState(bool on);
+ Json::Value getSoundPolicy() const;
- void iptablesAddBlock(const std::string& ip, const IPTablesProtocol proto, const unsigned char ports);
+ void setTunerState(bool on);
+ Json::Value getTunerPolicy() const;
+ void setIptablesState(bool on);
+ void iptablesAddBlock(const std::string& ip, const IPTablesProtocol proto, const unsigned char ports);
void iptablesAddBlock(const std::string& ip, const IPTablesProtocol proto, const std::vector<unsigned short>& ports);
-
void iptablesAddBlockRange(const std::string& ip, const IPTablesProtocol proto, unsigned short start_port, unsigned short end_port);
-
void iptablesClear();
-
void iptablesRemoveBlock(const std::string& ip, IPTablesProtocol proto);
+ void iptablesAddRule(const std::string& rule)
+ {
+ iptables_items.push_back(rule);
+ }
+
Json::Value getIptablesPolicy() const;
std::string makePolicy() const;
bool screen_capture_state;
bool bluetooth_state;
bool iptables_state;
+ bool sound_state;
+ bool tuner_state;
std::vector<std::string> iptables_items;
static Json::Value boolPolicy(const std::string& name, bool state);
+ static Json::Value boolPolicy(const std::string& name, int state);
};
#endif // TVPOLICY_H
BuildRequires: cmake
BuildRequires: nwmanager
BuildRequires: nwmanager-devel
+BuildRequires: pkgconfig(dpm)
BuildRequires: pkgconfig(dlog)
BuildRequires: pkgconfig(jsoncpp)
%if ("%{GTEST_TYPE}" == "mock")
%endif
-%define _tests_dir /usr/apps/agent
+%define _tests_dir /usr/bin
%define _manifestdir /usr/share/packages
%if ("%{GTEST_TYPE}" == "mock")
%define _gtest_lib gtest_gmock
case $DEVICE in
- 0) PROFILE=profile.tzmb_3.0_TM2 ; TARGET_ARCH=aarch64 ; GTEST_TYPE="main" ;;
- 1) PROFILE=profile.tzmb_3.0_TM1 ; TARGET_ARCH=armv7l ; GTEST_TYPE="main" ;;
+ 0) PROFILE=profile.tm2_tizen4 ; TARGET_ARCH=aarch64 ; GTEST_TYPE="main" ;;
+ 1) PROFILE=profile.tm1_tizen4 ; TARGET_ARCH=armv7l ; GTEST_TYPE="main" ;;
2) PROFILE=profile.Main2017_KantM ; TARGET_ARCH=armv7l ; GTEST_TYPE="mock" ;;
- 3) PROFILE=profile.Main2017_KantM_4.0 ; TARGET_ARCH=armv7l ; GTEST_TYPE="main" ;;
+ 3) PROFILE=profile.kantm_tizen4 ; TARGET_ARCH=armv7l ; GTEST_TYPE="main" ;;
?) echo "error: unknown DEVICE number"; exit 1 ;;
esac
--- /dev/null
+DEVICE_TEMP=${SCRIPT_DIR}/.device
+DEVICE=
+WORKING_MODE=
+SSH_PASSWORD="tizen"
+
+BLUE='\033[0;34m'
+YELLOW='\033[0;33m'
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+NC='\033[0m'
+
+declare -a KANTM_TV_S=(
+ "106.125.53.120"
+ "106.125.53.128"
+)
+
+declare -a RASPBERRY_PI_S=(
+ "106.125.53.102"
+ "106.125.38.218"
+ "106.125.39.133"
+)
+
+declare -a PROFILES_ARRAY=(
+"TM2 mobile"
+"TM1 mobile / RaspberryPi3"
+"Kant TV Tizen 3.0"
+"Kant TV Tizen 4.0"
+)
+
+declare -a WM_ARRAY=(
+"standard"
+"hub"
+"primitive"
+)
+
+PROFILES_COUNT=${#PROFILES_ARRAY[@]}
+LAST_PROFILE_NUM=$(( ${PROFILES_COUNT} - 1 ))
+WM_COUNT=${#WM_ARRAY[@]}
+
+function readTempFile() {
+ if [ -e "$DEVICE_TEMP" ] ; then
+ read -d '\n' -a DEV_INFO < ${DEVICE_TEMP}
+ DEVICE_PREV=${DEV_INFO[0]}
+ PREV_TARGET_IP=${DEV_INFO[1]}
+ PREV_WORKING_MODE=${DEV_INFO[2]}
+ else
+ DEVICE_PREV=1
+ PREV_TARGET_IP=0
+ PREV_WORKING_MODE=0
+ fi
+
+ #Debug echo
+ #echo -e "DEVICE_PREV=$DEVICE_PREV"
+ #echo -e "PREV_TARGET_IP=$PREV_TARGET_IP"
+ #echo -e "PREV_WORKING_MODE=$PREV_WORKING_MODE"
+}
+
+function saveTempFile() {
+ if [ -z "$DEVICE" ]; then
+ DEVICE=$DEVICE_PREV
+ fi
+ if [ -z "$TARGET_IP" ]; then
+ TARGET_IP=$PREV_TARGET_IP
+ fi
+ if [ -z "$WORKING_MODE" ]; then
+ WORKING_MODE=$PREV_WORKING_MODE
+ fi
+
+ echo "$DEVICE" > $DEVICE_TEMP
+ echo "$TARGET_IP" >> $DEVICE_TEMP
+ echo "$WORKING_MODE" >> $DEVICE_TEMP
+}
+
+function getBuildConfigs {
+ case $DEVICE in
+ 0) PROFILE_NAME=tm2_tizen4 ; TARGET_ARCH=aarch64 ; GTEST_TYPE="main" ; KNOWN_DEVICES=() ;;
+ 1) PROFILE_NAME=tm1_tizen4 ; TARGET_ARCH=armv7l ; GTEST_TYPE="main" ; KNOWN_DEVICES=( ${RASPBERRY_PI_S[@]} ) ;;
+ 2) PROFILE_NAME=kantm_tizen3 ; TARGET_ARCH=armv7l ; GTEST_TYPE="mock" ; KNOWN_DEVICES=( ${KANTM_TV_S[@]} ) ;;
+ 3) PROFILE_NAME=kantm_tizen4 ; TARGET_ARCH=armv7l ; GTEST_TYPE="main" ; KNOWN_DEVICES=( ${KANTM_TV_S[@]} ) ;;
+ *) echo -e "${RED}error: unknown DEVICE number${NC}"; exit 1 ;;
+ esac
+ PROFILE=profile.${PROFILE_NAME}
+}
+
+function printDeviceChoice() {
+ for (( i=0; i<${PROFILES_COUNT}; i++ ));
+ do
+ if [ $i -eq $DEVICE ]; then
+ echo -e "${GREEN}$i) ${PROFILES_ARRAY[$i]}${NC}"
+ else
+ echo "$i) ${PROFILES_ARRAY[$i]}"
+ fi
+ done
+ echo "---------------------------------"
+}
+
+function printWorkingModeChoice() {
+ for (( i=0; i<${WM_COUNT}; i++ ));
+ do
+ if [ $i -eq $WORKING_MODE ]; then
+ echo -e "${GREEN}$i) ${WM_ARRAY[$i]}${NC}"
+ else
+ echo "$i) ${WM_ARRAY[$i]}"
+ fi
+ done
+ echo "---------------------------------"
+}
+
+function getWorkingModePackage() {
+ case $WORKING_MODE in
+ 0) WORKING_MODE_PACKAGE="" ;;
+ 1) WORKING_MODE_PACKAGE="-hub" ;;
+ 2) WORKING_MODE_PACKAGE="-prim" ;;
+ *) echo -e "${RED}error: unknown working mode${NC}"; exit 1 ;;
+ esac
+}
case $DEVICE in
0) BUILD_ROOT=GBS_ROOT_3.0_TM2 ; PROFILE=tzmb_3.0_TM2 ; TARGET_ARCH=aarch64 ;;
- 1) BUILD_ROOT=GBS_ROOT_3.0_TM1 ; PROFILE=tzmb_3.0_TM1 ; TARGET_ARCH=armv7l ;;
+ 1) BUILD_ROOT=gbs_root_tm1_tizen4 ; PROFILE=tm1_tizen4 ; TARGET_ARCH=armv7l ;;
2) BUILD_ROOT=GBS_ROOT_3.0 ; PROFILE=Main2017_KantM ; TARGET_ARCH=armv7l ;;
- 3) BUILD_ROOT=GBS_ROOT_4.0_kantm ; PROFILE=Main2017_KantM_4.0 ; TARGET_ARCH=armv7l ;;
+ 3) BUILD_ROOT=kantm_tizen4 ; PROFILE=kantm_tizen4 ; TARGET_ARCH=armv7l ;;
?) echo "error: unknown DEVICE number"; exit 1 ;;
esac
[general]
-profile = repo.tzmb_3.0_TM1_base
+profile = profile.tzmb_3.0_TM1
[obs.tizen_org]
url = https://api.tizen.org
user = obs_viewer
passwdx = QlpoOTFBWSZTWRLL1vsAAASLgCEgAACSIJmAIAAxA0DQKZMGnqnmfEjRAP8XckU4UJASy9b7
-#############################################z KantM
+############################################# Profile [profile.kantm_tizen3]
[repo.base_Main2017]
-url=http://10.103.211.119/tizen-rsa/tizen-3.0-base-main2017/standard/latest/repos/base/armv7l/packages/
+url = http://10.103.211.119/tizen-rsa/tizen-3.0-base-main2017/standard/latest/repos/base/armv7l/packages/
[repo.srk_Main2017]
-url = http://106.125.46.44/repo/kantm/packages/
-[repo.local_Main2017]
-url=~/GBS_ROOT_3.0/local/repos/Main2017/armv7l
+url = http://52.71.167.178/repo/kantm/packages/
[repo.product_Main2017_KantM]
-url=http://10.103.211.119/releases/tizen-3.0-product-main2017/product/KantM/latest/repos/product/armv7l/packages/
-#url=http://10.103.211.119/releases/tizen-3.0-product-main2017/product/KantM/TIZEN-3.0-MAIN2017-KantM-RELEASE_20170419.1/repos/product/armv7l/packages/
+url = http://10.103.211.119/releases/tizen-3.0-product-main2017/product/KantM/latest/repos/product/armv7l/packages/
-[profile.Main2017_KantM]
+[profile.kantm_tizen3]
obs = obs.tizentv
-repos = repo.base_Main2017, repo.srk_Main2017, repo.product_Main2017_KantM, repo.local_Main2017
-buildroot = ~/GBS_ROOT_3.0
+repos = repo.base_Main2017, repo.srk_Main2017, repo.product_Main2017_KantM
+buildroot = ~/gbs_root_kantm_tizen3
+############################################# Profile [profile.tm2_tizen4]
-############################################# Profile [profile.tzmb_3.0_TM2]
-
-[repo.tzmb_3.0_TM2_base]
+[repo.snapshots_tizen4_arm64_base]
url = http://download.tizen.org/snapshots/tizen/base/latest/repos/arm64/packages/
-[repo.tzmb_3.0_TM2_srk]
-url = http://106.125.46.44/repo/tm2/packages/
-[repo.tzmb_4.0_unified]
+[repo.snapshots_tizen4_tm2_srk]
+url = http://52.71.167.178/repo/tm2/packages/
+[repo.snapshots_tizen4]
url = http://download.tizen.org/snapshots/tizen/unified/latest/repos/standard/packages/
-[profile.tzmb_3.0_TM2]
+[profile.tm2_tizen4]
obs = obs.tizen_org
-repos = repo.tzmb_3.0_TM2_base, repo.tzmb_3.0_TM2_srk, repo.tzmb_4.0_unified
-buildroot = ~/GBS_ROOT_3.0_TM2
+repos = repo.snapshots_tizen4_arm64_base, repo.snapshots_tizen4_tm2_srk, repo.snapshots_tizen4
+buildroot = ~/gbs_root_tm2_tizen4
-############################################# Profile [profile.tzmb_3.0_TM1]
+############################################# Profile [profile.tm1_tizen4]
-[repo.tzmb_3.0_TM1_base]
+[repo.snapshots_tizen4_arm_base]
url = http://download.tizen.org/snapshots/tizen/base/latest/repos/arm/packages/
-[repo.tzmb_3.0_TM1_srk]
-url = http://106.125.46.44/repo/tm1/packages/
-[repo.tzmb_3.0_TM1]
-url = http://download.tizen.org/snapshots/tizen/mobile/latest/repos/arm-wayland/packages/
+[repo.snapshots_tizen4_tm1_srk]
+url = http://52.71.167.178/repo/tm1/packages/
-[profile.tzmb_3.0_TM1]
+[profile.tm1_tizen4]
obs = obs.tizen_org
-repos = repo.tzmb_3.0_TM1_base, repo.tzmb_3.0_TM1_srk, repo.tzmb_4.0_unified
-buildroot = ~/GBS_ROOT_3.0_TM1
+repos = repo.snapshots_tizen4_arm_base, repo.snapshots_tizen4_tm1_srk, repo.snapshots_tizen4
+buildroot = ~/gbs_root_tm1_tizen4
-############################################# KantM Tizen 4.0
+############################################# Profile [profile.kantm_tizen4]
[repo.product_Main2017_KantM_4.0]
url=http://10.103.211.119/220svr/releases/adv-tizen-4.0-product-migration/KantM_ATSC/latest/repos/product/armv7l/packages/
[repo.KantM_4.0_srk]
url = http://52.71.167.178/repo/kantm4.0/packages/
-[profile.Main2017_KantM_4.0]
+#[repo.product_Main2017_KantM_4.0]
+#url=http://10.103.211.119/220svr/releases/adv-tizen-4.0-product-migration/KantM_ATSC/latest/repos/product/armv7l/packages/
+#[repo.base_Main2017_KantM_4.0]
+#url=http://10.103.211.119/220svr/base/adv-tizen-4.0-base-migration/standard/latest/repos/base/armv7l/packages
+#[repo.KantM_4.0_srk]
+#url = http://52.71.167.178/repo/kantm4.0/packages/
+
+[profile.kantm_tizen4]
obs = obs.tizen_org
repos = repo.base_Main2017_KantM_4.0, repo.KantM_4.0_srk, repo.product_Main2017_KantM_4.0
-buildroot = ~/GBS_ROOT_4.0_kantm
+buildroot = ~/gbs_root_kantm_tizen4
--- /dev/null
+#!/bin/bash
+
+##############################################
+# Definitions
+##############################################
+
+SCRIPT_PATH=$(readlink -m ${0})
+SCRIPT_DIR=${SCRIPT_PATH%/*}
+ROOT_DIR=${SCRIPT_DIR}/..
+BUILD_TYPE="RELEASE"
+USE_CLEAN=
+
+source $SCRIPT_DIR/common.sh
+
+
+
+##############################################
+# Option handler
+##############################################
+
+OPTIONS=`getopt -o 0123456789w: --long working-mode: -n 'Error: ' -- "$@"`
+[ $? -eq 0 ] || {
+ echo "Incorrect options provided"
+ Usage
+ exit 1
+}
+
+eval set -- "$OPTIONS"
+
+while true; do
+case $1 in
+-*[0-9]*)
+ DEVICE=${1:1}
+ if [ $DEVICE -gt $LAST_PROFILE_NUM ]; then
+ echo -e "${RED}Wrong profile number: ${DEVICE}${NC}"
+ exit -1
+ fi
+ shift
+;;
+"-w" | "--working-mode")
+ WORKING_MODE=${2}
+ shift
+;;
+*)
+ break
+;;
+esac
+done
+
+
+
+##############################################
+# Configuring
+##############################################
+
+readTempFile
+saveTempFile
+
+getBuildConfigs
+printDeviceChoice
+
+getWorkingModePackage
+printWorkingModeChoice
+
+if [ -z ${KNOWN_DEVICES} ] ; then
+ echo "No known devices"
+ KNOWN_DEVS_LENGTH=0
+else
+ KNOWN_DEVS_LENGTH=${#KNOWN_DEVICES[@]}
+ echo "Known devices: ${KNOWN_DEVS_LENGTH}"
+ for (( i=0; i<${KNOWN_DEVS_LENGTH}; i++ ));
+ do
+ if [ "${KNOWN_DEVICES[$i]}" = "$PREV_TARGET_IP" ]; then
+ echo -e "${GREEN}$i) ${KNOWN_DEVICES[$i]}${NC} <- default"
+ else
+ echo "$i) ${KNOWN_DEVICES[$i]}"
+ fi
+ done
+fi
+
+if [ -z $PREV_TARGET_IP ] ; then
+ echo -n "Type target IP address or device number from list of known devices: "
+else
+ echo -n "Type target IP address (default $PREV_TARGET_IP) or device number from list of known devices: "
+fi
+read TARGET_IP
+if [ -z $TARGET_IP ] ; then
+ if [ -z $PREV_TARGET_IP ] ; then
+ echo -e "${RED}Target IP is mandatory${NC}"
+ exit 0
+ else
+ TARGET_IP=$PREV_TARGET_IP
+
+ fi
+else
+ NCHARS=`echo -n "${TARGET_IP}" | wc -m`
+ if [ ${NCHARS} -eq 1 ] ; then
+ NUM_RE='^[0-9]+$'
+ if [[ ! ${TARGET_IP} =~ $NUM_RE ]] || [ ${TARGET_IP} -gt $(( ${KNOWN_DEVS_LENGTH} - 1 )) ] ; then
+ echo "Wrong option"
+ exit 1
+ else
+ TARGET_IP=${KNOWN_DEVICES[$TARGET_IP]}
+ fi
+ fi
+fi
+
+saveTempFile
+
+echo "Selected target ${TARGET_IP}"
+
+
+
+##############################################
+# Main deploy
+##############################################
+
+GBS_RPMS_DIR=~/gbs_root_${PROFILE_NAME}/local/repos/${PROFILE_NAME}/${TARGET_ARCH}/RPMS
+TARGET_HOST="root@${TARGET_IP}"
+
+PASS="sshpass -p ${SSH_PASSWORD}"
+${PASS} ssh ${TARGET_HOST} "mount -o remount,rw /"
+
+${PASS} ssh ${TARGET_HOST} "rpm -e --nodeps \$(rpm -qa 'agent-*')"
+${PASS} ssh ${TARGET_HOST} "rm -r /tmp/agent/"
+${PASS} ssh ${TARGET_HOST} "mkdir /tmp/agent/"
+${PASS} scp ${GBS_RPMS_DIR}/agent-*.rpm ${TARGET_HOST}:/tmp/agent/
+${PASS} ssh ${TARGET_HOST} "rpm -Uvih --nodeps --force /tmp/agent/*"
+
+
+//0) PROFILE_NAME=tm2_tizen4
+//1) PROFILE_NAME=tm1_tizen4
+//2) PROFILE_NAME=kantm_tizen3
+//3) PROFILE_NAME=kantm_tizen4
+
+#ifndef PROFILE_NAME
+# define PROFILE_NAME 3
+#endif
+
#include <string>
#include <vector>
#include <iostream>
#include "tvpolicy.h"
#include "agentpolicyadapter.h"
-// #include "dpm.h"
+#include <dpm/device-policy-manager.h>
+#include <dpm/bluetooth.h>
+#include <dpm/wifi.h>
+#include <dpm/restriction.h>
+#include <dpm/application.h>
+#include <dpm/security.h>
+#if PROFILE_NAME == 3
+# include <dpm/firewall.h>
+#endif
+
+typedef device_policy_manager_h dpmh;
+
+//#define directly
+
+#if PROFILE_NAME != 3
+int dpm_firewall_apply_allow_rules(device_policy_manager_h handle, const char* rules){ return 0; }
+int dpm_firewall_flush_allow_rules(device_policy_manager_h handle){ return 0; }
+int dpm_firewall_apply_deny_rules(device_policy_manager_h handle, const char* rules){ return 0; }
+int dpm_firewall_flush_deny_rules(device_policy_manager_h handle){ return 0; }
+int dpm_restriction_set_usb_client_state(device_policy_manager_h handle, int allow){ return 0; }
+int dpm_restriction_get_usb_client_state(device_policy_manager_h handle, int *is_allowed){ return 0; }
+int dpm_restriction_set_sound_state(device_policy_manager_h handle, int allow){ return 0; }
+int dpm_restriction_get_sound_state(device_policy_manager_h handle, int *is_allowed){ return 0; }
+int dpm_restriction_set_tuner_state(device_policy_manager_h handle, int allow){ return 0; }
+int dpm_restriction_get_tuner_state(device_policy_manager_h handle, int *is_allowed){ return 0; }
+#endif
using namespace std;
Show,
Usb,
WiFi,
- ScreenCapture,
+ Sound,
+ Tuner,
Bluetooth,
Iptables,
IptablesAdd,
int main(int argc, char* argv[])
{
string id;
+ int res = -1, allow;
+ bool rule_allow = true;
+
+ dpmh handle = (dpmh)dpm_manager_create();
if (argc > 1)
{
TvPolicy policy;
+ dpm_restriction_get_usb_client_state(handle, &allow);
+ policy.setUsbSate(bool(allow));
+ dpm_restriction_get_wifi_state(handle, &allow);
+ policy.setWiFiSate(bool(allow));
+ dpm_restriction_get_sound_state(handle, &allow);
+ policy.setSoundState(bool(allow));
+ dpm_restriction_get_tuner_state(handle, &allow);
+ policy.setTunerState(bool(allow));
+ dpm_restriction_get_bluetooth_mode_change_state(handle, &allow);
+ policy.setBluetoothState(bool(allow));
+
try
{
State state = State::Main;
cout << endl << "Select policy option:" << endl;
cout << "\t0 - Show policy" << endl;
cout << "\t1 - USB" << endl;
- cout << "\t2 - Screen Capture" << endl;
+ cout << "\t2 - WiFi" << endl;
cout << "\t3 - Bluetooth" << endl;
cout << "\t4 - IPtables" << endl;
- cout << "\t5 - WiFi" << endl;
+ cout << "\t5 - Sound" << endl;
+ cout << "\t6 - Tuner" << endl;
cout << "\t------------------\n\tq - exit" << endl;
cin >> option;
state = State::Usb;
break;
case '2':
- state = State::ScreenCapture;
+ state = State::WiFi;
break;
case '3':
state = State::Bluetooth;
state = State::Iptables;
break;
case '5':
- state = State::WiFi;
+ state = State::Sound;
+ break;
+ case '6':
+ state = State::Tuner;
break;
case 'q':
work = false;
break;
default:
cout << "Unsupported option" << endl << endl;
+ break;
}
break;
{
case '1':
policy.setUsbSate(true);
+#ifdef directly
+ res = dpm_restriction_set_usb_client_state(handle, 1);
+ cout << "set res = " << res << endl;
+ res = dpm_restriction_get_usb_client_state(handle, &allow);
+ cout << "get res = " << res << " state = " << allow << endl;
+#else
applyPolicy(id, policy);
+#endif
break;
case '2':
policy.setUsbSate(false);
+#ifdef directly
+ res = dpm_restriction_set_usb_client_state(handle, 0);
+ cout << "dpm res = " << res << endl;
+ res = dpm_restriction_get_usb_client_state(handle, &allow);
+ cout << "get res = " << res << " state = " << allow << endl;
+#else
applyPolicy(id, policy);
+#endif
break;
case '0':
state = State::Main;
break;
default:
cout << "Unsupported option" << endl << endl;
+ break;
}
break;
{
case '1':
policy.setWiFiSate(true);
- applyPolicy(id, policy);
+#ifdef directly
+ res = dpm_restriction_set_wifi_state(handle, 1);
+ cout << "set res = " << res << endl;
+ res = dpm_restriction_get_wifi_state(handle, &allow);
+ cout << "get res = " << res << " state = " << allow << endl;
+#else
+ applyPolicy(id, policy);
+#endif
break;
case '2':
policy.setWiFiSate(false);
- applyPolicy(id, policy);
+#ifdef directly
+ res = dpm_restriction_set_wifi_state(handle, 0);
+ cout << "set res = " << res << endl;
+ res = dpm_restriction_get_wifi_state(handle, &allow);
+ cout << "get res = " << res << " state = " << allow << endl;
+#else
+ applyPolicy(id, policy);
+#endif
break;
case '0':
state = State::Main;
break;
default:
cout << "Unsupported option" << endl << endl;
+ break;
}
break;
- case State::ScreenCapture:
- cout << endl << "Screen Capture options:" << endl;
+ case State::Sound:
+ cout << endl << "Sound options:" << endl;
cout << "----------------------" << endl;
- cout << policy.getScreenCapturePolicy().toStyledString();
+ cout << policy.getSoundPolicy().toStyledString();
cout << "----------------------" << endl;
- cout << " 1 - Screen Capture enable" << endl;
- cout << " 2 - Screen Capture disable" << endl;
+ cout << " 1 - Sound enable" << endl;
+ cout << " 2 - Sound disable" << endl;
cout << " 0 - Back" << endl;
cout << " ------------------\n\tq - exit" << endl;
switch (option)
{
case '1':
- policy.setScreenCaptureState(true);
- applyPolicy(id, policy);
+ policy.setSoundState(true);
+#ifdef directly
+ res = dpm_restriction_set_sound_state(handle, 1);
+ cout << "set res = " << res << endl;
+ res = dpm_restriction_get_sound_state(handle, &allow);
+ cout << "get res = " << res << " state = " << allow << endl;
+#else
+ applyPolicy(id, policy);
+#endif
break;
case '2':
- policy.setScreenCaptureState(false);
- applyPolicy(id, policy);
+ policy.setSoundState(false);
+#ifdef directly
+ res = dpm_restriction_set_sound_state(handle, 0);
+ cout << "set res = " << res << endl;
+ res = dpm_restriction_get_sound_state(handle, &allow);
+ cout << "get res = " << res << " state = " << allow << endl;
+#else
+ applyPolicy(id, policy);
+#endif
break;
case '0':
state = State::Main;
break;
default:
cout << "Unsupported option" << endl << endl;
+ break;
+ }
+
+ break;
+
+ case State::Tuner:
+ cout << endl << "DTV-Tuner options:" << endl;
+ cout << "----------------------" << endl;
+ cout << policy.getTunerPolicy().toStyledString();
+ cout << "----------------------" << endl;
+ cout << " 1 - DTV-Tuner enable" << endl;
+ cout << " 2 - DTV-Tuner disable" << endl;
+ cout << " 0 - Back" << endl;
+ cout << " ------------------\n\tq - exit" << endl;
+
+ cin >> option;
+
+ switch (option)
+ {
+ case '1':
+ policy.setTunerState(true);
+#ifdef directly
+ res = dpm_restriction_set_tuner_state(handle, 1);
+ cout << "set res = " << res << endl;
+ res = dpm_restriction_get_tuner_state(handle, &allow);
+ cout << "get res = " << res << " state = " << allow << endl;
+#else
+ applyPolicy(id, policy);
+#endif
+ break;
+ case '2':
+ policy.setTunerState(false);
+#ifdef directly
+ res = dpm_restriction_set_tuner_state(handle, 0);
+ cout << "set res = " << res << endl;
+ res = dpm_restriction_get_tuner_state(handle, &allow);
+ cout << "get res = " << res << " state = " << allow << endl;
+#else
+ applyPolicy(id, policy);
+#endif
+ break;
+ case '0':
+ state = State::Main;
+ break;
+ case 'q':
+ work = false;
+ break;
+ default:
+ cout << "Unsupported option" << endl << endl;
+ break;
}
break;
{
case '1':
policy.setBluetoothState(true);
+#ifdef directly
+ res = dpm_restriction_set_bluetooth_mode_change_state(handle, 1);
+ cout << "set res = " << res << endl;
+ res = dpm_restriction_get_bluetooth_mode_change_state(handle, &allow);
+ cout << "get res = " << res << " state = " << allow << endl;
+#else
applyPolicy(id, policy);
+#endif
+
break;
case '2':
policy.setBluetoothState(false);
+#ifdef directly
+ res = dpm_restriction_set_bluetooth_mode_change_state(handle, 0);
+ cout << "set res = " << res << endl;
+ res = dpm_restriction_get_bluetooth_mode_change_state(handle, &allow);
+ cout << "get res = " << res << " state = " << allow << endl;
+#else
applyPolicy(id, policy);
+#endif
break;
case '0':
state = State::Main;
break;
default:
cout << "Unsupported option" << endl << endl;
+ break;
}
break;
case State::Iptables:
cout << endl << "Iptables options:" << endl;
cout << "----------------------" << endl;
- cout << policy.getIptablesPolicy().toStyledString();
- cout << "----------------------" << endl;
- cout << " 1 - Iptables enable" << endl;
- cout << " 2 - Iptables disable" << endl;
- cout << " 3 - Iptables add to block list" << endl;
- cout << " 4 - Iptables remove from blocklist" << endl;
+ cout << " 1 - Add allow rule" << endl;
+ cout << " 2 - Add deny rule" << endl;
+ cout << " 3 - Flush allow rules" << endl;
+ cout << " 4 - Flush deny rules" << endl;
cout << " 0 - Back" << endl;
cout << " ------------------\n\tq - exit" << endl;
switch (option)
{
case '1':
- policy.setIptablesState(true);
- applyPolicy(id, policy);
+ state = State::IptablesAdd;
+ rule_allow = true;
break;
case '2':
- policy.setIptablesState(false);
- applyPolicy(id, policy);
+ state = State::IptablesAdd;
+ rule_allow = false;
break;
case '3':
- state = State::IptablesAdd;
+ state = State::IptablesRemove;
+ rule_allow = true;
break;
case '4':
state = State::IptablesRemove;
+ rule_allow = false;
break;
case '0':
state = State::Main;
break;
default:
cout << "Unsupported option" << endl << endl;
+ break;
}
break;
case State::IptablesAdd:
{
- try
- {
- cout << endl << "Iptables add to block list:" << endl;
- cout << "----------------------" << endl;
- cout << " Enter ip address: ";
- string ip, ports;
- cin >> ip;
- unsigned proto;
- do
- {
- cout << " Enter protocol (1 - UDP, 2 - TCP): ";
- cin >> proto;
- } while (proto != 1 && proto != 2);
-
- cout << " Enter ports (one value, coma separated list, or range as start-end)" << endl;
- cout << " Examples:" << endl << " 1234" << endl << " 80,8080,8000" << endl << " 22-1000" << endl;
- cin >> ports;
-
- auto pos = ports.find('-');
-
- IPTablesProtocol p = proto == 1 ? IPTablesProtocol::UDP : IPTablesProtocol::TCP;
-
- if (pos != string::npos)
- {
- string start = strip(ports.substr(0, pos));
- string end = strip(ports.substr(pos + 1, string::npos));
- policy.iptablesAddBlockRange(ip, p, std::stoul(start), std::stoul(end));
- }
- else
- {
- auto sports = split(ports, ',');
-
- std::vector<unsigned short> vports;
- for (auto sport : sports)
- {
- vports.push_back((unsigned short)std::stoul(strip(sport)));
- }
-
- policy.iptablesAddBlock(ip, p, vports);
- applyPolicy(id, policy);
- }
- }
- catch (...)
- {
- cout << "Wrong format" << endl;
- }
+ cout << endl << "Iptables add to block list:" << endl;
+ cout << "----------------------" << endl;
+ cout << " Enter " << (rule_allow ? "allow" : "deny") << " rule: ";
+ string rule;
+ cin >> rule;
+
+#ifdef directly
+ if (rule_allow)
+ res = dpm_firewall_apply_allow_rules(handle, rule.c_str());
+ else
+ res = dpm_firewall_apply_deny_rules(handle, rule.c_str());
+ cout << " res = " << res << endl;
+#else
+ policy.iptablesAddRule(rule);
+ applyPolicy(id, policy);
+#endif
+
+// try
+// {
+// cout << endl << "Iptables add to block list:" << endl;
+// cout << "----------------------" << endl;
+// cout << " Enter ip address: ";
+// string ip, ports;
+// cin >> ip;
+// unsigned proto;
+// do
+// {
+// cout << " Enter protocol (1 - UDP, 2 - TCP): ";
+// cin >> proto;
+// } while (proto != 1 && proto != 2);
+//
+// cout << " Enter ports (one value, coma separated list, or range as start-end)" << endl;
+// cout << " Examples:" << endl << " 1234" << endl << " 80,8080,8000" << endl << " 22-1000" << endl;
+// cin >> ports;
+//
+// auto pos = ports.find('-');
+//
+// IPTablesProtocol p = proto == 1 ? IPTablesProtocol::UDP : IPTablesProtocol::TCP;
+//
+// if (pos != string::npos)
+// {
+// string start = strip(ports.substr(0, pos));
+// string end = strip(ports.substr(pos + 1, string::npos));
+// policy.iptablesAddBlockRange(ip, p, std::stoul(start), std::stoul(end));
+// }
+// else
+// {
+// auto sports = split(ports, ',');
+//
+// std::vector<unsigned short> vports;
+// for (auto sport : sports)
+// {
+// vports.push_back((unsigned short)std::stoul(strip(sport)));
+// }
+//
+// policy.iptablesAddBlock(ip, p, vports);
+// applyPolicy(id, policy);
+// }
+// }
+// catch (...)
+// {
+// cout << "Wrong format" << endl;
+// }
}
state = State::Iptables;
{
try
{
- cout << endl << "Iptables remove from block list:" << endl;
- cout << "----------------------" << endl;
- cout << " Enter ip address: ";
- string ip, ports;
- cin >> ip;
- unsigned proto;
- do
- {
- cout << " Enter protocol (1 - UDP, 2 - TCP): ";
- cin >> proto;
- } while (proto != 1 && proto != 2);
-
- IPTablesProtocol p = proto == 1 ? IPTablesProtocol::UDP : IPTablesProtocol::TCP;
-
- policy.iptablesRemoveBlock(ip, p);
- applyPolicy(id, policy);
+ cout << endl << "Iptables remove from block list" << endl;
+#ifdef directly
+ if (rule_allow)
+ res = dpm_firewall_flush_allow_rules(handle);
+ else
+ res = dpm_firewall_flush_deny_rules(handle);
+ cout << " res = " << res << endl;
+#else
+ policy.iptablesClear();
+ applyPolicy(id, policy);
+#endif
+
+
+// cout << "----------------------" << endl;
+// cout << " Enter ip address: ";
+// string ip, ports;
+// cin >> ip;
+// unsigned proto;
+// do
+// {
+// cout << " Enter protocol (1 - UDP, 2 - TCP): ";
+// cin >> proto;
+// } while (proto != 1 && proto != 2);
+//
+// IPTablesProtocol p = proto == 1 ? IPTablesProtocol::UDP : IPTablesProtocol::TCP;
+//
+// policy.iptablesRemoveBlock(ip, p);
+// applyPolicy(id, policy);
}
catch (...)
{
{
cerr << "Exception thrown: " << e.what() << endl;
}
+ if (handle) dpm_manager_destroy((dpmh)handle);
cout << "Bye" << endl;
const std::string TvPolicy::TV_EXT_GROUP_NAME{"tv-extension"};
TvPolicy::TvPolicy():
- USB_state(true),
- screen_capture_state(true),
- bluetooth_state(true),
- iptables_state(true),
- iptables_items()
+ USB_state(true),
+ WiFi_state(true),
+ screen_capture_state(true),
+ bluetooth_state(true),
+ iptables_state(true),
+ sound_state(true),
+ tuner_state(true),
+ iptables_items()
{
}
return boolPolicy("screen-capture", screen_capture_state);
}
+void TvPolicy::setSoundState(bool on)
+{
+ sound_state = on;
+}
+
+Json::Value TvPolicy::getSoundPolicy() const
+{
+ return boolPolicy("sound", sound_state);
+}
+
+void TvPolicy::setTunerState(bool on)
+{
+ tuner_state = on;
+}
+
+Json::Value TvPolicy::getTunerPolicy() const
+{
+ return boolPolicy("dtv-tunner", tuner_state);
+}
+
void TvPolicy::setBluetoothState(bool on)
{
bluetooth_state = on;
Json::Value TvPolicy::getIptablesPolicy() const
{
- Json::Value iptables_policy{boolPolicy("iptables", iptables_state)};
+ Json::Value iptables_policy{boolPolicy("iptables", int(-1))};
if (!iptables_items.empty())
{
std::string TvPolicy::makePolicy() const
{
Json::Value root;
- Json::Value policy;
+// Json::Value policy_common;
+ Json::Value policy_tvext;
+
+// policy_common["group"] = "common";
+ policy_tvext["group"] = "tv-extension";
+
+// Json::Value policies_common;
+// policies_common.append(getSoundPolicy());
+// policies_common.append(getBluetoothPolicy());
+// policies_common.append(getWiFiPolicy());
+// policies_common.append(getUsbPolicy());
+// policy_common["policies"] = policies_common;
+// root.append(policy_common);
+
+ Json::Value policies_tv;
+ policies_tv.append(getSoundPolicy());
+ policies_tv.append(getBluetoothPolicy());
+ policies_tv.append(getWiFiPolicy());
+ policies_tv.append(getUsbPolicy());
+ policies_tv.append(getTunerPolicy());
+ policies_tv.append(getIptablesPolicy());
+ policy_tvext["policies"] = policies_tv;
+ root.append(policy_tvext);
- policy["group"] = TV_EXT_GROUP_NAME;
-
- Json::Value policies;
- policies.append(getUsbPolicy());
- policies.append(getWiFiPolicy());
- policies.append(getScreenCapturePolicy());
- policies.append(getBluetoothPolicy());
- policies.append(getIptablesPolicy());
- policy["policies"] = policies;
- root.append(policy);
return root.toStyledString();
}
Json::Value policy;
policy["name"] = name;
policy["state"] = state ? 1: 0;
+ policy["items"] = "[]";
+ return policy;
+}
+
+Json::Value TvPolicy::boolPolicy(const std::string& name, int state)
+{
+ Json::Value policy;
+ policy["name"] = name;
+ policy["state"] = state;
+ policy["items"] = "[]";
return policy;
}
int AgentPolicyService::enforcePolicy(const std::string& agentId, const std::string& jsonData)
{
- std::cout << "agentId: " << agentId << std::endl;
- std::cout << "jsonData: " << jsonData << std::endl;
+ std::cout << "AgentPolicyService::enforcePolicy()" << std::endl;
+ std::cout << " agentId: " << agentId << std::endl;
+ std::cout << " jsonData: " << jsonData << std::endl;
/* TODO INSERT HERE POST TO SERVER */
if(m_enforcePolicyHandler != nullptr)
+//0) PROFILE_NAME=tm2_tizen4
+//1) PROFILE_NAME=tm1_tizen4
+//2) PROFILE_NAME=kantm_tizen3
+//3) PROFILE_NAME=kantm_tizen4
+
+#ifndef PROFILE_NAME
+//# error "PROFILE_NAME"
+# define PROFILE_NAME 3
+#endif
+
#include <functional>
#include <map>
#include <iostream>
#include <fstream>
#include <thread>
#include <chrono>
+#include <unistd.h>
+#include <pwd.h>
#ifndef __BUILD_UBUNTU__
#include <dpm/device-policy-manager.h>
#include <dpm/restriction.h>
#include <dpm/application.h>
#include <dpm/security.h>
+#if PROFILE_NAME == 3
+# include <dpm/firewall.h>
+#endif
#endif
#include "logging.h"
typedef void* dpmh;
#endif
-typedef function<int(dpmh)> ApiNone;
-typedef function<int(dpmh, int)> ApiInt;
-typedef function<int(dpmh, const char*)> ApiStr;
-typedef function<int(dpmh, int, const char*)> ApiIntStr;
+typedef function<int(device_policy_manager_h)> ApiNone;
+typedef function<int(device_policy_manager_h, int)> ApiInt;
+typedef function<int(device_policy_manager_h, const char*)> ApiStr;
+typedef function<int(device_policy_manager_h, int, const char*)> ApiIntStr;
#ifdef __BUILD_UBUNTU__
int dpm_application_unset_mode_restriction(dpmh, int, const char*) { return 0; }
#endif
+#if PROFILE_NAME != 3
+int dpm_firewall_apply_deny_rules(device_policy_manager_h handle, const char* rules){ return 0; }
+int dpm_firewall_flush_deny_rules(device_policy_manager_h handle){ return 0; }
+int dpm_restriction_set_usb_client_state(device_policy_manager_h handle, int allow){ return 0; }
+int dpm_restriction_get_usb_client_state(device_policy_manager_h handle, int *is_allowed){ return 0; }
+int dpm_restriction_set_sound_state(device_policy_manager_h handle, int allow){ return 0; }
+int dpm_restriction_get_sound_state(device_policy_manager_h handle, int *is_allowed){ return 0; }
+int dpm_restriction_set_tuner_state(device_policy_manager_h handle, int allow){ return 0; }
+int dpm_restriction_get_tuner_state(device_policy_manager_h handle, int *is_allowed){ return 0; }
+
+#endif
int fake_dpm_restriction_set_wifi_state(dpmh h, int allow)
{
};
const map<const string, ApiInt> mi = {
+ {"sound", dpm_restriction_set_sound_state},
+ {"bluetooth", dpm_restriction_set_bluetooth_mode_change_state},
+ {"wifi", dpm_restriction_set_wifi_state},
+ {"usb", dpm_restriction_set_usb_client_state},
+ {"dtv-tunner", dpm_restriction_set_tuner_state},
+
{"camera", dpm_restriction_set_camera_state},
{"microphone", dpm_restriction_set_microphone_state},
{"location", dpm_restriction_set_location_state},
- {"usb", fake_dpm_restriction_set_external_storage_state},
{"clipboard", dpm_restriction_set_clipboard_state},
{"usb-debug", dpm_restriction_set_usb_debugging_state},
- {"wifi", fake_dpm_restriction_set_wifi_state},
{"wifi-hotspot", dpm_restriction_set_wifi_hotspot_state},
{"bt-tethering", dpm_restriction_set_bluetooth_tethering_state},
{"usb-tethering", dpm_restriction_set_usb_tethering_state},
};
const map<const string, ApiStr> ms = {
+ {"iptables", dpm_firewall_apply_deny_rules},
+
{"bt-mac-add", dpm_bluetooth_add_device_to_blacklist},
{"bt-mac-del", dpm_bluetooth_remove_device_from_blacklist},
{"bt-uuid-add", dpm_bluetooth_add_uuid_to_blacklist},
Mapper::Mapper() : handle(nullptr)
{
- handle = (dpmh)dpm_manager_create();
+// handle = (dpmh)dpm_manager_create();
}
Mapper::~Mapper()
return "Unknown";
}
+pid_t getUidByName(const std::string& name)
+{
+ long int bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (bufsize == -1)
+ {
+ bufsize = 16384;
+ }
+
+ char* buf = new char[bufsize];
+ struct passwd pwd;
+ struct passwd *result;
+
+ int s = getpwnam_r(name.c_str(), &pwd, buf, bufsize, &result);
+ pid_t pid = pwd.pw_uid;
+ delete[] buf;
+
+ if (result == nullptr)
+ {
+ if (s == 0)
+ {
+ throw std::runtime_error("User not found");
+ }
+ else
+ {
+ throw std::runtime_error("Get user info error: " + std::to_string(s));
+ }
+ }
+
+ return pid;
+}
+
dpm_api::error_code Mapper::apply(const std::string &name, const int param, const vector<string> &items)
{
+ dpm_api::error_code res;
+
+ // temporary change user to 'owner'
+ uid_t root = geteuid();
+ uid_t owner = getUidByName("owner");
+ (void)setresuid(root, owner, root);
+ if (!handle) handle = (dpmh)dpm_manager_create();
+ res = work(name, param, items);
+ (void)setresuid(root, root, -1);
+ return res;
+}
+
+dpm_api::error_code Mapper::work(const std::string &name, const int param, const vector<string> &items)
+{
+ cout << "### Mapper::apply() " << name << " " << param << endl;
+
int res = 0;
if (!handle) return NOT_INITIALIZED;
auto its = ms.find(name);
if (its != ms.end())
{
+ if (name == "iptables") dpm_firewall_flush_deny_rules((dpmh)handle);
+
for (auto & item : items)
{
res = its->second((dpmh)handle, item.c_str());
const char* get_error_string(error_code err);
error_code apply(const std::string &name, const int param, const std::vector<std::string> &items);
+
+protected:
+ error_code work(const std::string &name, const int param, const std::vector<std::string> &items);
};
}
[Cloud]
port=5683
# Local SRK
-#ip=106.125.46.44
+ip=106.125.46.44
# Amazon
-ip=52.71.167.178
+#ip=52.71.167.178
[DSM]
# Local SRK
uri=http://106.125.46.74:8080/dsm/restapi/
{
LOG_D(TAG, "Enfore request from agent: %s\n%s", agentId.c_str(), jsonData.c_str());
+ std::cout << "PolicyHandler::enforceCallback() Enforce request from agent" << agentId << std::endl;
+
+ //iot::core::PolicyEnforce::GetInstance().ParsePolicy(jsonData); // tmp
+
OCRepresentation rep;
rep.setValue("policy", jsonData);
const std::string& device_id = NetworkManager::IoTivity::getInstance()->getDeviceID();
void PolicyHandler::observeCallback(const HeaderOptions& head_options, const OCRepresentation& rep, const int& ecode, const int& seq_number)
{
+ std::cout << "PolicyHandler::observeCallback" << std::endl;
if (ecode == OC_STACK_OK)
{
std::string policy = rep.getValue<std::string>("policy");
std::string did = rep.getValue<std::string>("duid");
std::string route = rep.getValue<std::string>("route");
+
+ std::cout << "[Recieved Policy for " << did << "]" << std::endl << policy << std::endl;
LOG_D(TAG, "[Recieved Policy for %s]\n%s\n", did.c_str(), policy.c_str());
+
const std::string& device_id = NetworkManager::IoTivity::getInstance()->getDeviceID();
+ std::cout << "device id: " << device_id << std::endl;
if (did == device_id)
{
projects / platform / core / security / suspicious-activity-monitor.git / commitdiff