--- /dev/null
+Bumjin Im <bj.i@samsung.com>
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author
+# @brief
+#
+
+############################# Check minimum CMake version #####################
+
+CMAKE_MINIMUM_REQUIRED(VERSION 2.6)
+PROJECT("security-server")
+
+############################# cmake packages ##################################
+
+INCLUDE(FindPkgConfig)
+
+############################# compilation defines #############################
+
+# EMPTY
+
+############################# compiler flags ##################################
+
+SET(CMAKE_C_FLAGS_PROFILING "-O0 -g -pg")
+SET(CMAKE_CXX_FLAGS_PROFILING "-O0 -std=c++0x -g -pg")
+SET(CMAKE_C_FLAGS_DEBUG "-O0 -g")
+SET(CMAKE_CXX_FLAGS_DEBUG "-O0 -std=c++0x -g")
+SET(CMAKE_C_FLAGS_RELEASE "-O2 -g")
+SET(CMAKE_CXX_FLAGS_RELEASE "-O2 -std=c++0x -g")
+SET(CMAKE_C_FLAGS_CCOV "-O2 -g --coverage")
+SET(CMAKE_CXX_FLAGS_CCOV "-O2 -std=c++0x -g --coverage")
+
+#SET(SMACK_ENABLE ON)
+
+OPTION(DPL_LOG "DPL logs status" ON)
+IF(DPL_LOG)
+ MESSAGE(STATUS "Logging enabled for DPL")
+ ADD_DEFINITIONS("-DDPL_LOGS_ENABLED")
+ELSE(DPL_LOG)
+ MESSAGE(STATUS "Logging disabled for DPL")
+ENDIF(DPL_LOG)
+
+# If supported for the target machine, emit position-independent code,suitable
+# for dynamic linking and avoiding any limit on the size of the global offset
+# table. This option makes a difference on the m68k, PowerPC and SPARC.
+# (BJ: our ARM too?)
+ADD_DEFINITIONS("-fPIC")
+
+# Set the default ELF image symbol visibility to hidden - all symbols will be
+# marked with this unless overridden within the code.
+#ADD_DEFINITIONS("-fvisibility=hidden")
+
+# Set compiler warning flags
+#ADD_DEFINITIONS("-Werror") # Make all warnings into errors.
+ADD_DEFINITIONS("-Wall") # Generate all warnings
+ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
+ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM)
+ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features
+ADD_DEFINITIONS("-std=c++0x") # No warnings about deprecated features
+
+ADD_DEFINITIONS("-DSOCKET_CONNECTION") #defines sockets as used IPC
+#ADD_DEFINITIONS("-DDBUS_CONNECTION") #defines DBus as used IPC
+
+STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}")
+ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"")
+
+IF(SMACK_ENABLE)
+ ADD_DEFINITIONS("-DWRT_SMACK_ENABLED")
+ENDIF(SMACK_ENABLE)
+
+############################# Targets names ###################################
+
+SET(TARGET_DAEMON "wrt-security-daemon")
+SET(TARGET_ACE_DAO_RO_LIB "ace-dao-ro")
+SET(TARGET_ACE_DAO_RW_LIB "ace-dao-rw")
+SET(TARGET_ACE_LIB "ace")
+SET(TARGET_ACE_CLIENT_LIB "ace-client")
+SET(TARGET_ACE_SETTINGS_LIB "ace-settings")
+SET(TARGET_ACE_INSTALL_LIB "ace-install")
+SET(TARGET_ACE_POPUP_VALIDATION_LIB "ace-popup-validation")
+SET(TARGET_COMMUNICATION_CLIENT_LIB "communication-client")
+SET(TARGET_WRT_OCSP_LIB "wrt-ocsp")
+SET(TARGET_SEC_SRV_LIB "sec-srv")
+
+######################## Legacy targets names #################################
+
+SET(TARGET_SECURITY_SERVER "security-server")
+SET(TARGET_SECURITY_CLIENT "security-server-client")
+
+############################# Communicatin Client #############################
+
+SET(COMMUNICATION_CLIENT_DIR
+ ${PROJECT_SOURCE_DIR}/communication_client
+ )
+
+SET(COMMUNICATION_CLIENT_SRC_DIR
+ ${COMMUNICATION_CLIENT_DIR}/src
+ )
+
+SET(COMMUNICATION_CLIENT_INCLUDE_DIR
+ ${COMMUNICATION_CLIENT_DIR}/include
+ )
+
+SET(COMMUNICATION_CLIENT_SOURCES
+ ${COMMUNICATION_CLIENT_SRC_DIR}/SecurityCommunicationClient.cpp
+ ${PROJECT_SOURCE_DIR}/socket_connection/client/SecuritySocketClient.cpp
+ ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp
+ ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp
+ )
+
+SET(COMMUNICATION_CLIENT_INCLUDES
+ ${COMMUNICATION_CLIENT_DEPS_INCLUDE_DIRS}
+ ${COMMUNICATION_CLIENT_INCLUDE_DIR}
+ ${PROJECT_SOURCE_DIR}/src/daemon/sockets
+ ${PROJECT_SOURCE_DIR}/src/daemon/dbus
+ ${PROJECT_SOURCE_DIR}/src/daemon/socket
+ ${PROJECT_SOURCE_DIR}/src/daemon/socket/api
+ ${PROJECT_SOURCE_DIR}/socket_connection/client
+ ${PROJECT_SOURCE_DIR}/socket_connection/connection
+ )
+
+############################# subdirectories ##################################
+
+ADD_SUBDIRECTORY(ace)
+ADD_SUBDIRECTORY(ace_client)
+ADD_SUBDIRECTORY(ace_common)
+ADD_SUBDIRECTORY(ace_install)
+ADD_SUBDIRECTORY(ace_settings)
+ADD_SUBDIRECTORY(ace_popup_validation)
+ADD_SUBDIRECTORY(wrt_ocsp)
+ADD_SUBDIRECTORY(src)
+ADD_SUBDIRECTORY(build)
+ADD_SUBDIRECTORY(etc)
-Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd. All rights reserved.
+Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved.
Apache License
Version 2.0, January 2004
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+######################################################################
+
+#DB vcore
+PKG_CHECK_MODULES(ACE_DB_DEP
+ dpl-efl
+ REQUIRED)
+
+#DB ace
+ADD_CUSTOM_COMMAND(
+ OUTPUT ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h
+ COMMAND ${CMAKE_SOURCE_DIR}/ace/orm/gen_db_md5.sh
+ ARGS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h
+ ${CMAKE_SOURCE_DIR}/ace/orm/ace_db
+ DEPENDS ${CMAKE_SOURCE_DIR}/ace/orm/ace_db
+ ${CMAKE_SOURCE_DIR}/ace/orm/gen_db_md5.sh
+ COMMENT "Generating ACE database checksum"
+ )
+ADD_CUSTOM_TARGET(ACE_DB_CHECKSUM_HEADER DEPENDS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h)
+
+STRING(REPLACE ";" ":" DEPENDENCIES "${ACE_DB_DEP_INCLUDE_DIRS}")
+
+ADD_CUSTOM_COMMAND( OUTPUT .ace.db
+ COMMAND rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db
+ COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h -I${PROJECT_SOURCE_DIR}/ace/orm -E ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h | grep --invert-match "^#" > ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql
+ COMMAND sqlite3 ${CMAKE_CURRENT_BINARY_DIR}/.ace.db ".read ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql" || rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db
+ DEPENDS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db
+ )
+
+ADD_CUSTOM_COMMAND( OUTPUT .ace.db-journal
+ COMMAND touch
+ ARGS ${CMAKE_CURRENT_BINARY_DIR}/.ace.db-journal
+ )
+
+ADD_CUSTOM_TARGET(Sqlite3DbACE ALL DEPENDS .ace.db .ace.db-journal)
+
+INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql
+ DESTINATION share/wrt-engine/
+ )
+
+###########################################################
+
+INCLUDE(FindPkgConfig)
+
+SET(ACE_TEST_PATH "/usr/apps/org.tizen.policy")
+
+INSTALL(FILES
+ ${CMAKE_CURRENT_SOURCE_DIR}/configuration/bondixml.xsd
+ ${CMAKE_CURRENT_SOURCE_DIR}/configuration/UnrestrictedPolicy.xml
+ ${CMAKE_CURRENT_SOURCE_DIR}/configuration/WAC2.0Policy.xml
+ ${CMAKE_CURRENT_SOURCE_DIR}/configuration/TizenPolicy.xml
+ DESTINATION /usr/etc/ace
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE)
+
+SET(ACE_LIB_DEPS_BASIC
+ dpl-efl
+ dpl-db-efl
+ dpl-event-efl
+ ecore
+ appcore-efl
+ openssl
+ sqlite3
+ dlog
+ vconf
+ db-util
+ libpcrecpp
+ icu-uc
+ libxml-2.0
+ )
+
+IF(SMACK_ENABLED)
+ LIST(APPEND ACE_LIB_DEPS_BASIC libprivilege-control)
+ENDIF(SMACK_ENABLED)
+
+PKG_CHECK_MODULES(ACE_LIB_DEPS ${ACE_LIB_DEPS_BASIC} REQUIRED)
+
+SET(WRT_ACE_DIR ${PROJECT_SOURCE_DIR}/ace)
+
+SET(ACE_SOURCES
+ ${WRT_ACE_DIR}/engine/PolicyEvaluator.cpp
+ ${WRT_ACE_DIR}/engine/PolicyInformationPoint.cpp
+ ${WRT_ACE_DIR}/engine/CombinerImpl.cpp
+ ${WRT_ACE_DIR}/engine/parser.cpp
+ ${WRT_ACE_DIR}/engine/PolicyEnforcementPoint.cpp
+ ${WRT_ACE_DIR}/engine/SettingsLogic.cpp
+ ${WRT_ACE_DIR}/engine/Attribute.cpp
+ ${WRT_ACE_DIR}/engine/Condition.cpp
+ ${WRT_ACE_DIR}/engine/Policy.cpp
+ ${WRT_ACE_DIR}/engine/Rule.cpp
+ ${WRT_ACE_DIR}/engine/Subject.cpp
+ ${WRT_ACE_DIR}/engine/TreeNode.cpp
+ ${WRT_ACE_DIR}/engine/ConfigurationManager.cpp
+)
+
+INCLUDE_DIRECTORIES(${ACE_LIB_DEPS_INCLUDE_DIRS})
+INCLUDE_DIRECTORIES(${WRT_ACE_DIR}/include)
+
+SET(WITH_ACE_SETTINGS_SERVER_SOURCES
+ ${WITH_ACE_SETTINGS_SERVER_NONE_SOURCES}
+ )
+
+ADD_LIBRARY(${TARGET_ACE_LIB} SHARED
+ ${ACE_SOURCES}
+ ${WITH_ACE_SETTINGS_SERVER_SOURCES}
+)
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_LIB} PROPERTIES
+ SOVERSION ${API_VERSION}
+ VERSION ${VERSION})
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_LIB} PROPERTIES
+ COMPILE_FLAGS -fPIC)
+
+TARGET_LINK_LIBRARIES(${TARGET_ACE_LIB}
+ ${TARGET_ACE_DAO_RW_LIB}
+ ${ACE_LIB_DEPS_LIBRARIES}
+)
+
+INSTALL(TARGETS ${TARGET_ACE_LIB}
+ DESTINATION lib)
+
+INSTALL(FILES
+ include/ace/WRT_INTERFACE.h
+ DESTINATION
+ include/ace
+ )
+
+add_subdirectory(dao)
--- /dev/null
+!!!options!!! stop
+ACE - Access Control Engine - security module for Device APIs
--- /dev/null
+<policy-set id="Tizen-Policy" combine="first-matching-target">
+ <policy id="Tizen-Policy-Partner-API" description="Partner API" combine="permit-overrides">
+ <!-- Partner API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
+ <target>
+ <subject>
+ <subject-match attr="distributor-key-root-fingerprint" func="equal">
+ sha-1 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85
+ </subject-match>
+ </subject>
+ </target>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="tizen" />
+ </condition>
+ </rule>
+
+ <!-- access to application -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="appmanager.certificate" />
+ <resource-match attr="device-cap" func="equal" match="appmanager.kill" />
+ <resource-match attr="device-cap" func="equal" match="application.launch" />
+ </condition>
+ </rule>
+
+ <!-- access to bluetooth -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
+ <resource-match attr="device-cap" func="equal" match="bluetoothmanager" />
+ </condition>
+ </rule>
+
+ <!-- access to bookmark -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="bookmark.read" />
+ <resource-match attr="device-cap" func="equal" match="bookmark.write" />
+ </condition>
+ </rule>
+
+ <!-- access to calendar -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="calendar.read" />
+ <resource-match attr="device-cap" func="equal" match="calendar.write" />
+ </condition>
+ </rule>
+
+ <!-- access to call history -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="callhistory.read" />
+ <resource-match attr="device-cap" func="equal" match="callhistory.write" />
+ </condition>
+ </rule>
+
+ <!-- access to contact -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="contact.read" />
+ <resource-match attr="device-cap" func="equal" match="contact.write" />
+ </condition>
+ </rule>
+
+ <!-- access to content -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="content.read" />
+ <resource-match attr="device-cap" func="equal" match="content.write" />
+ </condition>
+ </rule>
+
+ <!-- access to datasync -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="datasync" />
+ </condition>
+ </rule>
+
+ <!-- access to NFC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="nfc.admin" />
+ <resource-match attr="device-cap" func="equal" match="nfc.tag" />
+ <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
+ <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
+ <resource-match attr="device-cap" func="equal" match="nfc.common" />
+ </condition>
+ </rule>
+
+ <!-- access to systeminfo -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="system.info" />
+ <resource-match attr="device-cap" func="equal" match="systemmanager.info" />
+ </condition>
+ </rule>
+
+ <!-- access to system setting -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="setting" />
+ </condition>
+ </rule>
+
+ <!-- access to download feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="download" />
+ </condition>
+ </rule>
+
+ <!-- access to power feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="power" />
+ </condition>
+ </rule>
+
+ <!-- access to push feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="push" />
+ </condition>
+ </rule>
+
+ <!-- access to timeutil -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="time" />
+ </condition>
+ </rule>
+
+ <!-- access to external network -->
+ <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
+ <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ </rule>
+
+ <!-- access to external network on roaming status -->
+ <rule effect="permit">
+ <condition combine="and">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ <environment-match attr="roaming" match="true" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="alarm" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="log" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="messaging.read" />
+ <resource-match attr="device-cap" func="equal" match="messaging.write" />
+ <resource-match attr="device-cap" func="equal" match="messaging.send" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="messagport" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="filesystem.read" />
+ <resource-match attr="device-cap" func="equal" match="filesystem.write" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="notification" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="networkbearerselection" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="datacontrol.consumer" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="se" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="account.read" />
+ <resource-match attr="device-cap" func="equal" match="account.write" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="packagemanager.install" />
+ <resource-match attr="device-cap" func="equal" match="package.info" />
+ </condition>
+ </rule>
+
+ <rule effect="deny" />
+ </policy>
+ <policy id="Tizen-Policy-Trusted" description="Tizen's policy for trusted domain" combine="permit-overrides">
+ <!-- This is finger-print of certificate for TIZEN SDK (tizen.root.preproduction.cert.pem) -->
+ <target>
+ <subject>
+ <subject-match attr="distributor-key-root-fingerprint" func="equal">
+ sha-1 AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E
+ </subject-match>
+ </subject>
+ </target>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="tizen" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="account.read" />
+ <resource-match attr="device-cap" func="equal" match="account.write" />
+ </condition>
+ </rule>
+
+ <!-- access to application -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="application.launch" />
+ </condition>
+ </rule>
+
+ <!-- access to bluetooth -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
+ </condition>
+ </rule>
+
+ <!-- access to calendar -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="calendar.read" />
+ <resource-match attr="device-cap" func="equal" match="calendar.write" />
+ </condition>
+ </rule>
+
+ <!-- access to call history -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="callhistory.read" />
+ <resource-match attr="device-cap" func="equal" match="callhistory.write" />
+ </condition>
+ </rule>
+
+ <!-- access to contact -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="contact.read" />
+ <resource-match attr="device-cap" func="equal" match="contact.write" />
+ </condition>
+ </rule>
+
+ <!-- access to content -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="content.read" />
+ <resource-match attr="device-cap" func="equal" match="content.write" />
+ </condition>
+ </rule>
+
+ <!-- access to datasync -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="datasync" />
+ </condition>
+ </rule>
+
+ <!-- access to NFC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="nfc.admin" />
+ <resource-match attr="device-cap" func="equal" match="nfc.tag" />
+ <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
+ <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
+ <resource-match attr="device-cap" func="equal" match="nfc.common" />
+ </condition>
+ </rule>
+
+ <!-- access to systeminfo -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="system.info" />
+ </condition>
+ </rule>
+
+ <!-- access to system setting -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="setting" />
+ </condition>
+ </rule>
+
+ <!-- access to download feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="download" />
+ </condition>
+ </rule>
+
+ <!-- access to power feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="power" />
+ </condition>
+ </rule>
+
+ <!-- access to push feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="push" />
+ </condition>
+ </rule>
+
+ <!-- access to timeutil -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="time" />
+ </condition>
+ </rule>
+
+ <!-- access to external network -->
+ <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
+ <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ </rule>
+
+ <!-- access to external network on roaming status -->
+ <rule effect="permit">
+ <condition combine="and">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ <environment-match attr="roaming" match="true" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="alarm" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="log" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="messaging.read" />
+ <resource-match attr="device-cap" func="equal" match="messaging.write" />
+ <resource-match attr="device-cap" func="equal" match="messaging.send" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="filesystem.read" />
+ <resource-match attr="device-cap" func="equal" match="filesystem.write" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="notification" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="package.info" />
+ </condition>
+ </rule>
+
+ <rule effect="deny" />
+ </policy>
+
+ <policy id="Tizen-Policy-Untrusted" description="Tizen's policy for untrusted domain" combine="permit-overrides">
+ <!-- Specific Untrusted Policy for Tizen -->
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="tizen" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="account.read" />
+ <resource-match attr="device-cap" func="equal" match="account.write" />
+ </condition>
+ </rule>
+
+ <!-- access to application -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="application.launch" />
+ </condition>
+ </rule>
+
+ <!-- access to bluetooth -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
+ </condition>
+ </rule>
+
+ <!-- access to calendar -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="calendar.read" />
+ <resource-match attr="device-cap" func="equal" match="calendar.write" />
+ </condition>
+ </rule>
+
+ <!-- access to call history -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="callhistory.read" />
+ <resource-match attr="device-cap" func="equal" match="callhistory.write" />
+ </condition>
+ </rule>
+
+ <!-- access to contact -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="contact.read" />
+ <resource-match attr="device-cap" func="equal" match="contact.write" />
+ </condition>
+ </rule>
+
+ <!-- access to content -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="content.read" />
+ <resource-match attr="device-cap" func="equal" match="content.write" />
+ </condition>
+ </rule>
+
+ <!-- access to datasync -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="datasync" />
+ </condition>
+ </rule>
+
+ <!-- access to NFC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="nfc.admin" />
+ <resource-match attr="device-cap" func="equal" match="nfc.tag" />
+ <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
+ <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
+ <resource-match attr="device-cap" func="equal" match="nfc.common" />
+ </condition>
+ </rule>
+
+ <!-- access to systeminfo -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="system.info" />
+ </condition>
+ </rule>
+
+ <!-- access to system setting -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="setting" />
+ </condition>
+ </rule>
+
+ <!-- access to download feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="download" />
+ </condition>
+ </rule>
+
+ <!-- access to power feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="power" />
+ </condition>
+ </rule>
+
+ <!-- access to push feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="push" />
+ </condition>
+ </rule>
+
+ <!-- access to timeutil -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="time" />
+ </condition>
+ </rule>
+
+ <!-- access to external network -->
+ <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
+ <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ </rule>
+
+ <!-- access to external network on roaming status -->
+ <rule effect="permit">
+ <condition combine="and">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ <environment-match attr="roaming" match="true" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="alarm" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="log" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="messaging.read" />
+ <resource-match attr="device-cap" func="equal" match="messaging.write" />
+ <resource-match attr="device-cap" func="equal" match="messaging.send" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="filesystem.read" />
+ <resource-match attr="device-cap" func="equal" match="filesystem.write" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="notification" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="package.info" />
+ </condition>
+ </rule>
+
+ <rule effect="deny" />
+ </policy>
+</policy-set>
--- /dev/null
+<policy-set id="Policy-1" combine="first-matching-target">
+ <policy>
+ <rule effect="permit" />
+ </policy>
+</policy-set>
--- /dev/null
+<policy-set id="WAC-Policy" combine="first-matching-target">
+ <policy id="WAC-Policy-Trusted" description="WAC's policy for trusted domain" combine="permit-overrides">
+ <target>
+ <subject>
+ <!-- This is finger-print of certificate for WAC Test Widget (operator.root.cert.pem) -->
+ <subject-match attr="distributor-key-root-fingerprint" func="equal">
+ sha-1 4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38
+ </subject-match>
+ </subject>
+ <subject>
+ <!-- This is finger-print of certificate for WAC Publish ID (wac.publisher.pem) -->
+ <subject-match attr="author-key-root-fingerprint" func="equal">
+ sha-1 A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2
+ </subject-match>
+ </subject>
+ <subject>
+ <!-- This is finger-print of certificate for WAC Production (wac.root.production.pem) -->
+ <subject-match attr="distributor-key-root-fingerprint" func="equal">
+ sha-1 A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1
+ </subject-match>
+ </subject>
+ <subject>
+ <!-- This is finger-print of certificate for WAC Preproduction (wac.root.preproduction.pem) -->
+ <subject-match attr="distributor-key-root-fingerprint" func="equal">
+ sha-1 8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A
+ </subject-match>
+ </subject>
+ </target>
+
+ <!-- access to external network -->
+ <rule effect="permit">
+ <condition combine="and">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ <resource-match attr="device-cap" func="equal" match="messaging.send" />
+ </condition>
+ <environment-match attr="roaming" match="true" />
+ </condition>
+ </rule>
+ <rule effect="permit" />
+ </policy>
+
+ <policy id="WAC-Policy-Untrusted" description="WAC's policy for untrusted domain" combine="deny-overrides">
+ <!-- Specific Untrusted Policy for WAC -->
+ <!-- access to accelerometer -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="accelerometer" />
+ </condition>
+ </rule>
+
+ <!-- access to calendar -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="pim.calendar.read" />
+ <resource-match attr="device-cap" func="equal" match="pim.calendar.write" />
+ </condition>
+ </rule>
+
+ <!-- access to camera -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="camera.show" />
+ </condition>
+ </rule>
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="camera.capture" />
+ </condition>
+ </rule>
+
+ <!-- access to contact -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="pim.contact.read" />
+ <resource-match attr="device-cap" func="equal" match="pim.contact.write" />
+ </condition>
+ </rule>
+
+ <!-- access to device-interaction -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="deviceinteraction" />
+ </condition>
+ </rule>
+
+ <!-- access to device-status -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="devicestatus.deviceinfo" />
+ <resource-match attr="device-cap" func="equal" match="devicestatus.networkinfo" />
+ </condition>
+ </rule>
+
+ <!-- access to filesystem -->
+ <rule effect="permit">
+ <condition combine="and">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="filesystem.read" />
+ <resource-match attr="device-cap" func="equal" match="filesystem.write" />
+ </condition>
+ <condition combine="or">
+ <resource-match attr="param:location" func="equal">wgt-private</resource-match>
+ <resource-match attr="param:location" func="equal">wgt-private-tmp</resource-match>
+ <resource-match attr="param:location" func="equal">wgt-package</resource-match>
+ </condition>
+ </condition>
+ </rule>
+
+ <!-- access to messaging -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="messaging.find" />
+ <resource-match attr="device-cap" func="equal" match="messaging.subscribe" />
+ <resource-match attr="device-cap" func="equal" match="messaging.write" />
+ </condition>
+ </rule>
+
+ <!-- access to message send on roaming status -->
+ <rule effect="deny">
+ <condition combine="and">
+ <resource-match attr="device-cap" func="equal" match="messaging.send" />
+ <environment-match attr="roaming" match="true" />
+ </condition>
+ </rule>
+
+ <!-- access to geolocation -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="geolocation" />
+ </condition>
+ </rule>
+
+ <!-- access to orientation -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="orientation" />
+ </condition>
+ </rule>
+
+ <!-- access to task -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="pim.task.read" />
+ <resource-match attr="device-cap" func="equal" match="pim.task.write" />
+ </condition>
+ </rule>
+ <!-- access to external network -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ </rule>
+
+ <!-- access to external network on roaming status -->
+ <rule effect="permit">
+ <condition combine="and">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ <environment-match attr="roaming" match="true" />
+ </condition>
+ </rule>
+
+ </policy>
+</policy-set>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified">
+ <xs:element name="policy-set">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element minOccurs="0" ref="target"/>
+ <xs:choice minOccurs="0" maxOccurs="unbounded">
+ <xs:element ref="policy-set"/>
+ <xs:element ref="policy"/>
+ </xs:choice>
+ </xs:sequence>
+ <xs:attributeGroup ref="policy-set.attlist"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:attributeGroup name="policy-set.attlist">
+ <xs:attribute name="combine" default="deny-overrides">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="deny-overrides"/>
+ <xs:enumeration value="permit-overrides"/>
+ <xs:enumeration value="first-matching-target"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:attribute name="id"/>
+ </xs:attributeGroup>
+ <xs:element name="policy">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element minOccurs="0" ref="target"/>
+ <xs:element minOccurs="0" maxOccurs="unbounded" ref="rule"/>
+ </xs:sequence>
+ <xs:attributeGroup ref="policy.attlist"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:attributeGroup name="policy.attlist">
+ <xs:attribute name="combine" default="deny-overrides">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="deny-overrides"/>
+ <xs:enumeration value="permit-overrides"/>
+ <xs:enumeration value="first-applicable"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ <xs:attribute name="description"/>
+ <xs:attribute name="id"/>
+ </xs:attributeGroup>
+ <xs:element name="rule">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element minOccurs="0" ref="condition"/>
+ </xs:sequence>
+ <xs:attributeGroup ref="rule.attlist"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:attributeGroup name="rule.attlist">
+ <xs:attribute name="effect" default="permit">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="permit"/>
+ <xs:enumeration value="prompt-blanket"/>
+ <xs:enumeration value="prompt-session"/>
+ <xs:enumeration value="prompt-oneshot"/>
+ <xs:enumeration value="deny"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:attributeGroup>
+ <xs:element name="target">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" ref="subject"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="subject">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" ref="subject-match"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="condition">
+ <xs:complexType>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element ref="condition"/>
+ <xs:element ref="subject-match"/>
+ <xs:element ref="resource-match"/>
+ <xs:element ref="environment-match"/>
+ </xs:choice>
+ <xs:attributeGroup ref="condition.attlist"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:attributeGroup name="condition.attlist">
+ <xs:attribute name="combine" default="and">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="and"/>
+ <xs:enumeration value="or"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:attributeGroup>
+ <xs:attributeGroup name="match-attrs">
+ <xs:attribute name="attr" use="required"/>
+ <xs:attribute name="match"/>
+ <xs:attribute name="func" default="glob">
+ <xs:simpleType>
+ <xs:restriction base="xs:token">
+ <xs:enumeration value="equal"/>
+ <xs:enumeration value="glob"/>
+ <xs:enumeration value="regexp"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+ </xs:attributeGroup>
+ <xs:element name="subject-match">
+ <xs:complexType mixed="true">
+ <xs:attributeGroup ref="subject-match.attlist"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:attributeGroup name="subject-match.attlist">
+ <xs:attributeGroup ref="match-attrs"/>
+ </xs:attributeGroup>
+ <xs:complexType name="match-model" mixed="true">
+ <xs:choice minOccurs="0" maxOccurs="unbounded">
+ <xs:element ref="subject-attr"/>
+ <xs:element ref="resource-attr"/>
+ <xs:element ref="environment-attr"/>
+ </xs:choice>
+ </xs:complexType>
+ <xs:element name="resource-match">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="match-model">
+ <xs:attributeGroup ref="resource-match.attlist"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+ <xs:attributeGroup name="resource-match.attlist">
+ <xs:attributeGroup ref="match-attrs"/>
+ </xs:attributeGroup>
+ <xs:element name="environment-match">
+ <xs:complexType>
+ <xs:complexContent>
+ <xs:extension base="match-model">
+ <xs:attributeGroup ref="environment-match.attlist"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+ </xs:element>
+ <xs:attributeGroup name="environment-match.attlist">
+ <xs:attributeGroup ref="match-attrs"/>
+ </xs:attributeGroup>
+ <xs:attributeGroup name="attr-attrs">
+ <xs:attribute name="attr" use="required"/>
+ </xs:attributeGroup>
+ <xs:element name="subject-attr">
+ <xs:complexType>
+ <xs:attributeGroup ref="subject-attr.attlist"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:attributeGroup name="subject-attr.attlist">
+ <xs:attributeGroup ref="attr-attrs"/>
+ </xs:attributeGroup>
+ <xs:element name="resource-attr">
+ <xs:complexType>
+ <xs:attributeGroup ref="resource-attr.attlist"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:attributeGroup name="resource-attr.attlist">
+ <xs:attributeGroup ref="attr-attrs"/>
+ </xs:attributeGroup>
+ <xs:element name="environment-attr">
+ <xs:complexType>
+ <xs:attributeGroup ref="environment-attr.attlist"/>
+ </xs:complexType>
+ </xs:element>
+ <xs:attributeGroup name="environment-attr.attlist">
+ <xs:attributeGroup ref="attr-attrs"/>
+ </xs:attributeGroup>
+</xs:schema>
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file AceDAO.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#include <ace-dao-rw/AceDAO.h>
+
+#include <openssl/md5.h>
+#include <dpl/foreach.h>
+#include <dpl/string.h>
+#include <dpl/log/log.h>
+#include <dpl/db/orm.h>
+#include <ace-dao-ro/AceDAOUtilities.h>
+#include <ace-dao-ro/AceDAOConversions.h>
+#include <ace-dao-ro/AceDatabase.h>
+
+using namespace DPL::DB::ORM;
+using namespace DPL::DB::ORM::ace;
+using namespace AceDB::AceDaoUtilities;
+using namespace AceDB::AceDaoConversions;
+
+namespace {
+char const * const EMPTY_SESSION = "";
+} // namespace
+
+namespace AceDB{
+
+void AceDAO::setPromptDecision(
+ WidgetHandle widgetHandle,
+ int ruleId,
+ const DPL::OptionalString &session,
+ PromptDecision decision)
+{
+ Try {
+ ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
+
+ ACE_DB_DELETE(del, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
+ del->Where(
+ And(
+ Equals<AcePromptDecision::app_id>(widgetHandle),
+ Equals<AcePromptDecision::rule_id>(ruleId)));
+ del->Execute();
+
+ AcePromptDecision::Row row;
+ row.Set_rule_id(ruleId);
+ row.Set_decision(promptDecisionToInt(decision));
+ row.Set_app_id(widgetHandle);
+ row.Set_session(session);
+ ACE_DB_INSERT(insert, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
+ insert->Values(row);
+ insert->Execute();
+
+ transaction.Commit();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to setUserSetting");
+ }
+}
+
+void AceDAO::removePolicyResult(
+ const BaseAttributeSet &attributes)
+{
+ Try {
+ ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
+
+ auto attrHash = convertToHash(attributes);
+
+ ACE_DB_DELETE(del,
+ AcePolicyResult,
+ &AceDaoUtilities::m_databaseInterface);
+ del->Where(Equals<AcePolicyResult::hash>(attrHash));
+ del->Execute();
+ transaction.Commit();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to removeVerdict");
+ }
+}
+
+void AceDAO::clearAllSettings(void)
+{
+ clearWidgetDevCapSettings();
+ clearDevCapSettings();
+}
+
+void AceDAO::setDevCapSetting(const std::string &resource,
+ PreferenceTypes preference)
+{
+ Try {
+ ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface);
+ AceDevCap::Row row;
+ row.Set_general_setting(preferenceToInt(preference));
+ update->Values(row);
+ update->Where(
+ Equals<AceDevCap::id_uri>(DPL::FromUTF8String(resource)));
+ update->Execute();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to SetResourceSetting");
+ }
+}
+
+void AceDAO::removeDevCapSetting(const std::string &resource)
+{
+ Try {
+ ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface);
+ AceDevCap::Row row;
+ row.Set_general_setting(preferenceToInt(PreferenceTypes::PREFERENCE_DEFAULT));
+ update->Values(row);
+ update->Where(
+ Equals<AceDevCap::id_uri>(DPL::FromUTF8String(resource)));
+ update->Execute();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to removeResourceSetting");
+ }
+}
+
+
+void AceDAO::setWidgetDevCapSetting(const std::string &resource,
+ WidgetHandle handler,
+ PreferenceTypes preference)
+{
+ Try {
+ ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
+ // TODO JOIN
+ AceDevCap::Row rrow;
+ if (!getResourceByUri(resource, rrow)) {
+ ThrowMsg(Exception::DatabaseError, "Resource not found");
+ }
+
+ ACE_DB_INSERT(insert,
+ AceWidgetDevCapSetting,
+ &AceDaoUtilities::m_databaseInterface);
+
+ AceWidgetDevCapSetting::Row row;
+ row.Set_app_id(handler);
+ int rid = rrow.Get_resource_id();
+ row.Set_resource_id(rid);
+ row.Set_access_value(preferenceToInt(preference));
+ insert->Values(row);
+ insert->Execute();
+
+ transaction.Commit();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to setUserSetting");
+ }
+}
+
+void AceDAO::removeWidgetDevCapSetting(const std::string &resource,
+ WidgetHandle handler)
+{
+ Try {
+ ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
+ AceDevCap::Row rrow;
+ if (!getResourceByUri(resource, rrow)) {
+ ThrowMsg(Exception::DatabaseError, "resource not found");
+ }
+
+ ACE_DB_DELETE(del,
+ AceWidgetDevCapSetting,
+ &AceDaoUtilities::m_databaseInterface);
+
+ Equals<AceWidgetDevCapSetting::app_id> e1(handler);
+ Equals<AceWidgetDevCapSetting::resource_id> e2(rrow.Get_resource_id());
+ del->Where(And(e1, e2));
+ del->Execute();
+ transaction.Commit();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings");
+ }
+}
+
+
+void AceDAO::setPolicyResult(const BaseAttributeSet &attributes,
+ const ExtendedPolicyResult &exResult)
+{
+ Try {
+ ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
+
+ // TODO: this call is connected with logic.
+ // It should be moved to PolicyEvaluator
+ addAttributes(attributes);
+
+ auto attrHash = convertToHash(attributes);
+
+ ACE_DB_DELETE(del, AcePolicyResult, &AceDaoUtilities::m_databaseInterface)
+ del->Where(Equals<AcePolicyResult::hash>(attrHash));
+ del->Execute();
+
+ ACE_DB_INSERT(insert, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
+ AcePolicyResult::Row row;
+ row.Set_decision(PolicyResult::serialize(exResult.policyResult));
+ row.Set_hash(attrHash);
+ row.Set_rule_id(exResult.ruleId);
+ insert->Values(row);
+ insert->Execute();
+
+ transaction.Commit();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to addVerdict");
+ }
+}
+
+void AceDAO::resetDatabase(void)
+{
+ Try {
+ ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
+ ACE_DB_DELETE(del1, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
+ del1->Execute();
+ ACE_DB_DELETE(del2, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface);
+ del2->Execute();
+ ACE_DB_DELETE(del3, AceDevCap, &AceDaoUtilities::m_databaseInterface);
+ del3->Execute();
+ ACE_DB_DELETE(del4, AceSubject, &AceDaoUtilities::m_databaseInterface);
+ del4->Execute();
+ ACE_DB_DELETE(del5, AceAttribute, &AceDaoUtilities::m_databaseInterface);
+ del5->Execute();
+ ACE_DB_DELETE(del6, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
+ del6->Execute();
+
+ transaction.Commit();
+
+ // TODO there is no such query yet in ORM.
+ // GlobalConnection::DataCommandAutoPtr command =
+ // GlobalConnectionSingleton::Instance().PrepareDataCommand(
+ // "VACUUM");
+ // command->Step();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to resetDatabase");
+ }
+}
+
+void AceDAO::clearPolicyCache(void)
+{
+ Try {
+ ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
+ ACE_DB_DELETE(del1, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
+ del1->Execute();
+ ACE_DB_DELETE(del2, AceAttribute, &AceDaoUtilities::m_databaseInterface);
+ del2->Execute();
+ ACE_DB_DELETE(del3, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
+ del3->Execute();
+
+ transaction.Commit();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to clearPolicyCache");
+ }
+}
+
+void AceDAO::clearDevCapSettings()
+{
+ Try {
+ ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface);
+ AceDevCap::Row row;
+ row.Set_general_setting(-1);
+ update->Values(row);
+ update->Execute();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to clearResourceSettings");
+ }
+}
+
+void AceDAO::clearWidgetDevCapSettings()
+{
+ Try {
+ ACE_DB_DELETE(del, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface);
+ del->Execute();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings");
+ }
+}
+
+int AceDAO::addResource(const std::string &request)
+{
+ LogDebug("addResource: " << request);
+ Try {
+ ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
+ AceDevCap::Row rrow;
+ if (getResourceByUri(request, rrow)) {
+ transaction.Commit();
+ return rrow.Get_resource_id();
+ }
+
+ ACE_DB_INSERT(insert, AceDevCap, &AceDaoUtilities::m_databaseInterface);
+ AceDevCap::Row row;
+ row.Set_id_uri(DPL::FromUTF8String(request));
+ row.Set_general_setting(-1);
+ insert->Values(row);
+ int id = insert->Execute();
+ transaction.Commit();
+ return id;
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed in addResource");
+ }
+}
+
+void AceDAO::addAttributes(const BaseAttributeSet &attributes)
+{
+ Try {
+ BaseAttributeSet::const_iterator iter;
+
+ for (iter = attributes.begin(); iter != attributes.end(); ++iter) {
+ ACE_DB_SELECT(select, AceAttribute, &AceDaoUtilities::m_databaseInterface);
+ select->Where(Equals<AceAttribute::name>(DPL::FromUTF8String(
+ *(*iter)->getName())));
+ std::list<AceAttribute::Row> rows = select->GetRowList();
+ if (!rows.empty()) {
+ continue;
+ }
+
+ ACE_DB_INSERT(insert, AceAttribute, &AceDaoUtilities::m_databaseInterface);
+ AceAttribute::Row row;
+ row.Set_name(DPL::FromUTF8String(*(*iter)->getName()));
+ row.Set_type(attributeTypeToInt((*iter)->getType()));
+ insert->Values(row);
+ insert->Execute();
+ }
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed in addAttributes");
+ }
+}
+
+void AceDAO::setRequestedDevCaps(
+ WidgetHandle widgetHandle,
+ const RequestedDevCapsMap &permissions)
+{
+ Try {
+ FOREACH(it, permissions) {
+ ACE_DB_INSERT(insert, AceRequestedDevCaps,
+ &AceDaoUtilities::m_databaseInterface);
+ AceRequestedDevCaps::Row row;
+ row.Set_app_id(widgetHandle);
+ row.Set_dev_cap(it->first);
+ row.Set_grant_smack(it->second ? 1 : 0);
+ insert->Values(row);
+ insert->Execute();
+ }
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed in setStaticDevCapPermissions");
+ }
+}
+
+void AceDAO::setAcceptedFeature(
+ WidgetHandle widgetHandle,
+ const FeatureNameVector &vector)
+{
+ Try {
+ ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
+ FOREACH(it, vector) {
+ ACE_DB_INSERT(insert, AceAcceptedFeature,
+ &AceDaoUtilities::m_databaseInterface);
+ AceAcceptedFeature::Row row;
+ row.Set_app_id(widgetHandle);
+ row.Set_feature(*it);
+ insert->Values(row);
+ insert->Execute();
+ }
+ transaction.Commit();
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed in setAcceptedFeature");
+ }
+}
+
+void AceDAO::removeAcceptedFeature(
+ WidgetHandle widgetHandle)
+{
+ Try
+ {
+ ACE_DB_DELETE(del, AceAcceptedFeature,
+ &AceDaoUtilities::m_databaseInterface);
+ del->Where(Equals<AceAcceptedFeature::app_id>(widgetHandle));
+ del->Execute();
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed in removeAcceptedFeature");
+ }
+}
+
+void AceDAO::registerWidgetInfo(WidgetHandle handle,
+ const WidgetRegisterInfo& info,
+ const WidgetCertificateDataList& dataList)
+{
+ Try
+ {
+ ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface);
+
+ ACE_DB_INSERT(insert, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ WidgetInfo::Row wi;
+ wi.Set_app_id(handle);
+ wi.Set_widget_type(static_cast<int>(info.type));
+ wi.Set_widget_id(info.widget_id);
+ wi.Set_widget_version(info.version);
+ wi.Set_author_name(info.authorName);
+ wi.Set_share_href(info.shareHref);
+ insert->Values(wi);
+ insert->Execute();
+
+ WidgetCertificateDataList::const_iterator it;
+ for (it = dataList.begin(); it != dataList.end(); ++it)
+ {
+ WidgetCertificateFingerprint::Row wcf;
+ wcf.Set_app_id(handle);
+ wcf.Set_owner(it->owner);
+ wcf.Set_chainid(it->chainId);
+ wcf.Set_type(it->type);
+ wcf.Set_md5_fingerprint(DPL::FromUTF8String(it->strMD5Fingerprint));
+ wcf.Set_sha1_fingerprint(DPL::FromUTF8String(it->strSHA1Fingerprint));
+ wcf.Set_common_name(it->strCommonName);
+ ACE_DB_INSERT(insert, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface);
+ insert->Values(wcf);
+ insert->Execute();
+ }
+ transaction.Commit();
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed in registerWidgetInfo");
+ }
+}
+
+void AceDAO::unregisterWidgetInfo(WidgetHandle handle)
+{
+ if(AceDAO::isWidgetInstalled(handle)) {
+ Try
+ {
+ ACE_DB_DELETE(del, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ del->Where(Equals<WidgetInfo::app_id>(handle));
+ del->Execute();
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed in unregisterWidgetInfo");
+ }
+ }
+}
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file AceDaoConversions.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#include <openssl/md5.h>
+#include <dpl/foreach.h>
+
+#include <ace-dao-ro/AceDAOConversions.h>
+
+namespace AceDB {
+
+DPL::String AceDaoConversions::convertToHash(const BaseAttributeSet &attributes)
+{
+ unsigned char attrHash[MD5_DIGEST_LENGTH];
+ std::string attrString;
+ FOREACH(it, attributes) {
+ // [CR] implementation of it->toString() is not secure, 24.03.2010
+ attrString.append((*it)->toString());
+ }
+
+ MD5((unsigned char *) attrString.c_str(), attrString.length(), attrHash);
+
+ char attrHashCoded[MD5_DIGEST_LENGTH*2 + 1];
+ for (int i = 0; i < MD5_DIGEST_LENGTH; ++i) {
+ sprintf(&attrHashCoded[i << 1],
+ "%02X",
+ static_cast<int>(attrHash[i]));
+ }
+ return DPL::FromASCIIString(attrHashCoded);
+}
+
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file AceDAOReadOnlyReadOnly.cpp
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#include <list>
+#include <utility>
+
+#include <ace-dao-ro/AceDAOReadOnly.h>
+#include <ace-dao-ro/AceDAOUtilities.h>
+#include <ace-dao-ro/AceDAOConversions.h>
+#include <ace-dao-ro/AceDatabase.h>
+#include <dpl/foreach.h>
+
+using namespace DPL::DB::ORM;
+using namespace DPL::DB::ORM::ace;
+using namespace AceDB::AceDaoUtilities;
+using namespace AceDB::AceDaoConversions;
+
+namespace AceDB {
+
+static const int DB_ALLOW_ALWAYS = 0;
+static const int DB_ALLOW_FOR_SESSION = 1;
+static const int DB_ALLOW_THIS_TIME = 2;
+static const int DB_DENY_ALWAYS = 3;
+static const int DB_DENY_FOR_SESSION = 4;
+static const int DB_DENY_THIS_TIME = 5;
+
+static const int DB_APP_UNKNOWN = 0;
+static const int DB_APP_WAC20 = 1;
+static const int DB_APP_TIZEN = 2;
+
+int AceDAOReadOnly::promptDecisionToInt(PromptDecision decision)
+{
+ if (PromptDecision::ALLOW_ALWAYS == decision) {
+ return DB_ALLOW_ALWAYS;
+ } else if (PromptDecision::DENY_ALWAYS == decision) {
+ return DB_DENY_ALWAYS;
+ } else if (PromptDecision::ALLOW_THIS_TIME == decision) {
+ return DB_ALLOW_THIS_TIME;
+ } else if (PromptDecision::DENY_THIS_TIME == decision) {
+ return DB_DENY_THIS_TIME;
+ } else if (PromptDecision::ALLOW_FOR_SESSION == decision) {
+ return DB_ALLOW_FOR_SESSION;
+ }
+ // DENY_FOR_SESSION
+ return DB_DENY_FOR_SESSION;
+}
+
+PromptDecision AceDAOReadOnly::intToPromptDecision(int dec) {
+ if (dec == DB_ALLOW_ALWAYS) {
+ return PromptDecision::ALLOW_ALWAYS;
+ } else if (dec == DB_DENY_ALWAYS) {
+ return PromptDecision::DENY_ALWAYS;
+ } else if (dec == DB_ALLOW_THIS_TIME) {
+ return PromptDecision::ALLOW_THIS_TIME;
+ } else if (dec == DB_DENY_THIS_TIME) {
+ return PromptDecision::DENY_THIS_TIME;
+ } else if (dec == DB_ALLOW_FOR_SESSION) {
+ return PromptDecision::ALLOW_FOR_SESSION;
+ }
+ // DB_DENY_FOR_SESSION
+ return PromptDecision::DENY_FOR_SESSION;
+}
+
+int AceDAOReadOnly::appTypeToInt(AppTypes app_type)
+{
+ switch (app_type) {
+ case AppTypes::Unknown:
+ return DB_APP_UNKNOWN;
+ case AppTypes::WAC20:
+ return DB_APP_WAC20;
+ case AppTypes::Tizen:
+ return DB_APP_TIZEN;
+ default:
+ return DB_APP_UNKNOWN;
+ }
+
+}
+
+AppTypes AceDAOReadOnly::intToAppType(int app_type)
+{
+ switch (app_type) {
+ case DB_APP_UNKNOWN:
+ return AppTypes::Unknown;
+ case DB_APP_WAC20:
+ return AppTypes::WAC20;
+ case DB_APP_TIZEN:
+ return AppTypes::Tizen;
+ default:
+ return AppTypes::Unknown;
+ }
+}
+
+void AceDAOReadOnly::attachToThreadRO()
+{
+ AceDaoUtilities::m_databaseInterface.AttachToThread(
+ DPL::DB::SqlConnection::Flag::RO);
+}
+
+void AceDAOReadOnly::attachToThreadRW()
+{
+ AceDaoUtilities::m_databaseInterface.AttachToThread(
+ DPL::DB::SqlConnection::Flag::RW);
+}
+
+void AceDAOReadOnly::detachFromThread()
+{
+ AceDaoUtilities::m_databaseInterface.DetachFromThread();
+}
+
+OptionalCachedPromptDecision AceDAOReadOnly::getPromptDecision(
+ WidgetHandle widgetHandle,
+ int ruleId)
+{
+ Try {
+ // get matching subject verdict
+ ACE_DB_SELECT(select, AcePromptDecision, &AceDaoUtilities::m_databaseInterface);
+
+ select->Where(
+ And(
+ Equals<AcePromptDecision::rule_id>(ruleId),
+ Equals<AcePromptDecision::app_id>(widgetHandle)));
+
+ std::list<AcePromptDecision::Row> rows = select->GetRowList();
+ if (rows.empty()) {
+ return OptionalCachedPromptDecision();
+ }
+
+ AcePromptDecision::Row row = rows.front();
+ CachedPromptDecision decision;
+ decision.decision = intToPromptDecision(row.Get_decision());
+ decision.session = row.Get_session();
+
+ return OptionalCachedPromptDecision(decision);
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getPromptDecision");
+ }
+}
+
+void AceDAOReadOnly::getAttributes(BaseAttributeSet *attributes)
+{
+ if (NULL == attributes) {
+ LogError("NULL pointer");
+ return;
+ }
+ attributes->clear();
+ std::string aname;
+ int type;
+ Try {
+ ACE_DB_SELECT(select, AceAttribute, &AceDaoUtilities::m_databaseInterface);
+ typedef std::list<AceAttribute::Row> RowList;
+ RowList list = select->GetRowList();
+
+ FOREACH(i, list) {
+ BaseAttributePtr attribute(new BaseAttribute());
+ DPL::String name = i->Get_name();
+ aname = DPL::ToUTF8String(name);
+ type = i->Get_type();
+
+ attribute->setName(&aname);
+ attribute->setType(intToAttributeType(type));
+ attributes->insert(attribute);
+ }
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getAttributes");
+ }
+}
+
+OptionalExtendedPolicyResult AceDAOReadOnly::getPolicyResult(
+ const BaseAttributeSet &attributes)
+{
+
+ auto attrHash = convertToHash(attributes);
+ return getPolicyResult(attrHash);
+}
+
+OptionalExtendedPolicyResult AceDAOReadOnly::getPolicyResult(
+ const DPL::String &attrHash)
+{
+ Try {
+ // get matching subject verdict
+ ACE_DB_SELECT(select, AcePolicyResult, &AceDaoUtilities::m_databaseInterface);
+ Equals<AcePolicyResult::hash> e1(attrHash);
+ select->Where(e1);
+
+ std::list<AcePolicyResult::Row> rows = select->GetRowList();
+ if (rows.empty()) {
+ return OptionalExtendedPolicyResult();
+ }
+
+ AcePolicyResult::Row row = rows.front();
+ int decision = row.Get_decision();
+ ExtendedPolicyResult res;
+ res.policyResult = PolicyResult::deserialize(decision);
+ res.ruleId = row.Get_rule_id();
+ return OptionalExtendedPolicyResult(res);
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getVerdict");
+ }
+}
+
+PreferenceTypes AceDAOReadOnly::getDevCapSetting(const std::string &resource)
+{
+ Try {
+ AceDevCap::Row row;
+ if (!getResourceByUri(resource, row)) {
+ return PreferenceTypes::PREFERENCE_DEFAULT;
+ }
+ return intToPreference(row.Get_general_setting());
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getResourceSetting");
+ }
+}
+
+void AceDAOReadOnly::getDevCapSettings(PreferenceTypesMap *globalSettingsMap)
+{
+ if (NULL == globalSettingsMap) {
+ LogError("Null pointer");
+ return;
+ }
+ globalSettingsMap->clear();
+ Try {
+ ACE_DB_SELECT(select, AceDevCap, &AceDaoUtilities::m_databaseInterface);
+ typedef std::list<AceDevCap::Row> RowList;
+ RowList list = select->GetRowList();
+
+ FOREACH(i, list) {
+ PreferenceTypes p = intToPreference(i->Get_general_setting());
+ globalSettingsMap->insert(make_pair(DPL::ToUTF8String(
+ i->Get_id_uri()), p));
+ }
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getResourceSettings");
+ }
+}
+
+void AceDAOReadOnly::getWidgetDevCapSettings(BasePermissionList *outputList)
+{
+ if (NULL == outputList) {
+ LogError("NULL pointer");
+ return;
+ }
+ outputList->clear();
+ Try {
+ std::string resourceName;
+ PreferenceTypes allowAccess;
+
+ ACE_DB_SELECT(select,
+ AceWidgetDevCapSetting,
+ &AceDaoUtilities::m_databaseInterface);
+
+ typedef std::list<AceWidgetDevCapSetting::Row> RowList;
+ RowList list = select->GetRowList();
+
+ // TODO JOIN
+ FOREACH(i, list) {
+ int app_id = i->Get_app_id();
+ int res_id = i->Get_resource_id();
+
+ ACE_DB_SELECT(resourceSelect, AceDevCap, &AceDaoUtilities::m_databaseInterface);
+ resourceSelect->Where(Equals<AceDevCap::resource_id>(res_id));
+ AceDevCap::Row rrow = resourceSelect->GetSingleRow();
+
+ resourceName = DPL::ToUTF8String(rrow.Get_id_uri());
+
+ if (!resourceName.empty()) {
+ allowAccess = intToPreference(i->Get_access_value());
+ outputList->push_back(
+ BasePermission(app_id,
+ resourceName,
+ allowAccess));
+ }
+ }
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to findUserSettings");
+ }
+}
+
+PreferenceTypes AceDAOReadOnly::getWidgetDevCapSetting(
+ const std::string &resource,
+ WidgetHandle handler)
+{
+ Try {
+ AceDevCap::Row rrow;
+ if (!getResourceByUri(resource, rrow)) {
+ return PreferenceTypes::PREFERENCE_DEFAULT;
+ }
+ int resourceId = rrow.Get_resource_id();
+
+ // get matching user setting
+ ACE_DB_SELECT(select, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface);
+
+ select->Where(And(Equals<AceWidgetDevCapSetting::resource_id>(resourceId),
+ Equals<AceWidgetDevCapSetting::app_id>(handler)));
+
+ std::list<int> values =
+ select->GetValueList<AceWidgetDevCapSetting::access_value>();
+ if (values.empty()) {
+ return PreferenceTypes::PREFERENCE_DEFAULT;
+ }
+ return intToPreference(values.front());
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed in getUserSetting");
+ }
+}
+
+void AceDAOReadOnly::getRequestedDevCaps(
+ WidgetHandle widgetHandle,
+ RequestedDevCapsMap *permissions)
+{
+ if (NULL == permissions) {
+ LogError("NULL pointer");
+ return;
+ }
+ permissions->clear();
+ Try {
+ ACE_DB_SELECT(select, AceRequestedDevCaps,
+ &AceDaoUtilities::m_databaseInterface);
+ select->Where(
+ Equals<AceRequestedDevCaps::app_id>(widgetHandle));
+ std::list<AceRequestedDevCaps::Row> list = select->GetRowList();
+
+ FOREACH(i, list) {
+ permissions->insert(std::make_pair(i->Get_dev_cap(),
+ i->Get_grant_smack() == 1));
+ }
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getRequestedDevCaps");
+ }
+}
+
+void AceDAOReadOnly::getAcceptedFeature(
+ WidgetHandle widgetHandle,
+ FeatureNameVector *fvector)
+{
+ if (NULL == fvector) {
+ LogError("NULL pointer");
+ return;
+ }
+
+ fvector->clear();
+ Try {
+ ACE_DB_SELECT(select, AceAcceptedFeature,
+ &AceDaoUtilities::m_databaseInterface);
+ select->Where(
+ Equals<AceAcceptedFeature::app_id>(widgetHandle));
+ std::list<AceAcceptedFeature::Row> list = select->GetRowList();
+
+ FOREACH(i, list) {
+ fvector->push_back(i->Get_feature());
+ }
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getRequestedDevCaps");
+ }
+}
+
+AppTypes AceDAOReadOnly::getWidgetType(WidgetHandle handle)
+{
+ Try {
+ ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ select->Where(Equals<WidgetInfo::app_id>(handle));
+ WidgetInfo::Select::RowList rows = select->GetRowList();
+ DPL::OptionalInt res;
+ if (!rows.empty()) {
+ res = rows.front().Get_widget_type();
+ AppTypes retType = (res.IsNull() ? AppTypes::Unknown : static_cast<AppTypes>(*res));
+ return retType;
+ } else {
+ LogDebug("Can not find widget type");
+ return AppTypes::Unknown;
+ }
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getWidgetType");
+ }
+}
+
+std::string AceDAOReadOnly::getVersion(WidgetHandle widgetHandle)
+{
+ Try
+ {
+ ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
+ WidgetInfo::Select::RowList rows = select->GetRowList();
+ DPL::OptionalString res;
+ if(!rows.empty()) {
+ res = rows.front().Get_widget_version();
+ return (res.IsNull() ? "" : DPL::ToUTF8String(*res));
+ } else {
+ LogDebug("Widget not installed");
+ return "";
+ }
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getVersion");
+ }
+}
+
+std::string AceDAOReadOnly::getAuthorName(WidgetHandle widgetHandle)
+{
+ Try
+ {
+ ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
+ WidgetInfo::Select::RowList rows = select->GetRowList();
+ DPL::OptionalString res;
+ if(!rows.empty()) {
+ res = rows.front().Get_author_name();
+ return (res.IsNull() ? "" : DPL::ToUTF8String(*res));
+ } else {
+ LogDebug("Widget not installed");
+ return "";
+ }
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getAuthorName");
+ }
+}
+
+std::string AceDAOReadOnly::getGUID(WidgetHandle widgetHandle)
+{
+ Try
+ {
+ ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
+ WidgetInfo::Select::RowList rows = select->GetRowList();
+ DPL::OptionalString res;
+ if(!rows.empty()) {
+ res = rows.front().Get_widget_id();
+ return (res.IsNull() ? "" : DPL::ToUTF8String(*res));
+ } else {
+ LogDebug("Widget not installed");
+ return "";
+ }
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getGUID");
+ }
+}
+
+WidgetCertificateCNList AceDAOReadOnly::getKeyCommonNameList(
+ WidgetHandle widgetHandle,
+ WidgetCertificateData::Owner owner,
+ WidgetCertificateData::Type type)
+{
+ Try {
+ ACE_DB_SELECT(select, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface);
+ select->Where(And(And(
+ Equals<WidgetCertificateFingerprint::app_id>(widgetHandle),
+ Equals<WidgetCertificateFingerprint::owner>(owner)),
+ Equals<WidgetCertificateFingerprint::type>(type)));
+ WidgetCertificateFingerprint::Select::RowList rows = select->GetRowList();
+
+ WidgetCertificateCNList out;
+ FOREACH(it, rows)
+ {
+ DPL::Optional<DPL::String> cn = it->Get_common_name();
+ out.push_back(cn.IsNull() ? "" : DPL::ToUTF8String(*cn));
+ }
+ return out;
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getKeyCommonNameList");
+ }
+}
+
+FingerPrintList AceDAOReadOnly::getKeyFingerprints(
+ WidgetHandle widgetHandle,
+ WidgetCertificateData::Owner owner,
+ WidgetCertificateData::Type type)
+{
+ Try
+ {
+ ACE_DB_SELECT(select, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface);
+ select->Where(And(And(
+ Equals<WidgetCertificateFingerprint::app_id>(widgetHandle),
+ Equals<WidgetCertificateFingerprint::owner>(owner)),
+ Equals<WidgetCertificateFingerprint::type>(type)));
+ WidgetCertificateFingerprint::Select::RowList rows = select->GetRowList();
+
+ FingerPrintList keys;
+ FOREACH(it, rows)
+ {
+ DPL::Optional<DPL::String> sha1 = it->Get_sha1_fingerprint();
+ if (!sha1.IsNull())
+ keys.push_back(DPL::ToUTF8String(*sha1));
+ DPL::Optional<DPL::String> md5 = it->Get_md5_fingerprint();
+ if (!md5.IsNull())
+ keys.push_back(DPL::ToUTF8String(*md5));
+ }
+ return keys;
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getKeyFingerprints");
+ }
+}
+
+std::string AceDAOReadOnly::getShareHref(WidgetHandle widgetHandle)
+{
+ Try
+ {
+ ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ select->Where(Equals<WidgetInfo::app_id>(widgetHandle));
+ WidgetInfo::Select::RowList rows = select->GetRowList();
+
+ if(rows.empty())
+ ThrowMsg(Exception::DatabaseError, "Cannot find widget. Handle: " << widgetHandle);
+
+ DPL::Optional<DPL::String> value = rows.front().Get_share_href();
+ std::string ret = "";
+ if(!value.IsNull())
+ ret = DPL::ToUTF8String(*value);
+ return ret;
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to getShareHref");
+ }
+}
+
+WidgetHandleList AceDAOReadOnly::getHandleList()
+{
+ LogDebug("Getting DbWidgetHandle List");
+ Try
+ {
+ ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ return select->GetValueList<WidgetInfo::app_id>();
+ }
+ Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed to list of widget handles");
+ }
+}
+
+bool AceDAOReadOnly::isWidgetInstalled(WidgetHandle handle)
+{
+ Try {
+ ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface);
+ select->Where(Equals<WidgetInfo::app_id>(handle));
+ WidgetInfo::Select::RowList rows = select->GetRowList();
+ return !rows.empty() ? true : false;
+ } Catch(DPL::DB::SqlConnection::Exception::Base) {
+ ReThrowMsg(Exception::DatabaseError, "Failed in isWidgetInstalled");
+ }
+}
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file AceDaoReadOnly.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#include <openssl/md5.h>
+#include <dpl/assert.h>
+#include <dpl/foreach.h>
+
+#include <ace-dao-ro/AceDatabase.h>
+#include <ace-dao-ro/AceDAOUtilities.h>
+#include <ace-dao-ro/AceDAOReadOnly.h>
+
+namespace AceDB {
+
+namespace {
+const char* ACE_DB_DATABASE = "/opt/dbspace/.ace.db";
+DPL::DB::SqlConnection::Flag::Type ACE_DB_FLAGS =
+ DPL::DB::SqlConnection::Flag::UseLucene;
+}
+
+DPL::DB::ThreadDatabaseSupport AceDaoUtilities::m_databaseInterface(
+ ACE_DB_DATABASE, ACE_DB_FLAGS);
+
+BaseAttribute::Type AceDaoUtilities::intToAttributeType(int val)
+{
+ switch (val) {
+ case 0:
+ return BaseAttribute::Type::Subject;
+ case 1:
+ return BaseAttribute::Type::Environment;
+ case 2:
+ return BaseAttribute::Type::Resource;
+ case 3:
+ return BaseAttribute::Type::FunctionParam;
+ case 4:
+ return BaseAttribute::Type::WidgetParam;
+
+ default:
+ Assert(0 && "Unknown Attribute type value");
+ return BaseAttribute::Type::Subject; //remove compilation warrning
+ }
+}
+
+int AceDaoUtilities::attributeTypeToInt(BaseAttribute::Type type)
+{
+ // we cannot cast enum -> int because this cast will be removed from next c++ standard
+ switch (type) {
+ case BaseAttribute::Type::Subject:
+ return 0;
+ case BaseAttribute::Type::Environment:
+ return 1;
+ case BaseAttribute::Type::Resource:
+ return 2;
+ case BaseAttribute::Type::FunctionParam:
+ return 3;
+ case BaseAttribute::Type::WidgetParam:
+ return 4;
+
+ default:
+ Assert(0 && "Unknown Attribute type!");
+ return 0; //remove compilation warrning
+ }
+}
+
+int AceDaoUtilities::preferenceToInt(PreferenceTypes p)
+{
+ switch (p) {
+ case PreferenceTypes::PREFERENCE_PERMIT:
+ return 1;
+ case PreferenceTypes::PREFERENCE_DENY:
+ return 0;
+ case PreferenceTypes::PREFERENCE_BLANKET_PROMPT:
+ return 2;
+ case PreferenceTypes::PREFERENCE_SESSION_PROMPT:
+ return 3;
+ case PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT:
+ return 4;
+
+ default:
+ return -1;
+ }
+}
+
+PreferenceTypes AceDaoUtilities::intToPreference(int p)
+{
+ switch (p) {
+ case 1:
+ return PreferenceTypes::PREFERENCE_PERMIT;
+ case 0:
+ return PreferenceTypes::PREFERENCE_DENY;
+ case 2:
+ return PreferenceTypes::PREFERENCE_BLANKET_PROMPT;
+ case 3:
+ return PreferenceTypes::PREFERENCE_SESSION_PROMPT;
+ case 4:
+ return PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT;
+
+ default:
+ return PreferenceTypes::PREFERENCE_DEFAULT;
+ }
+}
+
+VerdictTypes AceDaoUtilities::intToVerdict(int v)
+{
+ switch (v) {
+ case -1:
+ return VerdictTypes::VERDICT_UNKNOWN;
+ case 0:
+ return VerdictTypes::VERDICT_DENY;
+ case 1:
+ return VerdictTypes::VERDICT_PERMIT;
+ case 2:
+ return VerdictTypes::VERDICT_INAPPLICABLE;
+
+ default:
+ Assert(0 && "Cannot convert int to verdict");
+ return VerdictTypes::VERDICT_UNKNOWN; // remove compile warrning
+ }
+}
+
+int AceDaoUtilities::verdictToInt(VerdictTypes v)
+{
+ switch (v) {
+ case VerdictTypes::VERDICT_UNKNOWN:
+ return -1;
+ case VerdictTypes::VERDICT_DENY:
+ return 0;
+ case VerdictTypes::VERDICT_PERMIT:
+ return 1;
+ case VerdictTypes::VERDICT_INAPPLICABLE:
+ return 2;
+
+ default:
+ Assert(0 && "Unknown Verdict value");
+ return -1; // remove compile warrning
+ }
+}
+
+bool AceDaoUtilities::getSubjectByUri(const std::string &uri,
+ DPL::DB::ORM::ace::AceSubject::Row &row)
+{
+ using namespace DPL::DB::ORM;
+ using namespace DPL::DB::ORM::ace;
+ ACE_DB_SELECT(select, AceSubject, &m_databaseInterface);
+ select->Where(Equals<AceSubject::id_uri>(DPL::FromUTF8String(uri)));
+ std::list<AceSubject::Row> rows = select->GetRowList();
+ if (rows.empty()) {
+ return false;
+ }
+
+ row = rows.front();
+ return true;
+}
+
+bool AceDaoUtilities::getResourceByUri(const std::string &uri,
+ DPL::DB::ORM::ace::AceDevCap::Row &row)
+{
+ using namespace DPL::DB::ORM;
+ using namespace DPL::DB::ORM::ace;
+ ACE_DB_SELECT(select, AceDevCap, &m_databaseInterface);
+ select->Where(Equals<AceDevCap::id_uri>(DPL::FromUTF8String(uri)));
+ std::list<AceDevCap::Row> rows = select->GetRowList();
+ if (rows.empty()) {
+ return false;
+ }
+
+ row = rows.front();
+ return true;
+}
+
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file AceDatabase.cpp
+ * @author Lukasz Marek (l.marek@samsung.com)
+ * @version 1.0
+ * @brief This file contains the declaration of ace database
+ */
+
+#include <ace-dao-ro/AceDatabase.h>
+
+DPL::Mutex g_aceDbQueriesMutex;
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file BaseAttribute.cpp
+ * @author Lukasz Marek (l.marek@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#include <sstream>
+#include <string>
+
+#include <ace-dao-ro/BaseAttribute.h>
+
+namespace AceDB {
+
+const char* BaseAttribute::typeToString(Type type)
+{
+ const char * ret = NULL;
+ switch (type) {
+ case Type::Resource:
+ ret = "resource";
+ break;
+ case Type::Subject:
+ ret = "subject";
+ break;
+ case Type::Environment:
+ ret = "environment";
+ break;
+ default:
+ ret = "unknown type";
+ break;
+ }
+
+ return ret;
+}
+
+std::string BaseAttribute::toString() const
+{
+ std::string ret;
+ const char * SEPARATOR = ";";
+
+ ret.append(m_name);
+ ret.append(SEPARATOR);
+ ret.append(typeToString(m_typeId));
+ ret.append(SEPARATOR);
+ if (m_undetermindState) {
+ ret.append("true");
+ } else {
+ ret.append("false");
+ }
+ ret.append(SEPARATOR);
+ for (std::list<std::string>::const_iterator it = value.begin();
+ it != value.end();
+ ++it) {
+ std::stringstream num;
+ num << it->size();
+ ret.append(num.str());
+ ret.append(SEPARATOR);
+ ret.append(*it);
+ ret.append(SEPARATOR);
+ }
+
+ return ret;
+}
+
+}
--- /dev/null
+
+SET(ACE_DAO_DEPS_LIST
+ dpl-efl
+ dpl-db-efl
+ ecore
+ appcore-efl
+ openssl
+ vconf
+ db-util
+ libpcrecpp
+ icu-uc
+ libxml-2.0
+ )
+
+PKG_CHECK_MODULES(ACE_DAO_DEPS ${ACE_DAO_DEPS_LIST} REQUIRED)
+
+set(ACE_SRC_DIR ${PROJECT_SOURCE_DIR}/ace/dao)
+
+set(ACE_DAO_RO_SOURCES
+ ${ACE_SRC_DIR}/AceDAOReadOnly.cpp
+ ${ACE_SRC_DIR}/AceDAOUtilities.cpp
+ ${ACE_SRC_DIR}/AceDAOConversions.cpp
+ ${ACE_SRC_DIR}/BaseAttribute.cpp
+ ${ACE_SRC_DIR}/AceDatabase.cpp
+ ${ACE_SRC_DIR}/PromptModel.cpp
+)
+
+set(ACE_DAO_RW_SOURCES
+ ${ACE_SRC_DIR}/AceDAO.cpp
+)
+
+INCLUDE_DIRECTORIES(${ACE_SRC_DIR})
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/orm)
+INCLUDE_DIRECTORIES(${ACE_DAO_DEPS_INCLUDE_DIRS})
+
+ADD_LIBRARY(${TARGET_ACE_DAO_RO_LIB} SHARED
+ ${ACE_DAO_RO_SOURCES}
+)
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES
+ SOVERSION ${API_VERSION}
+ VERSION ${VERSION})
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES
+ COMPILE_FLAGS -fPIC)
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES
+ COMPILE_FLAGS "-include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h")
+
+target_link_libraries(${TARGET_ACE_DAO_RO_LIB}
+ ${TARGET_DPL_EFL}
+ ${TARGET_DPL_DB_EFL}
+ ${ACE_DAO_DEPS_LIBRARY}
+ ${ACE_DAO_DEPS_LDFLAGS}
+)
+
+ADD_LIBRARY(${TARGET_ACE_DAO_RW_LIB} SHARED
+ ${ACE_DAO_RW_SOURCES}
+)
+SET_SOURCE_FILES_PROPERTIES(${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h PROPERTIES GENERATED 1)
+ADD_DEPENDENCIES(${TARGET_ACE_DAO_RO_LIB} ACE_DB_CHECKSUM_HEADER)
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES
+ SOVERSION ${API_VERSION}
+ VERSION ${VERSION})
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES
+ COMPILE_FLAGS -fPIC)
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES
+ COMPILE_FLAGS "-include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h")
+
+target_link_libraries(${TARGET_ACE_DAO_RW_LIB}
+ ${ACE_DAO_DEPS_LIST_LIBRARIES}
+ ${TARGET_ACE_DAO_RO_LIB}
+)
+
+INSTALL(TARGETS ${TARGET_ACE_DAO_RO_LIB}
+ DESTINATION lib)
+
+INSTALL(TARGETS ${TARGET_ACE_DAO_RW_LIB}
+ DESTINATION lib)
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/* @file PromptModel.cpp
+ * @author Justyna Mejzner (j.kwiatkowsk@samsung.com)
+ * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
+ * @version 1.0
+ *
+ */
+
+#include <ace-dao-ro/PromptModel.h>
+
+#include <algorithm>
+#include <dpl/log/log.h>
+#include <dpl/assert.h>
+
+namespace {
+
+const char INFO[] = "Widget requires access to:";
+const char DENY[] = "Deny";
+const char ALLOW[] = "Permit";
+
+const char BLANKET_CHECKBOX_LABEL[] = "Keep setting as permanent";
+const char SESSION_CHECKBOX_LABEL[] = "Remember for one run";
+
+Prompt::ButtonLabels aceQuestionLabel = {DENY, ALLOW};
+
+static Prompt::PromptLabels* getModel(
+ Prompt::PromptModel::PromptType promptType,
+ const std::string& resourceId)
+{
+ std::string strLabel;
+ strLabel = INFO;
+ strLabel += "<br>";
+ strLabel += resourceId;
+
+ return new Prompt::PromptLabels(promptType, aceQuestionLabel, strLabel);
+}
+
+Prompt::Validity fromPromptTypeToValidity(int aPromptType, bool checkClicked)
+{
+ using namespace Prompt;
+ PromptModel::PromptType promptTypeEnum =
+ static_cast<PromptModel::PromptType>(aPromptType);
+ switch (promptTypeEnum) {
+ case PromptModel::PROMPT_ONESHOT:
+ return Validity::ONCE;
+ case PromptModel::PROMPT_SESSION:
+ if (checkClicked)
+ {
+ return Validity::SESSION;
+ }
+ else
+ {
+ return Validity::ONCE;
+ }
+ case PromptModel::PROMPT_BLANKET:
+ if (checkClicked)
+ {
+ return Validity::ALWAYS;
+ }
+ else
+ {
+ return Validity::ONCE;
+ }
+ default:
+ Assert(0);
+ return Validity::ONCE;
+ }
+}
+} // namespace anonymous
+
+namespace Prompt {
+
+
+PromptLabels::PromptLabels(int promptType,
+ const Prompt::ButtonLabels& questionLabel,
+ const std::string& mainLabel) :
+ m_promptType(promptType),
+ m_buttonLabels(questionLabel),
+ m_mainLabel(mainLabel)
+{
+
+}
+
+int PromptLabels::getPromptType() const
+{
+ return m_promptType;
+}
+const ButtonLabels& PromptLabels::getButtonLabels() const
+{
+ return m_buttonLabels;
+}
+const std::string& PromptLabels::getMainLabel() const
+{
+ return m_mainLabel;
+}
+
+DPL::OptionalString PromptLabels::getCheckLabel() const
+{
+ if (PromptModel::PROMPT_BLANKET == m_promptType)
+ {
+ return DPL::OptionalString(
+ DPL::FromUTF8String(BLANKET_CHECKBOX_LABEL));
+ }
+ else if (PromptModel::PROMPT_SESSION == m_promptType)
+ {
+ return DPL::OptionalString(
+ DPL::FromUTF8String(SESSION_CHECKBOX_LABEL));
+ }
+
+ return DPL::OptionalString::Null;
+}
+
+bool PromptLabels::isAllowed(const size_t buttonClicked) const
+{
+ Assert(buttonClicked < aceQuestionLabel.size() &&
+ "Button Clicked number is not in range of questionLabel");
+
+ return aceQuestionLabel[buttonClicked] == ALLOW;
+}
+
+PromptAnswer::PromptAnswer(bool isAccessAllowed, Validity validity) :
+ m_isAccessAllowed(isAccessAllowed),
+ m_validity(validity)
+{
+
+}
+
+PromptAnswer::PromptAnswer(
+ int aPromptType, unsigned int buttonAns, bool checkAns)
+{
+ Assert(buttonAns < aceQuestionLabel.size() &&
+ "Button Clicked number is not in range of questionLabel");
+
+ m_isAccessAllowed = aceQuestionLabel[buttonAns] == ALLOW;
+ m_validity = fromPromptTypeToValidity(aPromptType, checkAns);
+}
+
+bool PromptAnswer::isAccessAllowed() const
+{
+ return m_isAccessAllowed;
+}
+
+Validity PromptAnswer::getValidity() const
+{
+ return m_validity;
+}
+
+PromptLabels* PromptModel::getOneShotModel(const std::string& resourceId)
+{
+ return getModel(PROMPT_ONESHOT, resourceId);
+}
+
+PromptLabels* PromptModel::getSessionModel(const std::string& resourceId)
+{
+ return getModel(PROMPT_SESSION, resourceId);
+}
+
+PromptLabels* PromptModel::getBlanketModel(const std::string& resourceId)
+{
+ return getModel(PROMPT_BLANKET, resourceId);
+}
+
+
+} // Prompt
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fnmatch.h>
+#include <pcrecpp.h>
+#include <sstream>
+#include <dpl/foreach.h>
+#include <dpl/log/log.h>
+#include <ace/Attribute.h>
+
+const bool Attribute::alpha[256] = {
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,
+ 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0
+};
+const bool Attribute::digit[256] = {
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0
+};
+
+const bool Attribute::mark[256] = {
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0
+};
+
+bool Attribute::searchAndCut(const char *str)
+{
+ //TODO
+ size_t pos = m_name.rfind(str);
+ if (pos == std::string::npos) {
+ return false;
+ }
+ if ((strlen(str) + pos) == m_name.size()) {
+ m_name.erase(pos, std::string::npos);
+ return true;
+ }
+ return false;
+}
+
+Attribute::Attribute(const std::string *name,
+ const Match matchFunc,
+ const Type type_) :
+ matchFunction(matchFunc)
+{
+ m_name = *name;
+ m_typeId = type_;
+ m_undetermindState = false;
+ if (matchFunction != Match::Equal
+ && matchFunction != Match::Glob
+ && matchFunction != Match::Regexp)
+ {
+ //LogDebug("MID: " << matchFunction);
+ Assert(0 && "Match function problem");
+ }
+
+ if (searchAndCut(".scheme")) {
+ modifierFunction = Modifier::Scheme;
+ } else if (searchAndCut(".authority")) {
+ modifierFunction = Modifier::Authority;
+ } else if (searchAndCut(".scheme-authority")) {
+ modifierFunction = Modifier::SchemeAuthority;
+ } else if (searchAndCut(".host")) {
+ modifierFunction = Modifier::Host;
+ } else if (searchAndCut(".path")) {
+ modifierFunction = Modifier::Path;
+ } else {
+ modifierFunction = Modifier::Non;
+ }
+}
+
+static Attribute::MatchResult equal_comparator(const std::string *first,
+ const std::string *second)
+{
+ if((*first) == (*second)) {
+ return Attribute::MatchResult::MRTrue;
+ }
+ return Attribute::MatchResult::MRFalse;
+}
+
+static Attribute::MatchResult glob_comparator(const std::string *first,
+ const std::string *second)
+{
+ // order is important
+ if (!fnmatch(first->c_str(), second->c_str(), 0)) {
+ return Attribute::MatchResult::MRTrue;
+ }
+ return Attribute::MatchResult::MRFalse;
+}
+
+static Attribute::MatchResult regexp_comparator(const std::string *first,
+ const std::string *second)
+{
+ // order is important
+ pcrecpp::RE re(first->c_str());
+ if (re.FullMatch(second->c_str())) {
+ return Attribute::MatchResult::MRTrue;
+ }
+ return Attribute::MatchResult::MRFalse;
+}
+
+Attribute::MatchResult Attribute::lists_comparator(
+ const std::list<std::string> *first,
+ const std::list<std::string> *second,
+ Attribute::MatchResult (*comparator)(const std::string *,
+ const std::string *)) const
+{
+ //NOTE: BONDI defines all availabe matching function as: if some string from first input bag
+ //matches some input string from second input bag, so it's required to find only one matching string
+ MatchResult result = MatchResult::MRFalse;
+
+ for (std::list<std::string>::const_iterator second_iter = second->begin();
+ (second_iter != second->end()) && (result != MatchResult::MRTrue);
+ ++second_iter)
+ {
+ std::string *modified_value = applyModifierFunction(&(*second_iter));
+ //Value was not an URI, it will be removed from the string bag (ignored)
+ if (modified_value == NULL) {
+ continue;
+ }
+
+ for (std::list<std::string>::const_iterator first_iter = first->begin();
+ first_iter != first->end();
+ ++first_iter) {
+ //Compare attributes
+ if ((*comparator)(&(*first_iter), modified_value) == MatchResult::MRTrue) {
+ result = MatchResult::MRTrue;
+ break; //Only one match is enough
+ }
+ }
+ if (modified_value) {
+ delete modified_value;
+ modified_value = NULL;
+ }
+ }
+
+ if (result == MatchResult::MRTrue) {
+ LogDebug("Returning TRUE");
+ } else if (result == MatchResult::MRFalse) {
+ LogDebug("Returning FALSE");
+ } else if (result == MatchResult::MRUndetermined) {
+ LogDebug("Returning UNDETERMINED");
+ }
+ return result;
+}
+
+std::string * Attribute::applyModifierFunction(const std::string * val) const
+{
+ std::string * result = NULL;
+ switch (modifierFunction) {
+ case Modifier::Scheme:
+ result = uriScheme(val);
+ break;
+ case Modifier::Authority:
+ result = uriAuthority(val);
+ break;
+ case Modifier::SchemeAuthority:
+ result = uriSchemeAuthority(val);
+ break;
+ case Modifier::Host:
+ result = uriHost(val);
+ break;
+ case Modifier::Path:
+ result = uriPath(val);
+ break;
+ default:
+ result = new std::string(*val);
+ }
+
+ return result;
+}
+
+/**
+ * this - attribute obtained from xmlPolicy tree
+ * attribute - attribute obtained from PIP
+ */
+Attribute::MatchResult Attribute::matchAttributes(
+ const BaseAttribute *attribute) const
+{
+ std::string tempNam = *(attribute->getName());
+ std::string tempVal;
+ std::string myVal;
+
+ if (!(attribute->getValue()->empty())) {
+ tempVal = attribute->getValue()->front();
+ }
+
+ if (!(this->value.empty())) {
+ myVal = this->value.front();
+ }
+
+ LogDebug("Comparing attribute: " << this->m_name << "(" <<
+ myVal << ") with: " << tempNam <<
+ "(" << tempVal << ")");
+
+ Assert(
+ (this->m_name == *(attribute->getName())) &&
+ "Two completely different attributes are being compared!");
+ Assert(
+ (this->m_typeId == attribute->getType()) &&
+ "Two completely different attributes are being compared!");
+
+ if (attribute->isUndetermind()) {
+ LogDebug("Attribute match undetermined");
+ return MatchResult::MRUndetermined;
+ }
+
+ //Regardles the algorithm used, if we have empty
+ //bag the result is always false
+ if (this->isValueEmpty() || attribute->isValueEmpty()) {
+ if (this->isValueEmpty()) {
+ LogDebug("empty bag in condition comparing");
+ }
+ if (attribute->isValueEmpty()) {
+ LogDebug("empty bag in attribute comparing");
+ }
+ return MatchResult::MRFalse;
+ }
+
+ if (this->matchFunction == Match::Equal) {
+ return lists_comparator(&(this->value),
+ attribute->getValue(),
+ equal_comparator);
+ } else if (this->matchFunction == Match::Glob) {
+ return lists_comparator(&(this->value),
+ attribute->getValue(),
+ glob_comparator);
+ } else if (this->matchFunction == Match::Regexp) {
+ return lists_comparator(&(this->value),
+ attribute->getValue(),
+ regexp_comparator);
+ } //[CR] Change to Assert
+ Assert(false && " ** Critical :: no match function selected!");
+ return MatchResult::MRFalse; // to remove compilator warning
+}
+
+void Attribute::addValue(const std::string *val)
+{
+ this->getValue()->push_back(*val);
+}
+
+std::ostream & operator<<(std::ostream & out,
+ const Attribute & attr)
+{
+ out << "attr: m_name: " << *(attr.getName())
+ << " type: " << Attribute::typeToString(attr.getType())
+ << " value: ";
+ if (attr.m_undetermindState) {
+ out << "Undetermined";
+ } else if (attr.getValue()->empty()) {
+ out << "Empty string bag";
+ } else {
+ FOREACH (it, *attr.getValue()) {
+ out << *it;
+ }
+ }
+ return out;
+}
+
+bool
+Attribute::parse(const std::string *input,
+ std::string *val) const
+{
+ static const char *pattern =
+ "^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?";
+ pcrecpp::RE re(pattern);
+ re.FullMatch(input->c_str(), &val[0], &val[1],
+ &val[2], &val[3], &val[4],
+ &val[5], &val[6], &val[7], &val[8]);
+
+#ifdef ALL_LOGS
+ for (int i = 0; i < 9; i++) {
+ LogDebug("val " << i << " :" << val[i]);
+ }
+#endif
+
+ if (find_error(val)) {
+ LogDebug("Input is not an URI " << *input);
+ for (int i = 0; i < 9; ++i) {
+ val[i].clear();
+ }
+ return false;
+ }
+
+ return true;
+}
+
+Attribute::~Attribute()
+{
+}
+
+std::string * Attribute::uriScheme(const std::string *input) const
+{
+ std::string part[9];
+ if (!parse(input, part)) {
+ return NULL;
+ }
+ return new string(part[1]);
+}
+
+std::string *
+Attribute::uriAuthority(const std::string *input) const
+{
+ std::string part[9];
+ if (!parse(input, part)) {
+ return NULL;
+ }
+ return new string(part[3]);
+}
+
+std::string *
+Attribute::uriSchemeAuthority(const std::string *input) const
+{
+ std::string part[9];
+ if (!parse(input, part)) {
+ return NULL;
+ }
+
+ if (part[0].size() == 0 || part[2].size() == 0) {
+ return new std::string();
+ }
+ return new string(part[0] + part[2]);
+}
+
+std::string *
+Attribute::uriHost(const std::string *input) const
+{
+ std::string part[9];
+ if (!parse(input, part)) {
+ return NULL;
+ }
+ return getHost(&(part[3]));
+}
+
+std::string *
+Attribute::uriPath(const std::string *input) const
+{
+ //TODO right now uriPath leaves leading '/' in uri, this slash is removed from the string
+ //it's not clear if leading '/' is a part of path component or only the separator
+ std::string part[9];
+ if (!parse(input, part)) {
+ return NULL;
+ }
+
+ std::string * temp = NULL;
+
+ if (part[4].at(0) == '/') {
+ temp = new string(part[4].substr(1, part[4].length() - 1));
+ } else {
+ temp = new string(part[4]);
+ }
+
+ return temp;
+}
+
+bool Attribute::find_error(const std::string *tab) const
+{
+ //We are checking tab[1] which contains scheme without ':' at the end
+ if (!checkScheme(&(tab[1]))) {
+ LogDebug("Check scheme failed, URI is invalid");
+ return true; //error found
+ }
+ if (!checkAuthority(&(tab[3]))) {
+ LogDebug("Check authority failed, URI is invalid");
+ return true; //error found
+ }
+
+ if (!checkPath(&(tab[4]))) {
+ LogDebug("Check path failed, URI is invalid");
+ return true; //error found
+ }
+
+ return false;
+}
+
+bool Attribute::checkScheme(const std::string *part) const
+{
+ Assert(part != NULL && "Checking NULLable string. This should never happen");
+
+ bool result = true;
+
+ //TODO change part->at to data=part->c_str()
+ //TODO can scheme be empty? In absolute URI no, in relative URI yes
+ if (part->empty()) {
+ //Empty string is a correct schema
+ result = true;
+ } else if (alpha[(int) (part->at(0))] == 0) {
+ result = false; // First scheme character must be alpha
+ } else {
+ // rest must be alpha or digit or '+' or '-' or '.'
+ for (unsigned int i = 1; i < part->size(); ++i) {
+ int c = static_cast<int>(part->at(i));
+ if (!isSchemeAllowedCharacter(c)) {
+ result = false;
+ break;
+ }
+ }
+ }
+ return result;
+}
+
+bool Attribute::checkAuthority(const std::string *part) const
+{
+ Assert(part != NULL && "Checking NULLable string. This should never happen");
+
+ //Server is a subset of reg_m_names so here we only check if authority matches reg_m_name
+ //Additional check if authority is a valid 'server' component is done in getHost
+ if (part->empty()) {
+ return true; //empty authority is valid uri
+ }
+ bool result = true;
+
+ const char * data = part->c_str();
+ for (size_t i = 0; i < part->length(); ++i) {
+ int c = (int) data[i];
+ if (isUnreserved(c)) {
+ continue;
+ }
+ if (c == '$') {
+ continue;
+ }
+ if (c == ',') {
+ continue;
+ }
+ if (c == ';') {
+ continue;
+ }
+ if (c == ':') {
+ continue;
+ }
+ if (c == '@') {
+ continue;
+ }
+ if (c == '&') {
+ continue;
+ }
+ if (c == '=') {
+ continue;
+ }
+ if (c == '+') {
+ continue;
+ }
+ if (c == '%') {
+ if (isEscaped(data + i)) {
+ i += 2; //rewind the two escaped characters
+ continue;
+ }
+ }
+ result = false;
+ break;
+ }
+
+ return result;
+}
+
+std::string * Attribute::getHost(const std::string *part) const
+{
+ if (part->empty()) {
+ return new std::string("");
+ }
+
+ //Check userinfo
+ size_t userInfoPos = part->find("@");
+ if (userInfoPos != std::string::npos) {
+ std::string data = part->substr(0, userInfoPos);
+ if (!isUserInfoAllowedString(&data)) {
+ return new string(""); //the authority is not composed of 'server' part
+ }
+ }
+
+ std::string host;
+ //If we use host modifier then authority is composed of 'server' part so
+ //the port must contain only digits
+ size_t portPos = part->find(":");
+ if (portPos != std::string::npos) {
+ for (unsigned int i = portPos + 1; i < part->size(); ++i) {
+ if (!digit[(int) part->at(i)]) {
+ return new string(""); //the authority is not composed of 'server' part
+ }
+ }
+ host = part->substr(userInfoPos + 1, portPos - (userInfoPos + 1));
+ } else {
+ host = part->substr(userInfoPos + 1, part->length() - (userInfoPos + 1));
+ }
+
+ if (!isHostAllowedString(&host)) {
+ //Even if the string is not allowed for host this can still be a valid uri
+ return new string("");
+ }
+
+ return new std::string(host);
+}
+
+bool Attribute::checkPath(const std::string *part) const
+{
+ bool result = true;
+
+ const char * data = part->c_str();
+
+ for (unsigned int i = 0; i < part->size(); ++i) {
+ int c = data[i];
+ if (c == '/') {
+ //If we found slash then the next character must be a part of segment
+ //It cannot be '/' so we have to check it immediately
+ i++;
+ c = data[i];
+ if (!isSegmentAllowedCharacter(c)) {
+ result = false;
+ break;
+ }
+ } else if (c == ';') {
+ //Start param part of segment
+ i++; //Param can be empty so we don't have to check what's right after semicolon
+ continue;
+ } else if (c == '%') {
+ //We have to handle escaped characters differently than other segment allowed characters
+ //because we need an array
+ if (isEscaped(data + i)) {
+ i += 2;
+ } else {
+ result = false;
+ break;
+ }
+ } else {
+ if (!isSegmentAllowedCharacter(c)) {
+ result = false;
+ break;
+ }
+ }
+ }
+
+ return result;
+}
+
+bool Attribute::isSchemeAllowedCharacter(int c) const
+{
+ bool result = false;
+ if (isAlphanum(c)) {
+ result = true;
+ } else if (c == '+') {
+ result = true;
+ } else if (c == '-') {
+ result = true;
+ } else if (c == '.') {
+ result = true;
+ }
+
+ return result;
+}
+
+bool Attribute::isSegmentAllowedCharacter(int c) const
+{
+ bool result = true;
+
+ // LogDebug("Checking is segment allowed for char "<<(char)c);
+
+ if (isUnreserved(c)) { //do nothing, result = true
+ } else if (c == ':') { //do nothing, result = true
+ } else if (c == '@') { //do nothing, result = true
+ } else if (c == '&') { //do nothing, result = true
+ } else if (c == '=') { //do nothing, result = true
+ } else if (c == '+') { //do nothing, result = true
+ } else if (c == '$') { //do nothing, result = true
+ } else if (c == ',') { //do nothing, result = true
+ } else {
+ result = false;
+ }
+
+ return result;
+}
+
+bool Attribute::isUserInfoAllowedString(const std::string * str) const
+{
+ bool result = false;
+
+ const char * data = str->c_str();
+
+ for (unsigned int i = 0; i < str->length(); ++i) {
+ int c = data[i];
+ if (isUnreserved(c)) {
+ result = true;
+ } else if (c == '%') {
+ //isEsacped method checks if we don't cross array bounds, so we can
+ //safely give data[i] here
+ result = isEscaped((data + i));
+ if (result == false) {
+ break;
+ }
+ i += 2; //rewind the next two characters sEsacped method checks if we don't cross array bounds, so we can safely rewind
+ } else if (c == ',') {
+ result = true;
+ } else if (c == '$') {
+ result = true;
+ } else if (c == '+') {
+ result = true;
+ } else if (c == '=') {
+ result = true;
+ } else if (c == '&') {
+ result = true;
+ } else if (c == '@') {
+ result = true;
+ } else if (c == ':') {
+ result = true;
+ }
+ }
+ return result;
+}
+
+bool Attribute::isUnreserved(int c) const
+{
+ return isAlphanum(c) || mark[c];
+}
+
+bool Attribute::isAlphanum(int c) const
+{
+ return alpha[c] || digit[c];
+}
+
+bool Attribute::isHex(int c) const
+{
+ bool result = false;
+
+ if (digit[c]) {
+ result = true;
+ } else if (c == 'A') {
+ result = true;
+ } else if (c == 'B') {
+ result = true;
+ } else if (c == 'C') {
+ result = true;
+ } else if (c == 'D') {
+ result = true;
+ } else if (c == 'E') {
+ result = true;
+ } else if (c == 'F') {
+ result = true;
+ } else if (c == 'a') {
+ result = true;
+ } else if (c == 'b') {
+ result = true;
+ } else if (c == 'c') {
+ result = true;
+ } else if (c == 'd') {
+ result = true;
+ } else if (c == 'e') {
+ result = true;
+ } else if (c == 'f') {
+ result = true;
+ }
+
+ return result;
+}
+
+bool Attribute::isEscaped(const char esc[3]) const
+{
+ if (esc == NULL) {
+ return false;
+ }
+
+ if ((esc[0] == 0) || (esc[1] == 0) || (esc[2] == 0)) {
+ //We get an array that seems to be out of bounds.
+ //To be on the safe side return here
+ LogDebug("HEX NULLS");
+ return false;
+ }
+
+ if (esc[0] != '%') {
+ LogDebug(
+ "Error: first character of escaped value must be a precent but is "
+ <<
+ esc[0]);
+ return false;
+ }
+
+#ifdef ALL_LOGS
+ for (int i = 0; i < 3; i++) {
+ LogDebug("HEX " << esc[i]);
+ }
+#endif
+ return isHex((int) esc[1]) && isHex((int) esc[2]);
+}
+
+bool Attribute::isHostAllowedString(const std::string * str) const
+{
+ bool result = true;
+
+ if (digit[(int) str->at(0)]) {
+ //IPv4 address
+ result = isIPv4AllowedString(str);
+ } else {
+ //Hostname
+ result = isHostNameAllowedString(str);
+ }
+
+ return result;
+}
+
+bool Attribute::isIPv4AllowedString(const std::string * str) const
+{
+ LogDebug("Is hostIPv4 allowed String for " << *str);
+
+ const char * data = str->c_str();
+ bool result = true;
+ int digitCounter = 0;
+ int dotCounter = 0;
+
+ for (unsigned int i = 0; i < str->length(); ++i) {
+ if (data[i] == '.') {
+ dotCounter++;
+ digitCounter = 0;
+ } else if (digit[(int) data[i]]) {
+ digitCounter++;
+ if ((digitCounter > 3) || !digitCounter) {
+ result = false;
+ break;
+ }
+ } else {
+ result = false;
+ break;
+ }
+ }
+ if (dotCounter != 3) {
+ result = false;
+ }
+ return result;
+}
+
+bool Attribute::isHostNameAllowedString(const std::string * str) const
+{
+ LogDebug("Is hostname allowed String for " << *str);
+
+ int lastPosition = 0; //the position of last dot + 1
+ const char * data = str->c_str();
+ bool finalDot = false;
+ size_t end = str->length();
+ bool result = false;
+
+ for (size_t i = 0; i < end; ++i) {
+ if (data[i] == '.') {
+ if (i == str->length() - 1) { //ending dot
+ //There can be a leading '.' int the hostm_name
+ finalDot = true;
+ break;
+ } else {
+ //we found domain label
+ if (!isDomainLabelAllowedString(data + lastPosition, i -
+ lastPosition)) {
+ result = false;
+ goto end;
+ }
+ lastPosition = i + 1; //Set position to position of last dot + 1
+ }
+ }
+ }
+
+ if (finalDot) {
+ //we have to rewind one position to check the rightmost string
+ //but only in case we find final dot
+ end--;
+ }
+ //Compare only the rightmost string aaa.bbbb.rightmostString.
+ result = isTopLabelAllowedString(data + lastPosition, end - lastPosition);
+
+end:
+
+ if (result) {
+ LogInfo("Hostname is allowed");
+ } else {
+ LogInfo("Hostname is NOT allowed");
+ }
+
+ return result;
+}
+
+bool Attribute::isDomainLabelAllowedString(const char * data,
+ int length) const
+{
+ LogDebug(
+ "Is domain allowed String for " << data << " taking first " <<
+ length <<
+ " chars");
+
+ if (!isAlphanum((int) data[0]) || !isAlphanum((int) data[length - 1])) {
+ return false;
+ }
+
+ for (int i = 0; i < length; i++) {
+ if ((!isAlphanum(data[i])) && !(data[i] == '-')) {
+ return false;
+ }
+ }
+ return true;
+}
+
+bool Attribute::isTopLabelAllowedString(const char * data,
+ int length) const
+{
+ if ((!alpha[(int) data[0]]) || (!isAlphanum((int) data[length - 1]))) {
+ return false;
+ }
+
+ for (int i = 1; i < length - 1; i++) {
+ if ((!isAlphanum(data[i])) && !(data[i] == '-')) {
+ return false;
+ }
+ }
+ return true;
+}
+
+void printAttributes(const AttributeSet& attrs)
+{
+ if (attrs.empty()) {
+ LogWarning("Empty attribute set");
+ } else {
+ LogDebug("PRINT ATTRIBUTES:");
+ for (AttributeSet::const_iterator it = attrs.begin();
+ it != attrs.end();
+ ++it)
+ {
+ LogDebug("name: " << *(*it)->getName());
+ }
+ }
+}
+
+void printAttributes(const std::list<Attribute> & attrs)
+{
+ if (attrs.empty()) {
+ LogWarning("Empty attribute set");
+ } else {
+ LogDebug("PRINT ATTRIBUTES:");
+ for (std::list<Attribute>::const_iterator it = attrs.begin();
+ it != attrs.end();
+ ++it
+ ) {
+ LogDebug(*it);
+ }
+ }
+}
+
+//KW const char * matchResultToString(Attribute::MatchResult result){
+//KW
+//KW const char * ret = NULL;
+//KW
+//KW switch(result){
+//KW
+//KW case Attribute::MRTrue:
+//KW ret = "true";
+//KW break;
+//KW case Attribute::MRFalse:
+//KW ret = "false";
+//KW break;
+//KW case Attribute::MRUndetermined:
+//KW ret = "undetermined";
+//KW break;
+//KW default:
+//KW ret = "Wrong match result";
+//KW }
+//KW
+//KW return ret;
+//KW
+//KW }
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : CombinerImpl.cpp
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#include <dpl/log/log.h>
+#include <dpl/assert.h>
+#include <dpl/foreach.h>
+
+#include <ace/CombinerImpl.h>
+#include <ace/Rule.h>
+#include <ace/Policy.h>
+
+namespace {
+
+bool denyOverridesPredecessor(
+ const ExtendedEffect &first,
+ const ExtendedEffect &second)
+{
+ if (first.getEffect() == second.getEffect())
+ return first.getRuleId() < second.getRuleId();
+ return first.getEffect() < second.getEffect();
+}
+
+bool permitOverridePredecessor(
+ const ExtendedEffect &first,
+ const ExtendedEffect &second)
+{
+ if (first.getEffect() == second.getEffect())
+ return first.getRuleId() < second.getRuleId();
+ return first.getEffect() > second.getEffect();
+}
+
+} //anonymous namespace
+
+ExtendedEffect CombinerImpl::denyOverrides(const ExtendedEffectList &effects)
+{
+ if (isError(effects)) {
+ return Error;
+ }
+
+ ExtendedEffect result(Inapplicable);
+
+ FOREACH(it, effects) {
+ if (denyOverridesPredecessor(*it, result)) {
+ result = *it;
+ }
+ }
+ return result;
+}
+
+ExtendedEffect CombinerImpl::permitOverrides(const ExtendedEffectList &effects)
+{
+ if (isError(effects)) {
+ return Error;
+ }
+
+ // This magic number must be bigger that the bigest ruleId number from policy file.
+ ExtendedEffect result(Deny, 999999);
+
+ //Flag used to indicate that any of Deny,prompt-*,permit options appear
+ //Consequently if flag is true then result should be return, otherwise inapplicable should be returned
+ bool flag = false;
+ bool flagUndetermined = false;
+
+ FOREACH(it,effects) {
+ ExtendedEffect effect = *it;
+
+ if (effect.getEffect() == Permit) {
+ return effect;
+ } // no need for further check if "permit" found
+ if (effect.getEffect() == Undetermined) {
+ flagUndetermined = true;
+ } //check for undetermined
+
+ //Set the flag and the result even if effect is equal to result
+ //It is done to mark if any "Deny" effect occured
+ if (permitOverridePredecessor(effect, result)
+ && effect.getEffect() != Inapplicable
+ && effect.getEffect() != Undetermined)
+ {
+ result = effect;
+ flag = true;
+ }
+ }
+
+ if (flagUndetermined) {
+ return ExtendedEffect(Undetermined);
+ }
+
+ if (!flag) {
+ return ExtendedEffect(Inapplicable);
+ }
+ return result;
+}
+
+ExtendedEffect CombinerImpl::firstApplicable(
+ const ExtendedEffectList & effects)
+{
+ if (isError(effects)) {
+ return Error;
+ }
+
+ FOREACH(it,effects) {
+ if (it->getEffect() != Inapplicable) {
+ return *it;
+ }
+ }
+ return Inapplicable;
+}
+
+ExtendedEffect CombinerImpl::firstMatchingTarget(
+ const ExtendedEffectList &effects)
+{
+ if (isError(effects)) {
+ return Error;
+ }
+ // effect list constains result of policies which target has been matched.
+ //
+ // If target does not match policy result is NotMatchingTarget
+ // NotMatchingTarget values are not stored on the effects list
+ // (you can check it in combinePolicies function).
+ //
+ // So we are intrested in first value on the list.
+ return effects.empty() ? Inapplicable : effects.front();
+}
+
+bool CombinerImpl::isError(const ExtendedEffectList &effects)
+{
+ FOREACH(it, effects)
+ {
+ if (Error == it->getEffect()) {
+ return true;
+ }
+ }
+ return false;
+}
+
+ExtendedEffect CombinerImpl::combineRules(const TreeNode * policy)
+{
+ const Policy * policyObj = dynamic_cast<const Policy *>(policy->getElement());
+ if (!policyObj) {
+ LogError("dynamic_cast failed. PolicyObj is null.");
+ return Error;
+ }
+
+ Policy::CombineAlgorithm algorithm = policyObj->getCombineAlgorithm();
+
+ Assert(
+ algorithm != Policy::FirstTargetMatching &&
+ "Policy cannot have algorithm first target matching");
+
+ bool isUndetermined = false;
+
+ if (!checkIfTargetMatches(policyObj->getSubjects(), isUndetermined)) {
+ if (isUndetermined) {
+ //TODO Target is undetermined what should we do now ??
+ //Right now simply return NotMatchingTarget
+ }
+ //Target doesn't match
+ return NotMatchingTarget;
+ }
+ //Get all rules
+ const ChildrenSet & children = policy->getChildrenSet();
+ ChildrenConstIterator it = children.begin();
+ ExtendedEffectList effects;
+
+ while (it != children.end()) {
+ const Rule * rule = dynamic_cast<const Rule *>((*it)->getElement());
+
+ if (!rule) {
+ LogError("Error in dynamic_cast. rule is null");
+ return ExtendedEffect(Error);
+ }
+
+ ExtendedEffect effect = rule->evaluateRule(this->getAttributeSet());
+ effects.push_back(effect);
+ if (algorithm == Policy::FirstApplicable && effect.getEffect() != Inapplicable) {
+ //For first applicable algorithm we may stop after evaluating first policy
+ //which has effect other than inapplicable
+ break;
+ }
+ ++it;
+ } //end policy children iteration
+
+ //Use combining algorithm
+ ExtendedEffect ef = combine(policyObj->getCombineAlgorithm(), effects);
+ return ef;
+}
+
+//WARNING this method makes an assumption that Policy target is a policy child
+ExtendedEffect CombinerImpl::combinePolicies(const TreeNode * policy)
+{
+ const Policy * policySet = dynamic_cast<const Policy *>(policy->getElement());
+
+ if (!policySet) {
+ LogError("dynamic_cast failed. Policy set is null.");
+ return Error;
+ }
+
+ bool isUndetermined = false;
+ Policy::CombineAlgorithm algorithm = policySet->getCombineAlgorithm();
+
+ if (!checkIfTargetMatches(policySet->getSubjects(), isUndetermined)) {
+ /* I can't explain this...
+ if (isUndetermined) {
+ if (algorithm == Policy::FirstTargetMatching) {
+ return Undetermined;
+ }
+ }
+ */
+ //Target doesn't match
+ return NotMatchingTarget;
+ }
+
+ const ChildrenSet & children = policy->getChildrenSet();
+
+ ExtendedEffectList effects;
+
+ FOREACH(it, children) {
+ ExtendedEffect effect;
+
+ if ((*it)->getTypeID() == TreeNode::PolicySet) {
+ effect = combinePolicies(*it);
+ if (effect.getEffect() != NotMatchingTarget) {
+ effects.push_back(effect);
+ }
+ } else if ((*it)->getTypeID() == TreeNode::Policy) {
+ effect = combineRules(*it);
+ if (effect.getEffect() != NotMatchingTarget) {
+ effects.push_back(effect);
+ }
+ } else {
+ // [CR] fix it
+ LogError("effect value is not initialized!");
+ return ExtendedEffect(Error);
+ }
+
+ if (algorithm == Policy::FirstTargetMatching
+ && effect.getEffect() != NotMatchingTarget)
+ {
+ //In First matching target algorithm we may return when first result is found
+ break;
+ }
+ }
+
+ //Use combining algorithm
+ return combine(policySet->getCombineAlgorithm(), effects);
+}
+
+ExtendedEffect CombinerImpl::combine(
+ Policy::CombineAlgorithm algorithm,
+ ExtendedEffectList &effects)
+{
+ LogDebug("Effects to be combined with algorithm: " << ::toString(algorithm));
+ showEffectList(effects);
+
+ switch (algorithm) {
+ case Policy::DenyOverride:
+ return denyOverrides(effects);
+ break;
+ case Policy::PermitOverride:
+ return permitOverrides(effects);
+ break;
+ case Policy::FirstApplicable:
+ return firstApplicable(effects);
+ break;
+ case Policy::FirstTargetMatching:
+ return firstMatchingTarget(effects);
+ break;
+ default:
+ Assert(false && "Wrong combining algorithm used");
+ return Error;
+ }
+}
+
+/**
+ *
+ * @param attrSet set of Subject attributes in policy that identifies target
+ * @return true if target is determined and matches, false and isUndertmined is set to true if the target is undetermined
+ * false and isUndetermined set to false if target is determined but doesn't match
+ */
+bool CombinerImpl::checkIfTargetMatches(
+ const std::list<const Subject *> * subjectsList,
+ bool &isUndetermined)
+{
+ if (subjectsList->empty()) {
+ return true;
+ }
+
+ std::list<const Subject *>::const_iterator it = subjectsList->begin();
+ bool match = false;
+ //According to BONDI 1.0 at least one target must match
+ while (it != subjectsList->end()) {
+ match = (*it)->matchSubject(this->getAttributeSet(), isUndetermined);
+ if (match) { //at least one match
+ break;
+ }
+ ++it;
+ }
+
+ #ifdef _DEBUG
+ if (match == Attribute::MRTrue) {
+ LogDebug("Target matches ");
+ } else if (match == Attribute::MRUndetermined) {
+ LogDebug("Target match undetermined ");
+ } else {
+ LogDebug("Target doesn't match");
+ }
+ #endif
+ return match;
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+// File: Condition.cpp
+// Author: notroot
+//
+// Created on June 3, 2009, 9:00 AM
+//
+
+#include <iostream>
+#include <dpl/log/log.h>
+#include <dpl/foreach.h>
+#include <ace/Condition.h>
+
+/**
+ * Check if attribute in condition matches the values obtained from PIP
+ * attrSet - attributes from PIP
+ */
+
+Attribute::MatchResult Condition::evaluateCondition(
+ const AttributeSet * attrSet) const
+{
+ //Condition may include either matches of attributes or other conditions
+ //in this method all attributes are matched at first and if possible the
+ //condition is evaluated. If evaluation is not possible based solely on
+ //attributes then we start recursion into child conditions.
+
+ Attribute::MatchResult match;
+ bool undeterminedMatchFound = false;
+ bool isFinalMatch = false;
+
+ LogDebug("Attributes to be matched");
+ printAttributes(*attrSet);
+ LogDebug("Condition attributes values");
+ printAttributes(attributes);
+
+ if (this->isEmpty()) {
+ LogDebug("Condition is empty, returning true");
+ //Condition is empty, it means it evaluates to TRUE
+ return Attribute::MatchResult::MRTrue;
+ }
+
+ match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound);
+ if (isFinalMatch) {
+ LogDebug("Evaluate attributes returning verdict" ) ; //<< match);
+ return match;
+ }
+
+ match = evaluateChildConditions(attrSet,
+ isFinalMatch,
+ undeterminedMatchFound);
+ if (isFinalMatch) {
+ LogDebug("Evaluate child conditions returning verdict" ); // << match);
+ return match;
+ }
+
+ if (undeterminedMatchFound) {
+ //If any child condition/attribute-match was undetermined and
+ //so far we couldn't make a decision then we must return undetermined
+ LogDebug("Evaluate condition returning MRUndetermined");
+ return Attribute::MatchResult::MRUndetermined;
+ }
+
+ if (this->isAndCondition()) {
+ match = Attribute::MatchResult::MRTrue;
+ } else if (this->isOrCondition()) {
+ match = Attribute::MatchResult::MRFalse;
+ } else {
+ Assert(false && "Condition has to be either AND or OR");
+ }
+ return match;
+}
+
+// KW Attribute::MatchResult Condition::performORalgorithm(const std::set<Attribute>* attrSet) const{
+// KW
+// KW Attribute::MatchResult match;
+// KW bool undeterminedMatchFound = false;
+// KW bool isFinalMatch = false;
+// KW
+// KW LogDebug("Performing OR algorithm");
+// KW
+// KW match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound);
+// KW if(isFinalMatch){
+// KW LogDebug("OR algorithm evaluate attributes returning verdict" << match);
+// KW return match;
+// KW }
+// KW
+// KW match = evaluateChildConditions(attrSet, isFinalMatch, undeterminedMatchFound);
+// KW if(isFinalMatch){
+// KW return match;
+// KW }
+// KW
+// KW if(undeterminedMatchFound){
+// KW //If any child condition/attribute-match was undetermined and
+// KW //so far we couldn't make a decision then we must return undetermined
+// KW LogDebug("OR algorithm returning MRUndetermined");
+// KW return Attribute::MRUndetermined;
+// KW }
+// KW
+// KW LogDebug("OR algorithm returning MRFalse");
+// KW return Attribute::MRFalse;
+// KW }
+
+// KW Attribute::MatchResult Condition::performANDalgorithm(const std::set<Attribute>* attrSet) const{
+// KW
+// KW
+// KW Attribute::MatchResult match;
+// KW bool undeterminedMatchFound = false;
+// KW bool isFinalMatch = false;
+// KW
+// KW LogDebug("Performing AND algorithm");
+// KW match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound);
+// KW if(isFinalMatch){
+// KW LogDebug("AND algorithm evaluate attributes returning verdict" << match);
+// KW return match;
+// KW }
+// KW match = evaluateChildConditions(attrSet, isFinalMatch, undeterminedMatchFound);
+// KW if(isFinalMatch){
+// KW LogDebug("AND algorithm evaluate child returning verdict " << match);
+// KW return match;
+// KW }
+// KW if(undeterminedMatchFound){
+// KW //If any child condition/attribute-match was undetermined and
+// KW //so far we couldn't make a decision then we must return undetermined
+// KW LogDebug("AND algorithm returning Undetermined");
+// KW return Attribute::MRUndetermined;
+// KW }
+// KW
+// KW LogDebug("AND algorithm returning MRTrue");
+// KW return Attribute::MRTrue;
+// KW
+// KW }
+
+Attribute::MatchResult Condition::evaluateAttributes(
+ const AttributeSet * attrSet,
+ bool& isFinalMatch,
+ bool & undeterminedMatchFound) const
+{
+ Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined;
+
+ std::list<Attribute>::const_iterator condIt = this->attributes.begin();
+ while (condIt != this->attributes.end()) {
+ //Find the value of needed attribute, based on attribute name
+ AttributeSet::const_iterator attr =
+ std::find_if(attrSet->begin(),
+ attrSet->end(),
+ AceDB::BaseAttribute::UnaryPredicate(&(*condIt)));
+ if (attr == attrSet->end()) {
+ LogError("Couldn't find required attribute. This should not happen");
+ Assert(
+ false &&
+ "Couldn't find attribute required in condition. This should not happen"
+ "This means that some attributes has not been obtained from PIP");
+ //Return undetermined here because it seems one of the attributes is unknown/undetermined
+ isFinalMatch = true;
+ match = Attribute::MatchResult::MRUndetermined;
+ break;
+ }
+
+ match = condIt->matchAttributes(&(*(*attr)));
+ if ((match == Attribute::MatchResult::MRFalse) && isAndCondition()) {
+ //FALSE match found in AND condition
+ isFinalMatch = true;
+ break;
+ } else if ((match == Attribute::MatchResult::MRTrue) && isOrCondition()) {
+ //TRUE match found in OR condition
+ isFinalMatch = true;
+ break;
+ } else if (match == Attribute::MatchResult::MRUndetermined) {
+ //Just mark that there was undetermined value found
+ undeterminedMatchFound = true;
+ }
+ ++condIt;
+ }
+
+ return match;
+}
+
+Attribute::MatchResult Condition::evaluateChildConditions(
+ const AttributeSet * attrSet,
+ bool& isFinalMatch,
+ bool & undefinedMatchFound) const
+{
+ Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined;
+
+ std::list<Condition>::const_iterator it = conditions.begin();
+ while (it != conditions.end()) {
+ match = it->evaluateCondition(attrSet);
+
+ if ((match == Attribute::MatchResult::MRFalse) && isAndCondition()) {
+ //FALSE match found in AND condition
+ LogDebug("Child conditions results MRFalse)");
+ isFinalMatch = true;
+ break;
+ } else if ((match == Attribute::MatchResult::MRTrue) && isOrCondition()) {
+ //TRUE match found in OR condition
+ LogDebug("Child conditions result MRTrue");
+ isFinalMatch = true;
+ break;
+ } else if (match == Attribute::MatchResult::MRUndetermined) {
+ undefinedMatchFound = true;
+ }
+ ++it;
+ }
+
+ return match;
+}
+
+void Condition::getAttributes(AttributeSet * attrSet)
+{
+ //Get attributes from current condition
+ FOREACH (it, attributes)
+ {
+ AceDB::BaseAttributePtr attr(new Attribute(it->getName(), it->getMatchFunction(), it->getType()));
+ attrSet->insert(attr);
+ }
+ //Get attributes from any child conditions
+ FOREACH (it, conditions)
+ {
+ it->getAttributes(attrSet);
+ }
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dpl/assert.h>
+#include <dpl/log/log.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <error.h>
+#include <malloc.h>
+#include <sys/stat.h>
+#include <ace/ConfigurationManager.h>
+
+using namespace std;
+
+namespace {
+const string currentXMLSchema("bondixml.xsd");
+}
+
+ConfigurationManager * ConfigurationManager::instance = NULL;
+
+
+string ConfigurationManager::getCurrentPolicyFile(void) const
+{
+ LogError("ConfigurationManager::getCurrentPolicyFile is DEPRECATED");
+ return "";
+}
+
+string ConfigurationManager::getFullPathToCurrentPolicyFile(void) const
+{
+ LogError("ConfigurationManager::getFullPathToCurrentPolicyFile"
+ "is DEPRECATED");
+ return "";
+}
+
+string ConfigurationManager::getFullPathToCurrentPolicyXMLSchema(void) const
+{
+ LogError("ConfigurationManager::getFullPathToCurrentPolicyXMLSchema"
+ "is DEPRECATED");
+ return "";
+}
+
+int ConfigurationManager::addPolicyFile(const string &)
+{
+ LogError("ConfigurationManager::addPolicyFile is DEPRECATED");
+ return CM_GENERAL_ERROR;
+}
+
+int ConfigurationManager::removePolicyFile(const string&)
+{
+ LogError("ConfigurationManager::removePolicyFile is DEPRECATED");
+ return CM_GENERAL_ERROR;
+}
+
+int ConfigurationManager::changeCurrentPolicyFile(const string&)
+{
+ LogError("ConfigurationManager::changeCurrentPolicyFile is DEPRECATED");
+ return CM_GENERAL_ERROR;
+}
+
+string ConfigurationManager::extractFilename(const string&) const
+{
+ LogError("ConfigurationManager::extractFilename is DEPRECATED");
+ return "";
+}
+
+
+int ConfigurationManager::parse(const string&)
+{
+ LogError("ConfigurationManager::parse is DEPRECATED");
+ return CM_GENERAL_ERROR;
+}
+
+bool ConfigurationManager::copyFile(FILE*, FILE*, int) const
+{
+ LogError("ConfigurationManager::copyFile is DEPRECATED");
+ return false;
+}
+
+bool ConfigurationManager::checkIfFileExistst(const string&) const
+{
+ LogError("ConfigurationManager::checkIfFileExistst is DEPRECATED");
+ return false;
+}
+
+const list<string> & ConfigurationManager::getPolicyFiles() const
+{
+ LogError("ConfigurationManager::getPolicyFiles is DEPRECATED");
+ static list<string> aList;
+ return aList;
+}
+
+const string & ConfigurationManager::getConfigFile() const
+{
+ LogError("ConfigurationManager::getConfigFile is DEPRECATED");
+ static string returnString("");
+ return returnString;
+}
+
+string ConfigurationManager::getFullPathToPolicyFile(PolicyType policy) const
+{
+ string storagePath = getStoragePath();
+ string fileName;
+
+ switch (policy) {
+ case PolicyType::WAC2_0: {
+ fileName = ACE_WAC_POLICY_FILE_NAME;
+ break; }
+ case PolicyType::Tizen: {
+ fileName = ACE_TIZEN_POLICY_FILE_NAME;
+ break; }
+ default: {
+ LogError("Invalid policy file requested");
+ return ""; }
+ }
+
+ return storagePath + fileName;
+}
+
+string ConfigurationManager::getFullPathToPolicyXMLSchema() const
+{
+ string storagePath = getStoragePath();
+ if (*(storagePath.rbegin()) == '/')
+ {
+ return storagePath + currentXMLSchema;
+ }
+ return storagePath + "/" + currentXMLSchema;
+}
+
+string ConfigurationManager::getStoragePath(void) const
+{
+ return ACE_MAIN_STORAGE;
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : Policy.cpp
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#include <ace/Policy.h>
+
+Policy::~Policy()
+{
+ for (std::list<const Subject *>::iterator it = subjects->begin();
+ it != subjects->end();
+ ++it) {
+ delete *it;
+ }
+ delete subjects;
+}
+
+void Policy::printData()
+{
+ std::string subject;
+ if (subjects != NULL && subjects->size()) {
+ subject = (subjects->front())->getSubjectId();
+ }
+ std::string algorithm = printCombineAlgorithm(this->combineAlgorithm);
+
+ std::cout << "subject: " << subject << " algorithm: " << algorithm <<
+ std::endl;
+}
+
+std::string Policy::printCombineAlgorithm(CombineAlgorithm algorithm)
+{
+ switch (algorithm) {
+ case DenyOverride:
+ return "DenyOverride";
+ case PermitOverride:
+ return "PermitOverride";
+ case FirstApplicable:
+ return "FirstApplicable";
+ case FirstTargetMatching:
+ return "FirstTargetMatching";
+ default:
+ return "ERROR: Wrong Algorithm";
+ }
+}
+
+const char * toString(Policy::CombineAlgorithm algorithm)
+{
+ switch (algorithm) {
+ case Policy::DenyOverride:
+ return "DenyOverride";
+ case Policy::PermitOverride:
+ return "PermitOverride";
+ case Policy::FirstApplicable:
+ return "FirstApplicable";
+ case Policy::FirstTargetMatching:
+ return "FirstTargetMatching";
+ default:
+ return "ERROR: Wrong Algorithm";
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file security_logic.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @author Ming Jin(ming79.jin@samsung.com)
+ * @version 1.0
+ * @brief Implementation file for security logic
+ */
+#include <ace/PolicyEnforcementPoint.h>
+
+#include <sstream>
+#include <algorithm>
+#include <list>
+#include <string>
+#include <sstream>
+#include <stdexcept>
+#include <cstdlib>
+#include <map>
+
+#include <dpl/assert.h>
+#include <dpl/exception.h>
+#include <dpl/log/log.h>
+
+#include <ace/PolicyEvaluatorFactory.h>
+#include <ace/PolicyResult.h>
+#include <ace/Request.h>
+
+PolicyEnforcementPoint::PolicyEnforcementPoint() :
+ m_wrt(0),
+ m_res(0),
+ m_sys(0),
+ m_pdp(0),
+ m_pip(0)
+{}
+
+void PolicyEnforcementPoint::terminate()
+{
+ LogInfo("PolicyEnforcementPoint is being deinitialized.");
+
+ delete m_sys;
+ delete m_res;
+ delete m_wrt;
+ delete m_pdp;
+ delete m_pip;
+ m_sys = 0;
+ m_res = 0;
+ m_wrt = 0;
+ m_pdp = 0;
+ m_pip = 0;
+}
+
+PolicyEnforcementPoint::~PolicyEnforcementPoint()
+{
+ Assert((m_sys == 0) && "You must run "
+ "PolicyEnforcementPoint::Deinitialize before exit program!");
+}
+
+void PolicyEnforcementPoint::initialize(
+ IWebRuntime *wrt,
+ IResourceInformation *resource,
+ IOperationSystem *operation)
+{
+ if (m_wrt) {
+ ThrowMsg(PEPException::AlreadyInitialized,
+ "Policy Enforcement Point is already initialzed");
+ }
+
+ m_wrt = wrt;
+ m_res = resource;
+ m_sys = operation;
+
+ if (this->m_pip != NULL) {
+ this->m_pip->update(m_wrt, m_res, m_sys);
+ return;
+ }
+
+ this->m_pip = new PolicyInformationPoint(wrt, m_res, m_sys);
+ this->m_pdp = new PolicyEvaluator(m_pip);
+
+ if (!this->m_pdp->initPDP()) {
+ Assert(0);
+ }
+}
+
+ExtendedPolicyResult PolicyEnforcementPoint::check(Request &request)
+{
+ return m_pdp->getPolicyForRequest(request);
+}
+
+void PolicyEnforcementPoint::updatePolicy(const std::string &policy)
+{
+ LogDebug("ACE updatePolicy: " << policy);
+ int errorCode = 0;
+
+ if (m_pdp == NULL) {
+ LogError("Evaluator not set. Ignoring message.");
+ Assert(false && "UpdateClient error on receiving event");
+ } else {
+ LogDebug("Emitting update signal.");
+ errorCode = m_pdp->updatePolicy(policy.c_str());
+ }
+
+ LogDebug("Sending reponse: " << errorCode);
+}
+
+void PolicyEnforcementPoint::updatePolicy()
+{
+ LogDebug("ACE updatePolicy");
+ if (m_pdp == NULL) {
+ LogError("Evaluator not set. Ignoring message.");
+ } else {
+ m_pdp->updatePolicy();
+ }
+}
+
+OptionalExtendedPolicyResult PolicyEnforcementPoint::checkFromCache(Request &request)
+{
+ return m_pdp->getPolicyForRequestFromCache(request);
+}
+
+OptionalExtendedPolicyResult PolicyEnforcementPoint::check(Request &request,
+ bool fromCacheOnly)
+{
+ return m_pdp->getPolicyForRequest(request, fromCacheOnly);
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : PolicyEvaluator.cpp
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+#include <dpl/assert.h>
+#include <dpl/foreach.h>
+
+#include <ace/Attribute.h>
+#include <ace/PolicyEvaluator.h>
+#include <ace/TreeNode.h>
+#include <ace/Policy.h>
+#include <ace/Rule.h>
+#include <ace/Attribute.h>
+#include <ace/SettingsLogic.h>
+#include <ace-dao-rw/AceDAO.h>
+#include <ace-dao-ro/PreferenceTypes.h>
+#include <ace/parser.h>
+
+using namespace AceDB;
+
+PolicyEvaluator::~PolicyEvaluator()
+{
+ delete m_combiner;
+}
+
+PolicyEvaluator::PolicyEvaluator(PolicyInformationPoint * pip) :
+ m_uniform_policy(NULL),
+ m_wac_policy(NULL),
+ m_tizen_policy(NULL),
+ m_policy_to_use(PolicyType::WAC2_0),
+ m_combiner(new CombinerImpl()),
+ m_verdictListener(NULL),
+ m_pip(pip)
+{}
+
+bool PolicyEvaluator::initPDP()
+{
+ updatePolicy();
+ // TODO change return value someday to void?
+ return true;
+}
+
+bool PolicyEvaluator::fillAttributeWithPolicy()
+{
+ if (m_attributeSet.empty()) {
+ if (!extractAttributes(m_uniform_policy)) {
+ LogInfo("Warning attribute set cannot be extracted. "
+ "Returning Deny");
+ return false;
+ }
+ // Adding widget type attribute to distinguish WAC/Tizen widgets
+ /**
+ * This special attribute of WidgetParam type is handled
+ * in PolicyInformationPoint, it is based on WidgetType
+ * fron WRT database.
+ *
+ * It is needed to distinguish cached policy results and cached prompt
+ * responses for different policies (WAC/Tizen/any possible
+ * other in the future).
+ */
+ AceDB::BaseAttributePtr attribute(new AceDB::BaseAttribute());
+ attribute->setName(POLICY_WIDGET_TYPE_ATTRIBUTE_NAME);
+ attribute->setType(AceDB::BaseAttribute::Type::WidgetParam);
+ m_attributeSet.insert(attribute);
+ AceDAO::addAttributes(m_attributeSet);
+ } else {
+ LogDebug("Required attribute set already loaded");
+ }
+ return true;
+}
+
+PolicyResult PolicyEvaluator::effectToPolicyResult(Effect effect)
+{
+ if (Effect::Deny == effect) {
+ return PolicyEffect::DENY;
+ }
+ if (Effect::Undetermined == effect) {
+ return PolicyResult::Value::UNDETERMINED;
+ }
+ if (Effect::PromptOneShot == effect) {
+ return PolicyEffect::PROMPT_ONESHOT;
+ }
+ if (Effect::PromptSession == effect) {
+ return PolicyEffect::PROMPT_SESSION;
+ }
+ if (Effect::PromptBlanket == effect) {
+ return PolicyEffect::PROMPT_BLANKET;
+ }
+ if (Effect::Permit == effect) {
+ return PolicyEffect::PERMIT;
+ }
+ if (Effect::Inapplicable == effect) {
+ return PolicyDecision::Value::NOT_APPLICABLE;
+ }
+ return PolicyEffect::DENY;
+}
+
+OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequestInternal(
+ bool fromCacheOnly)
+{
+ //ADD_PROFILING_POINT("Search cached verdict in database", "start");
+
+ OptionalExtendedPolicyResult result = AceDAO::getPolicyResult(m_attributeSet);
+
+ //ADD_PROFILING_POINT("Search cached verdict in database", "stop");
+
+ if (fromCacheOnly || !result.IsNull()) {
+ return result;
+ }
+
+ //ADD_PROFILING_POINT("EvaluatePolicy", "start");
+
+ ExtendedEffect policyEffect = evaluatePolicies(getCurrentPolicyTree());
+
+ //ADD_PROFILING_POINT("EvaluatePolicy", "stop");
+
+ LogDebug("Policy effect is: " << toString(policyEffect.getEffect()));
+
+ ExtendedPolicyResult exResult(
+ effectToPolicyResult(policyEffect.getEffect()),
+ policyEffect.getRuleId());
+
+ AceDAO::setPolicyResult(this->m_attributeSet, exResult);
+ return OptionalExtendedPolicyResult(exResult);
+}
+
+// +----------------+---------+---------+------+--------+
+// |\User setting | PERMIT | PROMPT* | DENY | DEF |
+// | \ | | | | |
+// |Policy result\ | | | | |
+// |----------------+---------+---------+------+--------+
+// |PERMIT | PERMIT | PROMPT* | DENY | PERMIT |
+// |----------------+---------+---------+------+--------+
+// |PROMPT* | PROMPT* | PR MIN | DENY | PROMPT*|
+// |----------------+---------+---------+------+--------+
+// |DENY | DENY | DENY | DENY | DENY |
+// |----------------+---------+---------+------+--------+
+// |UNDETERMIND | UNDET | UNDET | DENY | UNDET |
+// |----------------+---------+---------+------+--------+
+// |NOT_AP | PEMIT | PROMPT* | DENY | NOT_AP |
+// +----------------+---------+---------+------+--------+
+
+static PolicyResult getMostRestrict(
+ PreferenceTypes globalPreference,
+ const PolicyResult &policyResult)
+{
+ if (globalPreference == PreferenceTypes::PREFERENCE_PERMIT
+ && policyResult == PolicyEffect::PERMIT) {
+ return PolicyEffect::PERMIT;
+ }
+
+ if (globalPreference == PreferenceTypes::PREFERENCE_DENY
+ || policyResult == PolicyEffect::DENY) {
+ return PolicyEffect::DENY;
+ }
+
+ if (policyResult == PolicyResult::UNDETERMINED) {
+ return PolicyResult::UNDETERMINED;
+ }
+
+ if (globalPreference == PreferenceTypes::PREFERENCE_DEFAULT) {
+ return policyResult;
+ }
+
+ if (globalPreference == PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT
+ || policyResult == PolicyEffect::PROMPT_ONESHOT) {
+ return PolicyEffect::PROMPT_ONESHOT;
+ }
+
+ if (globalPreference == PreferenceTypes::PREFERENCE_SESSION_PROMPT
+ || policyResult == PolicyEffect::PROMPT_SESSION) {
+ return PolicyEffect::PROMPT_SESSION;
+ }
+
+ if (globalPreference == PreferenceTypes::PREFERENCE_BLANKET_PROMPT
+ || policyResult == PolicyEffect::PROMPT_BLANKET) {
+ return PolicyEffect::PROMPT_BLANKET;
+ }
+
+ return PolicyEffect::PERMIT;
+}
+
+OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequestFromCache(
+ const Request &request)
+{
+ return getPolicyForRequest(request, true);
+}
+
+ExtendedPolicyResult PolicyEvaluator::getPolicyForRequest(const Request &request)
+{
+ auto result = this->getPolicyForRequest(request, false);
+ Assert(!result.IsNull()
+ && "Policy always has to be evaluated to valid state");
+ return *result;
+}
+
+OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequest(
+ const Request &request,
+ bool fromCacheOnly)
+{
+ //ADD_PROFILING_POINT("getPolicyForRequest", "start");
+ m_attributeSet.clear();
+
+ switch (request.getAppType()) {
+ case Request::APP_TYPE_TIZEN:
+ m_policy_to_use = PolicyType::Tizen;
+ LogDebug("==== Using Tizen policy ====");
+ break;
+ case Request::APP_TYPE_WAC20:
+ m_policy_to_use = PolicyType::WAC2_0;
+ LogDebug("==== Using WAC policy ====");
+ break;
+ default:
+ LogError("Unsupported(unknown) widget type. Access denied.");
+ return OptionalExtendedPolicyResult(
+ ExtendedPolicyResult(PolicyEffect::DENY));
+ }
+
+ try {
+ // Check which attributes should be used
+ // memory alocated, free in destructor
+ //ADD_PROFILING_POINT("getAttributes", "start");
+ AceDB::AceDAO::getAttributes(&m_attributeSet);
+ //ADD_PROFILING_POINT("getAttributes", "stop");
+
+ // If attributes can't be resolved then check the policy
+ if (!fillAttributeWithPolicy()) {
+ //ADD_PROFILING_POINT("getPolicyForRequest", "stop");
+ return OptionalExtendedPolicyResult(
+ ExtendedPolicyResult(PolicyEffect::DENY));
+ }
+
+ //ADD_PROFILING_POINT("getAttributesValues", "start");
+ m_pip->getAttributesValues(&request, &m_attributeSet);
+ //ADD_PROFILING_POINT("getAttributesValues", "stop");
+ LogDebug("==== Attributes set by PIP ====");
+ printAttributes(m_attributeSet);
+ LogDebug("==== End of attributes set by PIP ====");
+
+ OptionalExtendedPolicyResult policyResult = getPolicyForRequestInternal(
+ fromCacheOnly);
+
+ if (policyResult.IsNull()) {
+ if (!fromCacheOnly) {
+ LogError("Policy evaluated to NULL value");
+ Assert(false && "Policy evaluated to NULL value");
+ }
+ return OptionalExtendedPolicyResult::Null;
+ }
+ LogDebug("==== getPolicyForRequestInternal result (PolicyResult): "
+ << policyResult->policyResult << "=====");
+
+ PreferenceTypes globalPreference =
+ SettingsLogic::findGlobalUserSettings(request);
+
+ auto ret = getMostRestrict(globalPreference, policyResult->policyResult);
+ //ADD_PROFILING_POINT("getPolicyForRequest", "stop");
+ return OptionalExtendedPolicyResult(
+ ExtendedPolicyResult(ret, policyResult->ruleId));
+
+ } catch (AceDB::AceDAO::Exception::DatabaseError &e) {
+ LogError("Database error");
+ DPL::Exception::DisplayKnownException(e);
+ //ADD_PROFILING_POINT("getPolicyForRequest", "stop");
+ return OptionalExtendedPolicyResult(
+ ExtendedPolicyResult(PolicyEffect::DENY));
+ }
+}
+
+bool PolicyEvaluator::extractAttributes(TreeNode* policyTree)
+{
+ if (NULL == policyTree) {
+ return false;
+ }
+
+ //We check if root target matches. In general the root's target should
+ //be empty. Otherwise it would have to have all the subjects available
+ //specified but just to be on the safe side (and for tests) this checking
+ const Policy * policy =
+ dynamic_cast<const Policy *>(policyTree->getElement());
+ Assert(policy != NULL
+ && "Policy element has been null while attribute extracting");
+
+ extractTargetAttributes(policy);
+ extractAttributesFromSubtree(policyTree); //Enter recursion
+
+ return true;
+}
+
+void PolicyEvaluator::extractTargetAttributes(const Policy *policy)
+{
+ std::list<const Subject *>::const_iterator it =
+ policy->getSubjects()->begin();
+ for (; it != policy->getSubjects()->end(); ++it) {
+ const std::list<Attribute> & attrList = (*it)->getTargetAttributes();
+ FOREACH(it2, attrList)
+ {
+ BaseAttributePtr attr(
+ new Attribute((*it2).getName(), (*it2).getMatchFunction(),
+ (*it2).getType()));
+ m_attributeSet.insert(attr);
+ }
+ }
+}
+
+TreeNode * PolicyEvaluator::getCurrentPolicyTree()
+{
+ TreeNode * currentPolicy = NULL;
+ switch (m_policy_to_use) {
+ case PolicyType::Tizen: {
+ currentPolicy = m_tizen_policy;
+ break;}
+ case PolicyType::WAC2_0: {
+ currentPolicy = m_wac_policy;
+ break;}
+ default: {
+ LogError("Invalid policy type to use");}
+ }
+ return currentPolicy;
+}
+
+/**
+ *
+ * @param *root - the root of the original (full) subtree of politics
+ * @param *newRoot - the pointer to the root of the copy (reduced) subtree of politics
+ */
+void PolicyEvaluator::extractAttributesFromSubtree(const TreeNode *root)
+{
+ const ChildrenSet & children = root->getChildrenSet();
+
+ for (std::list<TreeNode *>::const_iterator it = children.begin();
+ it != children.end(); ++it) {
+ TreeNode * node = *it;
+ if (node->getTypeID() != TreeNode::Policy
+ && node->getTypeID() != TreeNode::PolicySet) {
+ //It is not a policy so we may be sure that we have already
+ //checked that SubjectId matches
+ //Add new node to new tree and extract attributes
+
+ extractAttributesFromRules(node);
+ } else { //TreeNode is a Policy or PolicySet
+ const Policy * policy =
+ dynamic_cast<const Policy *>(node->getElement());
+ //We will be needing also the attributes from target
+ if (policy) {
+ extractTargetAttributes(policy);
+ } else {
+ LogError(" extractAttributesFromSubtree policy=NULL");
+ }
+ //Enter recursion
+ extractAttributesFromSubtree(node);
+ }
+ }
+}
+
+bool PolicyEvaluator::extractAttributesFromRules(const TreeNode *root)
+{
+ Assert(root->getTypeID() == TreeNode::Rule
+ && "Tree structure, extracting attributes from node that is not a rule");
+ Rule * rule = dynamic_cast<Rule *>(root->getElement());Assert
+ (rule != NULL);
+ //Get attributes from rule
+ rule->getAttributes(&m_attributeSet);
+
+ //[CR] consider returned value, because its added only to eliminate errors
+ return true;
+}
+
+ExtendedEffect PolicyEvaluator::evaluatePolicies(const TreeNode * root)
+{
+ if (root == NULL) {
+ LogInfo("Error: policy tree doesn't exist. "
+ "Probably xml file is missing");
+ return Deny;
+ }
+
+ if (m_attributeSet.empty()) {
+ LogInfo("Warning: evaluatePolicies: attribute set was empty");
+ }
+ m_combiner->setAttributeSet(&m_attributeSet);
+ return m_combiner->combinePolicies(root);
+}
+
+
+int PolicyEvaluator::updatePolicy(const char* newPolicy)
+{
+ LogError("PolicyEvaluator::updatePolicy is DEPRECATED");
+ ConfigurationManager* configMgr = ConfigurationManager::getInstance();
+ if (NULL == configMgr) {
+ LogError("ACE fatal error: failed to create configuration manager");
+ return POLICY_PARSING_ERROR;
+ }
+ int result = POLICY_PARSING_SUCCESS;
+ if (newPolicy == NULL) {
+ LogError("Policy Update: incorrect policy name");
+ return POLICY_FILE_ERROR;
+ }
+ LogDebug("Starting update policy: " << newPolicy);
+
+ Parser parser;
+ TreeNode *backup = m_uniform_policy;
+
+ m_uniform_policy = parser.parse(newPolicy,
+ configMgr->getFullPathToPolicyXMLSchema());
+
+ if (NULL == m_uniform_policy) {
+ m_uniform_policy = backup;
+ LogError("Policy Update: corrupted policy file");
+ result = POLICY_PARSING_ERROR;
+ } else {
+ m_currentPolicyFile = newPolicy;
+ m_wac_policy = m_uniform_policy; //we must be able to use WAC widgets
+ m_tizen_policy = m_uniform_policy;//we must be able to use Tizen widgets
+ m_attributeSet.clear();
+ backup->releaseResources();
+ LogInfo("Policy Update: successful.");
+ try {
+ AceDAO::resetDatabase(); // TODO: this is strange, but this
+ // method is deprecated so not changing
+ // it (will disappear with entire method)
+ } catch (AceDAO::Exception::DatabaseError &e) {
+ }
+ }
+ return result;
+}
+
+TreeNode * PolicyEvaluator::getDefaultSafePolicyTree(void)
+{
+ Policy * policy = new Policy;
+ Rule * rule = new Rule;
+ TreeNode * mainTree = NULL,
+ * childTree = NULL;
+
+ policy->setCombineAlgorithm(Policy::CombineAlgorithm::DenyOverride);
+ rule->setEffect(Deny);
+
+ mainTree = new TreeNode(m_uniform_policy, TreeNode::Policy, policy);
+ childTree = new TreeNode(mainTree, TreeNode::Rule, rule);
+ mainTree->addChild(childTree);
+
+ LogError("Loading default safe policy tree");
+ return mainTree;
+}
+
+void PolicyEvaluator::updatePolicy()
+{
+ ConfigurationManager *configMgr = ConfigurationManager::getInstance();
+ Assert(NULL != configMgr && "ACE fatal error: failed to "
+ "create configuration manager");
+ AceDAO::clearPolicyCache();
+ if (NULL != m_uniform_policy) {
+ m_uniform_policy->releaseResources();
+ }
+ Parser parserWac, parserTizen;
+ m_wac_policy = parserWac.parse(
+ configMgr->getFullPathToPolicyFile(PolicyType::WAC2_0),
+ configMgr->getFullPathToPolicyXMLSchema());
+ if (NULL == m_wac_policy) {
+ LogError("ACE fatal error: cannot parse XML file (WAC policy)");
+ m_wac_policy = getDefaultSafePolicyTree();
+ }
+ m_tizen_policy = parserTizen.parse(
+ configMgr->getFullPathToPolicyFile(PolicyType::Tizen),
+ configMgr->getFullPathToPolicyXMLSchema());
+ if (NULL == m_tizen_policy) {
+ LogError("ACE fatal error: cannot parse XML file (Tizen policy)");
+ m_tizen_policy = getDefaultSafePolicyTree();
+ }
+ // Policy set is usefull for releasing all policies in case of
+ // policy change
+ Policy * policySet = new PolicySet();
+ policySet->setCombineAlgorithm(Policy::CombineAlgorithm::DenyOverride);
+ m_uniform_policy = new TreeNode(NULL, TreeNode::PolicySet, policySet);
+ m_uniform_policy->addChild(m_wac_policy);
+ m_uniform_policy->addChild(m_tizen_policy);
+
+ // Creating attribute set for the first time after loading policy
+ // to speed up queries
+ m_attributeSet.clear();
+ fillAttributeWithPolicy();
+}
+
+std::string PolicyEvaluator::getCurrentPolicy()
+{
+ LogError("PolicyEvaluator::getCurrentPolicy is DEPRECATED");
+ return m_currentPolicyFile;
+}
+
+const char * toString(Validity validity)
+{
+ switch (validity) {
+ case Validity::ONCE:
+ return "Once";
+ break;
+ case Validity::SESSION:
+ return "Session";
+ case Validity::ALWAYS:
+ return "Always";
+ default:
+ return "WRONG VALIDITY";
+ }
+}
+
+const char * toString(Verdict verdict)
+{
+ switch (verdict) {
+ case Verdict::VERDICT_PERMIT:
+ return "Permit";
+ case Verdict::VERDICT_DENY:
+ return "Deny";
+ case Verdict::VERDICT_INAPPLICABLE:
+ return "Inapplicable";
+ case Verdict::VERDICT_UNKNOWN:
+ return "Unknown";
+ case Verdict::VERDICT_UNDETERMINED:
+ return "Undetermined";
+ case Verdict::VERDICT_ERROR:
+ return "Error";
+ case Verdict::VERDICT_ASYNC:
+ return "Async";
+ default:
+ return "Wrong verdict value";
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : PolicyInformationPoint.cpp
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+#include <map>
+#include <string>
+#include <list>
+
+#include <ace/PolicyInformationPoint.h>
+#include <ace/ConfigurationManager.h>
+
+#include <dpl/log/log.h>
+#include <dpl/assert.h>
+#include <dpl/foreach.h>
+
+#include <ace/Attribute.h>
+#include <ace-dao-ro/BaseAttribute.h>
+#include <ace-dao-ro/AceDAOReadOnly.h>
+
+using namespace AceDB;
+
+PolicyInformationPoint::PolicyInformationPoint(IWebRuntime *wrt,
+ IResourceInformation *resource,
+ IOperationSystem *system) : wrtInterface(wrt),
+ resourceInformation(resource),
+ operationSystem(system)
+{
+ AceDB::AceDAOReadOnly::attachToThreadRO();
+}
+
+PolicyInformationPoint::~PolicyInformationPoint()
+{
+ AceDB::AceDAOReadOnly::detachFromThread();
+}
+
+/* gather attributes values from adequate interfaces */
+PipResponse PolicyInformationPoint::getAttributesValues(const Request* request,
+ AttributeSet* attributes)
+{
+ int subjectReturn = 0;
+ int resourceReturn = 0;
+ int operationReturn = 0;
+ int functionReturn = 0;
+ /* create query lists */
+ createQueries(attributes);
+
+ /* check if subject attributes query has any elements*/
+ if (!subjectAttributesQuery.empty()) {
+ /* get Subject Attributes */
+ subjectReturn = wrtInterface->getAttributesValues(
+ *request,
+ &subjectAttributesQuery);
+ }
+
+ AttributeSet::const_iterator iter2;
+ FOREACH(iter, subjectAttributesQuery)
+ {
+ if (iter->second == NULL) {
+ Attribute attr(*(iter->first));
+ attr.setType(Attribute::Type::Subject);
+ iter2 = std::find_if(attributes->begin(),
+ attributes->end(),
+ BaseAttribute::UnaryPredicate(&attr));
+ Assert(iter2 != attributes->end() && "This should not happen, "
+ "the attribute MUST be in attribute set");
+ (*iter2)->setUndetermind(true);
+ }
+ }
+
+ /* check if resource attributes query has any elements*/
+ if (!resourceAttributesQuery.empty()) {
+ /* get Resource Attributes */
+ resourceReturn = resourceInformation->getAttributesValues(
+ *request,
+ &resourceAttributesQuery);
+ /* error analyzys*/
+ resourceReturn <<= ERROR_SHIFT_RESOURCE;
+ }
+
+ FOREACH(iter, resourceAttributesQuery)
+ {
+ if (iter->second == NULL) {
+ LogInfo("Found undetermined attribute");
+ Attribute attr(*(iter->first));
+ attr.setType(Attribute::Type::Resource);
+ iter2 = std::find_if(attributes->begin(),
+ attributes->end(),
+ BaseAttribute::UnaryPredicate(&attr));
+ Assert(iter2 != attributes->end() && "This should not happen, "
+ "the attribute MUST be in attribute set");
+ (*iter2)->setUndetermind(true);
+ }
+ }
+
+ /* check if resource attributes query has any elements*/
+ if (!environmentAttributesQuery.empty()) {
+ /* get enviroment attributes */
+ operationReturn = operationSystem->getAttributesValues(
+ *request,
+ &environmentAttributesQuery);
+ /* error analyzys*/
+ operationReturn <<= ERROR_SHIFT_OS;
+ }
+
+ FOREACH(iter, environmentAttributesQuery)
+ {
+ if (iter->second == NULL) {
+ //it doesnt change uniqueness of a set element so we can const_cast
+ Attribute attr(*(iter->first));
+ attr.setType(Attribute::Type::Environment);
+ iter2 = find_if(attributes->begin(),
+ attributes->end(),
+ BaseAttribute::UnaryPredicate(&attr));
+ Assert(iter2 != attributes->end() && "This should not happen, "
+ "the attribute MUST be in attribute set");
+ (*iter2)->setUndetermind(true);
+ }
+ }
+
+ /* check if functionParam attributes query has any elements*/
+ if (!functionParamAttributesQuery.empty() && request->getFunctionParam()) {
+ /* get params attributes */
+ functionReturn = request->getFunctionParam()->getAttributesValues(
+ *request,
+ &functionParamAttributesQuery);
+ /* error analyzys*/
+ functionReturn <<= ERROR_SHIFT_FP;
+ }
+
+ FOREACH(iter, functionParamAttributesQuery)
+ {
+ if (iter->second == NULL) {
+ //it doesnt change uniqueness of a set element so we can const_cast
+ Attribute attr(*(iter->first));
+ attr.setType(Attribute::Type::FunctionParam);
+ iter2 = find_if(attributes->begin(),
+ attributes->end(),
+ BaseAttribute::UnaryPredicate(&attr));
+ Assert(iter2 != attributes->end() && "This should not happen, "
+ "the attribute MUST be in attribute set");
+ (*iter2)->setUndetermind(true);
+ }
+ }
+
+ // Here we must add to attributes proper marking of policy type
+ // (Tizen or WAC widget)
+ /**
+ * This part of code seems odd here, but we don't want to keep it in
+ * attribute fascade, as it is maintained by ACE clients and we are not
+ * sure if this kind of distinction between different policies will be ok
+ * as final solution.
+ *
+ * This is somehow private part of ACE, so it may be moved into
+ * separate ACEAttributeFascade kind of a class in (already planned)
+ * refactoring, when moving to new, C-only API for ACE.
+ */
+ if (widgetParamAttributesQuery.empty()) {
+ LogError("No attrbutes of WidgetParam type present - "
+ "should be widget type at least");
+ } else {
+ LogDebug("WidgetParam type atributes present, searching for widget type");
+ FOREACH(iter, widgetParamAttributesQuery) {
+ const std::string *name = iter->first;
+ if (POLICY_WIDGET_TYPE_ATTRIBUTE_NAME == *name) {
+ LogDebug("Widget type attribute found");
+
+ // Extracting widget type
+ std::list<std::string> attrValue;
+ Try {
+ AceDB::AppTypes appType =
+ AceDB::AceDAOReadOnly::getWidgetType(
+ request->getWidgetHandle());
+ switch (appType) {
+ case AceDB::AppTypes::Tizen : {
+ attrValue.push_back(POLICY_NAME_TIZEN);
+ LogDebug("==== Using Tizen policy in PIP ====");
+ break;}
+ case AceDB::AppTypes::WAC20 : {
+ attrValue.push_back(POLICY_NAME_WAC2_0);
+ LogDebug("==== Using WAC policy in PIP ====");
+ break;}
+ default: {
+ LogError("Invalid widget type");
+ }
+ }
+ } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError)
+ {
+ LogError("Couldn't find widget for handle "
+ << request->getWidgetHandle());
+ }
+
+ // Setting real attribute value
+ Attribute attr(*(iter->first));
+ attr.setType(Attribute::Type::WidgetParam);
+ iter2 = find_if(attributes->begin(),
+ attributes->end(),
+ BaseAttribute::UnaryPredicate(&attr));
+ Assert(iter2 != attributes->end() && "This should not happen, "
+ "the attribute MUST be in attribute set");
+ (*iter2)->setUndetermind(false);
+ (*iter2)->setValue(attrValue);
+ }
+ }
+ }
+
+ /** clear query lists*/
+ resourceAttributesQuery.clear();
+ environmentAttributesQuery.clear();
+ subjectAttributesQuery.clear();
+ functionParamAttributesQuery.clear();
+ widgetParamAttributesQuery.clear();
+
+ return subjectReturn | resourceReturn | operationReturn | functionReturn;
+}
+
+/** create query lists */
+void PolicyInformationPoint::createQueries(AttributeSet* attributes)
+{
+ AttributeSet::const_iterator it;
+
+ enum Attribute::Type type;
+
+ /**iterate all attributes and split them into adequate query */
+ FOREACH (it, *attributes) {
+ type = (*it)->getType();
+
+ switch (type) {
+ case Attribute::Type::Subject:
+ subjectAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
+ (*it)->getValue()));
+ break;
+
+ case Attribute::Type::Environment:
+ environmentAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
+ (*it)->getValue()));
+ break;
+
+ case Attribute::Type::Resource:
+ resourceAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
+ (*it)->getValue()));
+ break;
+
+ case Attribute::Type::FunctionParam:
+ functionParamAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
+ (*it)->getValue()));
+ break;
+
+ case Attribute::Type::WidgetParam:
+ widgetParamAttributesQuery.push_back(ATTRIBUTE((*it)->getName(),
+ (*it)->getValue()));
+ break;
+ default:
+ break;
+ }
+ }
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : Rule.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#include <iostream>
+#include <dpl/log/log.h>
+
+#include <ace/Rule.h>
+
+void Rule::printData()
+{
+ std::cout << "Rule: effect: " << printEffect(this->effect) <<
+ " condition: " << this->condition;
+}
+
+std::string Rule::printEffect(const ExtendedEffect &effect) const
+{
+ switch (effect.getEffect()) {
+ case Deny:
+ return "Deny";
+ case PromptBlanket:
+ return "PromptBlanket";
+ case PromptOneShot:
+ return "PromptOneShot";
+ case PromptSession:
+ return "PromptSession";
+ case Permit:
+ return "Permit";
+ case Inapplicable:
+ return "Inapplicable";
+ case Error:
+ return "Error";
+ default:
+ return "ERROR";
+ }
+}
+
+ExtendedEffect Rule::evaluateRule(const AttributeSet * attrSet) const
+{
+ Attribute::MatchResult result = condition.evaluateCondition(attrSet);
+
+ if (result == Attribute::MatchResult::MRUndetermined) {
+ // LogInfo("Rule is undetermined");
+ return ExtendedEffect(Undetermined);
+ } else if (result == Attribute::MatchResult::MRTrue) {
+ // LogInfo("Rule effect "<<printEffect(effect));
+ return effect;
+ }
+ // LogInfo("Rule is inapplicable");
+ return Inapplicable;
+}
+
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file SettingsLogic.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 0.1
+ * @brief SettingsLogic implementation
+ */
+
+#include <ace/SettingsLogic.h>
+
+#include <dpl/log/log.h>
+#include <dpl/foreach.h>
+
+#include <ace/Preference.h>
+
+using namespace AceDB;
+
+Preference SettingsLogic::findGlobalUserSettings(
+ const std::string &resource,
+ WidgetHandle handler)
+{
+ Preference p = AceDAO::getWidgetDevCapSetting(resource, handler);
+ if (PreferenceTypes::PREFERENCE_DEFAULT == p) {
+ return AceDAO::getDevCapSetting(resource);
+ } else {
+ return p;
+ }
+}
+
+Preference SettingsLogic::findGlobalUserSettings(
+ const Request &request)
+{
+ Request::DeviceCapabilitySet devset = request.getDeviceCapabilitySet();
+ Assert(!devset.empty() && "No device cap set in request");
+ return findGlobalUserSettings(
+ *(devset.begin()),
+ request.getWidgetHandle());
+}
+
+Preference SettingsLogic::getDevCapSetting(const std::string &resource)
+{
+ return AceDAO::getDevCapSetting(resource);
+}
+
+void SettingsLogic::getDevCapSettings(PreferenceMap *globalSettingsMap)
+{
+ AceDAO::getDevCapSettings(globalSettingsMap); // NULL check inside
+}
+
+
+void SettingsLogic::setDevCapSetting(const std::string &resource,
+ Preference preference)
+{
+ if (resource.empty()) {
+ LogInfo("WARNING: setting resource settings for empty resource name");
+ }
+
+ AceDAO::addResource(resource);
+
+ if (preference == PreferenceTypes::PREFERENCE_DEFAULT) {
+ return;
+ }
+
+ Assert((PreferenceTypes::PREFERENCE_PERMIT == preference ||
+ PreferenceTypes::PREFERENCE_DENY == preference ||
+ PreferenceTypes::PREFERENCE_BLANKET_PROMPT == preference ||
+ PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT == preference ||
+ PreferenceTypes::PREFERENCE_SESSION_PROMPT == preference));
+
+ AceDAO::setDevCapSetting(resource,preference);
+}
+
+void SettingsLogic::setAllDevCapSettings(
+ const std::list < std::pair < const std::string*,
+ Preference > > &resourcesList)
+{
+ std::list < std::pair < const std::string*,
+ Preference > >::const_iterator iter;
+ for (iter = resourcesList.begin(); iter != resourcesList.end(); ++iter) {
+ SettingsLogic::setDevCapSetting(*(iter->first), iter->second);
+ }
+}
+
+void SettingsLogic::removeDevCapSetting(const std::string &resource)
+{
+ AceDAO::removeDevCapSetting(resource);
+}
+
+void SettingsLogic::updateDevCapSetting(const std::string &resource,
+ Preference p)
+{
+ if (PreferenceTypes::PREFERENCE_DEFAULT == p) {
+ SettingsLogic::removeDevCapSetting(resource);
+ } else {
+ SettingsLogic::setDevCapSetting(resource, p);
+ }
+}
+
+Preference SettingsLogic::getWidgetDevCapSetting(
+ const std::string &resource,
+ WidgetHandle handler)
+{
+ return AceDAO::getWidgetDevCapSetting(resource, handler);
+}
+
+void SettingsLogic::getWidgetDevCapSettings(PermissionList *outputList)
+{
+ AceDAO::getWidgetDevCapSettings(outputList); // NULL check inside
+}
+
+
+void SettingsLogic::setWidgetDevCapSetting(
+ const std::string &resource,
+ WidgetHandle handler,
+ Preference preference)
+{
+ if (resource.empty()) {
+ LogError("Empty resource");
+ return;
+ }
+
+ LogDebug("userSetting, resource: " << resource <<
+ " app_id: " << handler);
+
+ AceDAO::addResource(resource);
+ SettingsLogic::removeWidgetDevCapSetting(resource, handler);
+
+ if (PreferenceTypes::PREFERENCE_DEFAULT == preference) {
+ return;
+ }
+
+ Assert((PreferenceTypes::PREFERENCE_PERMIT == preference ||
+ PreferenceTypes::PREFERENCE_DENY == preference ||
+ PreferenceTypes::PREFERENCE_BLANKET_PROMPT == preference ||
+ PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT == preference ||
+ PreferenceTypes::PREFERENCE_SESSION_PROMPT == preference));
+
+ AceDAO::setWidgetDevCapSetting(resource, handler, preference);
+}
+
+
+void SettingsLogic::setWidgetDevCapSettings(const PermissionList &permissionsList)
+{
+ FOREACH(i, permissionsList) {
+ SettingsLogic::setWidgetDevCapSetting(i->devCap,
+ i->appId,
+ i->access);
+ }
+}
+
+
+void SettingsLogic::removeWidgetDevCapSetting(const std::string &resource,
+ WidgetHandle handler)
+{
+ AceDAO::removeWidgetDevCapSetting(resource, handler);
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <dpl/log/log.h>
+#include <dpl/foreach.h>
+
+#include <ace/Subject.h>
+
+bool Subject::matchSubject(const AttributeSet *attrSet,
+ bool &isUndetermined) const
+{
+ bool result = true;
+ Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined;
+
+ FOREACH(it, targetAttributes)
+ {
+ AttributeSet::const_iterator attr =
+ std::find_if(attrSet->begin(),
+ attrSet->end(),
+ AceDB::BaseAttribute::UnaryPredicate(&(*it)));
+ if (attr == attrSet->end()) {
+ LogError("Cannot find attribute value for " << *(it->getName()));
+ Assert(false &&
+ "Attribute for subject hasn't been found."
+ "It shoud not happen. This attribute should be undetermined,"
+ "not missing");
+ result = false; //According to BONDI 1.0 for signle subject all attributes must match
+ isUndetermined = true;
+ break;
+ }
+
+ match = it->matchAttributes(&(*(*attr)));
+
+ if (match == Attribute::MatchResult::MRUndetermined) {
+ result = false;
+ isUndetermined = true;
+ /// LogError("Subject doesn match and UNDETERMINED");
+ break; //According to BONDI 1.0 for signle subject all attributes must match
+ } else if (match == Attribute::MatchResult::MRFalse) {
+ result = false;
+ // LogError("Subject doesn match and DETERMINED");
+ break; //According to BONDI 1.0 for signle subject all attributes must match
+ }
+ }
+
+ return result;
+}
+
+const std::list<Attribute>& Subject::getTargetAttributes() const
+{
+ return targetAttributes;
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <ace/TreeNode.h>
+#include <dpl/assert.h>
+#include <dpl/log/log.h>
+
+//Tree node destructor is a tricky part, only the original tree should remove the elements
+//release resources should be called when we want to destroy the whole tree
+TreeNode::~TreeNode()
+{
+}
+
+//TODO release resources is releaseTheSubtree and delete the element
+void TreeNode::releaseResources()
+{
+ Assert(this != 0);
+ delete element;
+ std::list<TreeNode*>::iterator it = this->children.begin();
+ while (it != children.end()) {
+ (*it)->releaseResources();
+ ++it;
+ }
+ delete this;
+}
+
+int TreeNode::level = 0;
+
+std::ostream & operator<<(std::ostream & out,
+ const TreeNode * node)
+{
+ std::string tmp;
+
+ switch (node->getTypeID()) {
+ case TreeNode::Policy:
+ tmp = "Policy";
+ break;
+ case TreeNode::PolicySet:
+ tmp = "PolicySet";
+ break;
+ case TreeNode::Rule:
+ tmp = "Rule";
+ break;
+ default:
+ break;
+ }
+
+ out << "" << tmp << "-> children count: " << node->children.size() <<
+ ": " << std::endl;
+ AbstractTreeElement * el = node->getElement();
+ if (el != NULL) {
+ el->printData();
+ } else {
+ std::cout << "Empty element!" << std::endl;
+ }
+
+ return out;
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <memory>
+#include <functional>
+#include <string.h>
+#include <stdarg.h>
+#include <dpl/log/log.h>
+
+#include <ace/parser.h>
+#include <string.h>
+
+namespace {
+
+class ParserWarningLogger
+{
+ public:
+ void operator()(const std::string& logMsg)
+ {
+ LogWarning(logMsg);
+ }
+};
+
+class ParserErrorLogger
+{
+ public:
+ void operator()(const std::string& logMsg)
+ {
+ LogError(logMsg);
+ }
+};
+
+template <class Logger>
+void xmlLogFunction(void* /*ctx*/, const char *msg, ...)
+{
+ const int BUFFER_SIZE = 1024;
+ char buffer[BUFFER_SIZE];
+ buffer[BUFFER_SIZE - 1] = '\0';
+ Logger l;
+
+ va_list va;
+ va_start(va, msg);
+ vsnprintf(buffer, BUFFER_SIZE - 1, msg, va);
+ va_end(va);
+
+ std::string logmsg(buffer);
+ l(logmsg);
+}
+
+}
+
+const char *Parser::TOKEN_PARAM = "param:";
+
+Parser::Parser() :
+ ruleId(0),
+ reader(NULL),
+ root(NULL),
+ currentRoot(NULL),
+ currentSubject(NULL),
+ currentCondition(NULL),
+ currentAttribute(NULL),
+ currentText(NULL),
+ processingSignature(false),
+ canonicalizeOnce(false)
+{
+ processingSignature = true;
+ canonicalizeOnce = true;
+}
+
+Parser::~Parser()
+{
+ /* parse function destroys reader */
+ // free(this->xmlFilename);
+}
+
+TreeNode* Parser::parse(const std::string& filename, const std::string& schema)
+{
+ if(root != NULL) {
+ root->releaseResources();
+ root = NULL;
+ }
+
+ LogDebug("Parser: opening file " << filename);
+
+ xmlDocPtr xmlDocument = xmlParseFile(filename.c_str());
+ if (!xmlDocument) {
+ LogError("Couldn't parse file " << filename);
+ return root;
+ }
+
+ std::unique_ptr <xmlDoc, std::function<void(xmlDoc*)> >
+ doc(xmlDocument, xmlFreeDoc);
+
+ xmlSchemaParserCtxtPtr xmlSchemaParserContext =
+ xmlSchemaNewParserCtxt(schema.c_str());
+
+ if (!xmlSchemaParserContext) {
+ LogError("Couldn't load xml schema: " << schema);
+ return root;
+ }
+
+ std::unique_ptr <
+ xmlSchemaParserCtxt,
+ std::function<void(xmlSchemaParserCtxt*)> >
+ schemaContext(
+ xmlSchemaParserContext,
+ xmlSchemaFreeParserCtxt);
+
+ LogDebug("Setting callbacks");
+
+ xmlSchemaSetParserErrors(
+ schemaContext.get(),
+ static_cast<xmlValidityErrorFunc>
+ (&xmlLogFunction<ParserErrorLogger>),
+ static_cast<xmlValidityWarningFunc>
+ (&xmlLogFunction<ParserWarningLogger>),
+ NULL);
+
+ xmlSchemaPtr xmlSchema = xmlSchemaParse(schemaContext.get());
+
+ if (!xmlSchema) {
+ LogError("Couldn't parse xml schema: " << xmlSchema);
+ return root;
+ }
+
+ xmlSchemaValidCtxtPtr xmlValidContext = xmlSchemaNewValidCtxt(xmlSchema);
+
+ if (!xmlValidContext) {
+ LogError("Couldn't create validation context!");
+ return root;
+ }
+
+ std::unique_ptr <
+ xmlSchemaValidCtxt,
+ std::function<void(xmlSchemaValidCtxt*)> >
+ schemaValidContext(
+ xmlValidContext,
+ xmlSchemaFreeValidCtxt);
+
+ xmlSchemaSetValidErrors(
+ schemaValidContext.get(),
+ static_cast<xmlValidityErrorFunc>
+ (&xmlLogFunction<ParserErrorLogger>),
+ static_cast<xmlValidityWarningFunc>
+ (&xmlLogFunction<ParserWarningLogger>),
+ NULL);
+
+ xmlSchemaSetValidOptions(
+ schemaValidContext.get(),
+ XML_SCHEMA_VAL_VC_I_CREATE);
+
+ bool result =
+ (xmlSchemaValidateDoc(
+ schemaValidContext.get(),
+ xmlDocument) == 0 ? true : false);
+
+ if (!result) {
+ LogError("Couldn't validate policy file: " << filename <<
+ " against xml schema: " << schema);
+
+ return root;
+ }
+
+ LogInfo("Policy file: " << filename << " validated!");
+
+ xmlTextReaderPtr xmlReader = xmlReaderWalker(xmlDocument);
+
+ //[CR] consider using ASSERT/DASSERT
+ if (NULL == xmlReader) {
+ LogError("Error, xml reader cannot be created. Probably xml file is missing (opening file " << filename << ")");
+ return root;
+ }
+
+ std::unique_ptr <xmlTextReader, std::function<void(xmlTextReader*)> >
+ reader(xmlReader, xmlFreeTextReader);
+
+ int ret;
+ ret = xmlTextReaderRead(reader.get());
+ while (ret == 1) {
+ std::unique_ptr<xmlChar, std::function<void(xmlChar*)> >
+ name(xmlTextReaderName(reader.get()), xmlFree);
+
+ if (!strcmp("policy-set", (const char *)name.get())) {
+ processingSignature = false;
+ } else if (!strcmp("SignedInfo",
+ (const char *)name.get()) && canonicalizeOnce) {
+ #if 0 //TODO I think we don't need canonicalization in ACE only in PM,
+ //we have to verify it tough
+ extractNodeToFile(reader, "output.xml");
+ //TODO we should be able to handle more than one canonicalization algorithm
+ canonicalize("output.xml", "canon.xml", Canonicalization::C14N);
+ canonicalizeOnce = false;
+ #endif
+ }
+ //Do not process signature of xml file
+ if(!processingSignature) {
+ processNode(reader.get());
+ }
+ ret = xmlTextReaderRead(reader.get());
+ }
+
+ if (ret != 0) {
+ LogError("Error while parsing XML file");
+ if (root) {
+ root->releaseResources();
+ root = NULL;
+ }
+ }
+
+ return root;
+}
+
+void Parser::processNode(xmlTextReaderPtr reader)
+{
+ //TODO this is interesting, xmlTextReaderNodeType returns int but I am pretty sure
+ //those integers coresponds to xmlReaderTypes
+ xmlReaderTypes type =
+ static_cast<xmlReaderTypes>(xmlTextReaderNodeType(reader));
+
+ switch (type) {
+ //Start element
+ case XML_READER_TYPE_ELEMENT:
+ startNodeHandler(reader);
+ break;
+ //End element
+ case XML_READER_TYPE_END_ELEMENT:
+ endNodeHandler(reader);
+ break;
+ //Text element
+ case XML_READER_TYPE_TEXT:
+ textNodeHandler(reader);
+ break;
+ default:
+ //Do not handle other xml tags
+ break;
+ }
+}
+
+void Parser::startNodeHandler(xmlTextReaderPtr reader)
+{
+ xmlChar *name = xmlTextReaderName(reader);
+
+ switch (*name) {
+ case 'p': //policy and policy-set
+ if (*(name + 6) == 0) {
+ handlePolicy(reader, TreeNode::Policy);
+ } else {
+ handlePolicy(reader, TreeNode::PolicySet);
+ }
+ break;
+ case 'r': //rule and resource-match
+ if (*(name + 1) == 'u') {
+ handleRule(reader);
+ } else if (*(name + 9) == 'm') {
+ handleMatch(reader, Attribute::Type::Resource);
+ } else {
+ handleAttr(reader);
+ }
+ break;
+ case 's': //subject and subject-match
+ if (*(name + 7) == 0) {
+ handleSubject();
+ } else if (*(name + 8) == 'm') { //subject match
+ handleSubjectMatch(reader);
+ } else { //subject attr
+ handleAttr(reader);
+ }
+ break;
+ case 'c': //condition
+ handleCondition(reader);
+ break;
+ case 'e': //environment-match
+ if (*(name + 12) == 'm') {
+ handleMatch(reader, Attribute::Type::Environment);
+ } else { //env-attr
+ handleAttr(reader);
+ }
+ break;
+ }
+ xmlFree(name);
+}
+
+void Parser::endNodeHandler(xmlTextReaderPtr reader)
+{
+ xmlChar *name = xmlTextReaderName(reader);
+
+ switch (*name) {
+ case 'p': //policy and policy-set
+ //Restore old root
+ currentRoot = currentRoot->getParent();
+ break;
+ case 'r': //Rule and resource match
+ if (*(name + 1) == 'u') { //Rule
+ currentRoot = currentRoot->getParent();
+ } else { //Resource-match
+ consumeCurrentText(); //consume text if any available
+ consumeCurrentAttribute(); //consume attribute
+ }
+ break;
+ case 's': //subject and subject-match
+ if (*(name + 7) == 0) { //handle subject
+ consumeCurrentSubject();
+ } else if (*(name + 8) == 'm') { //handle subject match
+ consumeCurrentText();
+ consumeSubjectMatch();
+ }
+ //Subject-match end doesn't require handling
+ break;
+ case 'c': //condition
+ consumeCurrentCondition();
+ break;
+ case 'e': //environment-match
+ consumeCurrentText(); //consume text if any available
+ consumeCurrentAttribute(); //consume attribute
+ break;
+ }
+ xmlFree(name);
+}
+
+void Parser::textNodeHandler(xmlTextReaderPtr reader)
+{
+ delete currentText;
+ xmlChar * text = xmlTextReaderValue(reader);
+ Assert(text != NULL && "Parser couldn't parse PCDATA");
+
+ currentText = new std::string(reinterpret_cast<const char * >(text));
+ trim(currentText);
+ xmlFree(text);
+}
+
+void Parser::handlePolicy(xmlTextReaderPtr reader,
+ TreeNode::TypeID type)
+{
+ Policy::CombineAlgorithm algorithm;
+
+ //Get first attribute
+ xmlChar * combAlg = xmlTextReaderGetAttribute(reader, BAD_CAST("combine"));
+
+ Assert(combAlg != NULL && "Parser error while getting attributes");
+ algorithm = convertToCombineAlgorithm(combAlg);
+
+ //Create TreeNode element
+ Policy * policy = NULL;
+ if (type == TreeNode::Policy) {
+ policy = new Policy();
+ } else {
+ policy = new PolicySet();
+ }
+ policy->setCombineAlgorithm(algorithm);
+ TreeNode * node = new TreeNode(currentRoot, type, policy);
+ //Add new tree node to current's root children set
+ if (currentRoot != NULL) {
+ currentRoot->addChild(node);
+ }
+
+ //Switch the current root to the new node
+ if (!xmlTextReaderIsEmptyElement(reader)) {
+ //Current root switching is necessary only if tag is not empty
+ currentRoot = node;
+ }
+ if (root == NULL) {
+ root = currentRoot;
+ }
+
+ if (NULL == currentRoot) {
+ node->releaseResources();
+ }
+
+ xmlFree(combAlg);
+}
+
+void Parser::handleRule(xmlTextReaderPtr reader)
+{
+ ExtendedEffect effect(Inapplicable);
+
+ //[CR] create macros for attribute names
+ xmlChar * eff = xmlTextReaderGetAttribute(reader, BAD_CAST("effect")); //get the rule attribute
+
+ Assert(eff != NULL && "Parser error while getting attributes");
+ effect = convertToEffect(eff);
+
+ Rule * rule = NULL;
+ rule = new Rule();
+ rule->setEffect(effect);
+
+ TreeNode * node = new TreeNode(currentRoot, TreeNode::Rule, rule);
+ //Add new tree node to current's root children set
+ if (currentRoot != NULL) { //
+ currentRoot->addChild(node);
+ }
+
+ if (!xmlTextReaderIsEmptyElement(reader)) {
+ currentRoot = node;
+ }
+
+ if (NULL == currentRoot) {
+ node->releaseResources();
+ }
+
+ xmlFree(eff);
+}
+
+void Parser::handleSubject()
+{
+ currentSubject = new Subject();
+ //TODO what about empty subject tag
+}
+
+void Parser::handleCondition(xmlTextReaderPtr reader)
+{
+ Condition::CombineType combineType = Condition::AND;
+
+ xmlChar * combine = xmlTextReaderGetAttribute(reader, BAD_CAST("combine")); //get the rule attribute
+
+ Assert(combine != NULL && "Parser error while getting attributes");
+
+ combineType = *combine == 'a' ? Condition::AND : Condition::OR;
+
+ Condition * condition = new Condition();
+ condition->setCombineType(combineType);
+ condition->setParent(currentCondition);
+
+ currentCondition = condition;
+ //TODO what about empty condition tag?
+}
+
+//Subject match is handled differently than resource or environment match
+//Because it cannot have any children tags and can only include PCDATA
+void Parser::handleSubjectMatch(xmlTextReaderPtr reader)
+{
+ //processing Subject
+ int attributes = xmlTextReaderAttributeCount(reader);
+
+ xmlChar * func = NULL;
+ xmlChar * value = NULL;
+ xmlChar * attrName = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute
+
+ if (attributes == 2) {
+ //match attribute ommited, text value will be used
+ func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
+ } else if (attributes == 3) {
+ value = xmlTextReaderGetAttribute(reader, BAD_CAST("match"));
+ func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
+ } else {
+ Assert(false && "Wrong XML file format");
+ }
+
+ // creating temporiary object is not good idea
+ // but we have no choice untill Attribute have constructor taking std::string*
+ std::string temp(reinterpret_cast<const char *>(attrName));
+ Attribute * attr = new Attribute(&temp, convertToMatchFunction(
+ func), Attribute::Type::Subject);
+ if (value != NULL) { //add value of the attribute if possible
+ //[CR] consider create Attribute::addValue(char *) function
+ std::string temp(reinterpret_cast<const char *>(value));
+ attr->addValue(&temp);
+ }
+ currentAttribute = attr;
+
+ if (xmlTextReaderIsEmptyElement(reader)) {
+ Assert(value != NULL && "XML file format is wrong");
+ //Attribute value is required to obtain the match value easier
+ consumeSubjectMatch(value);
+ }
+
+ if (attributes == 2 || attributes == 3) {
+ xmlFree(func);
+ }
+ xmlFree(value);
+ xmlFree(attrName);
+}
+
+void Parser::handleMatch(xmlTextReaderPtr reader,
+ Attribute::Type type)
+{
+ int attributes = xmlTextReaderAttributeCount(reader);
+
+ xmlChar * func = NULL;
+ xmlChar * value = NULL;
+ xmlChar * attrName = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute
+
+ if (attributes == 2) {
+ //match attribute ommited, text value will be used
+ func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
+ //the content may be resource-attr or PCDATA
+ } else if (attributes == 3) {
+ value = xmlTextReaderGetAttribute(reader, BAD_CAST("match"));
+ func = xmlTextReaderGetAttribute(reader, BAD_CAST("func"));
+ } else {
+ Assert(false && "Wrong XML file format");
+ }
+
+ // FunctionParam type is sybtype of Resource.
+ // FunctionParam is used to storage attriburess of call functions.
+ if (0 ==
+ xmlStrncmp(attrName, BAD_CAST(TOKEN_PARAM),
+ xmlStrlen(BAD_CAST(TOKEN_PARAM))) && type ==
+ Attribute::Type::Resource) {
+ type = Attribute::Type::FunctionParam;
+ }
+
+ std::string temp(reinterpret_cast<const char*>(attrName));
+ Attribute * attr = new Attribute(&temp, convertToMatchFunction(func), type);
+ currentAttribute = attr;
+
+ if (xmlTextReaderIsEmptyElement(reader)) {
+ Assert(value != NULL && "XML is currupted");
+ std::string tempVal(reinterpret_cast<const char*>(value));
+ currentAttribute->addValue(&tempVal);
+ consumeCurrentAttribute();
+ }
+
+ if (attributes == 2 || attributes == 3) {
+ xmlFree(func);
+ }
+ xmlFree(value);
+ xmlFree(attrName);
+}
+
+Policy::CombineAlgorithm Parser::convertToCombineAlgorithm(xmlChar* algorithm)
+{
+ switch (*algorithm) {
+ case 'f':
+ if (*(algorithm + 6) == 'a') { //first applicable
+ return Policy::FirstApplicable;
+ }
+ return Policy::FirstTargetMatching;
+ case 'd':
+ return Policy::DenyOverride;
+ case 'p':
+ return Policy::PermitOverride;
+ default:
+ Assert(false && "Wrong combine algorithm name");
+ return Policy::DenyOverride;
+ }
+}
+
+ExtendedEffect Parser::convertToEffect(xmlChar *effect)
+{
+ switch (*effect) {
+ case 'd': //deny
+ return Deny;
+ break;
+ case 'p':
+ //permit, prompt-blanket, prompt-session, prompt-oneshot
+ if (*(effect + 1) == 'e') {
+ return ExtendedEffect(Permit, ruleId++);
+ }
+ switch (*(effect + 7)) {
+ case 'b':
+ return ExtendedEffect(PromptBlanket, ruleId++);
+ case 's':
+ return ExtendedEffect(PromptSession, ruleId++);
+ case 'o':
+ return ExtendedEffect(PromptOneShot, ruleId++);
+ default:
+ Assert(false && "Effect is Error");
+ return ExtendedEffect();
+ }
+ break;
+ default:
+ Assert(false && "Effect is Error");
+ return ExtendedEffect();
+ }
+ return ExtendedEffect(Inapplicable);
+}
+
+Attribute::Match Parser::convertToMatchFunction(xmlChar * func)
+{
+ if (func == NULL) {
+ LogError("[ERROR] match function value is NULL");
+ return Attribute::Match::Error;
+ }
+
+ if (*func == 'g') {
+ return Attribute::Match::Glob;
+ } else if (*func == 'e') {
+ return Attribute::Match::Equal;
+ } else if (*func == 'r') {
+ return Attribute::Match::Regexp;
+ } else {
+ LogError("[ERROR] match function value is NULL");
+ return Attribute::Match::Error;
+ }
+ Assert(false);
+}
+
+void Parser::handleAttr(xmlTextReaderPtr reader)
+{
+ xmlChar * attrValue = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute
+ Assert(attrValue != NULL && "Error while obtaining attribute");
+
+ std::string temp(reinterpret_cast<const char*>(attrValue));
+ currentAttribute->addValue(&temp);
+
+ xmlFree(attrValue);
+}
+
+void Parser::consumeCurrentText()
+{
+ Assert(currentText != NULL);
+ currentAttribute->addValue(currentText);
+ delete currentText;
+
+ currentText = NULL;
+}
+
+void Parser::consumeCurrentAttribute()
+{
+ Assert(currentAttribute != NULL);
+
+ currentCondition->addAttribute(*currentAttribute);
+ delete currentAttribute;
+
+ currentAttribute = NULL;
+}
+
+void Parser::consumeCurrentSubject()
+{
+ Policy * policy = dynamic_cast<Policy *>(currentRoot->getElement());
+ Assert(policy != NULL);
+ policy->addSubject(currentSubject);
+ //TODO maybe keep subjects not subject pointers in Policies and consume subjects here
+ currentSubject = NULL;
+}
+
+void Parser::consumeCurrentCondition()
+{
+ Condition * temp = NULL;
+ if (currentCondition != NULL) {
+ if (currentCondition->getParent() != NULL) { //Condition is a child of another condition
+ currentCondition->getParent()->addCondition(*currentCondition);
+ } else { //Condition parent is a Rule
+ Rule * rule = dynamic_cast<Rule *>(currentRoot->getElement());
+ Assert(rule != NULL);
+ rule->setCondition(*currentCondition);
+ }
+ temp = currentCondition->getParent();
+ delete currentCondition;
+ }
+ currentCondition = temp; //switch current condition ( it may be switched to NULL if condition's parent was rule
+}
+
+void Parser::consumeSubjectMatch(xmlChar * value)
+{
+ Assert(
+ currentAttribute != NULL &&
+ "consuming subject match without attribute set");
+
+ if (currentSubject != NULL) {
+ currentSubject->addNewAttribute(*currentAttribute);
+ //[CR] matching/modyfing functions transform uri.host to uri ( etc. ) so strncmp is not needed, string equality will do
+ if (!strncmp(currentAttribute->getName()->c_str(), "uri",
+ 3) ||
+ !strncmp(currentAttribute->getName()->c_str(), "id", 2)) {
+ if (value != NULL) {
+ currentSubject->setSubjectId(reinterpret_cast<const char *>(
+ value));
+ } else if (currentAttribute->getValue()->size()) {
+ currentSubject->setSubjectId(
+ currentAttribute->getValue()->front());
+ } else {
+ Assert(false);
+ }
+ }
+ } else if (currentCondition != NULL) {
+ currentCondition->addAttribute(*currentAttribute);
+ }
+
+ delete currentAttribute;
+ currentAttribute = NULL;
+}
+
+void Parser::trim(std::string * str)
+{
+ std::string::size_type pos = str->find_last_not_of(whitespaces);
+ if (pos != std::string::npos) {
+ str->erase(pos + 1);
+ pos = str->find_first_not_of(whitespaces);
+ if (pos != std::string::npos) {
+ str->erase(0, pos);
+ }
+ } else {
+ str->erase(str->begin(), str->end());
+ LogInfo("Warning, empty string as attribute value");
+ }
+}
+
+// KW void Parser::canonicalize(const char * input, const char * output, CanonicalizationAlgorithm canonicalizationAlgorithm){
+// KW
+// KW xmlDocPtr doc = xmlParseFile(input);
+// KW //xmlDocDump(stdout, doc);
+// KW
+// KW if(doc == NULL)
+// KW {
+// KW LogError("Canonicalization error, cannot parser xml file");
+// KW }
+// KW
+// KW
+// KW int mode = -1;
+// KW if(canonicalizationAlgorithm == C14N)
+// KW {
+// KW mode = 0;
+// KW }
+// KW else if(canonicalizationAlgorithm == C14NEXCLUSIVE)
+// KW {
+// KW mode = 1;
+// KW }
+// KW
+// KW
+// KW xmlC14NDocSave(doc, NULL, mode, NULL, 0, output, 0);
+// KW
+// KW xmlFreeDoc(doc);
+// KW
+// KW }
+
+// KW int Parser::extractNodeToFile(xmlTextReaderPtr reader, const char * filename){
+// KW
+// KW xmlNodePtr node = xmlTextReaderExpand(reader);
+// KW xmlBufferPtr buff = xmlBufferCreate();
+// KW xmlNodeDump(buff, node->doc, node, 0, 0);
+// KW FILE * file = fopen(filename, "w");
+// KW if(file == NULL){
+// KW LogError("Error while trying to open file "<<filename);
+// KW return -1;
+// KW }
+// KW int ret = xmlBufferDump(file, buff);
+// KW fclose(file);
+// KW xmlBufferFree(buff);
+// KW return ret;
+// KW
+// KW }
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file AceDAOConversions.h
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef WRT_ACE_DAO_CONVERSIONS_H_
+#define WRT_ACE_DAO_CONVERSIONS_H_
+
+#include <dpl/string.h>
+#include <ace-dao-ro/BaseAttribute.h>
+
+namespace AceDB {
+namespace AceDaoConversions {
+
+DPL::String convertToHash(const BaseAttributeSet &attributes);
+
+}
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file AceDAOReadOnly.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef ACE_DAO_READ_ONLY_H_
+#define ACE_DAO_READ_ONLY_H_
+
+#include <map>
+
+#include <openssl/md5.h>
+#include <dpl/string.h>
+#include <dpl/exception.h>
+#include <ace-dao-ro/PreferenceTypes.h>
+#include <ace-dao-ro/BaseAttribute.h>
+#include <ace-dao-ro/BasePermission.h>
+#include <ace-dao-ro/AppTypes.h>
+#include <ace-dao-ro/IRequest.h>
+#include <ace/PolicyEffect.h>
+#include <ace/PolicyResult.h>
+#include <ace/PromptDecision.h>
+#include <ace-dao-ro/common_dao_types.h>
+
+namespace AceDB {
+
+typedef std::map<DPL::String, bool> RequestedDevCapsMap;
+typedef DPL::String FeatureName;
+typedef std::vector<FeatureName> FeatureNameVector;
+
+class AceDAOReadOnly
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, DatabaseError)
+ };
+
+ AceDAOReadOnly() {}
+
+ static void attachToThreadRO(void);
+ static void attachToThreadRW(void);
+ static void detachFromThread(void);
+
+ // policy effect/decision
+ static OptionalExtendedPolicyResult getPolicyResult(
+ const BaseAttributeSet &attributes);
+
+ static OptionalExtendedPolicyResult getPolicyResult(
+ const DPL::String &attrHash);
+
+ static OptionalCachedPromptDecision getPromptDecision(
+ WidgetHandle widgetHandle,
+ int ruleId);
+
+ // resource settings
+ static PreferenceTypes getDevCapSetting(const std::string &resource);
+ static void getDevCapSettings(PreferenceTypesMap *preferences);
+
+ // user settings
+ static void getWidgetDevCapSettings(BasePermissionList *permissions);
+ static PreferenceTypes getWidgetDevCapSetting(
+ const std::string &resource,
+ WidgetHandle handler);
+
+ static void getAttributes(BaseAttributeSet *attributes);
+
+ // Getter for device capabilities that are requested in widgets config.
+ //
+ // Additional boolean flag means whether widget will always get
+ // (at launch) the SMACK permissions needed to use the device cap).
+ //
+ // 'permissions' is the map of device cap names and smack status for
+ // given widget handle.
+ static void getRequestedDevCaps(
+ WidgetHandle widgetHandle,
+ RequestedDevCapsMap *permissions);
+
+ static void getAcceptedFeature(
+ WidgetHandle widgetHandle,
+ FeatureNameVector *featureVector);
+
+ static WidgetHandleList getHandleList();
+
+ static AppTypes getWidgetType(WidgetHandle handle);
+ static std::string getVersion(WidgetHandle widgetHandle);
+ static std::string getAuthorName(WidgetHandle widgetHandle);
+ static std::string getGUID(WidgetHandle widgetHandle);
+
+ static WidgetCertificateCNList getKeyCommonNameList(
+ WidgetHandle widgetHandle,
+ WidgetCertificateData::Owner owner,
+ WidgetCertificateData::Type type);
+ static FingerPrintList getKeyFingerprints(
+ WidgetHandle widgetHandle,
+ WidgetCertificateData::Owner owner,
+ WidgetCertificateData::Type type);
+
+ static std::string getShareHref(WidgetHandle widgetHandle);
+ static bool isWidgetInstalled(WidgetHandle handle);
+
+ protected:
+ static int promptDecisionToInt(PromptDecision decision);
+ static PromptDecision intToPromptDecision(int decision);
+ static int appTypeToInt(AppTypes app_type);
+ static AppTypes intToAppType(int app_type);
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file AceDAOUtil.h
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef WRT_ACE_DAO_UTILITIES_H_
+#define WRT_ACE_DAO_UTILITIES_H_
+
+#include <dpl/db/thread_database_support.h>
+#include <ace-dao-ro/BaseAttribute.h>
+#include <ace-dao-ro/PreferenceTypes.h>
+#include <ace-dao-ro/VerdictTypes.h>
+#include <orm_generator_ace.h>
+
+namespace AceDB {
+
+namespace AceDaoUtilities {
+
+BaseAttribute::Type intToAttributeType(int val);
+int attributeTypeToInt(BaseAttribute::Type type);
+int preferenceToInt(PreferenceTypes p);
+PreferenceTypes intToPreference(int p);
+VerdictTypes intToVerdict(int v);
+int verdictToInt(VerdictTypes v);
+bool getSubjectByUri(const std::string &uri,
+ DPL::DB::ORM::ace::AceSubject::Row &row);
+bool getResourceByUri(const std::string &uri,
+ DPL::DB::ORM::ace::AceDevCap::Row &row);
+
+extern DPL::DB::ThreadDatabaseSupport m_databaseInterface;
+
+}
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file AceDatabase.h
+ * @author Lukasz Marek (l.marek@samsung.com)
+ * @version 1.0
+ * @brief This file contains the declaration of ace database
+ */
+
+#ifndef WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H
+#define WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H
+
+#include <dpl/thread.h>
+#include <dpl/mutex.h>
+
+extern DPL::Mutex g_aceDbQueriesMutex;
+
+#define ACE_DB_INTERNAL(tlsCommand, InternalType, interface) \
+ static DPL::ThreadLocalVariable<InternalType> *tlsCommand ## Ptr = NULL; \
+ { \
+ DPL::Mutex::ScopedLock lock(&g_aceDbQueriesMutex); \
+ if (!tlsCommand ## Ptr) { \
+ static DPL::ThreadLocalVariable<InternalType> tmp; \
+ tlsCommand ## Ptr = &tmp; \
+ } \
+ } \
+ DPL::ThreadLocalVariable<InternalType> &tlsCommand = *tlsCommand ## Ptr; \
+ if (tlsCommand.IsNull()) { tlsCommand = InternalType(interface); }
+
+#define ACE_DB_SELECT(name, type, interface) \
+ ACE_DB_INTERNAL(name, type::Select, interface)
+
+#define ACE_DB_INSERT(name, type, interface) \
+ ACE_DB_INTERNAL(name, type::Insert, interface)
+
+#define ACE_DB_UPDATE(name, type, interface) \
+ ACE_DB_INTERNAL(name, type::Update, interface)
+
+#define ACE_DB_DELETE(name, type, interface) \
+ ACE_DB_INTERNAL(name, type::Delete, interface)
+
+
+#endif // WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file AppTypes.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ */
+
+#ifndef ACCESS_CONTROL_DAO_APPTYPES_H_
+#define ACCESS_CONTROL_DAO_APPTYPES_H_
+
+namespace AceDB{
+
+enum class AppTypes
+{
+ Unknown,
+ WAC20,
+ Tizen
+};
+
+}
+
+#endif // ACCESS_CONTROL_DAO_APPTYPES_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file IAttribute.h
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef ACCESS_CONTROL_DAO_BASEATTRIBUTE_H_
+#define ACCESS_CONTROL_DAO_BASEATTRIBUTE_H_
+
+#include <list>
+#include <set>
+#include <string>
+#include <dpl/shared_ptr.h>
+#include <dpl/assert.h>
+
+namespace AceDB {
+
+class BaseAttribute;
+typedef DPL::SharedPtr<BaseAttribute> BaseAttributePtr;
+
+class BaseAttribute
+{
+
+ public:
+ /**
+ * Types of attributes
+ */
+ enum class Type { Subject, Environment, Resource, FunctionParam,
+ WidgetParam, Undefined };
+
+ struct UnaryPredicate
+ {
+ public:
+ UnaryPredicate(const AceDB::BaseAttribute *comp = NULL) :
+ m_priv(comp)
+ {
+ }
+
+ bool operator()(const AceDB::BaseAttributePtr &comp)
+ {
+ Assert(m_priv != NULL);
+ if (m_priv->getName()->compare(*comp->getName()) != 0) {
+ return false;
+ }
+ return m_priv->getType() == comp->getType();
+ }
+
+ bool operator()(const AceDB::BaseAttributePtr &comp1,
+ const AceDB::BaseAttributePtr &comp2)
+ {
+ if (comp1->getType() != comp2->getType()) {
+ return comp1->getType() < comp2->getType();
+ }
+ return comp1->getName()->compare(*comp2->getName()) < 0;
+ }
+
+ private:
+ const AceDB::BaseAttribute *m_priv;
+ };
+
+ public:
+ BaseAttribute() :
+ m_typeId(Type::Undefined),
+ m_undetermindState(false)
+ {}
+
+ virtual void setName(const std::string& name)
+ {
+ m_name = name;
+ }
+ virtual void setName(const std::string* name)
+ {
+ m_name = *name;
+ }
+
+ virtual void setType(const Type& type)
+ {
+ m_typeId = type;
+ }
+ virtual Type getType() const
+ {
+ return m_typeId;
+ }
+
+ virtual const std::string* getName() const
+ {
+ return &m_name;
+ }
+
+ //TODO think
+ virtual void setUndetermind(bool tmp)
+ {
+ m_undetermindState = tmp;
+ }
+ virtual bool isUndetermind() const
+ {
+ return m_undetermindState;
+ }
+ virtual std::list<std::string> * getValue() const
+ {
+ return const_cast<std::list<std::string>* >(&value);
+ }
+ virtual bool isValueEmpty() const
+ {
+ return value.empty();
+ }
+
+ virtual void setValue(const std::list<std::string>& arg)
+ {
+ value = arg;
+ }
+
+ virtual ~BaseAttribute()
+ {
+ }
+
+ static const char * typeToString(Type type);
+
+ virtual std::string toString() const;
+
+ protected:
+ std::string m_name;
+ Type m_typeId;
+ bool m_undetermindState;
+ std::list<std::string> value; //string bag list
+};
+
+typedef std::set<BaseAttributePtr, BaseAttribute::UnaryPredicate> BaseAttributeSet;
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file IPermission.h
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef ACCESS_CONTROL_DAO_BASEPERMISSION_H_
+#define ACCESS_CONTROL_DAO_BASEPERMISSION_H_
+
+#include <ace-dao-ro/PreferenceTypes.h>
+#include <ace-dao-ro/common_dao_types.h>
+
+namespace AceDB{
+
+struct BasePermission
+{
+ BasePermission(WidgetHandle handler,
+ const std::string& devCap,
+ PreferenceTypes accessAllowed) :
+ appId(handler),
+ devCap(devCap),
+ access(accessAllowed)
+ {
+ }
+
+ WidgetHandle appId;
+ std::string devCap;
+ PreferenceTypes access;
+};
+
+typedef std::list<BasePermission> BasePermissionList;
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file IRequest.h
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef ACCESS_CONTROL_DAO_IREQUEST_H_
+#define ACCESS_CONTROL_DAO_IREQUEST_H_
+
+namespace AceDB{
+
+class IRequest
+{
+public:
+ virtual ~IRequest(){}
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file PreferenceTypes.h
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef ACCESS_CONTROL_DAO_PREFERENCETYPES_H_
+#define ACCESS_CONTROL_DAO_PREFERENCETYPES_H_
+
+#include <map>
+#include <string>
+
+namespace AceDB{
+
+enum class PreferenceTypes
+{
+ PREFERENCE_PERMIT,
+ PREFERENCE_DENY,
+ PREFERENCE_DEFAULT,
+ PREFERENCE_BLANKET_PROMPT,
+ PREFERENCE_SESSION_PROMPT,
+ PREFERENCE_ONE_SHOT_PROMPT
+};
+
+
+typedef std::map<std::string, PreferenceTypes> PreferenceTypesMap;
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/* @file PromptModel.h
+ * @author Justyna Mejzner (j.kwiatkowsk@samsung.com)
+ * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
+ * @version 1.0
+ *
+ */
+
+#ifndef WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_
+#define WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_
+
+#include <memory>
+#include <string>
+#include <vector>
+
+#include <dpl/optional_typedefs.h>
+
+namespace Prompt {
+typedef std::vector<std::string> ButtonLabels;
+
+class PromptLabels
+{
+public:
+ PromptLabels(int promptType,
+ const Prompt::ButtonLabels& questionLabel,
+ const std::string& mainLabel);
+ DPL::OptionalString getCheckLabel() const;
+ bool isAllowed(const size_t buttonNumber) const;
+ int getPromptType() const;
+ const ButtonLabels& getButtonLabels() const;
+ const std::string& getMainLabel() const;
+
+private:
+ int m_promptType;
+ ButtonLabels m_buttonLabels;
+ std::string m_mainLabel;
+};
+
+typedef std::unique_ptr<PromptLabels> PromptLabelsPtr;
+
+enum Validity
+{
+ ONCE,
+ SESSION,
+ ALWAYS
+};
+
+class PromptAnswer
+{
+public:
+ PromptAnswer(bool isAccessAllowed, Validity validity);
+ PromptAnswer(int aPromptType, unsigned int buttonAns, bool checkAns);
+ bool isAccessAllowed() const;
+ Validity getValidity() const;
+
+private:
+ bool m_isAccessAllowed;
+ Validity m_validity;
+};
+
+class PromptModel
+{
+ public:
+ static PromptLabels* getOneShotModel(const std::string& resourceId);
+ static PromptLabels* getSessionModel(const std::string& resourceId);
+ static PromptLabels* getBlanketModel(const std::string& resourceId);
+
+ enum PromptType
+ {
+ PROMPT_ONESHOT,
+ PROMPT_SESSION,
+ PROMPT_BLANKET
+ };
+};
+
+} // Prompt
+
+#endif /* WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file TimedVerdict.h
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef ACCESS_CONTROL_DAO_TIMEDVERDICT_H_
+#define ACCESS_CONTROL_DAO_TIMEDVERDICT_H_
+
+#include <ace-dao-ro/VerdictTypes.h>
+
+namespace AceDB{
+
+struct TimedVerdict
+{
+ VerdictTypes decision;
+ /*Below values are optional,its filled only when verdict depend on session*/
+ std::string session;
+ int subjectVerdictId;
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file ValidityTypes.h
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef ACCESS_CONTROL_DAO_VALIDITYTYPES_H_
+#define ACCESS_CONTROL_DAO_VALIDITYTYPES_H_
+
+namespace AceDB{
+
+enum class ValidityTypes
+{
+ ONCE,
+ SESSION,
+ ALWAYS,
+ UNWRITEABLE
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file VerdictTypes.h
+ * @author Grzegorz Krawczyk (g.krawczyk@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef ACCESS_CONTROL_DAO_VERDICTTYPES_H_
+#define ACCESS_CONTROL_DAO_VERDICTTYPES_H_
+
+namespace AceDB{
+
+enum class VerdictTypes
+{
+ VERDICT_PERMIT,
+ VERDICT_DENY,
+ //Verdict is innapplicable if policy evaluate to INAPPLICABLE,
+ //in this case WRT should decide what to do
+ VERDICT_INAPPLICABLE,
+ VERDICT_UNDETERMINED,
+ VERDICT_UNKNOWN, //Verdict is unknown if Verdicts manager cannot find it
+ VERDICT_ASYNC,
+ VERDICT_ERROR
+};
+
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ * @file common_dao_types.h
+ * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.1
+ * @brief This file contains the declaration of common data types for ace database.
+ */
+#ifndef ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_
+#define ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_
+
+#include <list>
+#include <dpl/optional_typedefs.h>
+#include <dpl/string.h>
+#include "AppTypes.h"
+
+typedef int WidgetHandle;
+typedef std::list<WidgetHandle> WidgetHandleList;
+
+namespace AceDB {
+
+enum {
+ INVALID_PLUGIN_HANDLE = -1
+};
+typedef int DbPluginHandle;
+
+enum CertificateSource {
+ SIGNATURE_DISTRIBUTOR = 0,
+ SIGNATURE_AUTHOR = 1
+};
+
+struct WidgetRegisterInfo {
+ AppTypes type;
+ DPL::OptionalString widget_id;
+ DPL::OptionalString authorName;
+ DPL::OptionalString version;
+ DPL::OptionalString shareHref;
+};
+
+typedef std::list <std::string> WidgetCertificateCNList;
+
+struct WidgetCertificateData {
+ enum Owner { AUTHOR, DISTRIBUTOR, UNKNOWN };
+ enum Type { ROOT, ENDENTITY };
+
+ Owner owner;
+ Type type;
+
+ int chainId;
+ std::string strMD5Fingerprint;
+ std::string strSHA1Fingerprint;
+ DPL::String strCommonName;
+
+ bool operator== (const WidgetCertificateData& certData) const {
+ return certData.chainId == chainId &&
+ certData.owner == owner &&
+ certData.strCommonName == strCommonName &&
+ certData.strMD5Fingerprint == strMD5Fingerprint &&
+ certData.strSHA1Fingerprint == strSHA1Fingerprint;
+ }
+};
+typedef std::list<WidgetCertificateData> WidgetCertificateDataList;
+
+typedef std::list<std::string> FingerPrintList;
+
+typedef std::list<std::string> CertificateChainList;
+class IWacSecurity {
+ public:
+ virtual ~IWacSecurity() {}
+ virtual const WidgetCertificateDataList& getCertificateList() const = 0;
+ virtual bool isRecognized() const = 0;
+ virtual bool isDistributorSigned() const = 0;
+ virtual bool isWacSigned() const = 0;
+ virtual void getCertificateChainList(CertificateChainList& list) const = 0;
+};
+
+} //namespace AceDB
+
+#endif /* ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file AceDAO.h
+ * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef ACEDAO_H_
+#define ACEDAO_H_
+
+#include <list>
+#include <map>
+#include <string>
+
+#include <dpl/optional_typedefs.h>
+#include <dpl/string.h>
+#include <ace-dao-ro/AceDAOReadOnly.h>
+#include <ace-dao-ro/ValidityTypes.h>
+#include <ace-dao-ro/AppTypes.h>
+
+namespace AceDB {
+/*
+ *
+ */
+class AceDAO : public AceDAOReadOnly
+{
+ public:
+
+ AceDAO() {}
+
+ // Policy Decisions
+ static void setPolicyResult(
+ const BaseAttributeSet &attributes,
+ const ExtendedPolicyResult &policyResult);
+
+ static void removePolicyResult(
+ const BaseAttributeSet &attributes);
+
+ // PromptDecision
+ static void setPromptDecision(
+ WidgetHandle widgetHandle,
+ int ruleId,
+ const DPL::OptionalString &session,
+ PromptDecision decision);
+
+ static void clearPromptDecisions(void);
+
+ // reseting database
+ static void clearWidgetDevCapSettings(void);
+ static void clearDevCapSettings(void);
+ static void clearAllSettings(void);
+ static void resetDatabase(void);
+ // clears all databse information relevant to policy cache
+ static void clearPolicyCache(void);
+
+ // resource settings
+ static void setDevCapSetting(const std::string &resource,
+ PreferenceTypes preference);
+ static void removeDevCapSetting(const std::string &resource);
+
+ // user settings
+ static void setWidgetDevCapSetting(
+ const std::string &resource,
+ WidgetHandle handler,
+ PreferenceTypes);
+ static void removeWidgetDevCapSetting(
+ const std::string &resource,
+ WidgetHandle handler);
+
+ // resource and subject management
+ static int addResource(const std::string &request);
+
+ // utilities
+ static void addAttributes(const BaseAttributeSet &attributes);
+
+ // Setter for device capabilities that are requested in widgets config.
+ //
+ // Additional boolean flag means whether widget will always get
+ // (at launch) the SMACK permissions needed to use the device cap).
+ //
+ // 'permissions' is the map of device cap names and smack status for
+ // given widget handle.
+ static void setRequestedDevCaps(
+ WidgetHandle widgetHandle,
+ const RequestedDevCapsMap &permissions);
+
+ static void setAcceptedFeature(
+ WidgetHandle widgetHandle,
+ const FeatureNameVector &vector);
+
+ static void removeAcceptedFeature(WidgetHandle widgetHandle);
+
+ static void registerWidgetInfo(WidgetHandle handle,
+ const WidgetRegisterInfo& info,
+ const WidgetCertificateDataList& dataList);
+ static void unregisterWidgetInfo(WidgetHandle handle);
+
+};
+}
+#endif /* ACEDAO_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H
+#define WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H
+
+#include <ace/WRT_INTERFACE.h>
+#include <ace/PolicyResult.h>
+#include <dpl/event/inter_context_delegate.h>
+
+class AbstractPolicyEnforcementPoint
+{
+ public:
+ typedef DPL::Event::ICDelegate<PolicyResult> ResponseReceiver;
+ virtual ExtendedPolicyResult check(Request &request) = 0;
+};
+
+#endif /* WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+class AbstractPolicyInformationPoint
+{
+ public:
+ virtual ~AbstractPolicyInformationPoint() {}
+};
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : AbstractTreeElement.h
+// @ Date : 2009-05-25
+// @ Author : Samsung
+//
+//
+#if !defined(_ABSTRACTTREEELEMENT_H)
+#define _ABSTRACTTREEELEMENT_H
+
+#include <list>
+#include "Effect.h"
+#include <iostream>
+
+class AbstractTreeElement
+{
+ public:
+
+ virtual ~AbstractTreeElement()
+ {
+ }
+
+ virtual void printData() = 0;
+ protected:
+};
+
+#endif //_ABSTRACTTREEELEMENT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _ASYNCVERDICT_H
+#define _ASYNCVERDICT_H
+
+#include <ace/Verdict.h>
+#include <ace/WRT_INTERFACE.h>
+#include <ace/Request.h>
+
+class AsyncVerdictResultListener
+{
+ public:
+ virtual void onVerdict(const Verdict &verdict,
+ const Request *request) = 0;
+ virtual ~AsyncVerdictResultListener()
+ {
+ }
+};
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : Attribute.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#if !defined(_ATTRIBUTE_H)
+#define _ATTRIBUTE_H
+
+#include <string>
+#include <iostream>
+#include <set>
+#include <list>
+
+#include <ace-dao-ro/BaseAttribute.h>
+
+class Attribute : public AceDB::BaseAttribute
+{
+ public:
+ /**
+ * Types of match functions
+ */
+ enum class Match { Equal, Glob, Regexp, Error };
+ /**
+ * Types of attribute value modifiers
+ */
+ enum class Modifier { Non, Scheme, Authority, SchemeAuthority, Host, Path };
+ /**
+ * Possible match results
+ */
+ enum class MatchResult { MRUndetermined = -1, MRFalse = 0, MRTrue = 1};
+
+ public:
+
+ /**
+ * New attribute constructor
+ * @param name name of the new attribute
+ * @param matchFunction match function used in the attribute
+ * @param type attribute type
+ */
+ Attribute(const std::string *name,
+ const Match matchFunction,
+ const Type type);
+
+
+ /**
+ * Constructor used to create default attribute ( used for unit tests )
+ * @param nm name of the default attribute
+ */
+ Attribute(const std::string& nm) :
+ matchFunction(Match::Error),
+ modifierFunction(Modifier::Non)
+ {
+ m_name = nm;
+ m_typeId = Type::Subject;
+ m_undetermindState = false;
+ }
+
+ /**
+ * Destructor
+ */
+ virtual ~Attribute();
+
+ std::list<std::string> * getValue() const
+ {
+ return AceDB::BaseAttribute::getValue();
+ }
+ Match getMatchFunction() const
+ {
+ return matchFunction;
+ }
+
+ /* --- Setters --- */
+ void addValue (const std::string *value);
+
+ MatchResult matchAttributes(const BaseAttribute *) const;
+
+ /**
+ * Operator used in for attribute set,used to distinguished only attribute names
+ * It cannot take attribute type into consideration
+ */
+ bool operator< (const Attribute & obj) const
+ {
+ int result = this->m_name.compare(*obj.getName());
+ if (result == 0) { //If names are equal check attribute types
+ if (this->m_typeId < obj.getType()) {
+ result = -1;
+ } else if (this->m_typeId > obj.getType()) {
+ result = 1;
+ }
+ }
+ //If result is negative that means that 'this' was '<' than obj
+ return result < 0;
+ }
+
+ /** Checks if object type is equal to argument */
+ bool instanceOf(Type type_)
+ {
+ return type_ == m_typeId;
+ }
+
+ friend std::ostream & operator<<(std::ostream & out,
+ const Attribute & attr);
+
+ protected:
+
+ bool searchAndCut(const char *);
+
+ /*
+ * URI definition from rfc2396
+ *
+ * <scheme>://<authority><path>?<query>
+ * Each of the components may be absent, apart from the scheme.
+ * Host is a part of authority as in definition below:
+ *
+ * authority = server | reg_name
+ * server = [ [ userinfo "@" ] hostport ]
+ * <userinfo>@<host>:<port>
+ *
+ * Extract from rfc2396
+ * The authority component is preceded by a double slash "//" and is
+ * terminated by the next slash "/", question-mark "?", or by the end of
+ * the URI. Within the authority component, the characters ";", ":",
+ * "@", "?", and "/" are reserved.
+ *
+ * Modifiers should return pointer to empty string if given part of string was empty.
+ * Modifiers should return NULL if the string to be modified was not an URI.
+ */
+ std::string * uriScheme(const std::string *) const;
+ std::string * uriAuthority(const std::string *) const;
+ std::string * uriSchemeAuthority(const std::string *) const;
+ std::string * uriHost(const std::string *) const;
+ std::string * uriPath(const std::string *) const;
+ std::string * applyModifierFunction(const std::string * val) const;
+
+ bool parse(const std::string *input,
+ std::string *part) const;
+ bool find_error(const std::string *part) const;
+
+ bool checkScheme(const std::string *scheme) const;
+ bool checkAuthority(const std::string *scheme) const;
+ std::string * getHost(const std::string *scheme) const;
+ bool checkPath(const std::string *scheme) const;
+
+ bool isSchemeAllowedCharacter(int c) const;
+ bool isSegmentAllowedCharacter(int c) const;
+ bool isUserInfoAllowedString(const std::string *str) const;
+ bool isHostAllowedString(const std::string *str) const;
+ bool isHostNameAllowedString(const std::string * str) const;
+ bool isIPv4AllowedString(const std::string * str) const;
+ bool isDomainLabelAllowedString(const char * data,
+ int lenght) const;
+ bool isTopLabelAllowedString(const char* data,
+ int lenght) const;
+
+ bool isUnreserved(int c) const;
+ bool isAlphanum(int c) const;
+ bool isEscaped(const char esc[3]) const;
+ bool isHex(int c) const;
+
+ MatchResult lists_comparator(
+ const std::list<std::string> *first,
+ const std::list<std::string> *second,
+ MatchResult (*comparator)(const std::string *,
+ const std::string *)) const;
+
+ /**
+ * Map used to check if character is a 'mark'
+ */
+ static const bool mark[256];
+ /**
+ * Map used to check if character is a 'digit'
+ *
+ */
+ static const bool digit[256];
+ /**
+ * Map used to check if character is an 'alphanumeric' value
+ *
+ */
+ static const bool alpha[256];
+
+ protected:
+ Match matchFunction;
+ Modifier modifierFunction;
+};
+
+typedef AceDB::BaseAttributeSet AttributeSet;
+
+//TODO remove later or ifdef debug methods
+void printAttributes(const AttributeSet& attrs);
+void printAttributes(const std::list<Attribute> & attrs);
+
+#endif //_ATTRIBUTE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : Combiner.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#if !defined(_COMBINER_H)
+#define _COMBINER_H
+
+#include <set>
+
+#include <ace/Attribute.h>
+#include <ace/TreeNode.h>
+
+class Combiner
+{
+ protected:
+
+ const AttributeSet * attrSet;
+
+ public:
+
+ virtual ExtendedEffect combineRules(const TreeNode * rule) = 0;
+ virtual ExtendedEffect combinePolicies(const TreeNode * policy) = 0;
+
+ const AttributeSet * getAttributeSet() const
+ {
+ return this->attrSet;
+ }
+ void setAttributeSet(const AttributeSet * attrSet)
+ {
+ this->attrSet = attrSet;
+ }
+ virtual ~Combiner()
+ {
+ } //attrSet is deleted elsewhere
+};
+
+#endif //_COMBINER_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : CombinerImpl.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#ifndef _COMBINER_IMPL_H
+#define _COMBINER_IMPL_H
+
+#include <list>
+#include <dpl/log/log.h>
+
+#include "Combiner.h"
+#include "Effect.h"
+#include "Policy.h"
+#include "Subject.h"
+
+class CombinerImpl : public Combiner
+{
+ public:
+
+ virtual ExtendedEffect combineRules(const TreeNode * rule);
+ virtual ExtendedEffect combinePolicies(const TreeNode * policy);
+
+ virtual ~CombinerImpl()
+ {
+ }
+
+ protected:
+
+ bool checkIfTargetMatches(const std::list<const Subject *> * subjectsSet,
+ bool &isUndetermined);
+
+ ExtendedEffect combine(Policy::CombineAlgorithm algorithm,
+ ExtendedEffectList &effects);
+
+ ExtendedEffect denyOverrides(const ExtendedEffectList &effects);
+ ExtendedEffect permitOverrides(const ExtendedEffectList &effects);
+ ExtendedEffect firstApplicable(const ExtendedEffectList &effects);
+ ExtendedEffect firstMatchingTarget(const ExtendedEffectList &effects);
+
+ std::list<int> * convertEffectsToInts(const std::list<Effect> * effects);
+ Effect convertIntToEffect(int intEffect);
+
+ void showEffectList(ExtendedEffectList & effects)
+ {
+ ExtendedEffectList::iterator it = effects.begin();
+ for (; it != effects.end(); ++it) {
+ LogDebug(toString(*it));
+ }
+ }
+
+ private:
+ bool isError(const ExtendedEffectList &effects);
+};
+
+#endif //_COMBINERIMPL_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+// File: Condition.h
+// Author: notroot
+//
+// Created on June 3, 2009, 9:00 AM
+//
+#ifndef _CONDITION_H
+#define _CONDITION_H
+
+#include <list>
+#include <set>
+#include <iostream>
+#include <dpl/foreach.h>
+
+#include "Attribute.h"
+#include "Effect.h"
+#include "TreeNode.h"
+
+class Condition
+{
+ public:
+ enum CombineType
+ {
+ AND, OR
+ };
+
+ void addCondition(const Condition & condition)
+ {
+ this->conditions.push_back(condition);
+ }
+
+ void addAttribute(const Attribute & attribute)
+ {
+ this->attributes.push_back(attribute);
+ }
+
+ void setCombineType(CombineType type)
+ {
+ this->combineType = type;
+ }
+
+ Condition() : combineType(AND),
+ parent(NULL)
+ {
+ }
+
+ Condition(CombineType type) : combineType(type),
+ parent(NULL)
+ {
+ }
+
+ virtual ~Condition()
+ {
+ }
+
+ Condition * getParent()
+ {
+ return this->parent;
+ }
+
+ void setParent(Condition * condition)
+ {
+ this->parent = condition;
+ }
+
+ Attribute::MatchResult evaluateCondition(
+ const AttributeSet * attrSet) const;
+
+ friend std::ostream & operator<<(std::ostream & out,
+ Condition & condition)
+ {
+ FOREACH (it, condition.attributes)
+ {
+ out << *it;
+ }
+ return out;
+ }
+ //[CR] change function name
+ void getAttributes(AttributeSet * attrSet);
+
+ private:
+ Attribute::MatchResult evaluateChildConditions(
+ const AttributeSet * attrSet,
+ bool &isFinalMatch,
+ bool & undefinedMatchFound) const;
+
+ Attribute::MatchResult evaluateAttributes(
+ const AttributeSet * attrSet,
+ bool& isFinalMatch,
+ bool & undefinedMatchFound) const;
+
+ // KW Attribute::MatchResult performANDalgorithm(const std::set<Attribute> * attributes) const;
+
+ // KW Attribute::MatchResult performORalgorithm(const std::set<Attribute> * attributes) const;
+
+ bool isEmpty() const
+ {
+ return attributes.empty() && conditions.empty();
+ }
+
+ bool isAndCondition() const
+ {
+ return combineType == AND;
+ }
+
+ bool isOrCondition() const
+ {
+ return combineType == OR;
+ }
+
+ std::list<Condition> conditions;
+ CombineType combineType;
+ std::list<Attribute> attributes;
+ Condition *parent;
+};
+
+#endif /* _CONDITION_H */
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _CONFIGURATIONMANAGER_H_
+#define _CONFIGURATIONMANAGER_H_
+
+#include <list>
+#include <string.h>
+#include <string>
+#include "Constants.h"
+#include <iostream>
+#include <dpl/log/log.h>
+
+enum class PolicyType {
+ WAC2_0,
+ Tizen
+};
+
+#define POLICY_NAME_WAC2_0 "WAC2.0"
+#define POLICY_NAME_TIZEN "Tizen"
+#define POLICY_WIDGET_TYPE_ATTRIBUTE_NAME "WrtSecurity.WidgetPolicyType"
+
+#pragma message "ATTR_ACTIVE_POLICY BAD_CAST, PARSER_ERROR, PARSER_SUCCESS\
+ macros are DEPRECATED"
+#define ATTR_ACTIVE_POLICY BAD_CAST("active") // !! DEPRECATED !!
+#define PARSER_ERROR 1 // !! DEPRECATED !!
+#define PARSER_SUCCESS 0 // !! DEPRECATED !!
+
+class ConfigurationManager
+{
+ public:
+ // !! DEPRECATED !!
+ enum ConfigurationManagerResult
+ {
+ CM_OPERATION_SUCCESS = 0,
+ CM_GENERAL_ERROR = -1,
+ CM_FILE_EXISTS = -2,
+ CM_REMOVE_ERROR = -3,
+ CM_REMOVE_CURRENT = -4,
+ CM_REMOVE_NOT_EXISTING = -5
+ };
+
+ // !! DEPRECATED !!
+ std::string getCurrentPolicyFile(void) const;
+ std::string getFullPathToCurrentPolicyFile(void) const;
+ std::string getFullPathToCurrentPolicyXMLSchema(void) const;
+ int addPolicyFile(const std::string & filePath);
+ int removePolicyFile(const std::string& fileName);
+ int changeCurrentPolicyFile(const std::string& filePath);
+ std::string extractFilename(const std::string& path) const;
+
+ /**
+ * ACE policy file path getter
+ * @return Full path to policy file
+ */
+ std::string getFullPathToPolicyFile(PolicyType policy) const;
+
+ /**
+ * ACE policy dtd file path getter
+ * @return Full path to ACE current policy file
+ */
+ std::string getFullPathToPolicyXMLSchema(void) const;
+
+ /**
+ * ACE policy storage path getter
+ * @return Full path to ACE policy file storage
+ */
+ std::string getStoragePath(void) const;
+
+ /**
+ * Method to obtain instance of configuration manager
+ * @return retuns pointer to configuration manager or NULL in case of error
+ */
+ static ConfigurationManager * getInstance()
+ {
+ if (!instance) {
+ instance = new ConfigurationManager();
+ }
+ return instance;
+ }
+
+ protected:
+
+ // !! DEPRECATED !!
+ int parse(const std::string&);
+ bool copyFile(FILE*, FILE*, int lenght = 1024) const;
+ bool checkIfFileExistst(const std::string&) const;
+ const std::list<std::string> & getPolicyFiles() const;
+ const std::string & getConfigFile() const;
+
+ ConfigurationManager()
+ {
+ }
+ virtual ~ConfigurationManager()
+ {
+ }
+
+private:
+
+ static ConfigurationManager * instance;
+};
+
+#endif
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file Constants.h
+ * @author Piotr Fatyga (p.fatyga@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef _CONSTANTS_H
+#define _CONSTANTS_H
+
+#define ACE_MAIN_STORAGE "/usr/etc/ace"
+#define ACE_WAC_POLICY_FILE_NAME "/WAC2.0Policy.xml"
+#define ACE_TIZEN_POLICY_FILE_NAME "/TizenPolicy.xml"
+#define ACE_DTD_LOCATION ACE_MAIN_STORAGE "/bondixml.dtd"
+
+// !! DEPRECATED !!
+#pragma message "ACE_CONFIGURATION_PATH, ACE_CONFIGURATION_DTD \
+ macros are DEPRECATED"
+#define ACE_CONFIGURATION_PATH ACE_MAIN_STORAGE "/config.xml"
+#define ACE_CONFIGURATION_DTD ACE_MAIN_STORAGE "/config.dtd"
+
+/////////////////FOR GUI//////////////////////
+
+#define MYSTERIOUS_BITMAP "/usr/apps/org.tizen.policy/d.png"
+#define MYSTERIOUS_BITMAP2 "/usr/apps/org.tizen.policy/file.png"
+
+///////////////////FOR TESTS//////////////////////////
+
+#define COMBINER_TEST "/usr/etc/ace/CMTest/com_general-test.xml"
+#define CONFIGURATION_MGR_TEST_PATH "/usr/etc/ace/CMTest/"
+#define CONFIGURATION_MGR_TEST_CONFIG ACE_MAIN_STORAGE "/CMTest/pms_config.xml"
+#define CONFIGURATION_MGR_TEST_POLICY_STORAGE ACE_MAIN_STORAGE "/CMTest/active"
+#define CONFIGURATION_MGR_TEST_POLICY_STORAGE_MOVED ACE_MAIN_STORAGE \
+ "/CMTest/activeMoved"
+#define CONFIGURATION_MGR_TEST_POLICY CONFIGURATION_MGR_TEST_POLICY_STORAGE \
+ "/pms_general-test.xml"
+#define POLICIES_TO_SIGN_DIR ACE_MAIN_STORAGE "/SignerTests/"
+
+#define OUTPUT_DIR ACE_MAIN_STORAGE "/SignerTests/signedPolicies/"
+#define PRIVATE_KEY_DIR ACE_MAIN_STORAGE "/SignerTests/PrvKey/"
+#define X509_DATA_BASE_DIR ACE_MAIN_STORAGE "/SignerTests/X509Data/"
+
+#endif /* _CONSTANTS_H */
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : Effect.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#ifndef _EFFECT_H_
+#define _EFFECT_H_
+
+#include <list>
+
+typedef int RuleId;
+
+enum Effect
+{
+ Deny =0,
+ Undetermined=1, // jk mb added this enum, so the ones below are inceremented!!!!!!!
+ PromptOneShot =2,
+ PromptSession =3,
+ PromptBlanket =4,
+ Permit =5,
+ Inapplicable =6,
+ NotMatchingTarget=7,
+ Error=8,
+};
+
+struct ExtendedEffect {
+public:
+ ExtendedEffect(Effect effect = Error, RuleId ruleId = -1)
+ : m_effect(effect)
+ , m_ruleId(ruleId)
+ {}
+
+ ExtendedEffect(const ExtendedEffect &second)
+ : m_effect(second.m_effect)
+ , m_ruleId(second.m_ruleId)
+ {}
+
+ ExtendedEffect& operator=(const ExtendedEffect &second) {
+ m_effect = second.m_effect;
+ m_ruleId = second.m_ruleId;
+ return *this;
+ }
+
+ Effect getEffect() const { return m_effect; }
+
+ RuleId getRuleId() const { return m_ruleId; }
+
+private:
+ Effect m_effect;
+ RuleId m_ruleId;
+};
+
+typedef std::list<ExtendedEffect> ExtendedEffectList;
+
+inline const char *toString(const ExtendedEffect &effect)
+{
+ const char * temp = "";
+
+ switch (effect.getEffect()) {
+ case Deny:
+ temp = "Deny";
+ break;
+ case Undetermined:
+ temp = "Undetermined";
+ break;
+ case PromptOneShot:
+ temp = "PromptOneShot";
+ break;
+ case PromptSession:
+ temp = "PromptSession";
+ break;
+ case PromptBlanket:
+ temp = "PromptBlanket";
+ break;
+ case Permit:
+ temp = "Permit";
+ break;
+ case Inapplicable:
+ temp = "Inapplicable";
+ break;
+ case NotMatchingTarget:
+ temp = "NotMatchingTarget";
+ break;
+ case Error:
+ temp = "Error";
+ break;
+ default:;
+ }
+ return temp;
+}
+
+#endif //_EFFECT_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : PermissionTriple.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#if !defined(_PERMISSION_TRIPLE_H)
+#define _PERMISSION_TRIPLE_H
+
+#include <string>
+#include <list>
+#include <ace-dao-ro/PreferenceTypes.h>
+#include <ace-dao-ro/BasePermission.h>
+
+typedef AceDB::BasePermission PermissionTriple;
+typedef AceDB::BasePermissionList PermissionList;
+
+struct GeneralSetting
+{
+ GeneralSetting(const std::string& resourceName,
+ AceDB::PreferenceTypes accessAllowed) : generalSettingName(resourceName),
+ access(accessAllowed)
+ {
+ }
+ std::string generalSettingName;
+ AceDB::PreferenceTypes access;
+};
+
+#endif //_PERMISSION_TRIPLE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : Policy.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#if !defined(_POLICY_H)
+#define _POLICY_H
+
+#include <list>
+
+#include <ace/AbstractTreeElement.h>
+#include <ace/Effect.h>
+#include <ace/Attribute.h>
+#include <ace/Subject.h>
+#include <iostream>
+#include <dpl/noncopyable.h>
+
+class Policy : public AbstractTreeElement,
+ DPL::Noncopyable
+{
+ public:
+ enum CombineAlgorithm { DenyOverride, PermitOverride, FirstApplicable,
+ FirstTargetMatching };
+
+ Policy()
+ {
+ combineAlgorithm = DenyOverride;
+ subjects = new std::list<const Subject *>();
+ }
+
+ CombineAlgorithm getCombineAlgorithm() const
+ {
+ return this->combineAlgorithm;
+ }
+
+ void setCombineAlgorithm(CombineAlgorithm algorithm)
+ {
+ this->combineAlgorithm = algorithm;
+ }
+
+ const std::list<const Subject *> * getSubjects() const
+ {
+ return this->subjects;
+ }
+
+ void addSubject(const Subject * subject)
+ {
+ if (this->subjects == NULL) {
+ return;
+ }
+ this->subjects->push_back(subject);
+ }
+
+ virtual ~Policy();
+
+ void printData();
+
+ std::string printCombineAlgorithm(CombineAlgorithm algorithm);
+
+ private:
+ std::list<const Subject *> *subjects;
+ CombineAlgorithm combineAlgorithm;
+};
+
+const char * toString(Policy::CombineAlgorithm algorithm);
+
+#endif //_POLICY_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file PolicyEffect.h
+ * @author B.Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ * @brief This file contains the declaration of PolicyEffect type.
+ */
+#ifndef _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_
+#define _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_
+
+enum class PolicyEffect {
+ DENY = 0,
+ PERMIT,
+ PROMPT_ONESHOT,
+ PROMPT_SESSION,
+ PROMPT_BLANKET
+};
+
+inline static std::ostream & operator<<(std::ostream& stream,
+ PolicyEffect effect)
+{
+ switch (effect) {
+ case PolicyEffect::DENY: stream << "DENY"; break;
+ case PolicyEffect::PERMIT: stream << "PERMIT"; break;
+ case PolicyEffect::PROMPT_ONESHOT: stream << "PROMPT_ONESHOT"; break;
+ case PolicyEffect::PROMPT_SESSION: stream << "PROMPT_SESSION"; break;
+ case PolicyEffect::PROMPT_BLANKET: stream << "PROMPT_BLANKET"; break;
+ default: Assert(false && "Invalid PolicyEffect constant");
+ }
+ return stream;
+}
+
+#endif // _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * This class simply redirects the access requests to access control engine.
+ * The aim is to hide access control engine specific details from WRT modules.
+ * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
+ * WRT specific and other information during the decision making.
+ *
+ * @file security_logic.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @author Ming Jin(ming79.jin@samsung.com)
+ * @brief Implementation file for security logic
+ */
+#ifndef POLICY_ENFORCEMENT_POINT_H
+#define POLICY_ENFORCEMENT_POINT_H
+
+#include <memory>
+#include <string>
+#include <map>
+
+//#include <glib/gthread.h>
+//#include <glib/gerror.h>
+//#include <glib.h>
+
+//#include <dpl/optional.h>
+#include <dpl/event/inter_context_delegate.h>
+#include <dpl/event/property.h>
+
+#include <ace/AbstractPolicyEnforcementPoint.h>
+#include <ace/PolicyResult.h>
+
+// Forwards
+class IWebRuntime;
+class IResourceInformation;
+class IOperationSystem;
+class PolicyEvaluator;
+class PolicyInformationPoint;
+class Request;
+
+class PolicyEnforcementPoint : public AbstractPolicyEnforcementPoint
+{
+ public:
+ OptionalExtendedPolicyResult checkFromCache(Request &request);
+ ExtendedPolicyResult check(Request &request);
+ OptionalExtendedPolicyResult check(Request &request,
+ bool fromCacheOnly);
+
+ virtual ~PolicyEnforcementPoint();
+
+ class PEPException
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, AlreadyInitialized)
+ };
+
+ /**
+ * This function take ownership of objects pass in call.
+ * Object will be deleted after call Deinitialize function.
+ */
+ void initialize(IWebRuntime *wrt,
+ IResourceInformation *resource,
+ IOperationSystem *operation);
+ void terminate();
+
+ void updatePolicy(const std::string &policy);
+ void updatePolicy();
+
+ PolicyEvaluator *getPdp() const { return this->m_pdp; }
+ PolicyInformationPoint *getPip() const { return this->m_pip; }
+
+ protected:
+ PolicyEnforcementPoint();
+ friend class SecurityLogic;
+ private: // private data
+ IWebRuntime *m_wrt;
+ IResourceInformation *m_res;
+ IOperationSystem *m_sys;
+ PolicyEvaluator *m_pdp;
+ PolicyInformationPoint *m_pip;
+};
+
+#endif // POLICY_ENFORCEMENT_POINT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : PolicyEvaluator.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#ifndef _POLICY_EVALUATOR_H
+#define _POLICY_EVALUATOR_H
+
+#include <memory>
+#include <set>
+#include <string>
+
+#include <dpl/event/event_listener.h>
+#include <dpl/log/log.h>
+#include <dpl/noncopyable.h>
+
+#include <ace/AsyncVerdictResultListener.h>
+#include <ace/Attribute.h>
+#include <ace/ConfigurationManager.h>
+#include <ace/Constants.h>
+#include <ace/Effect.h>
+#include <ace/Policy.h>
+#include <ace/PolicyInformationPoint.h>
+#include <ace/PolicyResult.h>
+#include <ace/Request.h>
+#include <ace/Subject.h>
+#include <ace/Verdict.h>
+#include <ace/UserDecision.h>
+#include <ace/CombinerImpl.h>
+
+
+class PolicyEvaluator : DPL::Noncopyable
+{
+ protected:
+
+ /**
+ * Internal method used to initiate policy evaluation. Called after attribute set has been fetched
+ * by PIP.
+ * @param root root of the policies tree to be evaluated
+ */
+ virtual ExtendedEffect evaluatePolicies(const TreeNode * root);
+
+ // !! DEPRECATED !!
+ enum updateErrors
+ {
+ POLICY_PARSING_SUCCESS = 0,
+ POLICY_FILE_ERROR = 1,
+ PARSER_CREATION_ERROR,
+ POLICY_PARSING_ERROR
+ };
+ private:
+ AttributeSet m_attributeSet;
+
+ TreeNode *m_uniform_policy, *m_wac_policy, *m_tizen_policy;
+ std::string m_currentPolicyFile;
+ PolicyType m_policy_to_use;
+
+ Combiner * m_combiner;
+ AsyncVerdictResultListener * m_verdictListener;
+ PolicyInformationPoint * m_pip;
+
+ /**
+ * @return current policy Tree acc. to m_policy_to_use
+ */
+ TreeNode * getCurrentPolicyTree();
+
+ /**
+ * Method used to extract attributes from subtree defined by PolicySet
+ * @param root original TreeStructure root node
+ * @param newRoot copy of TreeStructure containing only policies that matches current request
+ *
+ */
+ void extractAttributesFromSubtree(const TreeNode *root);
+
+ /**
+ * Method used to extract attributes from Tree Structure
+ * @return pointer to set of attributes needed to evaluate current request
+ * @return if extraction has been successful
+ * TODO return reducte tree structure
+ * TODO change comments
+ */
+ bool extractAttributesFromRules(const TreeNode *);
+
+ /**
+ * Extracts attributes from target of a given policy that are required to be fetched by PIP
+ */
+ void extractTargetAttributes(const Policy *policy);
+ bool extractAttributes(TreeNode*);
+
+ OptionalExtendedPolicyResult getPolicyForRequestInternal(bool fromCacheOnly);
+ PolicyResult effectToPolicyResult(Effect effect);
+
+ /**
+ * Return safe policy tree in case of error with loading policy from file
+ */
+ TreeNode * getDefaultSafePolicyTree(void);
+
+ public:
+ PolicyEvaluator(PolicyInformationPoint * pip);
+
+ bool extractAttributesTest()
+ {
+ m_attributeSet.clear();
+ if (!extractAttributes(m_uniform_policy)) {
+ LogInfo("Warnign attribute set cannot be extracted. Returning Deny");
+ return true;
+ }
+
+ return extractAttributes(m_uniform_policy);
+ }
+
+ AttributeSet * getAttributeSet()
+ {
+ return &m_attributeSet;
+ }
+
+ virtual bool initPDP();
+ virtual ~PolicyEvaluator();
+ virtual ExtendedPolicyResult getPolicyForRequest(const Request &request);
+ virtual OptionalExtendedPolicyResult getPolicyForRequestFromCache(
+ const Request &request);
+ virtual OptionalExtendedPolicyResult getPolicyForRequest(const Request &request,
+ bool fromCacheOnly);
+ bool fillAttributeWithPolicy();
+
+ virtual int updatePolicy(const char *);
+ // This function updates policy from well known locations
+ virtual void updatePolicy();
+
+ std::string getCurrentPolicy();
+};
+
+#endif //_POLICYEVALUATOR_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file AbstractObjectFactory.h
+ * @author Piotr Fatyga (p.fatyga@samsung.com)
+ * @version 0.1
+ * @brief
+ */
+
+#ifndef _ABSTRACTOBJECTFACTORY_H
+#define _ABSTRACTOBJECTFACTORY_H
+
+#include <ace/PolicyEvaluator.h>
+
+class AbstractPolicyEvaluatorFactory
+{
+ public:
+ virtual PolicyEvaluator * createPolicyEvaluator(PolicyInformationPoint *pip)
+ const = 0;
+};
+
+class PolicyEvaluatorFactory : public AbstractPolicyEvaluatorFactory
+{
+ public:
+ PolicyEvaluator * createPolicyEvaluator(PolicyInformationPoint *pip) const
+ {
+ return new PolicyEvaluator(pip);
+ }
+};
+
+#endif /* _ABSTRACTOBJECTFACTORY_H */
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : PolicyInformationPoint.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#ifndef _POLICY_INFORMATION_POINT_H
+#define _POLICY_INFORMATION_POINT_H
+
+#include <set>
+
+#include <ace/Attribute.h>
+#include <ace/Request.h>
+#include <ace/WRT_INTERFACE.h>
+#include <ace-dao-ro/BaseAttribute.h>
+#include <dpl/noncopyable.h>
+
+typedef int PipResponse;
+
+class PolicyInformationPoint : public DPL::Noncopyable
+{
+ private:
+
+ /** queries for interfaces*/
+ std::list<ATTRIBUTE> resourceAttributesQuery;
+ std::list<ATTRIBUTE> environmentAttributesQuery;
+ std::list<ATTRIBUTE> subjectAttributesQuery;
+ std::list<ATTRIBUTE> functionParamAttributesQuery;
+ std::list<ATTRIBUTE> widgetParamAttributesQuery;
+
+ /** create queries */
+ void createQueries(AttributeSet* attributes);
+
+ IWebRuntime* wrtInterface;
+ IResourceInformation* resourceInformation;
+ IOperationSystem* operationSystem;
+
+ public:
+ static const int ERROR_SHIFT_RESOURCE = 3;
+ static const int ERROR_SHIFT_OS = 6;
+ static const int ERROR_SHIFT_FP = 9;
+
+ /** Mask used to identify PIP error */
+ enum ResponseTypeMask
+ {
+ SUCCESS = 0,
+ /* WebRuntime Error */
+ WRT_UNKNOWN_SUBJECT = 1 << 0,
+ WRT_UNKNOWN_ATTRIBUTE = 1 << 1,
+ WRT_INTERNAL_ERROR = 1 << 2,
+ /* Resource Information Storage Error */
+ RIS_UNKNOWN_RESOURCE = 1 << 3,
+ RIS_UNKNOWN_ATTRIBUTE = 1 << 4,
+ RIS_INTERNAL_ERROR = 1 << 5,
+ /*Operating system */
+ OS_UNKNOWN_ATTRIBUTE = 1 << 6,
+ OS_INTERNAL_ERROR = 1 << 7
+ };
+
+ //TODO add checking values of attributes
+ /** gather attributes values from adequate interfaces */
+ virtual PipResponse getAttributesValues(const Request* request,
+ AttributeSet* attributes);
+ virtual ~PolicyInformationPoint();
+ PolicyInformationPoint(IWebRuntime *wrt,
+ IResourceInformation *resource,
+ IOperationSystem *system);
+ virtual void update(IWebRuntime *wrt,
+ IResourceInformation *resource,
+ IOperationSystem *system)
+ {
+ wrtInterface = wrt;
+ resourceInformation = resource;
+ operationSystem = system;
+ }
+ IWebRuntime * getWebRuntime()
+ {
+ return wrtInterface;
+ }
+};
+
+#endif //_POLICY_INFORMATION_POINT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_
+#define _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_
+
+#include <dpl/assert.h>
+#include <dpl/optional.h>
+#include <dpl/optional_typedefs.h>
+
+#include <ace/PolicyEffect.h>
+
+typedef DPL::Optional<PolicyEffect> OptionalPolicyEffect;
+
+class PolicyDecision
+{
+public:
+ enum Value { NOT_APPLICABLE = -1 };
+
+ PolicyDecision(PolicyEffect effect)
+ : m_isPolicyEffect(true)
+ , m_effect(effect)
+ {}
+
+ PolicyDecision(const PolicyDecision &decision)
+ : m_isPolicyEffect(decision.m_isPolicyEffect)
+ , m_effect(decision.m_effect)
+ {}
+
+ PolicyDecision(Value)
+ : m_isPolicyEffect(false)
+ {}
+
+ bool operator==(const PolicyDecision &decision) const {
+ return (m_isPolicyEffect
+ && decision.m_isPolicyEffect
+ && m_effect == decision.m_effect)
+ || (!m_isPolicyEffect && !decision.m_isPolicyEffect);
+ }
+
+ bool operator==(Value) const {
+ return !m_isPolicyEffect;
+ }
+
+ bool operator!=(const PolicyDecision &decision) const {
+ return !(*this == decision);
+ }
+
+ bool operator!=(Value value) const {
+ return !(*this == value);
+ }
+
+ OptionalPolicyEffect getEffect() const
+ {
+ if (!m_isPolicyEffect) {
+ return OptionalPolicyEffect();
+ }
+ return OptionalPolicyEffect(m_effect);
+ }
+
+ std::ostream & toStream(std::ostream& stream) {
+ if (m_isPolicyEffect)
+ stream << m_effect;
+ else
+ stream << "NOT-APPLICABLE";
+ return stream;
+ }
+
+private:
+ bool m_isPolicyEffect;
+ PolicyEffect m_effect;
+};
+
+inline static bool operator==(PolicyEffect e, const PolicyDecision &d) {
+ return d.operator==(e);
+}
+
+inline static bool operator!=(PolicyEffect e, const PolicyDecision &d) {
+ return !(e == d);
+}
+
+inline static std::ostream & operator<<(std::ostream& stream,
+ PolicyDecision decision)
+{
+ return decision.toStream(stream);
+}
+
+class PolicyResult {
+public:
+ enum Value { UNDETERMINED = -2 };
+
+ // This constructor is required by dpl controller and by dpl optional
+ PolicyResult()
+ : m_isDecision(false)
+ , m_decision(PolicyDecision::Value::NOT_APPLICABLE) // don't care
+ {}
+
+ PolicyResult(PolicyEffect effect)
+ : m_isDecision(true)
+ , m_decision(effect)
+ {}
+
+ PolicyResult(const PolicyDecision &decision)
+ : m_isDecision(true)
+ , m_decision(decision)
+ {}
+
+ PolicyResult(const PolicyResult &result)
+ : m_isDecision(result.m_isDecision)
+ , m_decision(result.m_decision)
+ {}
+
+ PolicyResult(PolicyDecision::Value value)
+ : m_isDecision(true)
+ , m_decision(value)
+ {}
+
+ PolicyResult(Value)
+ : m_isDecision(false)
+ , m_decision(PolicyDecision::Value::NOT_APPLICABLE) // don't care
+ {}
+
+ bool operator==(const PolicyResult &result) const {
+ return (m_isDecision
+ && result.m_isDecision
+ && m_decision == result.m_decision)
+ || (!m_isDecision && !result.m_isDecision);
+ }
+
+ bool operator==(Value) const {
+ return !m_isDecision;
+ }
+
+ bool operator!=(const PolicyResult &result) const {
+ return !(*this == result);
+ }
+
+ bool operator!=(Value value) const {
+ return !(*this == value);
+ }
+
+ OptionalPolicyEffect getEffect() const
+ {
+ if (!m_isDecision) {
+ return OptionalPolicyEffect();
+ }
+ return m_decision.getEffect();
+ }
+
+ static int serialize(const PolicyResult &policyResult)
+ {
+ if (!policyResult.m_isDecision) {
+ return BD_UNDETERMINED;
+ } else if (policyResult.m_decision ==
+ PolicyDecision::Value::NOT_APPLICABLE)
+ {
+ return BD_NOT_APPLICABLE;
+ } else if (policyResult.m_decision == PolicyEffect::PROMPT_BLANKET) {
+ return BD_PROMPT_BLANKET;
+ } else if (policyResult.m_decision == PolicyEffect::PROMPT_SESSION) {
+ return BD_PROMPT_SESSION;
+ } else if (policyResult.m_decision == PolicyEffect::PROMPT_ONESHOT) {
+ return BD_PROMPT_ONESHOT;
+ } else if (policyResult.m_decision == PolicyEffect::PERMIT) {
+ return BD_PERMIT;
+ } else if (policyResult.m_decision == PolicyEffect::DENY) {
+ return BD_DENY;
+ }
+ Assert(false && "Unknown value of policyResult.");
+ }
+
+ static PolicyResult deserialize(int dec){
+ switch (dec) {
+ case BD_DENY:
+ return PolicyEffect::DENY;
+ case BD_PERMIT:
+ return PolicyEffect::PERMIT;
+ case BD_PROMPT_ONESHOT:
+ return PolicyEffect::PROMPT_ONESHOT;
+ case BD_PROMPT_SESSION:
+ return PolicyEffect::PROMPT_SESSION;
+ case BD_PROMPT_BLANKET:
+ return PolicyEffect::PROMPT_BLANKET;
+ case BD_NOT_APPLICABLE:
+ return PolicyDecision::Value::NOT_APPLICABLE;
+ case BD_UNDETERMINED:
+ return Value::UNDETERMINED;
+ }
+ Assert(false && "Broken database");
+ }
+
+ std::ostream & toStream(std::ostream& stream) {
+ if (m_isDecision)
+ stream << m_decision;
+ else
+ stream << "UNDETERMINED";
+ return stream;
+ }
+
+private:
+ static const int BD_UNDETERMINED = 6;
+ static const int BD_NOT_APPLICABLE = 5;
+ static const int BD_PROMPT_BLANKET = 4;
+ static const int BD_PROMPT_SESSION = 3;
+ static const int BD_PROMPT_ONESHOT = 2;
+ static const int BD_PERMIT = 1;
+ static const int BD_DENY = 0;
+
+ bool m_isDecision;
+ PolicyDecision m_decision;
+};
+
+inline static bool operator==(const PolicyDecision &d, const PolicyResult &r) {
+ return r == d;
+}
+
+inline static bool operator!=(const PolicyDecision &d, const PolicyResult &r) {
+ return !(d == r);
+}
+
+inline static bool operator==(const PolicyEffect &e, const PolicyResult &r) {
+ return e == r;
+}
+
+inline static bool operator!=(const PolicyEffect &e, const PolicyResult &r) {
+ return !(e == r);
+}
+
+inline static std::ostream & operator<<(std::ostream& stream,
+ PolicyResult result)
+{
+ return result.toStream(stream);
+}
+
+struct ExtendedPolicyResult {
+ ExtendedPolicyResult(const PolicyResult pr = PolicyEffect::DENY, int rule = -1)
+ : policyResult(pr)
+ , ruleId(rule)
+ {}
+ PolicyResult policyResult;
+ int ruleId;
+};
+
+typedef DPL::Optional<ExtendedPolicyResult> OptionalExtendedPolicyResult;
+
+#endif // _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : PolicySet.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#if !defined(_POLICYSET_H)
+#define _POLICYSET_H
+
+#include "Policy.h"
+#include <iostream>
+
+class PolicySet : public Policy
+{
+ public:
+
+ //TODO Clean this class
+ //PolicySet(CombineAlgorithm algorithm, std::list<Attribute> * targetAttr,const std::string & subjectId)
+ // : Policy(algorithm,targetAttr,subjectId)
+ // {}
+ PolicySet()
+ {
+ }
+ ~PolicySet()
+ {
+ }
+};
+
+#endif //_POLICYSET_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : Preference.h
+// @ Date : 2009-05-2
+// @ Author : Samsung
+//
+//
+
+#ifndef _Preference_H_
+#define _Preference_H_
+
+#include <map>
+#include <string>
+
+#include <ace-dao-ro/PreferenceTypes.h>
+
+typedef AceDB::PreferenceTypes Preference;
+typedef AceDB::PreferenceTypesMap PreferenceMap;
+
+#endif //_Preference_H
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_
+#define _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_
+
+#include <dpl/optional.h>
+#include <dpl/optional_typedefs.h>
+
+enum class PromptDecision {
+ ALLOW_ALWAYS,
+ DENY_ALWAYS,
+ ALLOW_THIS_TIME,
+ DENY_THIS_TIME,
+ ALLOW_FOR_SESSION,
+ DENY_FOR_SESSION
+};
+
+typedef DPL::Optional<PromptDecision> OptionalPromptDecision;
+
+struct CachedPromptDecision {
+ PromptDecision decision;
+ DPL::OptionalString session;
+};
+
+typedef DPL::Optional<CachedPromptDecision> OptionalCachedPromptDecision;
+
+#endif // _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : Request.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#ifndef _REQUEST_H_
+#define _REQUEST_H_
+
+#include <set>
+#include <string>
+#include <vector>
+
+#include <ace-dao-ro/IRequest.h>
+#include <ace/WRT_INTERFACE.h>
+
+class Request : public AceDB::IRequest
+{
+ public:
+ typedef std::string DeviceCapability;
+ typedef std::set<DeviceCapability> DeviceCapabilitySet;
+
+ enum ApplicationType {
+ APP_TYPE_TIZEN,
+ APP_TYPE_WAC20,
+ APP_TYPE_UNKNOWN
+ };
+
+ Request(WidgetHandle widgetHandle,
+ WidgetExecutionPhase phase,
+ IFunctionParam *functionParam = 0)
+ : m_widgetHandle(widgetHandle)
+ , m_phase(phase)
+ , m_functionParam(functionParam)
+ , m_appType(APP_TYPE_UNKNOWN)
+ {}
+
+ WidgetHandle getWidgetHandle() const
+ {
+ return m_widgetHandle;
+ }
+
+ WidgetExecutionPhase getExecutionPhase() const
+ {
+ return m_phase;
+ }
+
+ IFunctionParam *getFunctionParam() const
+ {
+ return m_functionParam;
+ }
+
+ void addDeviceCapability(const std::string& device)
+ {
+ m_devcapSet.insert(device);
+ }
+
+ DeviceCapabilitySet getDeviceCapabilitySet() const
+ {
+ return m_devcapSet;
+ }
+
+ void setAppType(ApplicationType appType)
+ {
+ m_appType = appType;
+ }
+
+ ApplicationType getAppType() const
+ {
+ return m_appType;
+ }
+
+ private:
+ WidgetHandle m_widgetHandle;
+ WidgetExecutionPhase m_phase;
+ //! \brief list of function param (only for intercept)
+ IFunctionParam *m_functionParam;
+ //! \brief Set of defice capabilities
+ DeviceCapabilitySet m_devcapSet;
+ ApplicationType m_appType;
+};
+
+typedef std::vector <Request> Requests;
+
+#endif //_REQUEST_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : Rule.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#if !defined(_RULE_H)
+#define _RULE_H
+
+#include "Attribute.h"
+#include "Effect.h"
+#include "Condition.h"
+#include <dpl/assert.h>
+
+class Rule : public AbstractTreeElement
+{
+ public:
+
+ ExtendedEffect evaluateRule(const AttributeSet * attrSet) const;
+
+ Rule()
+ : effect(Inapplicable)
+ {
+ //TODO we should set it to deny or smth, not inapplicable
+ }
+
+ void setEffect(ExtendedEffect effect)
+ {
+ //We should not allow to set "Inapplicable" effect.
+ //Rules cannot have effect that is inapplicable, evaluation of the rules may however
+ //render the effect inapplicable.
+ Assert(effect.getEffect() != Inapplicable);
+ this->effect = effect;
+ }
+ void setCondition(Condition condition)
+ {
+ this->condition = condition;
+ }
+ void getAttributes(AttributeSet * attrSet)
+ {
+ condition.getAttributes(attrSet);
+ }
+
+ //DEBUG methods
+ std::string printEffect(const ExtendedEffect &effect) const;
+ void printData();
+
+ private:
+
+ ExtendedEffect effect;
+ Condition condition;
+};
+
+#endif //_RULE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ *
+ * @file SettingsLogic.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 0.1
+ * @brief Header file for class getting/setting user/global ACE settings
+ */
+
+#ifndef WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_
+#define WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_
+
+#include <set>
+#include <list>
+#include <map>
+#include <string>
+#include <ace-dao-ro/PreferenceTypes.h>
+#include <ace/Request.h>
+#include <ace/PermissionTriple.h>
+#include <ace-dao-rw/AceDAO.h>
+#include <ace-dao-ro/common_dao_types.h>
+
+class SettingsLogic
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, DatabaseError)
+ };
+
+ // global settings
+ static AceDB::PreferenceTypes findGlobalUserSettings(
+ const std::string &resource,
+ WidgetHandle handler);
+
+ static AceDB::PreferenceTypes findGlobalUserSettings(
+ const Request &request);
+
+ // resource settings
+ static AceDB::PreferenceTypes getDevCapSetting(
+ const std::string &request);
+ static void getDevCapSettings(AceDB::PreferenceTypesMap *preferences);
+ static void setDevCapSetting(const std::string &resource,
+ AceDB::PreferenceTypes preference);
+ static void setAllDevCapSettings(
+ const std::list<std::pair<const std::string *,
+ AceDB::PreferenceTypes> > &resourcesList);
+ static void removeDevCapSetting(const std::string &resource);
+ static void updateDevCapSetting(const std::string &resource,
+ AceDB::PreferenceTypes p);
+
+ // user settings
+ static AceDB::PreferenceTypes getWidgetDevCapSetting(
+ const std::string &resource,
+ WidgetHandle handler);
+ static void getWidgetDevCapSettings(PermissionList *permissions);
+ static void setWidgetDevCapSetting(const std::string &resource,
+ WidgetHandle handler,
+ AceDB::PreferenceTypes preference);
+ static void setWidgetDevCapSettings(const PermissionList &tripleList);
+ static void removeWidgetDevCapSetting(const std::string &resource,
+ WidgetHandle handler);
+
+ private:
+ SettingsLogic()
+ {
+ }
+
+};
+
+#endif /* WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+// File: Subject.h
+// Author: notroot
+//
+// Created on June 2, 2009, 8:47 AM
+//
+
+#ifndef _SUBJECT_H
+#define _SUBJECT_H
+
+#include <set>
+#include <list>
+#include <iostream>
+#include <dpl/assert.h>
+#include <dpl/noncopyable.h>
+
+#include "Attribute.h"
+
+class Subject : DPL::Noncopyable
+{
+ std::string subjectId;
+ std::list<Attribute> targetAttributes;
+
+ public:
+ Subject()
+ {}
+
+ const std::list<Attribute>& getTargetAttributes() const;
+
+ void setSubjectId(const std::string & subjectId)
+ {
+ this->subjectId = subjectId;
+ }
+
+ //TODO maybe we should remove that becuase this causes a memory leak right now!! [CR] maybe thats true, maybe whe can remove this fun
+ // KW void setTargetAttributes(std::list<Attribute> * targetAttributes){ this->targetAttributes = targetAttributes; }
+
+ const std::string & getSubjectId() const
+ {
+ return this->subjectId;
+ }
+
+ void addNewAttribute(Attribute & attr)
+ {
+ this->targetAttributes.push_back(attr);
+ }
+
+ //TODO in 1.0 change to true/false/undetermined
+ bool matchSubject(const AttributeSet *attrSet,
+ bool &isUndetermined) const;
+
+ ~Subject()
+ {}
+};
+
+#endif /* _SUBJECT_H */
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _TEST_TIMER_H
+#define _TEST_TIMER_H
+
+#include <time.h>
+
+class TestTimer
+{
+ time_t startt, endt;
+
+ public:
+ void start()
+ {
+ time(&startt);
+ }
+ void stop()
+ {
+ time(&endt);
+ }
+ double getTime()
+ {
+ return difftime(endt, startt);
+ }
+};
+
+#endif //_TEST_TIMER_H
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : TreeNode.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#ifndef _TREE_NODE_H
+#define _TREE_NODE_H
+
+#include <iostream>
+#include <list>
+
+#include <ace/AbstractTreeElement.h>
+
+class TreeNode;
+
+typedef std::list<TreeNode *> ChildrenSet;
+typedef std::list<TreeNode *>::iterator ChildrenIterator;
+typedef std::list<TreeNode *>::const_iterator ChildrenConstIterator;
+
+class TreeNode
+{
+ public:
+ //TODO nazwac pozadnie TYPY - moze jakas konwencja ... ??!!
+ enum TypeID { Policy =0, PolicySet=1, Rule=2};
+
+ const ChildrenSet & getChildrenSet() const
+ {
+ return children;
+ }
+
+ TreeNode * getParent() const
+ {
+ return this->parent;
+ }
+
+ void setParent(TreeNode *parent)
+ {
+ this->parent = parent;
+ }
+
+ TypeID getTypeID() const
+ {
+ return this->typeID;
+ }
+
+ void addChild(TreeNode *child)
+ {
+ child->setParent(this);
+ children.push_back(child);
+ }
+
+ /**
+ * Clone the node
+ */
+ // KW TreeNode * clone() { return new TreeNode(NULL,this->getTypeID(),this->getElement()); }
+
+ TreeNode(TreeNode * parent,
+ TypeID type,
+ AbstractTreeElement * element) :
+ parent(parent),
+ typeID(type),
+ element(element)
+ {
+ }
+
+ AbstractTreeElement * getElement() const
+ {
+ return element;
+ }
+
+ private:
+ virtual ~TreeNode();
+
+ public:
+ /*
+ * It is common that we create a copy of tree structure created out of xml file. However we don't want to
+ * copy abstract elements ( Policies and Rules ) because we need them only for reading. We want to modify the
+ * tree structure though. Therefore we copy TreeNode. When the copy of the original tree is being destroyed method
+ * releaseTheSubtree should be called on "root". It automatically traverse the tree and call TreeNode destructors for
+ * each TreeNode in the tree. It doesn't remove the abstract elements in the tree ( there is always at most one abstract
+ * element instance, when tree is copied it is a shallow copy.
+ * When we want to completely get rid of the the tree and abstract elements we have to call releaseResources on tree root.
+ * We may want to do this for instance when we want to serialize the tree to disc. releaseResource method traverses the tree
+ * and releses the resources, as well as the TreeNode so NO releaseTheSubtree is required any more
+ */
+ void releaseResources();
+
+ /**
+ * Used to delete the copies of tree structure. The original tree structure should be removed with releaseResources method.
+ * ReleaseTheSubtree method doesn't delete the abstract elements, only TreeNodes. It traverses the whole tree, so it should be
+ * called on behalf of root of the tree
+ */
+ // KW void releaseTheSubtree();
+
+ friend std::ostream & operator<<(std::ostream & out,
+ const TreeNode * node);
+ // KW void printSubtree();
+
+ private:
+ // KW TreeNode(const TreeNode& pattern){ (void)pattern; }
+
+ std::list<TreeNode *> children;
+ TreeNode * parent;
+ //TODO standarize ID case
+ TypeID typeID;
+ AbstractTreeElement * element;
+ static int level;
+};
+
+#endif //_TREE_NODE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : UserDecision.h
+// @ Date : 2009-05-22
+// @ Author : Samsung
+//
+//
+
+#ifndef _USERDECISION_H
+#define _USERDECISION_H
+
+#include <ace/Verdict.h>
+#include <ace-dao-ro/ValidityTypes.h>
+
+typedef AceDB::ValidityTypes Validity;
+
+const char * toString(Validity validity);
+
+#endif //_USERDECISION_H
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : Verdict.h
+// @ Date : 2009-05-2
+// @ Author : Samsung
+//
+//
+
+#ifndef _VERDICT_H
+#define _VERDICT_H
+
+#include <string>
+#include <ace-dao-ro/VerdictTypes.h>
+#include <ace-dao-ro/TimedVerdict.h>
+
+typedef AceDB::VerdictTypes Verdict;
+//typedef AceDB::TimedVerdict TimedVerdict;
+
+const char * toString(Verdict verditct);
+
+#endif //_VERDICT_H
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _WRT_INERFACE_4_ACE_EXAMPLE_H_
+#define _WRT_INERFACE_4_ACE_EXAMPLE_H_
+
+#include <list>
+#include <map>
+#include <string>
+
+typedef int WidgetHandle;
+
+class Request;
+
+enum WidgetExecutionPhase
+{
+ WidgetExecutionPhase_Unknown = 0,
+ WidgetExecutionPhase_WidgetInstall = 1 << 0,
+ WidgetExecutionPhase_WidgetInstantiate = 1 << 1,
+ WidgetExecutionPhase_WebkitBind = 1 << 2,
+ WidgetExecutionPhase_Invoke = 1 << 3
+};
+
+struct RequestContext
+{
+ const WidgetHandle Handle;
+ WidgetExecutionPhase Phase;
+
+ RequestContext(WidgetHandle handle,
+ WidgetExecutionPhase phase) :
+ Handle(handle),
+ Phase(phase)
+ {
+ }
+};
+
+// Pair of pointer to attribute name and pointer to list of value for
+// this attribute name
+typedef std::pair< const std::string* const, std::list<std::string>* >
+ATTRIBUTE;
+
+/*
+ * Each function should return 0 as success and positive value as error
+ *
+ * Possible return value:
+ * 0 - succes
+ * 1 - subjectId/resourceId name unknown
+ * 2 - unknown attribute name
+ * 4 - interface error
+ **/
+
+/************** Web Runtime ********************/
+
+class IWebRuntime
+{
+ public:
+
+ /**
+ * gather and set attributes values for specified subjectId
+ * and attribute name
+ * @param subjectId is a name of subject (widget or internet site URI )
+ * @param attributes is a list of pairs(
+ * first: pointer to attribute name
+ * second: list of values for attribute (std::string) -
+ * its a list of string (BONDI requirement), but usually there will
+ * be only one string
+ * */
+ virtual int getAttributesValues(const Request &request,
+ std::list<ATTRIBUTE> *attributes) = 0;
+
+ /*return current sessionId */
+ virtual std::string getSessionId(const Request &request) = 0;
+
+ virtual ~IWebRuntime()
+ {
+ }
+};
+
+/************** Resource Information ********************/
+class IResourceInformation
+{
+ public:
+ /**
+ * gather and set attributes values for specified resourceId
+ * and attribute name
+ * @param resourceId is a name of subject (widget or internet site URI )
+ * @param attributes is a list of pairs(
+ * first: pointer to attribute name
+ * second: list of values for attribute (std::string) -
+ * its a list of string (BONDI requirement), but usually there will
+ * be only one string
+ * */
+ virtual int getAttributesValues(const Request &request,
+ std::list<ATTRIBUTE> *attributes) = 0;
+
+ virtual ~IResourceInformation()
+ {
+ }
+};
+
+/************** Operation System ********************/
+class IOperationSystem
+{
+ public:
+
+ /**
+ * gather and set attributes values for specified attribute name
+ * @param attributes is a list of pairs(
+ * first: pointer to attribute name
+ * second: list of values for attribute (std::string) -
+ * its a list of string (BONDI requirement), but usually
+ * there will be only one string
+ * */
+ virtual int getAttributesValues(const Request &request,
+ std::list<ATTRIBUTE> *attributes) = 0;
+
+ virtual ~IOperationSystem()
+ {
+ }
+};
+
+class IFunctionParam
+{
+ public:
+ virtual int getAttributesValues(const Request &request,
+ std::list<ATTRIBUTE> *attributes) = 0;
+ virtual ~IFunctionParam()
+ {
+ }
+};
+
+#endif //_WRT_INERFACE_4_ACE_EXAMPLE_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+// @ Project : Access Control Engine
+// @ File Name : UserDecision.h
+// @ Date : 2009-05-22
+// @ Author : Samsung
+//
+//
+
+#ifndef _WIDGET_USAGE_H
+#define _WIDGET_USAGE_H
+
+#include <dpl/event/event_support.h>
+
+#include "Request.h"
+#include "AsyncVerdictResultListener.h"
+
+enum UsageValidity
+{
+ USAGE_UNKNOWN,
+ USAGE_ONCE,
+ USAGE_SESSION,
+ USAGE_ALWAYS
+};
+
+enum UsageVerdict
+{
+ USAGE_VERDICT_PERMIT,
+ USAGE_VERDICT_DENY,
+ USAGE_VERDICT_INAPPLICABLE,
+ USAGE_VERDICT_UNDETERMINED,
+ USAGE_VERDICT_UNKNOWN,
+ USAGE_VERDICT_ERROR
+};
+//Forward declaration
+class PolicyEvaluator;
+
+class PolicyEvaluatorData
+{
+ private:
+ Request m_request;
+ UsageValidity m_validity;
+ UsageVerdict m_verdict;
+ AsyncVerdictResultListener *m_listener;
+ public:
+
+ PolicyEvaluatorData(const Request& request,
+ AsyncVerdictResultListener *listener) :
+ m_request(request),
+ m_validity(USAGE_UNKNOWN),
+ m_verdict(USAGE_VERDICT_ERROR),
+ m_listener(listener)
+ {
+ }
+
+ // KW UsageValidity getValidity() const {
+ // KW return m_validity;
+ // KW }
+ // KW
+ // KW UsageVerdict getVerdict() const {
+ // KW return m_verdict;
+ // KW }
+ // KW
+ // KW void setValidity(UsageValidity validity) {
+ // KW this->m_validity = validity;
+ // KW }
+ // KW
+ // KW void setVerdict(UsageVerdict verdict) {
+ // KW this->m_verdict = verdict;
+ // KW }
+
+ const Request& getRequest() const
+ {
+ return m_request;
+ }
+
+ AsyncVerdictResultListener* getListener() const
+ {
+ return m_listener;
+ }
+};
+
+#endif //_USERDECISION_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * This file contain consts for Signing Template and Policy Manager
+ * This values will be used to specified and identified algorithms in xml policy documents.
+ * Its consistent with BONDI 1.0 released requirements
+ *
+ * NOTE: This values should be verified when ACF will be updated to the latest version of BONDI requirements
+ * This values comes from widget digital signature 1.0 - required version of this doc is very important
+ *
+ **/
+
+#ifndef ACF_CONSTS_TYPES_H
+#define ACF_CONSTS_TYPES_H
+
+//Digest Algorithms
+extern const char* DIGEST_ALG_SHA256;
+
+//Canonicalization Algorithms
+extern const char* CANONICAL_ALG_C14N;
+
+//Signature Algorithms
+extern const char* SIGNATURE_ALG_RSA_with_SHA256;
+extern const char* SIGNATURE_ALG_DSA_with_SHA1;
+extern const char* SIGNATURE_ALG_ECDSA_with_SHA256;
+
+#endif
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//
+//
+//
+// @ Project : Access Control Engine
+// @ File Name : parser.h
+// @ Date : 2009-05-06
+// @ Author : Samsung
+//
+//
+
+#ifndef _PARSER_H_
+#define _PARSER_H_
+
+//#include "/usr/include/libxml2/libxml/parser.h"
+#include <string>
+#include <libxml/xmlreader.h>
+#include <libxml/c14n.h>
+#include <libxml/xpath.h>
+#include <libxml/xpathInternals.h>
+
+#include "Policy.h"
+#include "PolicySet.h"
+#include "Request.h"
+#include "Rule.h"
+#include "Attribute.h"
+#include "TreeNode.h"
+#include "Subject.h"
+#include "Condition.h"
+#include "Effect.h"
+
+#define whitespaces " \n\t\r"
+
+enum CanonicalizationAlgorithm
+{
+ C14N,
+ C14NEXCLUSIVE
+};
+
+class Parser
+{
+ private:
+ RuleId ruleId;
+ xmlTextReaderPtr reader;
+
+ TreeNode * root;
+ TreeNode * currentRoot;
+ Subject * currentSubject;
+ Condition * currentCondition;
+ Attribute * currentAttribute;
+ std::string * currentText;
+
+ bool processingSignature;
+ bool canonicalizeOnce;
+
+ void processNode(xmlTextReaderPtr reader);
+
+ //Node Handlers
+ void endNodeHandler(xmlTextReaderPtr reader);
+ void textNodeHandler(xmlTextReaderPtr reader);
+ void startNodeHandler(xmlTextReaderPtr reader);
+
+ //Node names handlers
+ void handleAttr(xmlTextReaderPtr reader);
+ void handleRule(xmlTextReaderPtr reader);
+ void handleSubject();
+ void handleCondition(xmlTextReaderPtr reader);
+ void handleSubjectMatch(xmlTextReaderPtr reader);
+ void handleMatch(xmlTextReaderPtr reader,
+ Attribute::Type);
+ void handlePolicy(xmlTextReaderPtr reader,
+ TreeNode::TypeID type);
+
+ //helpers
+ Policy::CombineAlgorithm convertToCombineAlgorithm(xmlChar*);
+ ExtendedEffect convertToEffect(xmlChar *effect);
+ Attribute::Match convertToMatchFunction(xmlChar * func);
+ void consumeCurrentText();
+ void consumeCurrentAttribute();
+ void consumeSubjectMatch(xmlChar * value = NULL);
+ void consumeCurrentSubject();
+ void consumeCurrentCondition();
+ void trim(std::string *);
+ // KW void canonicalize(const char *, const char *, CanonicalizationAlgorithm canonicalizationAlgorithm);
+ // KW int extractNodeToFile(xmlTextReaderPtr reader, const char * filename);
+
+ static const char *TOKEN_PARAM;
+ public:
+ Parser();
+ ~Parser();
+ TreeNode * parse(const std::string& filename, const std::string& schema);
+};
+
+#endif //_PARSER_H
--- /dev/null
+SQL(
+ PRAGMA foreign_keys = ON;
+ BEGIN TRANSACTION;
+)
+
+CREATE_TABLE(AcePolicyResult)
+ COLUMN_NOT_NULL(decision, INTEGER, check(decision between 0 and 6))
+ COLUMN_NOT_NULL(hash, TEXT,)
+ COLUMN_NOT_NULL(rule_id, INTEGER)
+ TABLE_CONSTRAINTS(
+ PRIMARY KEY(hash)
+ )
+CREATE_TABLE_END()
+
+CREATE_TABLE(AcePromptDecision)
+ COLUMN_NOT_NULL(app_id, INTEGER,)
+ COLUMN_NOT_NULL(decision, INTEGER, check(decision between 0 and 5))
+ COLUMN(session, TEXT,)
+ COLUMN_NOT_NULL(rule_id, INTEGER,)
+ TABLE_CONSTRAINTS(
+ PRIMARY KEY(app_id,rule_id)
+ )
+CREATE_TABLE_END()
+
+CREATE_TABLE(AceAttribute)
+ COLUMN_NOT_NULL(attr_id, INTEGER, primary key autoincrement)
+ COLUMN_NOT_NULL(name, TEXT,)
+ COLUMN_NOT_NULL(type, INTEGER, check(type between 0 and 4))
+
+ TABLE_CONSTRAINTS(unique(name,type))
+CREATE_TABLE_END()
+
+CREATE_TABLE(AceSubject)
+ COLUMN_NOT_NULL(subject_id, INTEGER, primary key autoincrement)
+ COLUMN_NOT_NULL(id_uri, TEXT, unique)
+CREATE_TABLE_END()
+
+CREATE_TABLE(AceDevCap)
+ COLUMN_NOT_NULL(resource_id, INTEGER, primary key autoincrement)
+ COLUMN_NOT_NULL(id_uri, TEXT, unique)
+ COLUMN_NOT_NULL(general_setting,INTEGER, check(general_setting between -1 and 4))
+CREATE_TABLE_END()
+
+CREATE_TABLE(AceWidgetDevCapSetting)
+ COLUMN_NOT_NULL(app_id, INTEGER, not null)
+ COLUMN_NOT_NULL(resource_id, INTEGER, references AceDevCap(resource_id))
+ COLUMN_NOT_NULL(access_value, INTEGER, check(access_value between -1 and 4))
+
+ TABLE_CONSTRAINTS(unique(app_id,resource_id))
+CREATE_TABLE_END()
+
+CREATE_TABLE(AceRequestedDevCaps)
+ COLUMN_NOT_NULL(app_id, INTEGER, not null)
+ COLUMN_NOT_NULL(grant_smack, INTEGER, not null)
+ COLUMN_NOT_NULL(dev_cap, TEXT,)
+
+ TABLE_CONSTRAINTS(unique(app_id,dev_cap))
+CREATE_TABLE_END()
+
+CREATE_TABLE(AceAcceptedFeature)
+ COLUMN_NOT_NULL(app_id, INTEGER, not null)
+ COLUMN_NOT_NULL(feature, TEXT, not null)
+
+ TABLE_CONSTRAINTS(unique(app_id,feature))
+CREATE_TABLE_END()
+
+CREATE_TABLE(WidgetInfo)
+ COLUMN_NOT_NULL(app_id, INTEGER, PRIMARY KEY)
+ COLUMN(widget_type, INT, DEFAULT 1)
+ COLUMN(widget_id, VARCHAR(256), DEFAULT '')
+ COLUMN(widget_version, VARCHAR(256), DEFAULT '')
+ COLUMN(author_name, VARCHAR(256), DEFAULT '')
+ COLUMN(share_href, VARCHAR(256), DEFAULT '')
+CREATE_TABLE_END()
+
+CREATE_TABLE(WidgetCertificateFingerprint)
+ COLUMN_NOT_NULL(app_id, INT,)
+ COLUMN_NOT_NULL(owner, INT,)
+ COLUMN_NOT_NULL(chainid, INT,)
+ COLUMN_NOT_NULL(type, INT,)
+ COLUMN(md5_fingerprint, VARCHAR(64),)
+ COLUMN(sha1_fingerprint, VARCHAR(64),)
+ COLUMN(common_name, VARCHAR(64),)
+ TABLE_CONSTRAINTS(
+ PRIMARY KEY (app_id, chainid, owner, type)
+ FOREIGN KEY (app_id) REFERENCES WidgetInfo (app_id) ON DELETE CASCADE
+ )
+CREATE_TABLE_END()
+
+SQL(
+ COMMIT;
+)
--- /dev/null
+DATABASE_START(ace)
+
+#include "ace_db"
+#include "version_db"
+
+DATABASE_END()
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file wrt_db_sql_generator.h
+ * @author Bartosz Janiak (b.janiak@samsung.com)
+ * @version 1.0
+ * @brief Macro definitions for generating the SQL input file from database definition.
+ */
+
+//Do not include this file directly! It is used only for SQL code generation.
+
+#include <dpl/db/orm_macros.h>
+
+#include "ace_db_definitions"
--- /dev/null
+#!/bin/sh
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+CHECKSUM=`cat ${2} ${3} 2>/dev/null | md5sum 2>/dev/null | cut -d\ -f1 2>/dev/null`
+echo "#define DB_CHECKSUM DB_VERSION_${CHECKSUM}" > ${1}
+echo "#define DB_CHECKSUM_STR \"DB_VERSION_${CHECKSUM}\"" >> ${1}
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ORM_GENERATOR_ACE_H
+#define ORM_GENERATOR_ACE_H
+
+#define ORM_GENERATOR_DATABASE_NAME ace_db_definitions
+#include <dpl/db/orm_generator.h>
+#undef ORM_GENERATOR_DATABASE_NAME
+
+#endif
--- /dev/null
+SQL(
+ BEGIN TRANSACTION;
+ CREATE TABLE DB_CHECKSUM (version INT);
+ COMMIT;
+)
--- /dev/null
+ADD_SUBDIRECTORY(src)
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file ace_client.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file contains definitions of AceThinClient API
+ */
+#ifndef WRT_ACE_CLIENT_H
+#define WRT_ACE_CLIENT_H
+
+#include <dpl/noncopyable.h>
+#include <dpl/singleton.h>
+#include <dpl/exception.h>
+#include <ace-client/ace_client_types.h>
+
+class WebRuntimeImpl;
+class ResourceInformationImpl;
+class OperationSystemImpl;
+
+namespace AceClient {
+
+class AceThinClientImpl;
+
+class AceThinClient : private DPL::Noncopyable {
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, AceThinClientException)
+ };
+
+ bool checkFunctionCall(const AceRequest& ace_request) const;
+ AcePreference getWidgetResourcePreference(
+ const AceResource& resource,
+ const AceWidgetHandle& handle) const;
+ AceResourcesPreferences* getGlobalResourcesPreferences() const;
+ bool isInitialized() const;
+
+ private:
+ AceThinClient();
+ virtual ~AceThinClient();
+
+ AceThinClientImpl* m_impl;
+ friend class DPL::Singleton<AceThinClient>;
+ WebRuntimeImpl* m_wrt;
+ ResourceInformationImpl* m_res;
+ OperationSystemImpl* m_sys;
+};
+
+typedef DPL::Singleton<AceThinClient> AceThinClientSingleton;
+
+} // namespace AceClient
+
+#endif // WRT_ACE_CLIENT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file ace_client_helper.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file contains definitions of AceClient helper types and
+ * functions.
+ */
+#ifndef WRT_ACE_CLIENT_HELPER_H
+#define WRT_ACE_CLIENT_HELPER_H
+
+#include <string>
+#include <vector>
+#include <dpl/foreach.h>
+
+#include <ace-dao-ro/IRequest.h>
+#include <ace-dao-ro/PreferenceTypes.h>
+
+#include "ace_client_types.h"
+
+namespace AceClient {
+
+AcePreference toAcePreference(AceDB::PreferenceTypes preference)
+{
+ switch (preference) {
+ case AceDB::PreferenceTypes::PREFERENCE_PERMIT: {
+ return PREFERENCE_PERMIT; }
+ case AceDB::PreferenceTypes::PREFERENCE_DENY: {
+ return PREFERENCE_DENY; }
+ case AceDB::PreferenceTypes::PREFERENCE_DEFAULT: {
+ return PREFERENCE_DEFAULT; }
+ case AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT: {
+ return PREFERENCE_BLANKET_PROMPT; }
+ case AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT: {
+ return PREFERENCE_SESSION_PROMPT; }
+ case AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: {
+ return PREFERENCE_ONE_SHOT_PROMPT; }
+ }
+ return PREFERENCE_DEFAULT;
+}
+
+typedef std::vector<std::string> AceParamKeys;
+typedef std::vector<std::string> AceParamValues;
+
+class AceFunctionParam
+{
+ public:
+ virtual ~AceFunctionParam()
+ {
+ }
+
+ void addAttribute(const std::string& key,
+ const std::string& value)
+ {
+ m_paramMap.insert(std::make_pair(key, value));
+ }
+
+ AceParamKeys getKeys() const
+ {
+ AceParamKeys out;
+ FOREACH (it, m_paramMap) {
+ out.push_back(it->first);
+ }
+ return out;
+ }
+
+ AceParamValues getValues() const
+ {
+ AceParamValues out;
+ FOREACH (it, m_paramMap) {
+ out.push_back(it->second);
+ }
+ return out;
+ }
+
+ static std::string aceFunctionParamToken;
+
+ private:
+ typedef std::multimap<std::string, std::string> ParamMap;
+ ParamMap m_paramMap;
+};
+
+typedef std::vector <AceFunctionParam> AceFunctionParams;
+
+class AceBasicRequest : public AceDB::IRequest {
+ public:
+ AceBasicRequest(const AceSubject& subject,
+ const AceResource& resource) :
+ m_subject(subject),
+ m_resource(resource)
+ {
+ }
+
+ AceBasicRequest(const AceSubject& subject,
+ const AceResource& resource,
+ const AceFunctionParam& param) :
+ m_subject(subject),
+ m_resource(resource),
+ m_param(param)
+ {
+ }
+ virtual const std::string& getSubjectId() const
+ {
+ return m_subject;
+ }
+ virtual const std::string& getResourceId() const
+ {
+ return m_resource;
+ }
+ virtual const AceFunctionParam& getFunctionParam() const
+ {
+ return m_param;
+ }
+
+ private:
+ AceSubject m_subject;
+ AceResource m_resource;
+ AceFunctionParam m_param;
+};
+
+typedef std::vector <AceBasicRequest> AceBasicRequests;
+
+} // namespace AceClient
+
+#endif // WRT_ACE_CLIENT_HELPER_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file ace_client_types.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file contains definitions of AceClient types
+ */
+#ifndef WRT_ACE_CLIENT_TYPES_H
+#define WRT_ACE_CLIENT_TYPES_H
+
+#include <string>
+#include <utility>
+#include <map>
+
+namespace AceClient {
+
+typedef int AceWidgetHandle;
+typedef void* AceJobWidgetInstallId;
+
+typedef std::string AceResource;
+typedef std::string AceSubject;
+typedef std::string AceSessionId;
+
+enum AcePreference
+{
+ PREFERENCE_PERMIT,
+ PREFERENCE_DENY,
+ PREFERENCE_DEFAULT,
+ PREFERENCE_BLANKET_PROMPT,
+ PREFERENCE_SESSION_PROMPT,
+ PREFERENCE_ONE_SHOT_PROMPT
+};
+
+typedef std::map<std::string, AcePreference> AceResourcesPreferences;
+typedef std::pair<std::string, AcePreference> AceResurcePreference;
+
+struct AceParam
+{
+ const char *name;
+ const char *value;
+
+ AceParam():
+ name(NULL), value(NULL)
+ {}
+
+ AceParam(const char *name, const char *value):
+ name(name), value(value)
+ {}
+};
+
+struct AceParamList
+{
+ size_t count;
+ AceParam* param;
+ AceParamList():
+ count(0),
+ param(NULL)
+ {}
+};
+
+struct AceDeviceCap
+{
+ size_t devcapsCount;
+ const char** devCapNames;
+ size_t paramsCount;
+ AceParamList* params;
+ AceDeviceCap():
+ devcapsCount(0),
+ devCapNames(NULL),
+ paramsCount(0),
+ params(NULL)
+ {}
+};
+
+struct AceApiFeatures
+{
+ size_t count;
+ const char** apiFeature;
+ AceApiFeatures():
+ count(0),
+ apiFeature(NULL)
+ {}
+};
+
+struct AceRequest
+{
+ AceSessionId sessionId;
+ AceWidgetHandle widgetHandle;
+ AceApiFeatures apiFeatures;
+ const char* functionName;
+ AceDeviceCap deviceCapabilities;
+ AceRequest():
+ widgetHandle(0),
+ apiFeatures(),
+ functionName(NULL),
+ deviceCapabilities()
+ {}
+};
+
+} // namespace AceClient
+
+#endif // WRT_ACE_CLIENT_TYPES_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_api_client.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This is C api for Access Control Engine (ACE), client mode
+ * (RO part).
+ */
+
+#ifndef ACE_API_CLIENT_H
+#define ACE_API_CLIENT_H
+
+#include <ace_api_common.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * API defined in this header should be used only from one thread. If used
+ * otherwise, unexpected behaviour may occur, including segmentation faults and
+ * escalation of global warming. Be warned.
+ */
+
+// --------------- Initialization and deinitialization -------------------------
+
+/*
+ * Function type that must be implemented externally and passed to ACE
+ * on initialization. This function must show to the user a popup with
+ * information on access request to single device capability. Will be used by
+ * implementation of ace_check_access API, when policy requires to display
+ * popup.
+ *
+ * Function must be synchronous and must behave accordingly:
+ *
+ * Function may return value other than ACE_OK, but it will be treated as
+ * denial of access.
+ *
+ * If returned value is ACE_OK, then 'validation_result' must hold information
+ * on whether the access was granted or not.
+ *
+ * Executed function must display a popup with readable information presented to
+ * user, covering 'resource_name' that is to be accessed for 'handle' widget
+ * which is requesting the access.
+ *
+ * In its implementation, after the user answered to displayed question,
+ * UI handler must call popup answer validation API (ace_validate_answer)
+ * from separate, ace-popup-validation library, with passed 'param_list',
+ * 'session_id', 'handle' and given answer as arguments. Validation result
+ * returned by ace_validate_answer needs to be returned in 'validation_result'
+ * parameter of UI handler.
+ *
+ * 'popup_type' describes what kind of options should be given to user - i.e.
+ * ONESHOT prompt only gives possibility to answer Permit/Deny and returned
+ * validity for this prompt must be ONCE. PER_SESSION prompt allows to return
+ * validity ONCE or PER_SESSION. BLANKET prompt allows to return any validity,
+ * as defined in ace_validity_t.
+ *
+ * This call must be made from properly SMACK labelled, safe process - otherwise
+ * the validation will not occur in security daemon and caller will not be
+ * granted access to requested device capability.
+ */
+typedef ace_return_t (*ace_popup_handler_func_t)(
+ ace_popup_t popup_type,
+ const ace_resource_t resource_name,
+ const ace_session_id_t session_id,
+ const ace_param_list_t* param_list,
+ ace_widget_handle_t handle,
+ ace_bool_t* validation_result);
+
+/*
+ * Initializes ACE for check access API (client mode). Must be called only once.
+ * Keep in mind that initializing ACE in client mode disallows usage of API
+ * defined in ace_api.h and ace_api_settings.h (RW part).
+ *
+ * 'handler' must not be NULL, see definition of ace_popup_handler_func_t for
+ * more information.
+ *
+ * Returns error or ACE_OK.
+ */
+ace_return_t ace_client_initialize(ace_popup_handler_func_t handler);
+
+/*
+ * Deinitializes ACE client for check access API. Can be called only once.
+ */
+ace_return_t ace_client_shutdown(void);
+
+// --------------- Check Access API --------------------------------------------
+
+/*
+ * Does ACE check with set of device capabilities and function parameters.
+ * Checks cache first, if it is non-existent, does full ACE check.
+ *
+ * Returns error or ACE_OK and information if access was allowed or not
+ * (value ACE_TRUE or ACE_FALSE is in 'access' argument, only if returned value
+ * is ACE_OK - otherwise, 'access' value is undefined)
+ */
+ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // ACE_API_CLIENT_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_popup_handler.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief Private header for access to UI handling function.
+ * (RO part).
+ */
+
+#ifndef ACE_POPUP_HANDLER_H
+#define ACE_POPUP_HANDLER_H
+
+#include <ace_api_client.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern ace_popup_handler_func_t popup_func;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // ACE_POPUP_HANDLER_H
--- /dev/null
+include(FindPkgConfig)
+
+PKG_CHECK_MODULES(ACE_CLIENT_DEPS
+ dpl-efl
+ dpl-event-efl
+ dpl-dbus-efl
+ REQUIRED
+ )
+
+SET(ACE_CLIENT_DIR
+ ${PROJECT_SOURCE_DIR}/ace_client
+ )
+
+SET(ACE_CLIENT_SRC_DIR
+ ${ACE_CLIENT_DIR}/src
+ )
+
+SET(ACE_CLIENT_INCLUDE_DIR
+ ${ACE_CLIENT_DIR}/include
+ )
+
+SET(ACE_CLIENT_SOURCES
+ ${COMMUNICATION_CLIENT_SOURCES}
+ ${ACE_CLIENT_SRC_DIR}/ace_client.cpp
+ ${ACE_CLIENT_SRC_DIR}/ace_api_client.cpp
+ ${PROJECT_SOURCE_DIR}/src/services/ace/logic/attribute_facade.cpp
+ ${PROJECT_SOURCE_DIR}/src/services/ace/logic/simple_roaming_agent.cpp
+ )
+
+SET(ACE_CLIENT_INCLUDES
+ ${COMMUNICATION_CLIENT_INCLUDES}
+ ${ACE_CLIENT_DEPS_INCLUDE_DIRS}
+ ${ACE_CLIENT_INCLUDE_DIR}
+ ${PROJECT_SOURCE_DIR}/ace_common/include
+ ${PROJECT_SOURCE_DIR}/src/services/ace
+ ${PROJECT_SOURCE_DIR}/src/services/ace/
+ ${PROJECT_SOURCE_DIR}/src/services/ace/logic
+ ${PROJECT_SOURCE_DIR}/src/services/popup
+ ${PROJECT_SOURCE_DIR}/popup_process
+ ${PROJECT_SOURCE_DIR}/ace/include
+ )
+
+ADD_DEFINITIONS(${ACE_CLIENT_DEPS_CFLAGS})
+ADD_DEFINITIONS(${ACE_CLIENT_CFLAGS_OTHER})
+
+INCLUDE_DIRECTORIES(${ACE_CLIENT_INCLUDES})
+
+ADD_LIBRARY(${TARGET_ACE_CLIENT_LIB} SHARED ${ACE_CLIENT_SOURCES})
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_CLIENT_LIB} PROPERTIES
+ SOVERSION ${API_VERSION}
+ VERSION ${VERSION})
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_CLIENT_LIB} PROPERTIES
+ COMPILE_FLAGS -fPIC)
+
+TARGET_LINK_LIBRARIES(${TARGET_ACE_CLIENT_LIB}
+ ${ACE_CLIENT_DEPS_LIBRARIES}
+ ${TARGET_ACE_DAO_RO_LIB}
+ ${TARGET_ACE_LIB}
+ )
+
+INSTALL(TARGETS ${TARGET_ACE_CLIENT_LIB}
+ DESTINATION lib)
+
+INSTALL(FILES
+# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client.h
+# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client_types.h
+ ${ACE_CLIENT_INCLUDE_DIR}/ace_api_client.h
+ DESTINATION include/ace-client
+ )
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file ace_api_client.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file contains implementation of ACE client API
+ */
+
+#include <dpl/log/log.h>
+#include <ace_popup_handler.h>
+#include "ace_api_client.h"
+#include "ace-client/ace_client.h"
+
+#include <string>
+#include <vector>
+#include <dpl/dbus/dbus_client.h>
+#include "popup_response_server_api.h"
+#include "security_daemon_dbus_config.h"
+//#include "PromptModel.h"
+
+ace_return_t ace_client_initialize(ace_popup_handler_func_t handler)
+{
+ if (!AceClient::AceThinClientSingleton::Instance().isInitialized()) {
+ return ACE_INTERNAL_ERROR;
+ }
+ popup_func = handler;
+ // Changed order of checks to make API run with old popup implementation
+ // instead of always needing the popup handler to be implemented.
+ if (NULL == handler) {
+ LogError("NULL argument(s) passed");
+ return ACE_INVALID_ARGUMENTS;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_client_shutdown(void)
+{
+ popup_func = NULL;
+ return ACE_OK;
+}
+
+ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access)
+{
+ if (NULL == request || NULL == access) {
+ LogError("NULL argument(s) passed");
+ return ACE_INVALID_ARGUMENTS;
+ }
+
+ AceClient::AceRequest aceRequest;
+ aceRequest.sessionId = request->session_id;
+ aceRequest.widgetHandle = request->widget_handle;
+
+ aceRequest.apiFeatures.count = request->feature_list.count;
+ aceRequest.apiFeatures.apiFeature =
+ const_cast<const char**>(request->feature_list.items);
+ aceRequest.functionName = NULL; // TODO will be removed
+ aceRequest.deviceCapabilities.devcapsCount = request->dev_cap_list.count;
+ aceRequest.deviceCapabilities.paramsCount = request->dev_cap_list.count;
+
+ char** devCapNames = new char*[request->dev_cap_list.count];
+ AceClient::AceParamList* paramList =
+ new AceClient::AceParamList[request->dev_cap_list.count];
+
+ unsigned int i;
+ for (i = 0; i < request->dev_cap_list.count; ++i) {
+ devCapNames[i] = request->dev_cap_list.items[i].name;
+ paramList[i].count = request->dev_cap_list.items[i].param_list.count;
+
+ paramList[i].param = new AceClient::AceParam[
+ request->dev_cap_list.items[i].param_list.count];
+
+ unsigned int j;
+ for (j = 0; j < request->dev_cap_list.items[i].param_list.count; ++j) {
+ paramList[i].param[j].name =
+ request->dev_cap_list.items[i].param_list.items[j].name;
+ paramList[i].param[j].value =
+ request->dev_cap_list.items[i].param_list.items[j].value;
+
+ }
+ }
+
+ aceRequest.deviceCapabilities.devCapNames =
+ const_cast<const char**>(devCapNames);
+ aceRequest.deviceCapabilities.params = paramList;
+
+ bool ret = false;
+
+ Try {
+ ret = AceClient::AceThinClientSingleton::
+ Instance().checkFunctionCall(aceRequest);
+ *access = ret ? ACE_TRUE : ACE_FALSE;
+ } Catch (AceClient::AceThinClient::Exception::AceThinClientException) {
+ LogError("Ace client exception");
+ delete [] devCapNames;
+ for (i = 0; i < request->dev_cap_list.count; ++i) {
+ delete [] paramList[i].param;
+ }
+ delete [] paramList;
+ return ACE_INTERNAL_ERROR;
+ }
+
+ delete [] devCapNames;
+ for (i = 0; i < request->dev_cap_list.count; ++i) {
+ delete [] paramList[i].param;
+ }
+ delete [] paramList;
+ return ACE_OK;
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file ace_client.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file contains implementation of AceThinClient class
+ */
+
+#include <memory>
+#include <set>
+#include <map>
+
+#include <dpl/optional.h>
+#include <dpl/string.h>
+#include <dpl/optional_typedefs.h>
+#include <dpl/log/log.h>
+#include <dpl/singleton_safe_impl.h>
+#include <ace-dao-ro/PromptModel.h>
+
+#include <ace_popup_handler.h>
+
+#include "ace_server_api.h"
+#include "popup_response_server_api.h"
+#include "ace-client/ace_client.h"
+#include "ace-client/ace_client_helper.h"
+#include <attribute_facade.h>
+#include <ace/Request.h>
+
+// ACE tests need to use mock implementations
+#ifdef ACE_CLIENT_TESTS
+
+#include "AceDAOReadOnly_mock.h"
+#include "communication_client_mock.h"
+#include "PolicyInformationPoint_mock.h"
+
+#else
+
+#include <ace-dao-ro/AceDAOReadOnly.h>
+#include "SecurityCommunicationClient.h"
+#include <ace/PolicyInformationPoint.h>
+
+#endif // ACE_CLIENT_TESTS
+
+IMPLEMENT_SAFE_SINGLETON(AceClient::AceThinClient)
+
+ace_popup_handler_func_t popup_func = NULL;
+
+namespace AceClient {
+
+namespace {
+// These devcaps actually are not requested in config file, so should be treaded
+// as if were requested (access tags/WARP will block request if desired)
+const std::string DEVCAP_EXTERNAL_NETWORK_ACCESS = "externalNetworkAccess";
+const std::string DEVCAP_XML_HTTP_REQUEST = "XMLHttpRequest";
+} // anonymous
+
+
+std::string AceFunctionParam::aceFunctionParamToken = "param:function";
+
+// popup cache result
+
+enum class AceCachedPromptResult {
+ PERMIT,
+ DENY,
+ ASK_POPUP
+};
+
+// AceThinClient implementation singleton
+class AceThinClientImpl {
+ public:
+ bool checkFunctionCall(const AceRequest& ace_request);
+ AcePreference getWidgetResourcePreference(
+ const AceResource& resource,
+ const AceWidgetHandle& handle) const;
+ AceResourcesPreferences* getGlobalResourcesPreferences() const;
+ bool isInitialized() const;
+
+ AceThinClientImpl();
+ ~AceThinClientImpl();
+
+ protected:
+ bool containsNetworkDevCap(const AceRequest &ace_request);
+ bool checkFeatureList(const AceRequest& ace_request);
+ private:
+ WebRuntimeImpl* m_wrt;
+ ResourceInformationImpl* m_res;
+ OperationSystemImpl* m_sys;
+ WrtSecurity::Communication::Client *m_communicationClient, *m_popupValidationClient;
+
+ AceSubject getSubjectForHandle(AceWidgetHandle handle) const;
+ AceCachedPromptResult getCachedPromptResult(
+ WidgetHandle widgetHandle,
+ int ruleId,
+ const AceSessionId& sessionId) const;
+ bool askUser(PolicyEffect popupType,
+ const AceRequest& ace_request,
+ const AceBasicRequest& request);
+ // Prompt validation
+ bool validatePopupResponse(
+ const AceRequest& ace_request,
+ const AceBasicRequest& request,
+ bool answer = true,
+ Prompt::Validity validity = Prompt::Validity::ALWAYS);
+ mutable PolicyInformationPoint m_pip;
+ DPL::Optional<std::set<DPL::String>> m_grantedDevCaps;
+ std::set<std::string> m_acceptedFeatures;
+};
+
+AceThinClientImpl::AceThinClientImpl()
+ : m_communicationClient(NULL),
+ m_popupValidationClient(NULL),
+ m_wrt(new WebRuntimeImpl()),
+ m_res(new ResourceInformationImpl()),
+ m_sys(new OperationSystemImpl()),
+ m_pip(m_wrt, m_res, m_sys)
+{
+ AceDB::AceDAOReadOnly::attachToThreadRO();
+ Try {
+ m_communicationClient = new WrtSecurity::Communication::Client(WrtSecurity::AceServerApi::INTERFACE_NAME());
+ m_popupValidationClient = new WrtSecurity::Communication::Client(WrtSecurity::PopupServerApi::INTERFACE_NAME());
+ } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
+ if(m_communicationClient) delete m_communicationClient;
+ if(m_popupValidationClient) delete m_popupValidationClient;
+ delete m_wrt;
+ delete m_res;
+ delete m_sys;
+ ReThrowMsg(AceThinClient::Exception::AceThinClientException,
+ "Failed to call security daemon");
+ }
+}
+
+AceThinClientImpl::~AceThinClientImpl()
+{
+ Assert(NULL != m_communicationClient);
+ Assert(NULL != m_popupValidationClient);
+ delete m_communicationClient;
+ delete m_popupValidationClient;
+ delete m_wrt;
+ delete m_res;
+ delete m_sys;
+ m_communicationClient = NULL;
+ m_popupValidationClient = NULL;
+ AceDB::AceDAOReadOnly::detachFromThread();
+
+}
+
+bool AceThinClientImpl::isInitialized() const
+{
+ return NULL != m_communicationClient && NULL != m_popupValidationClient;
+}
+
+bool AceThinClientImpl::containsNetworkDevCap(const AceRequest &ace_request)
+{
+ AceDeviceCap deviceCap = ace_request.deviceCapabilities;
+ for (size_t j=0; j<deviceCap.devcapsCount; ++j) {
+ if (!deviceCap.devCapNames[j]) {
+ continue;
+ }
+ if (DEVCAP_XML_HTTP_REQUEST == deviceCap.devCapNames[j]
+ || DEVCAP_EXTERNAL_NETWORK_ACCESS == deviceCap.devCapNames[j])
+ {
+ return true;
+ }
+ }
+ return false;
+}
+
+bool AceThinClientImpl::checkFeatureList(const AceRequest& ace_request)
+{
+ for (size_t i=0; i<ace_request.apiFeatures.count; ++i) {
+ Assert(ace_request.apiFeatures.apiFeature[i]);
+ std::string featureName(ace_request.apiFeatures.apiFeature[i]);
+ LogInfo("Api feature: " << featureName);
+ if (0 != m_acceptedFeatures.count(featureName)) {
+ return true;
+ }
+ LogInfo("Api-feature was not requested in widget config: " <<
+ featureName);
+ }
+ return false;
+}
+
+bool AceThinClientImpl::checkFunctionCall(const AceRequest& ace_request)
+{
+ LogInfo("Enter");
+
+ // fill the m_grantedDevCaps, if not yet initialized
+ // TODO: This is not so pretty. AceThinClient is not explicitly
+ // tied to a widget handle, yet we assume it is always used
+ // with the same handle. This will be amended in a future
+ // refactoring (already planned).
+ if (m_grantedDevCaps.IsNull()) {
+ m_grantedDevCaps = std::set<DPL::String>();
+ m_acceptedFeatures.clear();
+
+ AceDB::FeatureNameVector fvector;
+ AceDB::AceDAOReadOnly::getAcceptedFeature(ace_request.widgetHandle, &fvector);
+ for(size_t i=0; i<fvector.size(); ++i) {
+ m_acceptedFeatures.insert(DPL::ToUTF8String(fvector[i]));
+ }
+ }
+
+ AceSubject subject = getSubjectForHandle(ace_request.widgetHandle);
+
+ // Create function params
+ const AceDeviceCap& devcaps = ace_request.deviceCapabilities;
+
+ LogInfo("Checking against config requested api-features.");
+
+ // Network device caps are not connected with api-features.
+ // We must pass empty api-feature when network dev cap is set.
+ if (!containsNetworkDevCap(ace_request) && !checkFeatureList(ace_request)) {
+ return false;
+ }
+
+ AceFunctionParams functionParams(devcaps.devcapsCount);
+ for (size_t i = 0; i < devcaps.devcapsCount; ++i) {
+ AceFunctionParam functionParam;
+ functionParam.addAttribute(AceFunctionParam::aceFunctionParamToken,
+ NULL == ace_request.functionName ?
+ "" : ace_request.functionName);
+ if (devcaps.paramsCount) {
+ Assert(devcaps.params);
+ for (size_t j = 0; j < devcaps.params[i].count; ++j) {
+ Assert(devcaps.params[i].param &&
+ devcaps.params[i].param[j].name &&
+ devcaps.params[i].param[j].value);
+ functionParam.addAttribute(
+ std::string(devcaps.params[i].param[j].name),
+ std::string(devcaps.params[i].param[j].value));
+ }
+ }
+ functionParams.push_back(functionParam);
+ }
+
+ // Convert AceRequest to array of AceBasicRequests
+ AceBasicRequests requests;
+
+ for (size_t i = 0; i < devcaps.devcapsCount; ++i) {
+ // Adding dev cap name here as resource id
+ Assert(devcaps.devCapNames[i]);
+ LogInfo("Device cap: " << devcaps.devCapNames[i]);
+ AceBasicRequest request(subject,
+ devcaps.devCapNames[i],
+ functionParams[i]);
+ requests.push_back(request);
+ }
+
+ // true means access granted, false - denied
+ bool result = true;
+
+ FOREACH(it, requests){
+ // Getting attributes from ACE DAO
+ AceBasicRequest& request = *it;
+ AceDB::BaseAttributeSet attributeSet;
+ AceDB::AceDAOReadOnly::getAttributes(&attributeSet);
+
+ // If true, we need to make popup IPC and ask user for decision
+ bool askPopup = false;
+ // If true, we need to make IPC to security daemon for policy
+ // decision on granting access
+ bool askServer = false;
+ // If askPopup == true, this is the kind of popup to be opened
+ PolicyEffect popupType = PolicyEffect::PROMPT_ONESHOT;
+
+ if (attributeSet.empty()) {
+ // Treat this case as missed cache - ask security daemon
+ LogInfo("Empty attribute set");
+ askServer = true;
+ } else {
+ // Filling attributes with proper values
+ FunctionParamImpl params;
+ AceParamKeys keys = request.getFunctionParam().getKeys();
+ AceParamValues values = request.getFunctionParam().getValues();
+ for (size_t i = 0; i < keys.size(); ++i) {
+ params.addAttribute(keys[i], values[i]);
+ }
+ Request req(ace_request.widgetHandle,
+ WidgetExecutionPhase_Invoke,
+ ¶ms);
+ req.addDeviceCapability(request.getResourceId());
+
+ m_pip.getAttributesValues(&req, &attributeSet);
+
+ // Getting cached policy result
+ OptionalExtendedPolicyResult exPolicyResult =
+ AceDB::AceDAOReadOnly::getPolicyResult(attributeSet);
+
+ if (exPolicyResult.IsNull()) {
+ // Missed cache - ask security daemon
+ LogInfo("Missed policy result cache");
+ askServer = true;
+ } else {
+ // Cached value found - now interpret it
+ LogInfo("Result in cache");
+ OptionalPolicyEffect effect = exPolicyResult->policyResult.getEffect();
+ if (effect.IsNull()) {
+ // PolicyDecision is UNDETERMINED or NOT_APPLICABLE
+ result = false;
+ break;
+ } else if (*effect == PolicyEffect::DENY) {
+ // Access denied
+ result = false;
+ break;
+ } else if (*effect == PolicyEffect::PERMIT) {
+ // Access granted
+ if (m_grantedDevCaps->find(
+ DPL::FromASCIIString(request.getResourceId()))
+ != m_grantedDevCaps->end())
+ {
+ continue;
+ } else
+ askServer = true;
+ } else {
+ // Check for cached popup response
+ LogInfo("Checking cached popup response");
+ AceCachedPromptResult promptCached =
+ getCachedPromptResult(ace_request.widgetHandle,
+ exPolicyResult->ruleId,
+ ace_request.sessionId);
+ if (promptCached == AceCachedPromptResult::PERMIT) {
+ // Granted by previous popup
+ LogDebug("Cache found OK");
+ if (m_grantedDevCaps->find(
+ DPL::FromASCIIString(request.getResourceId()))
+ != m_grantedDevCaps->end())
+ {
+ LogDebug("SMACK given previously");
+ continue;
+ } else {
+ if (*effect != PolicyEffect::PROMPT_BLANKET) {
+ // This should not happen.
+ LogDebug("This should not happen.");
+ result = false;
+ break;
+ }
+ if (!validatePopupResponse(ace_request,
+ request)) {
+ LogDebug("Daemon has not validated response.");
+ result = false;
+ break;
+ } else {
+ // Access granted, move on to next request
+ LogDebug("SMACK granted, all OK");
+ m_grantedDevCaps->insert(
+ DPL::FromASCIIString(
+ request.getResourceId()));
+ continue;
+ }
+ }
+ }
+ if (promptCached == AceCachedPromptResult::DENY) {
+ // Access denied by earlier popup
+ result = false;
+ break;
+ }
+ if (promptCached == AceCachedPromptResult::ASK_POPUP) {
+ askPopup = true;
+ popupType = *effect;
+ }
+ }
+ }
+ }
+
+ if (askServer) {
+ // IPC to security daemon
+ // here we must check if we have a SMACK permission for
+ // the device cap requested
+ LogInfo("Asking security daemon");
+ int serializedPolicyResult = 0;
+ Try {
+ m_communicationClient->call(WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD(),
+ ace_request.widgetHandle,
+ request.getSubjectId(),
+ request.getResourceId(),
+ request.getFunctionParam().getKeys(),
+ request.getFunctionParam().getValues(),
+ ace_request.sessionId,
+ &serializedPolicyResult);
+ } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
+ ReThrowMsg(AceThinClient::Exception::AceThinClientException,
+ "Failed to call security daemon");
+ }
+ PolicyResult policyResult = PolicyResult::
+ deserialize(serializedPolicyResult);
+ OptionalPolicyEffect effect = policyResult.getEffect();
+ if (effect.IsNull()) {
+ // PolicyDecision is UNDETERMINED or NOT_APPLICABLE
+ result = false;
+ break;
+ }
+ if (*effect == PolicyEffect::DENY) {
+ // Access denied
+ result = false;
+ break;
+ }
+ if (*effect == PolicyEffect::PERMIT) {
+ // Access granted, move on to next request
+ m_grantedDevCaps->insert(
+ DPL::FromASCIIString(request.getResourceId()));
+
+ continue;
+ }
+ // Policy says: ask user - setup popup kind
+ popupType = *effect;
+ askPopup = true;
+ }
+
+ if (askPopup) {
+ result = askUser(popupType, ace_request, request);
+ }
+ }
+ LogInfo("Result: " << (result ? "GRANTED" : "DENIED"));
+ return result;
+}
+
+bool AceThinClientImpl::askUser(PolicyEffect popupType,
+ const AceRequest& ace_request,
+ const AceBasicRequest& request)
+{
+ LogInfo("Asking popup");
+ Assert(NULL != popup_func);
+
+ const AceFunctionParam& fParam = request.getFunctionParam();
+ AceParamKeys keys = fParam.getKeys();
+ AceParamValues values = fParam.getValues();
+
+ ace_popup_t ace_popup_type;
+ ace_resource_t resource = const_cast<ace_session_id_t>(
+ request.getResourceId().c_str());
+ ace_session_id_t session = const_cast<ace_session_id_t>(
+ ace_request.sessionId.c_str());;
+ ace_param_list_t parameters;
+ ace_widget_handle_t handle = ace_request.widgetHandle;
+
+ parameters.count = keys.size();
+ parameters.items = new ace_param_t[parameters.count];
+ unsigned int i;
+ for (i = 0; i < parameters.count; ++i) {
+ parameters.items[i].name =
+ const_cast<ace_string_t>(keys[i].c_str());
+ parameters.items[i].value =
+ const_cast<ace_string_t>(values[i].c_str());
+ }
+
+ switch (popupType) {
+ case PolicyEffect::PROMPT_ONESHOT: {
+ ace_popup_type = ACE_ONESHOT;
+ break; }
+ case PolicyEffect::PROMPT_SESSION: {
+ ace_popup_type = ACE_SESSION;
+ break; }
+ case PolicyEffect::PROMPT_BLANKET: {
+ ace_popup_type = ACE_BLANKET;
+ break; }
+ default: {
+ LogError("Unknown popup type passed!");
+ LogError("Maybe effect isn't a popup?");
+ LogError("Effect number is: " << static_cast<int>(popupType));
+ Assert(0); }
+ }
+
+ ace_bool_t answer = ACE_FALSE;
+ ace_return_t ret = popup_func(ace_popup_type,
+ resource,
+ session,
+ ¶meters,
+ handle,
+ &answer);
+
+ delete [] parameters.items;
+
+ if (ACE_OK != ret) {
+ LogError("Error in popup handler");
+ return false;
+ }
+
+ if (ACE_TRUE == answer) {
+ m_grantedDevCaps->insert(
+ DPL::FromASCIIString(request.getResourceId()));
+ return true;
+ }
+
+ return false;
+}
+
+bool AceThinClientImpl::validatePopupResponse(
+ const AceRequest& ace_request,
+ const AceBasicRequest& request,
+ bool answer,
+ Prompt::Validity validity
+ )
+{
+ bool response = false;
+ Try{
+ m_popupValidationClient->call(
+ WrtSecurity::PopupServerApi::VALIDATION_METHOD(),
+ answer,
+ static_cast<int>(validity),
+ ace_request.widgetHandle,
+ request.getSubjectId(),
+ request.getResourceId(),
+ request.getFunctionParam().getKeys(),
+ request.getFunctionParam().getValues(),
+ ace_request.sessionId,
+ &response);
+ } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
+ ReThrowMsg(AceThinClient::Exception::AceThinClientException,
+ "Failed to call security daemon");
+ }
+ return response;
+}
+
+AcePreference AceThinClientImpl::getWidgetResourcePreference (
+ const AceResource& resource,
+ const AceWidgetHandle& handle) const
+{
+ return toAcePreference(
+ AceDB::AceDAOReadOnly::getWidgetDevCapSetting(resource, handle));
+}
+
+AceResourcesPreferences* AceThinClientImpl::getGlobalResourcesPreferences()
+const
+{
+ AceDB::PreferenceTypesMap globalSettingsMap;
+ AceResourcesPreferences* acePreferences = new AceResourcesPreferences();
+ AceDB::AceDAOReadOnly::getDevCapSettings(&globalSettingsMap);
+ FOREACH(it, globalSettingsMap) {
+ acePreferences->insert(
+ AceResurcePreference((*it).first,
+ toAcePreference((*it).second)));
+ }
+ return acePreferences;
+}
+
+AceSubject AceThinClientImpl::getSubjectForHandle(AceWidgetHandle handle) const
+{
+ try
+ {
+ return AceDB::AceDAOReadOnly::getGUID(handle);
+ }
+ catch (AceDB::AceDAOReadOnly::Exception::DatabaseError& /*ex*/)
+ {
+ LogError("Couldn't find GIUD for handle " << handle);
+ return "";
+ }
+}
+
+AceCachedPromptResult AceThinClientImpl::getCachedPromptResult(
+ WidgetHandle widgetHandle,
+ int ruleId,
+ const AceSessionId& sessionId) const
+{
+ OptionalCachedPromptDecision promptDecision =
+ AceDB::AceDAOReadOnly::getPromptDecision(
+ widgetHandle,
+ ruleId);
+ if (promptDecision.IsNull()) {
+ LogDebug("No cache");
+ return AceCachedPromptResult::ASK_POPUP;
+ } else {
+ // These should not be stored in DB!
+ Assert(PromptDecision::ALLOW_THIS_TIME
+ != (*promptDecision).decision);
+ Assert(PromptDecision::DENY_THIS_TIME
+ != (*promptDecision).decision);
+ if ((*promptDecision).decision ==
+ PromptDecision::ALLOW_ALWAYS) {
+ // Access granted via earlier popup
+ LogDebug("ALLOW_ALWAYS");
+ return AceCachedPromptResult::PERMIT;
+ }
+ if ((*promptDecision).decision ==
+ PromptDecision::DENY_ALWAYS) {
+ LogDebug("DENY_ALWAYS");
+ // Access denied via earlier popup
+ return AceCachedPromptResult::DENY;
+ }
+ // Only thing left is per session prompts
+ if ((*promptDecision).session.IsNull()) {
+ LogDebug("NO SESSION");
+ return AceCachedPromptResult::ASK_POPUP;
+ }
+ AceSessionId cachedSessionId = DPL::ToUTF8String(*((*promptDecision).session));
+ if ((*promptDecision).decision ==
+ PromptDecision::ALLOW_FOR_SESSION) {
+ if (cachedSessionId == sessionId) {
+ // Access granted for this session.
+ LogDebug("SESSION OK, PERMIT");
+ return AceCachedPromptResult::PERMIT;
+ } else {
+ LogDebug("SESSION NOT OK, ASKING");
+ return AceCachedPromptResult::ASK_POPUP;
+ }
+ }
+ if ((*promptDecision).decision ==
+ PromptDecision::DENY_FOR_SESSION) {
+ if (cachedSessionId == sessionId) {
+ // Access denied for this session.
+ LogDebug("SESSION OK, DENY");
+ return AceCachedPromptResult::DENY;
+ } else {
+ LogDebug("SESSION NOT OK, ASKING");
+ return AceCachedPromptResult::ASK_POPUP;
+ }
+ }
+ }
+ LogDebug("NO RESULT, ASKING");
+ return AceCachedPromptResult::ASK_POPUP;
+}
+
+// AceThinClient
+
+bool AceThinClient::checkFunctionCall(
+ const AceRequest& ace_request) const
+{
+ return m_impl->checkFunctionCall(ace_request);
+}
+
+AcePreference AceThinClient::getWidgetResourcePreference(
+ const AceResource& resource,
+ const AceWidgetHandle& handle) const
+{
+ return m_impl->getWidgetResourcePreference(
+ resource, handle);
+}
+
+AceResourcesPreferences* AceThinClient::getGlobalResourcesPreferences()
+const
+{
+ return m_impl->getGlobalResourcesPreferences();
+}
+
+AceThinClient::AceThinClient()
+{
+ m_impl = new AceThinClientImpl();
+}
+
+AceThinClient::~AceThinClient()
+{
+ Assert(NULL != m_impl);
+ delete m_impl;
+}
+
+bool AceThinClient::isInitialized() const
+{
+ return NULL != m_impl && m_impl->isInitialized();
+}
+
+
+} // namespace AceClient
--- /dev/null
+cmake_minimum_required(VERSION 2.6)
+project(ace-thin-client-example)
+
+include(FindPkgConfig)
+
+pkg_check_modules(DEPS
+ dpl-efl
+ REQUIRED)
+
+pkg_search_module(wrt-ace-client REQUIRED wrt-ace-client)
+
+set(TARGET_NAME "ace-thin-client-example")
+
+set(SRCS
+ ace-thin-client-example.cpp)
+
+include_directories(${DEPS_INCLUDE_DIRS})
+include_directories(${wrt-ace-client_INCLUDE_DIRS})
+
+add_definitions("-DDPL_LOGS_ENABLED")
+
+add_executable(${TARGET_NAME} ${SRCS})
+
+target_link_libraries(${TARGET_NAME}
+ ${DEPS_LDFLAGS}
+ ${wrt-ace-client_LDFLAGS})
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace-thin-client-example.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief Example usage of ACE thin client.
+ */
+
+#include <ace_client.h>
+
+int main(int argc, char **argv)
+{
+ AceClient::AceThinClient& client =
+ AceClient::AceThinClientSingleton::Instance();
+ client.initialize(); // this fires echo method - see logs
+ client.deinitialize();
+ return 0;
+}
+
--- /dev/null
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/ace_common/include/ace_api_common.h
+ DESTINATION include/ace-common
+ )
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_api_common.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This is header for basic ACE data types and error codes
+ */
+
+#ifndef ACE_API_COMMON_H
+#define ACE_API_COMMON_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// --------------- Boolean type and errors -------------------------------------
+
+/*
+ * Order and values of enum constants are part of API
+ */
+typedef enum
+{
+ ACE_FALSE,
+ ACE_TRUE
+} ace_bool_t;
+
+typedef enum
+{
+ ACE_OK, // Operation succeeded
+ ACE_INVALID_ARGUMENTS, // Invalid input parameters
+ ACE_INTERNAL_ERROR, // ACE internal error
+ ACE_ACE_UNKNOWN_ERROR // Unexpected operation
+} ace_return_t;
+
+// --------------- Basic types -------------------------------------------------
+
+typedef size_t ace_size_t;
+typedef char* ace_string_t; // NULL-terminated string
+typedef int ace_widget_handle_t;
+typedef char* ace_resource_t;
+typedef char* ace_subject_t;
+typedef char* ace_session_id_t;
+typedef void* ace_private_data_t;
+
+// --------------- Access requests ---------------------------------------------
+
+typedef struct
+{
+ ace_size_t count;
+ ace_string_t* items;
+} ace_feature_list_t;
+
+typedef struct
+{
+ ace_string_t name;
+ ace_string_t value;
+} ace_param_t;
+
+typedef struct
+{
+ ace_size_t count;
+ ace_param_t* items;
+} ace_param_list_t;
+
+typedef struct
+{
+ ace_string_t name;
+ ace_param_list_t param_list;
+} ace_dev_cap_t;
+
+typedef struct
+{
+ ace_size_t count;
+ ace_dev_cap_t* items;
+} ace_dev_cap_list_t;
+
+typedef struct
+{
+ ace_session_id_t session_id; // DEPRECATED will be removed
+ ace_widget_handle_t widget_handle; // DEPRECATED will be removed
+ ace_feature_list_t feature_list;
+ ace_dev_cap_list_t dev_cap_list;
+} ace_request_t;
+
+// --------------- Popup data types --------------------------------------------
+
+/*
+ * Popup types that can be requested to be displayed by ACE
+ */
+typedef enum
+{
+ ACE_ONESHOT,
+ ACE_SESSION,
+ ACE_BLANKET
+} ace_popup_t;
+
+/*
+ * Validity of answer that can be returned by ACE popup
+ */
+typedef enum
+{
+ ACE_ONCE,
+ ACE_PER_SESSION,
+ ACE_ALWAYS
+} ace_validity_t;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // ACE_API_COMMON_H
--- /dev/null
+ADD_SUBDIRECTORY(src)
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_api_setup.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This is C api for Access Control Engine (ACE), installer mode
+ * (RW part).
+ *
+ */
+
+#ifndef ACE_API_H
+#define ACE_API_H
+
+#include <ace_api_common.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * API defined in this header should be used only from one thread. If used
+ * otherwise, unexpected behaviour may occur, including segmentation faults and
+ * escalation of global warming. Be warned.
+ */
+
+// --------------- Initialization and policy update ----------------------------
+
+/*
+ * Initializes ACE - connects (RW) to the database. Must be called only once.
+ * Returns ACE_OK or error
+ */
+ace_return_t ace_install_initialize(void);
+
+/*
+ * Deinitializes ACE - deinitialize internal structures, detach DB, etc.
+ * Must be called only once.
+ * Returns ACE_OK or error
+ */
+ace_return_t ace_install_shutdown(void);
+
+/*
+ * Updates policy - parses XML files from known locations (reason for no arguments),
+ * also clears policy and prompt caches.
+ * Returns ACE_OK or error
+ */
+ace_return_t ace_update_policy(void);
+
+// --------------- Requested device capabilities API for installer -------------
+
+typedef struct
+{
+ ace_string_t device_capability;
+ ace_bool_t smack_granted;
+} ace_requested_dev_cap_t;
+
+typedef struct
+{
+ ace_size_t count;
+ ace_requested_dev_cap_t* items;
+} ace_requested_dev_cap_list_t;
+
+/*
+ * Deletes data allocated by ace_get_requested_dev_caps - a helper function
+ */
+ace_return_t ace_free_requested_dev_caps(ace_requested_dev_cap_list_t* caps);
+
+/*
+ * Returns ACE_OK or error; 'caps' will hold device capabilities information.
+ * To free allcated resources in 'caps', use ace_free_requested_dev_caps
+ */
+ace_return_t ace_get_requested_dev_caps(ace_widget_handle_t handle,
+ ace_requested_dev_cap_list_t* caps);
+
+/*
+ * Returns error or ACE_OK
+ */
+ace_return_t ace_set_requested_dev_caps(ace_widget_handle_t handle,
+ const ace_requested_dev_cap_list_t* caps);
+
+// ---------------- Accepted Api featuresk API for installer ----------------
+
+
+ace_return_t ace_set_accepted_feature(ace_widget_handle_t handle,
+ const ace_feature_list_t* flist);
+
+ace_return_t ace_rem_accepted_feature(ace_widget_handle_t handle);
+
+// --------------- Widget data setup for installation --------------------------
+
+typedef enum
+{
+ WAC20 = 0,
+ Tizen
+} ace_widget_type_t;
+
+struct widget_info {
+ ace_widget_type_t type;
+ ace_string_t id;
+ ace_string_t version;
+ ace_string_t author;
+ ace_string_t shareHerf;
+};
+
+typedef enum
+{
+ AUTHOR,
+ DISTRIBUTOR,
+ UNKNOWN
+} ace_cert_owner_t;
+
+typedef enum
+{
+ ROOT,
+ ENDENTITY
+} ace_cert_type_t;
+
+typedef struct certificate_data {
+ ace_cert_owner_t owner;
+ ace_cert_type_t type;
+ int chain_id;
+ ace_string_t md5_fp;
+ ace_string_t sha1_fp;
+ ace_string_t common_name;
+} ace_certificate_data;
+
+/*
+ * Register widget info into database.
+ * @param cert_data NULL terminated list of widget certificates
+ */
+
+ace_return_t ace_register_widget(ace_widget_handle_t handle,
+ struct widget_info* info,
+ ace_certificate_data* cert_data[]);
+
+ace_return_t ace_unregister_widget(ace_widget_handle_t handle);
+
+ace_return_t ace_is_widget_installed(ace_widget_handle_t handle, bool *installed);
+
+/*
+ * Gets widget type in 'type'. Use in installer to determine which policy will be used
+ * by ACE for this widget.
+ * Returns error or ACE_OK
+ */
+ace_return_t ace_get_widget_type(ace_widget_handle_t handle,
+ ace_widget_type_t* type);
+
+// --------------- Installation time policy check ------------------------------
+
+typedef enum
+{
+ ACE_PERMIT,
+ ACE_DENY,
+ ACE_PROMPT,
+ ACE_UNDEFINED
+} ace_policy_result_t;
+
+/*
+ * Gets current policy evaluation for given device capability and given widget.
+ * Returns error or ACE_OK
+ */
+ace_return_t ace_get_policy_result(const ace_resource_t,
+ ace_widget_handle_t handle,
+ ace_policy_result_t* result);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // ACE_API_H
--- /dev/null
+include(FindPkgConfig)
+
+PKG_CHECK_MODULES(ACE_INSTALL_DEPS
+ dpl-efl
+ dpl-dbus-efl
+ REQUIRED
+ )
+
+SET(ACE_INSTALL_DIR
+ ${PROJECT_SOURCE_DIR}/ace_install
+ )
+
+SET(ACE_INSTALL_SRC_DIR
+ ${ACE_INSTALL_DIR}/src
+ )
+
+SET(ACE_INSTALL_INCLUDE_DIR
+ ${ACE_INSTALL_DIR}/include
+ )
+
+SET(ACE_INSTALL_SOURCES
+ ${COMMUNICATION_CLIENT_SOURCES}
+ ${ACE_INSTALL_SRC_DIR}/ace_api_install.cpp
+ )
+
+SET(ACE_INSTALL_INCLUDES
+ ${COMMUNICATION_CLIENT_INCLUDES}
+ ${ACE_INSTALL_DEPS_INCLUDE_DIRS}
+ ${ACE_INSTALL_INCLUDE_DIR}
+ ${PROJECT_SOURCE_DIR}/ace_common/include
+ ${PROJECT_SOURCE_DIR}/ace/include
+ ${PROJECT_SOURCE_DIR}/src/services/ace
+ ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api
+ ${PROJECT_SOURCE_DIR}/src/daemon/dbus
+ )
+
+ADD_DEFINITIONS(${ACE_INSTALL_DEPS_CFLAGS})
+ADD_DEFINITIONS(${ACE_INSTALL_CFLAGS_OTHER})
+
+INCLUDE_DIRECTORIES(${ACE_INSTALL_INCLUDES})
+
+ADD_LIBRARY(${TARGET_ACE_INSTALL_LIB} SHARED ${ACE_INSTALL_SOURCES})
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_INSTALL_LIB} PROPERTIES
+ SOVERSION ${API_VERSION}
+ VERSION ${VERSION})
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_INSTALL_LIB} PROPERTIES
+ COMPILE_FLAGS -fPIC)
+
+TARGET_LINK_LIBRARIES(${TARGET_ACE_INSTALL_LIB}
+ ${ACE_INSTALL_DEPS_LIBRARIES}
+ ${TARGET_ACE_DAO_RW_LIB}
+ )
+
+INSTALL(TARGETS ${TARGET_ACE_INSTALL_LIB}
+ DESTINATION lib)
+
+INSTALL(FILES
+ ${ACE_INSTALL_INCLUDE_DIR}/ace_api_install.h
+ DESTINATION include/ace-install
+ )
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file ace_api_install.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file contains implementation ACE installator API
+ */
+
+#include <string>
+#include <utility>
+#include <string.h>
+#include <dpl/log/log.h>
+#include <dpl/foreach.h>
+#include <dpl/string.h>
+#include "SecurityCommunicationClient.h"
+#include <ace-dao-rw/AceDAO.h>
+#include "ace_server_api.h"
+
+#include "ace_api_install.h"
+
+static WrtSecurity::Communication::Client *communicationClient = NULL;
+
+// helper functions
+
+static AceDB::AppTypes to_db_app_type(ace_widget_type_t widget_type)
+{
+ switch (widget_type) {
+ case WAC20:
+ return AceDB::AppTypes::WAC20;
+ case Tizen:
+ return AceDB::AppTypes::Tizen;
+ default:
+ return AceDB::AppTypes::Unknown;
+ }
+}
+
+static ace_widget_type_t to_ace_widget_type(AceDB::AppTypes app_type)
+{
+ switch (app_type) {
+ case AceDB::AppTypes::WAC20:
+ return WAC20;
+ case AceDB::AppTypes::Tizen:
+ return Tizen;
+ default:
+ LogError("Invalid app type for widget");
+ return WAC20;
+ }
+}
+
+ace_return_t ace_install_initialize(void)
+{
+ if (NULL != communicationClient) {
+ LogError("ace_api_install already initialized");
+ return ACE_INTERNAL_ERROR;
+ }
+ AceDB::AceDAO::attachToThreadRW();
+ Try {
+ communicationClient = new WrtSecurity::Communication::Client(
+ WrtSecurity::AceServerApi::INTERFACE_NAME());
+ } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
+ LogError("Can't connect to daemon");
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_install_shutdown(void)
+{
+ if (NULL == communicationClient) {
+ LogError("ace_api_install not initialized");
+ return ACE_INTERNAL_ERROR;
+ }
+ delete communicationClient;
+ communicationClient = NULL;
+ AceDB::AceDAO::detachFromThread();
+ return ACE_OK;
+}
+
+ace_return_t ace_update_policy(void)
+{
+ Try {
+ communicationClient->call(WrtSecurity::AceServerApi::UPDATE_POLICY_METHOD());
+ } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
+ LogError("Problem with connection to daemon");
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_free_requested_dev_caps(ace_requested_dev_cap_list_t* caps)
+{
+ if (NULL == caps || NULL == caps->items) {
+ LogError("Invalid arguments");
+ return ACE_INVALID_ARGUMENTS;
+ }
+ unsigned int i;
+ for (i = 0; i < caps->count; ++i) {
+ delete [] caps->items[i].device_capability;
+ }
+ delete [] caps->items;
+ return ACE_OK;
+}
+
+ace_return_t ace_get_requested_dev_caps(ace_widget_handle_t handle,
+ ace_requested_dev_cap_list_t* caps)
+{
+ if (NULL == caps) {
+ LogError("Invalid arguments");
+ return ACE_INVALID_ARGUMENTS;
+ }
+ AceDB::RequestedDevCapsMap permissions;
+ Try {
+ AceDB::AceDAO::getRequestedDevCaps(
+ handle, &permissions);
+ } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ caps->items = new ace_requested_dev_cap_t[permissions.size()];
+ caps->count = permissions.size();
+ unsigned int i = 0;
+ FOREACH (it, permissions) {
+ std::string devCapRequested = DPL::ToUTF8String(it->first);
+ caps->items[i].device_capability =
+ new char[strlen(devCapRequested.c_str())+1];
+ strcpy(caps->items[i].device_capability, devCapRequested.c_str());
+ caps->items[i].smack_granted = it->second ? ACE_TRUE : ACE_FALSE;
+ ++i;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_set_requested_dev_caps(
+ ace_widget_handle_t handle,
+ const ace_requested_dev_cap_list_t* caps)
+{
+ if (NULL == caps) {
+ LogError("Invalid arguments");
+ return ACE_INVALID_ARGUMENTS;
+ }
+ AceDB::RequestedDevCapsMap db_permissions;
+ unsigned int i;
+ for (i = 0; i < caps->count; ++i) {
+ std::string devCap = std::string(caps->items[i].device_capability);
+ db_permissions.insert(std::make_pair(DPL::FromUTF8String(devCap),
+ caps->items[i].smack_granted == ACE_TRUE));
+ }
+ Try {
+ AceDB::AceDAO::setRequestedDevCaps(
+ handle, db_permissions);
+ } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_set_accepted_feature(
+ ace_widget_handle_t handle,
+ const ace_feature_list_t *feature)
+{
+ if (NULL == feature) {
+ LogError("Invalid argument");
+ return ACE_INVALID_ARGUMENTS;
+ }
+ AceDB::FeatureNameVector fvector;
+ ace_size_t i;
+ for (i = 0; i < feature->count; ++i) {
+ fvector.push_back(
+ DPL::FromUTF8String(feature->items[i]));
+ }
+ Try {
+ AceDB::AceDAO::setAcceptedFeature(handle, fvector);
+ } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_rem_accepted_feature(
+ ace_widget_handle_t handle)
+{
+ Try {
+ AceDB::AceDAO::removeAcceptedFeature(handle);
+ } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_register_widget(ace_widget_handle_t handle,
+ struct widget_info *info,
+ ace_certificate_data* cert_data[])
+{
+ LogDebug("enter");
+
+ if (NULL == info || AceDB::AceDAOReadOnly::isWidgetInstalled(handle))
+ return ACE_INVALID_ARGUMENTS;
+
+ AceDB::WidgetRegisterInfo wri;
+ wri.type = to_db_app_type(info->type);
+
+ if (info->id)
+ wri.widget_id = DPL::FromUTF8String(info->id);
+ if (info->version)
+ wri.version = DPL::FromUTF8String(info->version);
+ if (info->author)
+ wri.authorName = DPL::FromUTF8String(info->author);
+ if (info->shareHerf)
+ wri.shareHref = DPL::FromUTF8String(info->shareHerf);
+
+ AceDB::WidgetCertificateDataList dataList;
+ if (NULL != cert_data) {
+ AceDB::WidgetCertificateData wcd;
+ ace_certificate_data* cd;
+ int i = 0;
+ while (cert_data[i] != NULL)
+ {
+ cd = cert_data[i++]; //increment
+ switch(cd->type) {
+ case ROOT:
+ wcd.type = AceDB::WidgetCertificateData::Type::ROOT;
+ break;
+ case ENDENTITY:
+ wcd.type = AceDB::WidgetCertificateData::Type::ENDENTITY;
+ break;
+ }
+ switch(cd->owner) {
+ case AUTHOR:
+ wcd.owner = AceDB::WidgetCertificateData::Owner::AUTHOR;
+ break;
+ case DISTRIBUTOR:
+ wcd.owner = AceDB::WidgetCertificateData::Owner::DISTRIBUTOR;
+ break;
+ case UNKNOWN: default:
+ wcd.owner = AceDB::WidgetCertificateData::Owner::UNKNOWN;
+ break;
+ }
+ wcd.chainId = cd->chain_id;
+ if (cd->md5_fp)
+ wcd.strMD5Fingerprint = cd->md5_fp;
+ if (cd->sha1_fp)
+ wcd.strSHA1Fingerprint = cd->sha1_fp;
+ if (cd->common_name)
+ wcd.strCommonName = DPL::FromUTF8String(cd->common_name);
+ dataList.push_back(wcd);
+ }
+ LogDebug("All data set. Inserting into database.");
+ }
+
+ Try {
+ AceDB::AceDAO::registerWidgetInfo((WidgetHandle)(handle), wri, dataList);
+ LogDebug("AceDB entry done");
+ } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_unregister_widget(ace_widget_handle_t handle)
+{
+ Try {
+ AceDB::AceDAO::unregisterWidgetInfo((WidgetHandle)(handle));
+ } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_is_widget_installed(ace_widget_handle_t handle, bool *installed)
+{
+ Try {
+ *installed = AceDB::AceDAO::isWidgetInstalled((WidgetHandle)(handle));
+ } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_get_widget_type(ace_widget_handle_t handle,
+ ace_widget_type_t* type)
+{
+ if (NULL == type) {
+ LogError("Invalid arguments");
+ return ACE_INVALID_ARGUMENTS;
+ }
+ Try {
+ AceDB::AppTypes db_type = AceDB::AceDAO::getWidgetType(handle);
+ *type = to_ace_widget_type(db_type);
+ } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_get_policy_result(const ace_resource_t resource,
+ ace_widget_handle_t handle,
+ ace_policy_result_t* result)
+{
+ if (NULL == result) {
+ LogError("Invalid arguments");
+ return ACE_INVALID_ARGUMENTS;
+ }
+ int serializedPolicyResult = 0;
+ Try {
+ std::string resource_str(resource);
+ communicationClient->call(WrtSecurity::AceServerApi::CHECK_ACCESS_INSTALL_METHOD(),
+ handle,
+ resource_str,
+ &serializedPolicyResult);
+ } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
+ LogError("Can't connect to daemon");
+ return ACE_INTERNAL_ERROR;
+ }
+ PolicyResult policyResult = PolicyResult::
+ deserialize(serializedPolicyResult);
+ OptionalPolicyEffect effect = policyResult.getEffect();
+ if (effect.IsNull()) {
+ *result = ACE_UNDEFINED;
+ } else if (*effect == PolicyEffect::DENY) {
+ *result = ACE_DENY;
+ } else if (*effect == PolicyEffect::PERMIT) {
+ *result = ACE_PERMIT;
+ } else if (*effect == PolicyEffect::PROMPT_ONESHOT ||
+ *effect == PolicyEffect::PROMPT_BLANKET ||
+ *effect == PolicyEffect::PROMPT_SESSION){
+ *result = ACE_PROMPT;
+ } else {
+ *result = ACE_UNDEFINED;
+ }
+
+ return ACE_OK;
+}
--- /dev/null
+ADD_SUBDIRECTORY(src)
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_popup_validation_api.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This is C api for Access Control Engine (ACE), popup
+ * validation library.
+ *
+ */
+
+#ifndef ACE_API_H
+#define ACE_API_H
+
+#include <ace_api_common.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// --------------- Initialization and deinitialization -------------------------
+
+/*
+ * Initializes the library.
+ *
+ * Returns error or ACE_OK.
+ */
+ace_return_t ace_popup_validation_initialize(void);
+
+/*
+ * Deinitializes the library.
+ *
+ * Returns error or ACE_OK.
+ */
+ace_return_t ace_popup_validation_shutdown(void);
+
+// --------------- Popup answer validation API ---------------------------------
+
+/*
+ * Validation of popup answer. This API must be called by implementation of
+ * UI handler. The call must be made from safe process, specially labelled by
+ * SMACK. If returned value is ACE_OK, 'validation_result' holds validation
+ * result that needs to be passed by UI handler as validation result. Otherwise
+ * value of 'validation_result' is undefined.
+ *
+ * See header ace_api_client.h for more details on where this function needs to
+ * be called and what arguments need to be passed here.
+ *
+ * Returns error or ACE_OK.
+ */
+ace_return_t ace_validate_answer(ace_bool_t answer,
+ ace_validity_t validity,
+ const ace_resource_t resource_name,
+ const ace_session_id_t session_id,
+ const ace_param_list_t* param_list,
+ ace_widget_handle_t handle,
+ ace_bool_t* validation_result);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // ACE_API_H
--- /dev/null
+include(FindPkgConfig)
+
+PKG_CHECK_MODULES(ACE_POPUP_VALIDATION_DEPS
+ dpl-efl
+ dpl-dbus-efl
+ REQUIRED
+ )
+
+SET(ACE_POPUP_VALIDATION_DIR
+ ${PROJECT_SOURCE_DIR}/ace_popup_validation
+ )
+
+SET(ACE_POPUP_VALIDATION_SRC_DIR
+ ${ACE_POPUP_VALIDATION_DIR}/src
+ )
+
+SET(ACE_POPUP_VALIDATION_INCLUDE_DIR
+ ${ACE_POPUP_VALIDATION_DIR}/include
+ )
+
+SET(ACE_POPUP_VALIDATION_SOURCES
+ ${COMMUNICATION_CLIENT_SOURCES}
+ ${ACE_POPUP_VALIDATION_SRC_DIR}/ace_api_popup_validation.cpp
+ )
+
+SET(ACE_POPUP_VALIDATION_INCLUDES
+ ${COMMUNICATION_CLIENT_INCLUDES}
+ ${ACE_POPUP_VALIDATION_DEPS_INCLUDE_DIRS}
+ ${ACE_POPUP_VALIDATION_INCLUDE_DIR}
+ ${PROJECT_SOURCE_DIR}/ace_common/include
+ ${PROJECT_SOURCE_DIR}/ace/include
+ ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api
+ ${PROJECT_SOURCE_DIR}/src/services/ace
+ ${PROJECT_SOURCE_DIR}/src/services/popup/
+ ${PROJECT_SOURCE_DIR}/src/daemon/dbus
+ )
+
+ADD_DEFINITIONS(${ACE_POPUP_VALIDATION_DEPS_CFLAGS})
+ADD_DEFINITIONS(${ACE_POPUP_VALIDATION_CFLAGS_OTHER})
+
+INCLUDE_DIRECTORIES(${ACE_POPUP_VALIDATION_INCLUDES})
+
+ADD_LIBRARY(${TARGET_ACE_POPUP_VALIDATION_LIB} SHARED ${ACE_POPUP_VALIDATION_SOURCES})
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_POPUP_VALIDATION_LIB} PROPERTIES
+ SOVERSION ${API_VERSION}
+ VERSION ${VERSION})
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_POPUP_VALIDATION_LIB} PROPERTIES
+ COMPILE_FLAGS -fPIC)
+
+TARGET_LINK_LIBRARIES(${TARGET_ACE_POPUP_VALIDATION_LIB}
+ ${ACE_POPUP_VALIDATION_DEPS_LIBRARIES} ${ACE_POPUP_VALIDATION_DEPS_LDFLAGS}
+ )
+
+INSTALL(TARGETS ${TARGET_ACE_POPUP_VALIDATION_LIB}
+ DESTINATION lib)
+
+INSTALL(FILES
+ ${ACE_POPUP_VALIDATION_INCLUDE_DIR}/ace_api_popup_validation.h
+ DESTINATION include/ace-popup-validation
+ )
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file ace_api_popup_validation.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file contains implementation of ACE popup validation API.
+ */
+
+#include <string>
+#include <vector>
+#include <dpl/log/log.h>
+#include "SecurityCommunicationClient.h"
+#include "popup_response_server_api.h"
+#include "security_daemon_dbus_config.h"
+#include "ace_api_popup_validation.h"
+
+namespace {
+static WrtSecurity::Communication::Client *communicationClient = NULL;
+static const int VALIDITY_ONCE_VALUE = 0;
+static const int VALIDITY_SESSION_VALUE = 1;
+static const int VALIDITY_ALWAYS_VALUE = 1;
+} // anonymous
+
+ace_return_t ace_popup_validation_initialize(void)
+{
+ if (NULL != communicationClient) {
+ LogError("ace_api_popup_validation already initialized");
+ return ACE_INTERNAL_ERROR;
+ }
+ Try {
+ communicationClient = new WrtSecurity::Communication::Client(
+ WrtSecurity::PopupServerApi::INTERFACE_NAME());
+ } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
+ LogError("Can't connect to daemon");
+ return ACE_INTERNAL_ERROR;
+ }
+
+ return ACE_OK;
+}
+
+ace_return_t ace_popup_validation_shutdown(void)
+{
+ if (NULL == communicationClient) {
+ LogError("ace_api_popup_validation not initialized");
+ return ACE_INTERNAL_ERROR;
+ }
+ delete communicationClient;
+ communicationClient = NULL;
+
+ return ACE_OK;
+}
+
+ace_return_t ace_validate_answer(ace_bool_t answer,
+ ace_validity_t validity,
+ const ace_resource_t resource_name,
+ const ace_session_id_t session_id,
+ const ace_param_list_t* param_list,
+ ace_widget_handle_t handle,
+ ace_bool_t* validation_result)
+{
+ if (NULL == resource_name ||
+ NULL == session_id ||
+ NULL == param_list ||
+ NULL == validation_result)
+ {
+ LogError("NULL argument(s) passed");
+ return ACE_INVALID_ARGUMENTS;
+ }
+
+ bool dbusAnswer = answer == ACE_TRUE;
+ int dbusValidity = 0;
+
+ switch (validity) {
+ case ACE_ONCE: {
+ dbusValidity = VALIDITY_ONCE_VALUE;
+ //static_cast<int>(Prompt::Validity::ONCE);
+ break; }
+ case ACE_SESSION: {
+ dbusValidity = VALIDITY_SESSION_VALUE;
+ //static_cast<int>(Prompt::Validity::SESSION);
+ break; }
+ case ACE_ALWAYS: {
+ dbusValidity = VALIDITY_ALWAYS_VALUE;
+ //static_cast<int>(Prompt::Validity::ALWAYS);
+ break; }
+ default: {
+ LogError("Invalid validity passed");
+ return ACE_INVALID_ARGUMENTS; }
+ }
+
+ std::string subjectId;
+ std::string resourceId(resource_name);
+ std::string sessionId(session_id);
+ std::vector<std::string> keys, values;
+ unsigned int i;
+ for (i = 0; i < param_list->count; ++i) {
+ keys.push_back(std::string(param_list->items[i].name));
+ values.push_back(std::string(param_list->items[i].value));
+ }
+
+ bool response = false;
+ Try{
+ communicationClient->call(WrtSecurity::PopupServerApi::VALIDATION_METHOD(),
+ dbusAnswer,
+ dbusValidity,
+ handle,
+ subjectId,
+ resourceId,
+ keys,
+ values,
+ sessionId,
+ &response);
+ } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
+ LogError("Can't call daemon");
+ return ACE_INTERNAL_ERROR;
+ }
+
+ *validation_result = response ? ACE_TRUE : ACE_FALSE;
+
+ return ACE_OK;
+}
--- /dev/null
+ADD_SUBDIRECTORY(src)
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_api_settings.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This is header for ACE settings API (RW part).
+ */
+
+#ifndef ACE_API_SETTINGS_H
+#define ACE_API_SETTINGS_H
+
+#include <ace_api_common.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * API defined in this header should be used only from one thread. If used
+ * otherwise, unexpected behaviour may occur, including segmentation faults and
+ * escalation of global warming. Be warned.
+ */
+
+// --------------- Initialization ----------------------------------------------
+
+/*
+ * Initializes ACE - connects (RW) to the database. Must be called only once.
+ * Returns ACE_OK or error
+ */
+ace_return_t ace_settings_initialize(void);
+
+/*
+ * Deinitializes ACE - deinitialize internal structures, detach DB, etc.
+ * Must be called only once.
+ * Returns ACE_OK or error
+ */
+ace_return_t ace_settings_shutdown(void);
+
+// --------------- Resource settings API ---------------------------------------
+
+/*
+ * Order and values of enum constants are part of API
+ */
+typedef enum
+{
+ ACE_PREFERENCE_PERMIT,
+ ACE_PREFERENCE_DENY,
+ ACE_PREFERENCE_DEFAULT, // means: not set
+ ACE_PREFERENCE_BLANKET_PROMPT,
+ ACE_PREFERENCE_SESSION_PROMPT,
+ ACE_PREFERENCE_ONE_SHOT_PROMPT
+} ace_preference_t;
+
+/*
+ * Returns error or ACE_OK
+ * If return value is ACE_OK, 'prerefence' value is the queried one, otherwise
+ * 'preference' value is undefined
+ */
+ace_return_t ace_get_widget_resource_preference(ace_widget_handle_t handle,
+ const ace_resource_t resource,
+ ace_preference_t* preference);
+
+/*
+ * Returns error or ACE_OK
+ * If return value is ACE_OK, 'prerefence' value is the queried one, otherwise
+ * 'preference' value is undefined
+ */
+ace_return_t ace_get_global_resource_preference(const ace_resource_t resource,
+ ace_preference_t* preference);
+
+/*
+ * To reset setting, pass ACE_PREFERENCE_DEFAULT
+ * Returns error or ACE_OK
+ */
+ace_return_t ace_set_widget_resource_preference(ace_widget_handle_t handle,
+ const ace_resource_t resource,
+ ace_preference_t preference);
+
+/*
+ * To reset setting, pass ACE_PREFERENCE_DEFAULT
+ * Returns error or ACE_OK
+ */
+ace_return_t ace_set_global_resource_preference(const ace_resource_t resource,
+ ace_preference_t preference);
+
+/*
+ * Resets per widget resource settings to ACE_PREFERENCE_DEFAULT
+ */
+ace_return_t ace_reset_widget_resource_settings(void);
+
+/*
+ * Resets global resource settings to ACE_PREFERENCE_DEFAULT
+ */
+ace_return_t ace_reset_global_resource_settings(void);
+
+/*
+ * After execution, is_privacy_api is ACE_TRUE if resource_name is the name
+ * of Privacy API
+ */
+ace_return_t ace_is_private_api(const ace_resource_t resource_name,
+ ace_bool_t* is_private_api);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // ACE_API_SETTINGS_H
--- /dev/null
+include(FindPkgConfig)
+
+PKG_CHECK_MODULES(ACE_SETTINGS_DEPS
+ dpl-efl
+ REQUIRED
+ )
+
+SET(ACE_SETTINGS_DIR
+ ${PROJECT_SOURCE_DIR}/ace_settings
+ )
+
+SET(ACE_SETTINGS_SRC_DIR
+ ${ACE_SETTINGS_DIR}/src
+ )
+
+SET(ACE_SETTINGS_INCLUDE_DIR
+ ${ACE_SETTINGS_DIR}/include
+ )
+
+SET(ACE_SETTINGS_SOURCES
+ ${ACE_SETTINGS_SRC_DIR}/ace_api_settings.cpp
+ )
+
+SET(ACE_SETTINGS_INCLUDES
+ ${ACE_SETTINGS_DEPS_INCLUDE_DIRS}
+ ${ACE_SETTINGS_INCLUDE_DIR}
+ ${PROJECT_SOURCE_DIR}/ace_common/include
+ ${PROJECT_SOURCE_DIR}/ace/include
+ )
+
+ADD_DEFINITIONS(${ACE_SETTINGS_DEPS_CFLAGS})
+ADD_DEFINITIONS(${ACE_SETTINGS_CFLAGS_OTHER})
+
+INCLUDE_DIRECTORIES(${ACE_SETTINGS_INCLUDES})
+
+ADD_LIBRARY(${TARGET_ACE_SETTINGS_LIB} SHARED ${ACE_SETTINGS_SOURCES})
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_SETTINGS_LIB} PROPERTIES
+ SOVERSION ${API_VERSION}
+ VERSION ${VERSION})
+
+SET_TARGET_PROPERTIES(${TARGET_ACE_SETTINGS_LIB} PROPERTIES
+ COMPILE_FLAGS -fPIC)
+
+TARGET_LINK_LIBRARIES(${TARGET_ACE_SETTINGS_LIB}
+ ${ACE_SETTINGS_DEPS_LIBRARIES}
+ ${TARGET_ACE_DAO_RW_LIB}
+ )
+
+INSTALL(TARGETS ${TARGET_ACE_SETTINGS_LIB}
+ DESTINATION lib)
+
+INSTALL(FILES
+ ${ACE_SETTINGS_INCLUDE_DIR}/ace_api_settings.h
+ DESTINATION include/ace-settings
+ )
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file ace_api_settings.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file contains implementation ACE settings API
+ */
+
+#include <string>
+#include <dpl/log/log.h>
+#include <ace-dao-rw/AceDAO.h>
+
+#include "ace_api_settings.h"
+
+// helper functions
+static ace_preference_t to_ace_preference(const AceDB::PreferenceTypes& db_preference)
+{
+ switch (db_preference) {
+ case AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT: {
+ return ACE_PREFERENCE_BLANKET_PROMPT; }
+ case AceDB::PreferenceTypes::PREFERENCE_DEFAULT: {
+ return ACE_PREFERENCE_DEFAULT;}
+ case AceDB::PreferenceTypes::PREFERENCE_DENY: {
+ return ACE_PREFERENCE_DENY;}
+ case AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: {
+ return ACE_PREFERENCE_ONE_SHOT_PROMPT;}
+ case AceDB::PreferenceTypes::PREFERENCE_PERMIT: {
+ return ACE_PREFERENCE_PERMIT;}
+ case AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT: {
+ return ACE_PREFERENCE_SESSION_PROMPT;}
+ default: {
+ return ACE_PREFERENCE_DEFAULT;}
+ }
+}
+
+
+static AceDB::PreferenceTypes to_ace_db_preference(const ace_preference_t& preference)
+{
+ switch (preference) {
+ case ACE_PREFERENCE_BLANKET_PROMPT: {
+ return AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT; }
+ case ACE_PREFERENCE_DEFAULT: {
+ return AceDB::PreferenceTypes::PREFERENCE_DEFAULT;}
+ case ACE_PREFERENCE_DENY: {
+ return AceDB::PreferenceTypes::PREFERENCE_DENY;}
+ case ACE_PREFERENCE_ONE_SHOT_PROMPT: {
+ return AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT;}
+ case ACE_PREFERENCE_PERMIT: {
+ return AceDB::PreferenceTypes::PREFERENCE_PERMIT;}
+ case ACE_PREFERENCE_SESSION_PROMPT: {
+ return AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT;}
+ default: {
+ return AceDB::PreferenceTypes::PREFERENCE_DEFAULT;}
+ }
+}
+
+ace_return_t ace_settings_initialize(void)
+{
+ AceDB::AceDAO::attachToThreadRW();
+ return ACE_OK;
+}
+
+ace_return_t ace_settings_shutdown(void)
+{
+ AceDB::AceDAO::detachFromThread();
+ return ACE_OK;
+}
+
+ace_return_t ace_get_widget_resource_preference(ace_widget_handle_t handle,
+ const ace_resource_t resource,
+ ace_preference_t* preference)
+{
+ if (NULL == resource || NULL == preference) {
+ LogError("NULL argument(s) passed");
+ return ACE_INVALID_ARGUMENTS;
+ }
+ Try {
+ std::string resource_str(resource);
+ AceDB::PreferenceTypes db_preference =
+ AceDB::AceDAO::getWidgetDevCapSetting(resource_str, handle);
+ *preference = to_ace_preference(db_preference);
+ } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_get_global_resource_preference(const ace_resource_t resource,
+ ace_preference_t* preference)
+{
+ if (NULL == resource || NULL == preference) {
+ LogError("NULL argument(s) passed");
+ return ACE_INVALID_ARGUMENTS;
+ }
+ Try {
+ AceDB::PreferenceTypes db_preference =
+ AceDB::AceDAO::getDevCapSetting(resource);
+ *preference = to_ace_preference(db_preference);
+ } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_set_widget_resource_preference(ace_widget_handle_t handle,
+ const ace_resource_t resource,
+ ace_preference_t preference)
+{
+ if (NULL == resource) {
+ LogError("NULL argument passed");
+ return ACE_INVALID_ARGUMENTS;
+ }
+ Try {
+ AceDB::AceDAO::addResource(resource);
+ AceDB::PreferenceTypes db_preference = to_ace_db_preference(preference);
+ AceDB::AceDAO::removeWidgetDevCapSetting(resource, handle);
+ AceDB::AceDAO::setWidgetDevCapSetting(resource, handle, db_preference);
+ } Catch(AceDB::AceDAO::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_set_global_resource_preference(const ace_resource_t resource,
+ ace_preference_t preference)
+{
+ if (NULL == resource) {
+ LogError("NULL argument passed");
+ return ACE_INVALID_ARGUMENTS;
+ }
+ Try {
+ AceDB::AceDAO::addResource(resource);
+ AceDB::PreferenceTypes db_preference = to_ace_db_preference(preference);
+ AceDB::AceDAO::setDevCapSetting(resource, db_preference);
+ } Catch(AceDB::AceDAO::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_reset_widget_resource_settings()
+{
+ Try {
+ AceDB::AceDAO::clearWidgetDevCapSettings();
+ } Catch(AceDB::AceDAO::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_reset_global_resource_settings(void)
+{
+ Try {
+ AceDB::AceDAO::clearDevCapSettings();
+ } Catch(AceDB::AceDAO::Exception::DatabaseError) {
+ return ACE_INTERNAL_ERROR;
+ }
+ return ACE_OK;
+}
+
+ace_return_t ace_is_private_api(const ace_resource_t resource_name, ace_bool_t* is_private_api)
+{
+ static const char * const private_api[] = {
+ "bluetooth.admin",
+ "bluetooth.gap",
+ "bluetooth.spp",
+ "calendar.read",
+ "calendar.write",
+ "callhistory.read",
+ "callhistory.write",
+ "contact.read",
+ "contact.write",
+ "nfc.admin",
+ "nfc.common",
+ "nfc.cardemulation",
+ "nfc.p2p",
+ "nfc.tag",
+ NULL
+ };
+
+ *is_private_api = ACE_TRUE;
+ for (int i=0; private_api[i]; ++i)
+ if (!strcmp(resource_name, private_api[i]))
+ return ACE_OK;
+
+ *is_private_api = ACE_FALSE;
+ return ACE_OK;
+}
+
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Tomasz Swierczek (t.swierczek@samsung.com)
+#
+ADD_SUBDIRECTORY(ace)
+ADD_SUBDIRECTORY(ace_client)
+ADD_SUBDIRECTORY(ace_settings)
+ADD_SUBDIRECTORY(ace_install)
+ADD_SUBDIRECTORY(ace_popup_validation)
+ADD_SUBDIRECTORY(communication_client)
+ADD_SUBDIRECTORY(wrt-security)
+ADD_SUBDIRECTORY(wrt_ocsp)
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @author Tomasz Swierczek (t.swierczek@samsung.com)
+# @brief
+#
+
+CONFIGURE_FILE(security-dao-ro.pc.in security-dao-ro.pc @ONLY)
+CONFIGURE_FILE(security-dao-rw.pc.in security-dao-rw.pc @ONLY)
+CONFIGURE_FILE(security.pc.in security.pc @ONLY)
+INSTALL(FILES
+ ${CMAKE_BINARY_DIR}/build/ace/security-dao-ro.pc
+ ${CMAKE_BINARY_DIR}/build/ace/security-dao-rw.pc
+ ${CMAKE_BINARY_DIR}/build/ace/security.pc
+ DESTINATION
+ lib/pkgconfig
+ )
+
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/lib
+includedir=${prefix}/include
+
+Name: ace-dao-ro
+Description: ace-dao-ro
+Version: @VERSION@
+Requires: dpl-efl openssl
+Libs: -lace-dao-ro -L${libdir}
+Cflags: -I${includedir}
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/lib
+includedir=${prefix}/include
+
+Name: aco-dao-rw
+Description: ace-dao-rw
+Version: @VERSION@
+Requires: security-dao-ro
+Libs: -lace-dao-rw -L${libdir}
+Cflags: -I${includedir}
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/lib
+includedir=${prefix}/include
+
+Name: ace
+Description: ace
+Version: @VERSION@
+Requires: dpl-efl openssl
+Libs: -lace -L${libdir}
+Cflags: -I${includedir}
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Tomasz Swierczek (t.swierczek@samsung.com)
+# @brief
+#
+
+CONFIGURE_FILE(security-client.pc.in security-client.pc @ONLY)
+INSTALL(FILES
+ ${CMAKE_BINARY_DIR}/build/ace_client/security-client.pc
+ DESTINATION
+ lib/pkgconfig
+ )
+
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/lib
+includedir=${prefix}/include
+
+Name: ace-client
+Description: ACE thin client library
+Version: @VERSION@
+Requires: dpl-wrt-dao-ro dpl-efl dpl-event-efl dpl-dbus-efl security-dao-ro
+Libs: -lace-client -L${libdir}
+Cflags: -I${includedir}/ace-client -I${includedir}/ace-common
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Tomasz Swierczek (t.swierczek@samsung.com)
+# @brief
+#
+
+CONFIGURE_FILE(security-install.pc.in security-install.pc @ONLY)
+INSTALL(FILES
+ ${CMAKE_BINARY_DIR}/build/ace_install/security-install.pc
+ DESTINATION
+ lib/pkgconfig
+ )
+
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/lib
+includedir=${prefix}/include
+
+Name: ace-install
+Description: ACE insall library to be used by installer
+Version: @VERSION@
+Requires: dpl-efl dpl-dbus-efl security-dao-rw
+Libs: -lace-install -L${libdir}
+Cflags: -I${includedir}/ace-install -I${includedir}/ace-common
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Tomasz Swierczek (t.swierczek@samsung.com)
+# @brief
+#
+
+CONFIGURE_FILE(security-popup-validation.pc.in security-popup-validation.pc @ONLY)
+INSTALL(FILES
+ ${CMAKE_BINARY_DIR}/build/ace_popup_validation/security-popup-validation.pc
+ DESTINATION
+ lib/pkgconfig
+ )
+
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/lib
+includedir=${prefix}/include
+
+Name: ace-popup-validation
+Description: ACE popup validation library
+Version: @VERSION@
+Requires: dpl-efl dpl-dbus-efl
+Libs: -lace-popup-validation -L${libdir}
+Cflags: -I${includedir}/ace-popup-validation -I${includedir}/ace-common
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Tomasz Swierczek (t.swierczek@samsung.com)
+# @brief
+#
+
+CONFIGURE_FILE(security-settings.pc.in security-settings.pc @ONLY)
+INSTALL(FILES
+ ${CMAKE_BINARY_DIR}/build/ace_settings/security-settings.pc
+ DESTINATION
+ lib/pkgconfig
+ )
+
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/lib
+includedir=${prefix}/include
+
+Name: ace-settings
+Description: ACE settings library
+Version: @VERSION@
+Requires:
+Libs: -lace-settings -lace-dao-rw -L${libdir}
+Cflags: -I${includedir}/ace-settings -I${includedir}/ace-common
--- /dev/null
+# Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Zofia Abramowska (z.abramowska@samsung.com)
+# @brief
+#
+
+CONFIGURE_FILE(security-communication-client.pc.in security-communication-client.pc @ONLY)
+INSTALL(FILES
+ ${CMAKE_BINARY_DIR}/build/communication_client/security-communication-client.pc
+ DESTINATION
+ lib/pkgconfig
+ )
+
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/lib
+includedir=${prefix}/include
+
+Name: communication-client
+Description: Security communication client library
+Version: @VERSION@
+Requires: dpl-efl dpl-dbus-efl
+Libs: -lcommunication-client -L${libdir}
+Cflags: -I${includedir}/communication-client
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Tomasz Swierczek (t.swierczek@samsung.com)
+#
+CONFIGURE_FILE(security-core.pc.in security-core.pc @ONLY)
+INSTALL(FILES ${CMAKE_BINARY_DIR}/build/wrt-security/security-core.pc DESTINATION lib/pkgconfig)
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/lib
+includedir=${prefix}/include/wrt-security
+
+Name: wrt-security
+Description: wrt-security
+Version: @VERSION@
+Requires: dpl-efl dpl-wrt-dao-rw dpl-dbus-efl
+Libs: -L${libdir} -ldpl-dbus-efl
+Cflags: -I${includedir}
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Zofia Abramowska (z.abramowska@samsung.com)
+# @brief
+#
+
+CONFIGURE_FILE(security-wrt-ocsp.pc.in security-wrt-ocsp.pc @ONLY)
+INSTALL(FILES
+ ${CMAKE_BINARY_DIR}/build/wrt_ocsp/security-wrt-ocsp.pc
+ DESTINATION
+ lib/pkgconfig
+ )
+
--- /dev/null
+prefix=@CMAKE_INSTALL_PREFIX@
+exec_prefix=${prefix}
+libdir=${prefix}/lib
+includedir=${prefix}/include
+
+Name: wrt-ocsp
+Description: WRT OCSP library to be used by wrt-client
+Version: @VERSION@
+Requires: dpl-efl dpl-dbus-efl
+Libs: -lwrt-ocsp -L${libdir}
+Cflags: -I${includedir}/wrt-ocsp
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SecurityCommunicationClient.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief This is header of class used by IPC client with implemented templates
+ *
+ */
+
+/*
+ * This class hides implementation of specific communication types
+ * and enables switching between them by #defined macros.
+ *
+ * supported types : DBUS_CONNECTION
+ *
+ * IMPORTANT : Exactly ONE type MUST be defined.
+ *
+ */
+
+#ifndef SECURITYCOMMUNICATIONCLIENT_H_
+#define SECURITYCOMMUNICATIONCLIENT_H_
+
+#include <dpl/dbus/dbus_client.h>
+#include <dpl/log/log.h>
+#include <dpl/scoped_ptr.h>
+#include "SecuritySocketClient.h"
+#include <string>
+#include <memory>
+
+
+namespace WrtSecurity {
+namespace Communication {
+class Client
+{
+public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, SecurityCommunicationClientException)
+ };
+
+ explicit Client(const std::string &intefaceName);
+
+
+
+ template<typename ... Args>
+ void call(const char* methodName, const Args& ... args)
+ {
+
+ connect();
+ Try{
+ #ifdef DBUS_CONNECTION
+ m_dbusClient->call(methodName, args...);
+ } Catch (DPL::DBus::Client::Exception::DBusClientException){
+ #endif //DBUS_CONNECTION
+ #ifdef SOCKET_CONNECTION
+ m_socketClient->call(methodName, args...);
+ } Catch (SecuritySocketClient::Exception::SecuritySocketClientException){
+ #endif //SOCKET_CONNECTION
+ LogError("Error getting response");
+ disconnect();
+ ReThrowMsg(Exception::SecurityCommunicationClientException,
+ "Error getting response");
+ }
+ LogInfo("Call served");
+ disconnect();
+ }
+
+ template<typename ...Args>
+ void call(std::string methodName, const Args&... args)
+ {
+ call(methodName.c_str(), args...);
+ }
+
+
+private:
+
+ void connect();
+ void disconnect();
+
+ std::string m_interfaceName;
+ #ifdef DBUS_CONNECTION
+ std::unique_ptr<DPL::DBus::Client> m_dbusClient;
+ #endif
+
+ #ifdef SOCKET_CONNECTION
+ std::unique_ptr<SecuritySocketClient> m_socketClient;
+ #endif
+};
+} // namespace Communication
+} // namespace WrtSecurity
+
+#endif /* SECURITYCOMMUNICATIONCLIENT_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SecurityCommunicationClient.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief This is implementation of class used IPC client
+ */
+
+
+#include "SecurityCommunicationClient.h"
+
+#ifdef DBUS_CONNECTION
+#include "security_daemon_dbus_config.h"
+#endif
+
+namespace WrtSecurity{
+namespace Communication{
+
+ Client::Client(const std::string& interfaceName){
+ #if DBUS_CONNECTION
+ LogInfo("DBus create");
+ Try {
+ m_dbusClient.reset(new DPL::DBus::Client(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
+ WrtSecurity::SecurityDaemonConfig::SERVICE_NAME(),
+ interfaceName));
+ } Catch (DPL::DBus::Client::Exception::DBusClientException) {
+ LogError("Error getting connection");
+ ReThrowMsg(Exception::SecurityCommunicationClientException,
+ "Error getting connection");
+ }
+ if(NULL == m_dbusClient.get()){
+ LogError("Couldn't get client");
+ ThrowMsg(Exception::SecurityCommunicationClientException,
+ "Error getting client");
+ }
+ #endif //DBUS_CONNECTION
+
+ #ifdef SOCKET_CONNECTION
+ m_socketClient.reset(new SecuritySocketClient(interfaceName));
+ if(NULL == m_socketClient.get()){
+ LogError("Couldn't get client");
+ ThrowMsg(Exception::SecurityCommunicationClientException,
+ "Error getting client");
+ }
+ #endif //SOCKET_CONNECTION
+ LogInfo("Created communication client");
+ }
+
+ void Client::connect(){
+ #ifdef SOCKET_CONNECTION
+ Try {
+ m_socketClient->connect();
+ } Catch(SecuritySocketClient::Exception::SecuritySocketClientException){
+ LogError("Couldn't connect");
+ ReThrowMsg(Exception::SecurityCommunicationClientException,
+ "Error connecting");
+ }
+
+ #endif //SOCKET_CONNECTION
+ LogInfo("Connected");
+ }
+
+ void Client::disconnect(){
+
+ #ifdef SOCKET_CONNECTION
+ m_socketClient->disconnect();
+ #endif //SOCKET_CONNECTION
+ LogInfo("Disconnected");
+ }
+
+
+} // namespace Communication
+
+} // namespace WrtSecurity
+
--- /dev/null
+
+SET(ETC_DIR ${PROJECT_SOURCE_DIR}/etc)
+
+ INSTALL(FILES
+ ${ETC_DIR}/wrt_security_create_clean_db.sh
+ ${ETC_DIR}/wrt_security_change_policy.sh
+ DESTINATION /usr/bin
+ )
+
+INSTALL(FILES
+ ${ETC_DIR}/schema.xsd
+ DESTINATION share/wrt-engine
+ )
+
+INSTALL(FILES
+ ${ETC_DIR}/fingerprint_list.xsd
+ DESTINATION share/wrt-engine/
+ )
+
+INSTALL(FILES
+ ${ETC_DIR}/fingerprint_list.xml
+ DESTINATION share/wrt-engine/
+ )
+
+INSTALL(FILES
+ ${ETC_DIR}/wrt-security-daemon.sh
+ DESTINATION /etc/rc.d/init.d/
+ )
+
+ADD_SUBDIRECTORY(certificates)
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+# @author Yunchan Cho (yunchan.cho@samsung.com)
+# @version 1.0
+# @brief
+#
+
+SET(CERT_DIR ${PROJECT_SOURCE_DIR}/etc/certificates)
+
+INSTALL(FILES
+ ${CERT_DIR}/wac.root.preproduction.pem
+ ${CERT_DIR}/wac.root.production.pem
+ ${CERT_DIR}/wac.publisherid.pem
+ DESTINATION /opt/share/cert-svc/certs/code-signing/wac/
+ )
+
+ INSTALL(FILES
+ ${CERT_DIR}/tizen.root.preproduction.cert.pem
+ ${CERT_DIR}/tizen-developer-root-ca.pem
+ ${CERT_DIR}/tizen-distributor-root-ca-partner.pem
+ ${CERT_DIR}/tizen-distributor-root-ca-public.pem
+ ${CERT_DIR}/tizen-distributor-root-ca-partner-manufacturer.pem
+ ${CERT_DIR}/tizen-distributor-root-ca-partner-operator.pem
+ DESTINATION /opt/share/cert-svc/certs/code-signing/tizen/
+ )
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICVTCCAb6gAwIBAgIETdzAMDANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJHQjERMA8GA1UE
+CBMITm9ybWFuZHkxDTALBgNVBAcTBENBRU4xDzANBgNVBAoTBk9yYW5nZTETMBEGA1UECxMKT3Jh
+bmdlTGFiczEYMBYGA1UEAxMPT3JhbmdlTGFicyBDQUVOMB4XDTExMDUyNTA4MzkxMloXDTM2MDUx
+ODA4MzkxMlowbzELMAkGA1UEBhMCR0IxETAPBgNVBAgTCE5vcm1hbmR5MQ0wCwYDVQQHEwRDQUVO
+MQ8wDQYDVQQKEwZPcmFuZ2UxEzARBgNVBAsTCk9yYW5nZUxhYnMxGDAWBgNVBAMTD09yYW5nZUxh
+YnMgQ0FFTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAj9130ZtpXp/679/2pmFldFgjz5tN
+CjLT6CEWC9yketyKgyV1c0DBMcy4PNLdOb0VxhfcNXNYoBylCp6mPj3mWRM5VSet03XA8k6/L0T4
+dYicYGaIojowhzBBfaIXnBDvMQD5kanC5CDd6HtFzQbBkN73NIdGrR/aFqNtC/wopFECAwEAATAN
+BgkqhkiG9w0BAQUFAAOBgQCIjZYXTdsMCpIYENX6UyD/EM+SZBkVvoB2R8ghRZbKHOcr58ZyGvdH
+i/Y0hp5zNN7bUQurEMWtIxF+s3oaYH0x9xwXCd5UEV9Y+dmD1/qlK7lfSlC7mwynHs3bhMEGOJF2
+TlDzZyVYBIT3LQjfq6G18bGHkwU3uTsxZMSgtz5LgQ==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICnzCCAggCCQCn+GGT4zh+BjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC
+S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
+ZW4gVGVzdCBDQTElMCMGA1UECwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBD
+QTElMCMGA1UEAwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBDQTAeFw0xMjEw
+MjYwOTUwMTNaFw0yMjEwMjQwOTUwMTNaMIGTMQswCQYDVQQGEwJLUjEOMAwGA1UE
+CAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB
+MSUwIwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQD
+DBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDWT6ZH5JyGadTUK1QmNwU8j+py4WtuElJE+4/wPFP8/KBmvvmI
+rGVjhUbKXToKIo8N6C/0SLxGEWuRAIoZHhg5JVbw1Ay7smgJJHizDUAqMTmV6LI9
+yTFbBV+OlO2Dir4LVdQ/XDBiqqslr7pqXgsg1V2g7x+tOI/f3dn2kWoVZQIDAQAB
+MA0GCSqGSIb3DQEBBQUAA4GBADGJYMtzUBDK+KKLZQ6zYmrKb+OWLlmEr/t/c2af
+KjTKUtommcz8VeTPqrDBOwxlVPdxlbhisCYzzvwnWeZk1aeptxxU3kdW9N3/wocN
+5nBzgqkkHJnj/ptqjrH2v/m0Z3hBuI4/akHIIfCBF8mUHwqcxYsRdcCIrkgp2Aiv
+bSaM
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIC1DCCAj2gAwIBAgIJAJZH47dCtgPdMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD
+VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK
+DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0
+IENBMTcwNQYDVQQDDC5UaXplbiBQYXJ0bmVyLU1hbnVmYWN0dXJlciBEaXN0cmli
+dXRvciBSb290IENBMB4XDTEyMTIxMzA1NDQxN1oXDTIyMTIxMTA1NDQxN1owgaIx
+CzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAU
+BgNVBAoMDVRpemVuIFRlc3QgQ0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9y
+IFRlc3QgQ0ExNzA1BgNVBAMMLlRpemVuIFBhcnRuZXItTWFudWZhY3R1cmVyIERp
+c3RyaWJ1dG9yIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJG
+0gq3XrDn7W7cIH58w7hSDMVENnXLmXm4Jl5teXXrgL/BgpORracGMgm0Fmxxq/Nq
+8OEI2RfmtrlN5nWGiphs3XqLHtO+BAPY1BbZS6YVZjrVXrGWdzk12zQxd6sXJMiV
+B08ECQiQ0qgKFbTDSEbH/p4eyKCMG9lnrBLPHTpJAgMBAAGjEDAOMAwGA1UdEwQF
+MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJTJYCr9GhZ1xXwvxsWLGd9XV9wixo1zk
+FV2+eJZbCc4xJyOSb0cZds8fYUuzw32oyElLvPhYfAHVTHu/WlkwSshZlKdI2hCT
+Iy03/Up+JNfuom8JLgF7qc3YtbuJHzoVu1jJ/akXU6y52D/J5CkYy2JSsV0KZuh2
+ZeRWlV2f1Uo=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICzDCCAjWgAwIBAgIJAJrv22F9wyp/MA0GCSqGSIb3DQEBBQUAMIGeMQswCQYD
+VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK
+DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0
+IENBMTMwMQYDVQQDDCpUaXplbiBQYXJ0bmVyLU9wZXJhdG9yIERpc3RyaWJ1dG9y
+IFJvb3QgQ0EwHhcNMTIxMjEzMDUzOTMyWhcNMjIxMjExMDUzOTMyWjCBnjELMAkG
+A1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UE
+CgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVz
+dCBDQTEzMDEGA1UEAwwqVGl6ZW4gUGFydG5lci1PcGVyYXRvciBEaXN0cmlidXRv
+ciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9X0Hw0EfAuagg
+De9h6Jtvh8Df4fyVbvLm9VNea/iVP3/qTbG8tNqoQ32lu0SwzAZBnjpvpbxzsWs9
+pSYo7Ys1fymHlu+gf+kmTGTVscBrAHWkr4O0m33x2FYfy/wmu+IImnRDYDud83rN
+tjQmMO6BihN9Lb6kLiEtVIa8ITwdQwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
+CSqGSIb3DQEBBQUAA4GBAHS2M2UnfEsZf80/sT84xTcfASXgpFL/1M5HiAVpR+1O
+UwLpLyqHiGQaASuADDeGEfcIqEf8gP1SzvnAZqLx9GchbOrOKRleooVFH7PRxFBS
+VWJ5Fq46dJ1mCgTWSkrL6dN5j9hWCzzGfv0Wco+NAf61n9kVbCv7AScIJwQNltOy
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC
+S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
+ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq
+MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy
+MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD
+VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg
+Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM
+IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp
+ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS
+rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C
+AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n
+DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6
+xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL
+gS9G4WEAUg==
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICozCCAgwCCQD9XW6kNg4bbjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC
+S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6
+ZW4gVGVzdCBDQTEjMCEGA1UECwwaVFRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0Ex
+KTAnBgNVBAMMIFRpemVuIFB1YmxpYyBEaXN0cmlidXRvciBSb290IENBMB4XDTEy
+MTAyNjA4MDAyN1oXDTIyMTAyNDA4MDAyN1owgZUxCzAJBgNVBAYTAktSMQ4wDAYD
+VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg
+Q0ExIzAhBgNVBAsMGlRUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQD
+DCBUaXplbiBQdWJsaWMgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B
+AQEFAAOBjQAwgYkCgYEA8o0kPY1U9El1BbBUF1k4jCq6mH8a6MmDJdjgsz+hILAY
+sPWimRTXUcW8GAUWhZWgm1Fbb49xWcasA8b4bIJabC/6hLb8uWiozzpRXyQJbe7k
+//RocskRqDmFOky8ANFsCCww72/Xbq8BFK1sxlGdmOWQiGwDWBDlS2Lw1XOMqb0C
+AwEAATANBgkqhkiG9w0BAQUFAAOBgQBUotZqTNFr+SNyqeZqhOToRsg3ojN1VJUa
+07qdlVo5I1UObSE+UTJPJ0NtSj7OyTY7fF3E4xzUv/w8aUoabQP1erEmztY/AVD+
+phHaPytkZ/Dx+zDZ1u5e9bKm5zfY4dQs/A53zDQta5a/NkZOEF97Dj3+bzAh2bP7
+KOszlocFYw==
+-----END CERTIFICATE-----
--- /dev/null
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ b3:cb:d1:5b:de:6e:66:95
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com
+ Validity
+ Not Before: Dec 8 10:27:32 2011 GMT
+ Not After : Nov 30 10:27:32 2021 GMT
+ Subject: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:cb:46:b8:94:81:b1:83:d7:29:05:2a:33:01:9e:
+ 66:15:f8:be:bb:95:17:dd:7a:c4:c2:f5:d9:e4:aa:
+ fd:c8:8d:a9:48:65:fc:3d:dc:47:d7:2a:2f:5e:c7:
+ 1f:22:ed:e0:98:e6:43:6d:74:82:ca:7d:22:9c:60:
+ 44:18:cd:ca:d6:6b:16:ca:ed:63:c9:7a:f1:00:df:
+ e4:6b:33:47:2f:78:75:61:d7:c9:29:3e:a9:ee:76:
+ dd:2e:fe:9d:e7:3c:0d:02:f4:e9:2d:46:74:49:52:
+ ef:a0:d6:9d:4d:08:65:ea:6b:35:72:a5:08:d8:46:
+ 46:03:99:7c:66:8c:60:c4:91
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ 47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03
+ X509v3 Authority Key Identifier:
+ keyid:47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03
+
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Signature Algorithm: sha1WithRSAEncryption
+ c2:c4:62:f2:ec:6f:2b:05:9c:09:cc:ae:e9:77:a9:1d:66:6b:
+ 03:7b:01:3a:e6:29:bb:2a:b8:15:d8:a1:7d:9b:05:b4:8c:cb:
+ ae:c7:eb:68:c0:e3:29:c7:e7:5a:ca:1a:0c:3a:ab:91:80:4f:
+ 9b:36:d4:45:b4:7b:2c:ef:f3:fd:cb:84:84:85:42:3d:ec:18:
+ 3f:5f:9e:b1:1f:8d:0a:57:89:51:e4:eb:7e:da:e9:79:82:61:
+ 38:ad:ca:94:43:71:00:73:13:b9:e9:ef:bc:68:c5:ff:5e:0a:
+ f6:b9:2a:3d:1d:21:77:22:d0:4e:e7:ad:da:31:0b:51:fa:44:
+ cd:fa
+-----BEGIN CERTIFICATE-----
+MIIC9jCCAl+gAwIBAgIJALPL0VvebmaVMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYD
+VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xHDAaBgNVBAoME1NhbXN1bmcgRWxlY3Ry
+b25pY3MxDDAKBgNVBAsMA1NMUDEgMB4GA1UEAwwXU0xQIFdlYkFwcCBUZW1wb3Jh
+cnkgQ0ExJjAkBgkqhkiG9w0BCQEWF3l1bmNoYW4uY2hvQHNhbXN1bmcuY29tMB4X
+DTExMTIwODEwMjczMloXDTIxMTEzMDEwMjczMlowgZMxCzAJBgNVBAYTAktSMQ4w
+DAYDVQQIDAVTdXdvbjEcMBoGA1UECgwTU2Ftc3VuZyBFbGVjdHJvbmljczEMMAoG
+A1UECwwDU0xQMSAwHgYDVQQDDBdTTFAgV2ViQXBwIFRlbXBvcmFyeSBDQTEmMCQG
+CSqGSIb3DQEJARYXeXVuY2hhbi5jaG9Ac2Ftc3VuZy5jb20wgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAMtGuJSBsYPXKQUqMwGeZhX4vruVF916xML12eSq/ciN
+qUhl/D3cR9cqL17HHyLt4JjmQ210gsp9IpxgRBjNytZrFsrtY8l68QDf5GszRy94
+dWHXySk+qe523S7+nec8DQL06S1GdElS76DWnU0IZeprNXKlCNhGRgOZfGaMYMSR
+AgMBAAGjUDBOMB0GA1UdDgQWBBRHqI/NHyK6aYUTVSEtwhktX//cAzAfBgNVHSME
+GDAWgBRHqI/NHyK6aYUTVSEtwhktX//cAzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3
+DQEBBQUAA4GBAMLEYvLsbysFnAnMrul3qR1mawN7ATrmKbsquBXYoX2bBbSMy67H
+62jA4ynH51rKGgw6q5GAT5s21EW0eyzv8/3LhISFQj3sGD9fnrEfjQpXiVHk637a
+6XmCYTitypRDcQBzE7np77xoxf9eCva5Kj0dIXci0E7nrdoxC1H6RM36
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIID9DCCAtygAwIBAgIOZscBAQACO65mNg72468wDQYJKoZIhvcNAQEFBQAwgZQx
+CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYD
+VQQLEyhQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQw
+MgYDVQQDEytQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENB
+IElJMB4XDTA2MDYwODE0MTYwMVoXDTI1MTIzMTIyNTk1OVowgZQxCzAJBgNVBAYT
+AkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYDVQQLEyhQcmUt
+UHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQwMgYDVQQDEytQ
+cmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBIElJMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ewnr8E24AqXnf1Lu7w/g79Hht+W
+lvWQg7cPC7685oj0htT0SmDy94uQaC3qRzBJktLKCyuniABykhdTr04rGWgzqD8n
+EzcFCt5k0gF39l3ND/JL+S2YJK/f/xc884hjcLsHUU7cAd6mDlVkOszFK86DNbu0
+noz0y1y462RIOvPCjkYl/GJ5zL62bdDbgFqrWMPZ54JFG0Rj1v575ygfOd2LwOXe
+xjzqfYI4JOx9frKWakPTehW+0UY5UdF0cMvHuLJie9H0vOobR4vtkenbS283b6j7
+0WCoU/BeAr4qskvMs9WwkwDquO4XnzYQDsEVgjBu4H2W0ihNUYJbRo8wtQIDAQAB
+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU
+DTX6+fYyziPR1HZxViaGOj66QOYwDQYJKoZIhvcNAQEFBQADggEBALZ0pfjOfePn
+D/6QDCt+cjQ5+U4eKcOlJMXrpEAlnC6oAnN1hqbOQaj44aIAbNap36E/Hl9s0Uga
+c4nz73o5uPvdDmbWzNnMz6ey5NU0XXNzHxQWFdb0+Z7Cho5txoZjjynYXmyQc3RJ
+rrPI+6Uej6sEv15ZGirjABza6pNJ+2NLojLyUb+8et3OCLS+wJ4qrX/5uwgL50Lt
+0M2iPdZv+gjZwNmNWYIflYrSXa3ujclH+EAkkk/G1JxPzhVI3cII3y2DUZQAPCcX
+XQDXIX2zJo7bYaUYJhlEeiGX17cdXMXDT1tbXKKg2mRIga1K4lknn9U/vzkjMJXL
+GA38dUZRZ2Y=
+-----END CERTIFICATE-----
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDijCCAnKgAwIBAgIOMwoBAQAuBBKsIqIni7QwDQYJKoZIhvcNAQELBQAwYDEL
+MAkGA1UEBhMCR0IxJTAjBgNVBAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBM
+dGQxKjAoBgNVBAMMIVdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQgVEVTVDAe
+Fw0xMTAzMDMxNTA3MTlaFw0zNjAzMDMxNTA3MTlaMGAxCzAJBgNVBAYTAkdCMSUw
+IwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMSowKAYDVQQDDCFX
+QUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkIFRFU1QwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC1PB3UrpAQgLSVqHRPhHqdDJsjKQe/CT9oS4lA+mI/
+vkhAvam/EvcNrNHcLVvSph+Mj0d2Y2J9wkcNW7fS3qZJXtpMNU36r7XdBk9kiYhc
+PwJbckCo9Pp8YFxkuR6xV6Cc4o54mO2mumxDQ1hbwCsc5CT7yQz0FVVhCE01X6JJ
+D61DvqmAzCUpehmEXthNV/s/o8fL+I2mD75p8vNDyIZHSJX59czO3PriT3tH2h+0
+tQx7NEWG70fQEU2CzcH9UngPYU7xXqNOhT9GmI/yL3HTeYGNH3i5VHrBjxeTF11t
+IWSUDWQX1W0Y7TbN06XcGcuqPgjZ9xMcV7S4OiCBJz5nAgMBAAGjQjBAMA8GA1Ud
+EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQp5dzy2tJEArpT
+qcQWNXG6J7y5WTANBgkqhkiG9w0BAQsFAAOCAQEAoXuyi8AjMx2yKVpss7xpVi5v
+aUjcHU3AlptjNCFrXI6Bw+KJGNo8ydYlEASRd5dL/pJ6/V+UuUt9EngjUSdYOZGB
+OgCeB2sJI8EZSay2LLhOCmkAxltC94Y/KRzkKqsYvNc6yvF85d+d4gbokf4APjmR
+1TSlZLZsVhwfR0k0mer2rHQGE5Ljezdk7ZGeEMLdn6WFScwjo980EI0OqEoJU3on
++1TTBYudZ4o3qMgHiFwJafUJ6i3zuYbi9x86zMqeI4dJTbsTKLM0QV8vIdzI9fkV
+t1tO/uBBAsNFUv8PAYwP4AFyGvyJbR4uxwxuQZKrltgjSTkPGYR14JtrGk7Y9g==
+-----END CERTIFICATE-----
+
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIPAKTxAAEALtiV8/+rhB6+MA0GCSqGSIb3DQEBCwUAMFsx
+CzAJBgNVBAYTAkdCMSUwIwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMg
+THRkMSUwIwYDVQQDDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMB4XDTEx
+MDMxNDE0MDEwNFoXDTM2MDMxNDE0MDEwNFowWzELMAkGA1UEBhMCR0IxJTAjBgNV
+BAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQxJTAjBgNVBAMMHFdBQyBB
+cHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDCf6RHUPVBUY4YXYMdrmt5yO95eRCOG6vJtI9w0UM2w/2fihD5SMYa
+3cCVam4j6F8FSspMIx+4CTCwdDSUixBGENwGEhD4qxqqV3KTObmxmYbELa97S1IP
+qwoFelzUX6e+qHmYHi+eu/hONeiZaPBLtUtCd6ppCd5ACrD/kf/Ug/tfUtngozjG
+sJ1UB10Ezi3fKs3OkkZMuecJvjWmDpRAyvIeeV8xfzeyn+DMpvhnI9RrSY0j4huE
+ud6Lzzg0jV8+m54v0j7hv9klyNcGiZ+bmHr0LIyAtT+uktcms/4p3V9j01SI9Tmw
+HcHKDXnM6kuThWpr6DR9KFSZ8zD2Nx5nAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB
+Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBT5bKdU2+CGE17R+o/rMCZHHMn+
+WzANBgkqhkiG9w0BAQsFAAOCAQEAXmO+J5suIGuzbfYBoTdr8gahFfWEbhm1y6mJ
+eZAc+Mf5L+In20p+Oj5uy6LsTmJsE9VE/+gi1eALKl9EhgYhET2ZlAzRFCN5dTWv
+NTAFxJfGMkn2U5iW+luJ+lejyYBqEEFRpzwhXZbVDZQLim4CU75H75KzFkUgTulG
+5M6U/Plt6S1rKgMkeYiR27W4C2NZMFXYqctt0m+eKEa3ueZE9pYUxqVcvQKSI017
+Nbc1kSkcuSKFV2Bk2T5dh5jQvywykdWLubAe6XiiC5CIT31kcSX6AlVhgNxWRRKP
+QFO7lWqxnQMR2Or38ve7oSg1oL5Sx80fcbp3ovaYSKt5jnVWfg==
+-----END CERTIFICATE-----
+
--- /dev/null
+<CertificateSet>
+ <CertificateDomain name="wacpublisher"> <!-- this domain is used to verify author-signatures -->
+ <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
+ <FingerprintSHA1>A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2</FingerprintSHA1><!-- wac.publisher.pem -->
+ <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
+ <FingerprintSHA1>2B:A0:20:7D:40:90:1D:00:04:89:60:00:3B:DE:34:89:21:BE:D4:4F</FingerprintSHA1><!-- tizen-developer-root-ca.pem -->
+ </CertificateDomain>
+ <CertificateDomain name="wacroot">
+ <FingerprintSHA1>AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE</FingerprintSHA1><!-- root.cert.pem w3c signature tests -->
+ <FingerprintSHA1>C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12</FingerprintSHA1><!-- root_cacert.pem certificate for internal tests -->
+ <FingerprintSHA1>A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1</FingerprintSHA1><!-- wac.root.production.pem -->
+ <FingerprintSHA1>8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A</FingerprintSHA1><!-- wac.root.preproduction.pem -->
+ <FingerprintSHA1>84:A8:85:67:1C:D9:A9:C9:8C:7C:C3:BC:7F:EB:A6:7D:44:94:D9:8F</FingerprintSHA1><!-- tizen-distributor-root-ca-public.pem -->
+ </CertificateDomain>
+ <CertificateDomain name="developer">
+ <FingerprintSHA1>4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38</FingerprintSHA1><!-- operator.root.cert.pem internal tests-->
+ </CertificateDomain>
+ <CertificateDomain name="wacmember">
+ </CertificateDomain>
+ <CertificateDomain name="tizenmember"> <!-- used to verify tizen widgets -->
+ <FingerprintSHA1>67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85</FingerprintSHA1><!-- tizen-distributor-root-ca-partner.pem -->
+ <FingerprintSHA1>04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE</FingerprintSHA1><!-- tizen-distributor-root-ca-public.pem -->
+ <FingerprintSHA1>2A:74:E8:CF:9E:0F:C3:D9:80:48:8B:E7:86:F7:83:49:91:11:E1:E0</FingerprintSHA1><!-- tizen-distributor-root-ca-patner-manufacturer.pem -->
+ <FingerprintSHA1>B0:5F:40:43:71:1F:11:BC:9A:6A:62:FA:DA:92:54:79:92:16:11:DF</FingerprintSHA1><!-- tizen-distributor-root-ca-patner-operator.pem -->
+ <FingerprintSHA1>AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E</FingerprintSHA1><!-- tizen.root.preproduction.cert.pem for internal test of SDK -->
+ <FingerprintSHA1>FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD</FingerprintSHA1><!-- orange.production.pem - hash from it is encoded on sim cards -->
+ </CertificateDomain>
+ <CertificateDomain name="orangelegacy">
+ <FingerprintSHA1>FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD</FingerprintSHA1><!-- orange.production.pem - This certificate requires special treatment during verification process -->
+ </CertificateDomain>
+ <CertificateDomain name="tizen-public">
+ <FingerprintSHA1>04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE</FingerprintSHA1><!-- tizen-distributor-root-ca-public.pem -->
+ </CertificateDomain>
+ <CertificateDomain name="tizen-partner">
+ <FingerprintSHA1>67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85</FingerprintSHA1><!-- tizen-distributor-root-ca-partner.pem -->
+ </CertificateDomain>
+ <CertificateDomain name="tizen-partner-operator">
+ <FingerprintSHA1>B0:5F:40:43:71:1F:11:BC:9A:6A:62:FA:DA:92:54:79:92:16:11:DF</FingerprintSHA1><!-- tizen-distributor-root-ca-patner-operator.pem -->
+ </CertificateDomain>
+ <CertificateDomain name="tizen-partner-manufacturer">
+ <FingerprintSHA1>2A:74:E8:CF:9E:0F:C3:D9:80:48:8B:E7:86:F7:83:49:91:11:E1:E0</FingerprintSHA1><!-- tizen-distributor-root-ca-patner-manufacturer.pem -->
+ </CertificateDomain>
+</CertificateSet>
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+<xs:element name="CertificateSet" type="CertificateSetType" />
+<xs:complexType name="CertificateSetType">
+ <xs:sequence>
+ <xs:element ref="CertificateDomain" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+</xs:complexType>
+
+<xs:element name="CertificateDomain" type="CertificateDomainType" />
+<xs:complexType name="CertificateDomainType">
+ <xs:sequence>
+ <xs:element ref="FingerprintSHA1" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:attribute name="name" type="xs:string" use="required" />
+</xs:complexType>
+
+<xs:element name="FingerprintSHA1" type="xs:string"/>
+
+</xs:schema>
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="base64Binary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="base64Binary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <element ref="ds:ECKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+<!-- ECDSA KEY DEFINITIONS -->
+
+ <element name="ECKeyValue" type="ds:ECKeyValueType"/>
+ <complexType name="ECKeyValueType">
+ <sequence>
+ <choice>
+ <element name="ECParameters" type="ds:ECParametersType"/>
+ <element name="NamedCurve" type="ds:NamedCurveType"/>
+ </choice>
+ <element name="PublicKey" type="ds:ECPointType"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+ <complexType name="NamedCurveType">
+ <attribute name="URI" type="anyURI" use="required"/>
+ </complexType>
+
+ <simpleType name="ECPointType">
+ <restriction base="ds:CryptoBinary"/>
+ </simpleType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+ <complexType name="ECParametersType">
+ <sequence>
+ <element name="FieldID" type="ds:FieldIDType"/>
+ <element name="Curve" type="ds:CurveType"/>
+ <element name="Base" type="ds:ECPointType"/>
+ <element name="Order" type="ds:CryptoBinary"/>
+ <element name="CoFactor" type="integer" minOccurs="0"/>
+ <element name="ValidationData" type="ds:ECValidationDataType" minOccurs="0"/>
+ </sequence>
+ </complexType>
+
+ <complexType name="FieldIDType">
+ <choice>
+ <element ref="ds:Prime"/>
+ <element ref="ds:TnB"/>
+ <element ref="ds:PnB"/>
+ <element ref="ds:GnB"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="Prime" type="ds:PrimeFieldParamsType"/>
+ <complexType name="PrimeFieldParamsType">
+ <sequence>
+ <element name="P" type="ds:CryptoBinary"/>
+ </sequence>
+ </complexType>
+
+ <element name="GnB" type="ds:CharTwoFieldParamsType"/>
+ <complexType name="CharTwoFieldParamsType">
+ <sequence>
+ <element name="M" type="positiveInteger"/>
+ </sequence>
+ </complexType>
+
+ <element name="TnB" type="ds:TnBFieldParamsType"/>
+ <complexType name="TnBFieldParamsType">
+ <complexContent>
+ <extension base="ds:CharTwoFieldParamsType">
+ <sequence>
+ <element name="K" type="positiveInteger"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <element name="PnB" type="ds:PnBFieldParamsType"/>
+ <complexType name="PnBFieldParamsType">
+ <complexContent>
+ <extension base="ds:CharTwoFieldParamsType">
+ <sequence>
+ <element name="K1" type="positiveInteger"/>
+ <element name="K2" type="positiveInteger"/>
+ <element name="K3" type="positiveInteger"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+
+ <complexType name="CurveType">
+ <sequence>
+ <element name="A" type="ds:CryptoBinary"/>
+ <element name="B" type="ds:CryptoBinary"/>
+ </sequence>
+ </complexType>
+
+ <complexType name="ECValidationDataType">
+ <sequence>
+ <element name="seed" type="ds:CryptoBinary"/>
+ </sequence>
+ <attribute name="hashAlgorithm" type="anyURI" use="required"/>
+ </complexType>
+
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="base64Binary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="base64Binary"/>
+ <element name="X509CRL" type="base64Binary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="base64Binary"/>
+ <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
--- /dev/null
+#!/bin/sh
+
+/usr/bin/wrt-security-daemon &
+set_pmon -p wrt-security-daemon
--- /dev/null
+#!/bin/sh
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#Uncomment this when IPC is set to DBus
+#dbus-send --system --print-reply --dest=org.tizen.SecurityDaemon /org/tizen/SecurityDaemon org.tizen.AceCheckAccessInterface.update_policy
+
+#Uncomment this when IPC is set to sockets
+echo "delete from AcePolicyResult where 1==1;" | sqlite3 /opt/dbspace/.ace.db
+echo "delete from AceAttribute where 1==1;" | sqlite3 /opt/dbspace/.ace.db
+echo "delete from AcePromptDecision where 1==1;" | sqlite3 /opt/dbspace/.ace.db
+pkill -9 wrt-security
+sleep 3
+
--- /dev/null
+#!/bin/sh
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+for name in ace
+do
+ rm -f /opt/dbspace/.$name.db
+ rm -f /opt/dbspace/.$name.db-journal
+ SQL="PRAGMA journal_mode = PERSIST;"
+ sqlite3 /opt/dbspace/.$name.db "$SQL"
+ SQL=".read /usr/share/wrt-engine/"$name"_db.sql"
+ sqlite3 /opt/dbspace/.$name.db "$SQL"
+ touch /opt/dbspace/.$name.db-journal
+ chown 0:6026 /opt/dbspace/.$name.db
+ chown 0:6026 /opt/dbspace/.$name.db-journal
+ chmod 660 /opt/dbspace/.$name.db
+ chmod 660 /opt/dbspace/.$name.db-journal
+done
+
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 0.1
+ * @brief ACE DAO read only mockup class
+ */
+#include "AceDAOReadOnly_mock.h"
+
+namespace AceDB {
+OptionalExtendedPolicyResult AceDAOReadOnly::m_policyResult = ExtendedPolicyResult();
+OptionalCachedPromptDecision AceDAOReadOnly::m_promptDecision =
+ OptionalCachedPromptDecision();
+PreferenceTypes AceDAOReadOnly::m_devCapSetting =
+ PreferenceTypes::PREFERENCE_DEFAULT;
+PreferenceTypes AceDAOReadOnly::m_widgetDevCapSetting =
+ PreferenceTypes::PREFERENCE_DEFAULT;
+PreferenceTypesMap AceDAOReadOnly::m_devCapSettings = PreferenceTypesMap();
+BaseAttributeSet AceDAOReadOnly::m_attributeSet = BaseAttributeSet();
+BasePermissionList AceDAOReadOnly::m_widgetDevCapSettings = BasePermissionList();
+RequestedDevCapsMap AceDAOReadOnly::m_devCapPermissions =
+ RequestedDevCapsMap();
+FeatureNameVector AceDAOReadOnly::m_featureName;
+std::string AceDAOReadOnly::m_guid = std::string();
+};
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 0.1
+ * @brief ACE DAO read only mockup class
+ */
+
+#ifndef WRT_MOCKUPS_ACE_DAO_READ_ONLY_MOCK_H_
+#define WRT_MOCKUPS_ACE_DAO_READ_ONLY_MOCK_H_
+
+#include <set>
+#include <utility>
+#include <string>
+
+#include <openssl/md5.h>
+#include <dpl/exception.h>
+#include <dpl/string.h>
+
+#include <PreferenceTypes.h>
+#include <BaseAttribute.h>
+#include <BasePermission.h>
+#include <IRequest.h>
+#include <PolicyEffect.h>
+#include <PolicyResult.h>
+#include <PromptDecision.h>
+#include <dpl/foreach.h>
+
+namespace AceDB {
+
+typedef std::map<DPL::String, bool> RequestedDevCapsMap;
+typedef DPL::String FeatureName;
+typedef std::vector<FeatureName> FeatureNameVector;
+
+class AceDAOReadOnly
+{
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, DatabaseError)
+ };
+
+ AceDAOReadOnly() {}
+
+ static void attachToThreadRO(){};
+ static void attachToThreadRW(){};
+ static void detachFromThread(){};
+
+ // policy effect/decision
+ static OptionalExtendedPolicyResult getPolicyResult(
+ const BaseAttributeSet &/*attributes*/)
+ {
+ return m_policyResult;
+ }
+
+ // prompt decision
+ static OptionalCachedPromptDecision getPromptDecision(
+ WidgetHandle /*widgetHandle*/,
+ int /*hash*/)
+ {
+ return m_promptDecision;
+ }
+
+ // resource settings
+ static PreferenceTypes getDevCapSetting(const std::string &/*resource*/)
+ {
+ return m_devCapSetting;
+ }
+ static void getDevCapSettings(PreferenceTypesMap *preferences)
+ {
+ *preferences = m_devCapSettings;
+ }
+
+ // user settings
+ static void getWidgetDevCapSettings(BasePermissionList *permissions)
+ {
+ *permissions = m_widgetDevCapSettings;
+ }
+
+ static PreferenceTypes getWidgetDevCapSetting(
+ const std::string &/*resource*/,
+ WidgetHandle /*handler*/)
+ {
+ return m_widgetDevCapSetting;
+ }
+
+ static void getAttributes(BaseAttributeSet *attributes)
+ {
+ *attributes = m_attributeSet;
+ }
+
+ static void getRequestedDevCaps(
+ int /*widgetHandle*/,
+ RequestedDevCapsMap *permissions)
+ {
+ *permissions = m_devCapPermissions;
+ }
+
+ // Setting return values for mockups
+ static void setPolicyResult(OptionalExtendedPolicyResult value)
+ {
+ m_policyResult = value;
+ }
+
+ static void setPromptDecision(OptionalCachedPromptDecision value)
+ {
+ m_promptDecision = value;
+ }
+
+ static void setDevCapSetting(PreferenceTypes value)
+ {
+ m_devCapSetting = value;
+ }
+
+ static void setWidgetDevCapSetting(PreferenceTypes value)
+ {
+ m_widgetDevCapSetting = value;
+ }
+
+ static void setWidgetDevCapSettings(BasePermissionList value)
+ {
+ m_widgetDevCapSettings = value;
+ }
+
+ static void setDevCapSettings(PreferenceTypesMap value)
+ {
+ m_devCapSettings = value;
+ }
+
+ static void setAttributeSet(BaseAttributeSet value)
+ {
+ m_attributeSet = value;
+ }
+
+ static void setDevCapPermissions(RequestedDevCapsMap value)
+ {
+ m_devCapPermissions = value;
+ }
+
+ static void getAcceptedFeature(
+ WidgetHandle /* widgetHandle */,
+ FeatureNameVector *featureVector)
+ {
+ *featureVector = m_featureName;
+ }
+
+ static void setAcceptedFeature(const FeatureNameVector &fvector)
+ {
+ m_featureName = fvector;
+ }
+
+ static std::string getGUID(const WidgetHandle& handle)
+ {
+ return m_guid;
+ }
+
+ protected:
+ static OptionalExtendedPolicyResult m_policyResult;
+ static OptionalCachedPromptDecision m_promptDecision;
+ static PreferenceTypes m_devCapSetting;
+ static PreferenceTypes m_widgetDevCapSetting;
+ static PreferenceTypesMap m_devCapSettings;
+ static BaseAttributeSet m_attributeSet;
+ static BasePermissionList m_widgetDevCapSettings;
+ static RequestedDevCapsMap m_devCapPermissions;
+ static FeatureNameVector m_featureName;
+ static std::string m_guid;
+};
+
+}
+
+#endif // WRT_MOCKUPS_ACE_DAO_READ_ONLY_MOCK_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief PolicyInformationPoint mockup class
+ */
+#ifndef WRT_MOCKUPS_POLICY_INFORMATION_POINT_MOCK_H_
+#define WRT_MOCKUPS_POLICY_INFORMATION_POINT_MOCK_H_
+
+class PolicyInformationPoint {
+ public:
+ PolicyInformationPoint(void*, void*, void*){};
+ virtual ~PolicyInformationPoint(){};
+ void getAttributesValues(void*, void*){};
+
+};
+
+#endif // WRT_MOCKUPS_POLICY_INFORMATION_POINT_MOCK_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief DBus client mockup class.
+ */
+#include "communication_client_mock.h"
+
+namespace WrtSecurity {
+namespace Communication {
+ int Client::m_checkAccessResult = 0;
+ bool Client::m_validationResult = true;
+}
+};
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief DBus client mockup class.
+ */
+
+#ifndef WRT_MOCKUPS_DBUS_CLIENT_MOCK_H_
+#define WRT_MOCKUPS_DBUS_CLIENT_MOCK_H_
+
+#include <dpl/exception.h>
+#include <dpl/assert.h>
+
+#include <string>
+#include <vector>
+#include "ace_server_api.h"
+#include "popup_response_server_api.h"
+
+namespace WrtSecurity {
+namespace Communication {
+
+/*
+ * This class is a mockup implementation for some methods called
+ * with DBus::Client.
+ */
+
+class Client
+{
+
+ public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, SecurityCommunicationClientException)
+ };
+
+ Client(std::string /*interfaceName*/)
+ {
+ }
+
+ // ACE server api check access method
+ void call(const std::string &methodName,
+ int,
+ const std::string&,
+ const std::string&,
+ const std::vector<std::string>&,
+ const std::vector<std::string>&,
+ const std::string&,
+ int* outArg)
+ {
+ if (methodName == WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD()) {
+ Assert(NULL != outArg);
+ *outArg = m_checkAccessResult;
+ return;
+ }
+ }
+
+ void call(const std::string &methodName,
+ bool,
+ int,
+ int,
+ const std::string&,
+ const std::string&,
+ const std::vector<std::string>&,
+ const std::vector<std::string>&,
+ const std::string&,
+ bool* outArg)
+ {
+ if (methodName == WrtSecurity::PopupServerApi::VALIDATION_METHOD()) {
+ Assert(NULL != outArg);
+ *outArg = m_validationResult;
+ return;
+ }
+ }
+
+
+ ~Client()
+ {
+ }
+
+ static void setCheckAccessResult(int value)
+ {
+ m_checkAccessResult = value;
+ }
+
+ static void setValidationResult(bool value)
+ {
+ m_validationResult = value;
+ }
+
+ private:
+ static int m_checkAccessResult;
+ static bool m_validationResult;
+};
+
+} // namespace DBus
+}
+
+#endif // WRT_MOCKUPS_DBUS_CLIENT_MOCK_H_
--- /dev/null
+
+[Unit]
+Description=Wrt security daemon
+
+[Service]
+ExecStart=/usr/bin/wrt-security-daemon
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+<manifest>
+ <define>
+ <domain name="wrt-security-daemon" />
+ <provide>
+ <label name="wrt-security-daemon::daemon" />
+ <label name="wrt-security-daemon::db" />
+ </provide>
+ </define>
+ <request>
+ <domain name="_" />
+ </request>
+</manifest>
+#sbs-git:slp/pkgs/s/security-server security-server 0.0.37
Name: wrt-security
-Summary: This repository will be abandoned.
-Version: 0.0.44
-Release: 1
-Group: Development/Libraries
+Summary: Wrt security daemon.
+Version: 0.0.61
+Release: 2
+Group: TO_BE/FILLED_IN
License: Apache License, Version 2.0
URL: N/A
Source0: %{name}-%{version}.tar.gz
+Source1: wrt-security.manifest
+Source2: wrt-security-daemon.service
+BuildRequires: cmake
+BuildRequires: zip
+BuildRequires: pkgconfig(dlog)
+BuildRequires: pkgconfig(openssl)
+BuildRequires: libattr-devel
+BuildRequires: pkgconfig(libsmack)
+BuildRequires: pkgconfig(dbus-1)
+BuildRequires: pkgconfig(dpl-efl)
+BuildRequires: pkgconfig(dpl-utils-efl)
+BuildRequires: pkgconfig(dpl-dbus-efl)
+BuildRequires: pkgconfig(libpcrecpp)
+BuildRequires: pkgconfig(icu-i18n)
+BuildRequires: pkgconfig(libsoup-2.4)
+BuildRequires: pkgconfig(xmlsec1)
%description
-This repository will be abandoned.
+Wrt security daemon and utilities.
+
+%package -n wrt-security-devel
+Summary: Header files for client libraries.
+Group: Development/Libraries
+Requires: wrt-security = %{version}-%{release}
+
+%description -n wrt-security-devel
+Developer files for client libraries.
+
+%package -n security-server-certs
+Summary: Certificates for web applications.
+Group: Development/Libraries
+Requires: security-server
+
+%description -n security-server-certs
+Certificates for wrt.
+
+%prep
+%setup -q
+
+%build
+export LDFLAGS+="-Wl,--rpath=%{_prefix}/lib"
+
+cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \
+ -DDPL_LOG="ON" \
+ -DVERSION=%{version} \
+ -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}
+make %{?jobs:-j%jobs}
+
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}/usr/share/license
+cp LICENSE %{buildroot}/usr/share/license/%{name}
+%make_install
+install -D %{SOURCE1} %{buildroot}%{_datadir}/wrt-security.manifest
+
+mkdir -p %{buildroot}/etc/rc.d/rc3.d
+mkdir -p %{buildroot}/etc/rc.d/rc5.d
+ln -sf /etc/rc.d/init.d/wrt-security-daemon.sh %{buildroot}/etc/rc.d/rc3.d/S10wrt-security-daemon
+ln -sf /etc/rc.d/init.d/wrt-security-daemon.sh %{buildroot}/etc/rc.d/rc5.d/S10wrt-security-daemon
+
+mkdir -p %{buildroot}%{_libdir}/systemd/system/multi-user.target.wants
+install -m 0644 %{SOURCE2} %{buildroot}%{_libdir}/systemd/system/wrt-security-daemon.service
+ln -sf /usr/lib/systemd/system/wrt-security-daemon.service %{buildroot}%{_libdir}/systemd/system/multi-user.target.wants/wrt-security-daemon.service
+
+%clean
+rm -rf %{buildroot}
+
+%post
+if [ -z ${2} ]; then
+ echo "This is new install of wrt-security"
+ echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
+ /usr/bin/wrt_security_create_clean_db.sh
+else
+ # Find out old and new version of databases
+ ACE_OLD_DB_VERSION=`sqlite3 /opt/dbspace/.ace.db ".tables" | grep "DB_VERSION_"`
+ ACE_NEW_DB_VERSION=`cat /usr/share/wrt-engine/ace_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_`
+ echo "OLD ace database version ${ACE_OLD_DB_VERSION}"
+ echo "NEW ace database version ${ACE_NEW_DB_VERSION}"
+
+ if [ ${ACE_OLD_DB_VERSION} -a ${ACE_NEW_DB_VERSION} ]
+ then
+ if [ ${ACE_NEW_DB_VERSION} = ${ACE_OLD_DB_VERSION} ]
+ then
+ echo "Equal database detected so db installation ignored"
+ else
+ echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
+ /usr/bin/wrt_security_create_clean_db.sh
+ fi
+ else
+ echo "Calling /usr/bin/wrt_security_create_clean_db.sh"
+ /usr/bin/wrt_security_create_clean_db.sh
+ fi
+fi
+
+/sbin/ldconfig
+echo "[WRT] wrt-security postinst done ..."
+
+%postun
+/sbin/ldconfig
+
+%files -n wrt-security
+%manifest %{_datadir}/wrt-security.manifest
+%defattr(-,root,root,-)
+%attr(755,root,root) /usr/bin/wrt-security-daemon
+%{_libdir}/libace*.so
+%{_libdir}/libace*.so.*
+%{_libdir}/libwrt-ocsp.so
+%{_libdir}/libwrt-ocsp.so.*
+/usr/share/wrt-engine/*
+%attr(755,root,root) %{_bindir}/wrt_security_create_clean_db.sh
+%attr(755,root,root) %{_bindir}/wrt_security_change_policy.sh
+%attr(664,root,root) %{_datadir}/dbus-1/services/*
+%attr(664,root,root) /usr/etc/ace/bondixml*
+%attr(664,root,root) /usr/etc/ace/UnrestrictedPolicy.xml
+%attr(664,root,root) /usr/etc/ace/WAC2.0Policy.xml
+%attr(664,root,root) /usr/etc/ace/TizenPolicy.xml
+%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.publisherid.pem
+%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen.root.preproduction.cert.pem
+%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.root.production.pem
+%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.root.preproduction.pem
+%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen-developer-root-ca.pem
+%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-partner.pem
+%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-public.pem
+%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-partner-manufacturer.pem
+%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-partner-operator.pem
+%{_datadir}/license/%{name}
+/etc/rc.d/init.d/wrt-security-daemon.sh
+%attr(755,root,root) /etc/rc.d/init.d/wrt-security-daemon.sh
+/etc/rc.d/rc3.d/S10wrt-security-daemon
+/etc/rc.d/rc5.d/S10wrt-security-daemon
+%{_libdir}/systemd/*
+
+%files -n wrt-security-devel
+%defattr(-,root,root,-)
+%{_includedir}/wrt-security/*
+%{_includedir}/ace/*
+%{_includedir}/ace-client/*
+%{_includedir}/ace-settings/*
+%{_includedir}/ace-install/*
+%{_includedir}/ace-common/*
+%{_includedir}/ace-popup-validation/*
+%{_includedir}/wrt-ocsp/*
+%{_libdir}/pkgconfig/security-client.pc
+%{_libdir}/pkgconfig/security-communication-client.pc
+%{_libdir}/pkgconfig/security-core.pc
+%{_libdir}/pkgconfig/security-dao-ro.pc
+%{_libdir}/pkgconfig/security-dao-rw.pc
+%{_libdir}/pkgconfig/security-install.pc
+%{_libdir}/pkgconfig/security-popup-validation.pc
+%{_libdir}/pkgconfig/security-settings.pc
+%{_libdir}/pkgconfig/security-wrt-ocsp.pc
+%{_libdir}/pkgconfig/security.pc
+
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file SecuritySocketClient.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implemtation of socket client class.
+ */
+
+#include <sys/socket.h>
+#include <string.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/un.h>
+#include <errno.h>
+#include <unistd.h>
+
+#include "SecuritySocketClient.h"
+#include "security_daemon_socket_config.h"
+
+void SecuritySocketClient::throwWithErrnoMessage(const std::string& specificInfo){
+ LogError(specificInfo << " : " << strerror(errno));
+ ThrowMsg(Exception::SecuritySocketClientException, specificInfo << " : " << strerror(errno));
+}
+
+SecuritySocketClient::SecuritySocketClient(const std::string& interfaceName) {
+ m_interfaceName = interfaceName;
+ m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS();
+ LogInfo("Client created");
+}
+
+void SecuritySocketClient::connect(){
+ struct sockaddr_un remote;
+ if(-1 == (m_socketFd = socket(AF_UNIX, SOCK_STREAM,0))){
+ throwWithErrnoMessage("socket()");
+ }
+
+ //socket needs to be nonblocking, because read can block after select
+ int flags;
+ if (-1 == (flags = fcntl(m_socketFd, F_GETFL, 0)))
+ flags = 0;
+ if(-1 == (fcntl(m_socketFd, F_SETFL, flags | O_NONBLOCK))){
+ throwWithErrnoMessage("fcntl");
+ }
+
+ bzero(&remote, sizeof(remote));
+ remote.sun_family = AF_UNIX;
+ strcpy(remote.sun_path, m_serverAddress.c_str());
+ if(-1 == ::connect(m_socketFd, (struct sockaddr *)&remote, SUN_LEN(&remote))){
+ throwWithErrnoMessage("connect()");
+ }
+
+ m_socketConnector.reset(new SocketConnection(m_socketFd));
+
+ LogInfo("Client connected");
+}
+
+void SecuritySocketClient::disconnect(){
+ //Socket should be already closed by server side,
+ //even though we should close it in case of any errors
+ close(m_socketFd);
+ LogInfo("Client disconnected");
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file SecuritySocketClient.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of socket client class.
+ */
+
+#ifndef SECURITYSOCKETCLIENT_H_
+#define SECURITYSOCKETCLIENT_H_
+
+#include <memory>
+#include <string>
+#include <dpl/log/log.h>
+#include "SocketConnection.h"
+
+/* IMPORTANT:
+ * Methods connect(), call() and disconnected() should be called one by one.
+ * Between connect() and disconnect() you can use call() only once.
+ * It is because of timeout on call, e.g. to avoid waiting for corrupted data.
+ */
+
+/* USAGE:
+ * Class should be used according to this scheme:
+ * SecuritySocketClient client("Interface Name");
+ * (...)
+ * client.connect();
+ * client.call("Method name", in_arg1, in_arg2, ..., in_argN,
+ * out_arg1, out_arg2, ..., out_argM);
+ * client.disconnect();
+ * (...)
+ *
+ * input parameters of the call are passed with reference,
+ * output ones are passed as pointers - parameters MUST be passed this way.
+ *
+ * Currently client supports serialization and deserialization of simple types
+ * (int, char, float, unsigned), strings (std::string and char*) and
+ * some STL containers (std::vector, std::list, std::map, std::pair).
+ * Structures and classes are not (yet) supported.
+ */
+
+class SecuritySocketClient {
+public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, SecuritySocketClientException)
+ };
+
+ SecuritySocketClient(const std::string &interfaceName);
+ void connect();
+ void disconnect();
+
+ void call(std::string methodName){
+ make_call(m_interfaceName);
+ make_call(methodName);
+ }
+
+ template<typename ...Args>
+ void call(std::string methodName, const Args&... args){
+ make_call(m_interfaceName);
+ make_call(methodName);
+ make_call(args...);
+ }
+
+private:
+ template<typename T, typename ...Args>
+ void make_call(const T& invalue, const Args&... args){
+ make_call(invalue);
+ make_call(args...);
+ }
+
+ template<typename T>
+ void make_call(const T& invalue){
+ Try {
+ m_socketConnector->write(invalue);
+ }
+ Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket connection write error");
+ ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error");
+ }
+ }
+
+ template<typename T, typename ...Args>
+ void make_call(const T* invalue, const Args&... args){
+ make_call(invalue);
+ make_call(args...);
+ }
+
+ template<typename T>
+ void make_call(const T* invalue){
+ Try {
+ m_socketConnector->write(invalue);
+ }
+ Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket connection write error");
+ ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error");
+ }
+ }
+
+ template<typename T, typename ...Args>
+ void make_call(T * outvalue, const Args&... args){
+ make_call(outvalue);
+ make_call(args...);
+ }
+
+ template<typename T>
+ void make_call(T* outvalue){
+ Try {
+ m_socketConnector->read(outvalue);
+ }
+ Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket connection read error");
+ ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection read error");
+ }
+ }
+
+
+private:
+ void throwWithErrnoMessage(const std::string& specificInfo);
+ std::string m_serverAddress;
+ std::string m_interfaceName;
+ std::unique_ptr<SocketConnection> m_socketConnector;
+ int m_socketFd;
+};
+
+#endif /* SECURITYSOCKETCLIENT_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SocketConnection.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ */
+
+#include "SocketConnection.h"
+
+//
+// Note:
+//
+// The file here is left blank to enable precompilation
+// of templates in corresponding header file.
+// Do not remove this file.
+//
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file SocketConnection.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief This file is a header of Socket Connection class with implemented templates
+ */
+
+#ifndef SOCKETCONNECTION_H_
+#define SOCKETCONNECTION_H_
+
+#include <dpl/serialization.h>
+#include <dpl/log/log.h>
+#include <new>
+#include "SocketStream.h"
+
+/*
+ * This class implements interface for generic read and write from given socket.
+ * It does not maintain socket descriptor, so any connecting and disconnecting should be
+ * done above calls to this class.
+ */
+
+/*
+ * Throws SocketConnectionException when read/write will not succeed or if any bad allocation
+ * exception occurs during read.
+ */
+
+class SocketConnection {
+
+public:
+
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, SocketConnectionException)
+ };
+
+ explicit SocketConnection(int socket_fd) : m_socketStream(socket_fd){
+ LogInfo("Created");
+ }
+
+ template<typename T, typename ...Args>
+ void read(T* out, const Args&... args ){
+ read(out);
+ read(args...);
+ }
+
+ template<typename T>
+ void read(T* out){
+ Try {
+ DPL::Deserialization::Deserialize(m_socketStream, *out);
+ }
+
+ Catch (std::bad_alloc){
+ LogError("Bad allocation error");
+ ThrowMsg(Exception::SocketConnectionException, "Bad allocation error");
+ }
+
+ Catch (SocketStream::Exception::SocketStreamException) {
+ LogError("Socket stream error");
+ ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
+ }
+ }
+
+ template<typename T, typename ...Args>
+ void write(const T& in, const Args&... args){
+ write(in);
+ write(args...);
+ }
+
+ template<typename T>
+ void write(const T& in){
+ Try {
+ DPL::Serialization::Serialize(m_socketStream, in);
+ } Catch (SocketStream::Exception::SocketStreamException) {
+ LogError("Socket stream error");
+ ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
+ }
+ }
+
+ template<typename T, typename ...Args>
+ void write(const T* in, const Args&... args){
+ write(in);
+ write(args...);
+ }
+
+ template<typename T>
+ void write(const T* in){
+ Try {
+ DPL::Serialization::Serialize(m_socketStream, in);
+ } Catch (SocketStream::Exception::SocketStreamException) {
+ LogError("Socket stream error");
+ ReThrowMsg(Exception::SocketConnectionException, "Socket stream error");
+ }
+ }
+
+private:
+ SocketStream m_socketStream;
+};
+
+#endif /* SOCKETCONNECTION_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file SocketStream.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implementation of socket stream class
+ */
+
+
+#include <sys/socket.h>
+#include <sys/select.h>
+#include <errno.h>
+#include <cstring>
+#include <unistd.h>
+#include <dpl/log/log.h>
+#include "SocketStream.h"
+
+#define READ_TIEMOUT_SEC 1
+#define READ_TIMEUOT_NSEC 0
+#define WRITE_TIMEOUT_SEC 0
+#define WRITE_TIMEOUT_NSEC 100000000
+#define MAX_BUFFER 10240
+
+void SocketStream::throwWithErrnoMessage(std::string function_name){
+ LogError(function_name << " : " << strerror(errno));
+ ThrowMsg(Exception::SocketStreamException, function_name << " : " << strerror(errno));
+}
+
+void SocketStream::Read(size_t num, void * bytes){
+
+ if(NULL == bytes){
+ LogError("Null pointer to buffer");
+ ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer");
+ }
+
+ m_bytesRead += num;
+
+ if(m_bytesRead > MAX_BUFFER){
+ LogError("Too big buffer requested!");
+ ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!");
+ }
+
+ char part_buffer[MAX_BUFFER];
+ std::string whole_buffer;
+
+ fd_set rset, allset;
+ int max_fd;
+ ssize_t bytes_read = 0, bytes_to_read = (ssize_t) num;
+
+ timespec timeout;
+
+ max_fd = m_socketFd;
+ ++max_fd;
+
+ FD_ZERO(&allset);
+ FD_SET(m_socketFd, &allset);
+
+ int returned_value;
+
+ while(bytes_to_read != 0){
+ timeout.tv_sec = READ_TIEMOUT_SEC;
+ timeout.tv_nsec = READ_TIMEUOT_NSEC;
+ rset = allset;
+
+ if(-1 == (returned_value = pselect(max_fd, &rset, NULL, NULL, &timeout, NULL))){
+ if(errno == EINTR) continue;
+ throwWithErrnoMessage("pselect()");
+ }
+ if(0 == returned_value){
+ //This means pselect got timedout
+ //This is not a proper behavior in reading data from UDS
+ //And could mean we got corrupted connection
+ LogError("Couldn't read whole data");
+ ThrowMsg(Exception::SocketStreamException, "Couldn't read whole data");
+ }
+ if(FD_ISSET(m_socketFd, &rset)){
+ bytes_read = read(m_socketFd, part_buffer, num);
+ if(bytes_read <= 0){
+ if(errno == ECONNRESET || errno == ENOTCONN || errno == ETIMEDOUT){
+ LogInfo("Connection closed : " << strerror(errno));
+ ThrowMsg(Exception::SocketStreamException,
+ "Connection closed : " << strerror(errno) << ". Couldn't read whole data");
+ }else if (errno != EAGAIN && errno != EWOULDBLOCK){
+ throwWithErrnoMessage("read()");
+ }
+ }
+
+ whole_buffer.append(part_buffer, bytes_read);
+ bytes_to_read-=bytes_read;
+ bytes_read = 0;
+ continue;
+ }
+
+ }
+ memcpy(bytes, whole_buffer.c_str(), num);
+}
+
+void SocketStream::Write(size_t num, const void * bytes){
+
+ if(NULL == bytes){
+ LogError("Null pointer to buffer");
+ ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer");
+ }
+
+ m_bytesWrote += num;
+
+ if(m_bytesWrote > MAX_BUFFER){
+ LogError("Too big buffer requested!");
+ ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!");
+ }
+
+ fd_set wset, allset;
+ int max_fd;
+
+ timespec timeout;
+
+ max_fd = m_socketFd;
+ ++max_fd;
+
+ FD_ZERO(&allset);
+ FD_SET(m_socketFd, &allset);
+
+ int returned_value;
+
+ int write_res, bytes_to_write = num;
+ unsigned int current_offset = 0;
+
+ while(current_offset != num){
+ timeout.tv_sec = WRITE_TIMEOUT_SEC;
+ timeout.tv_nsec = WRITE_TIMEOUT_NSEC;
+ wset = allset;
+
+ if(-1 == (returned_value = pselect(max_fd, NULL, &wset, NULL, &timeout, NULL))){
+ if(errno == EINTR) continue;
+ throwWithErrnoMessage("pselect()");
+ }
+
+ if(FD_ISSET(m_socketFd, &wset)){
+ if(-1 == (write_res = write(m_socketFd, reinterpret_cast<const char *>(bytes) + current_offset, bytes_to_write))){
+ if(errno == ECONNRESET || errno == EPIPE){
+ LogInfo("Connection closed : " << strerror(errno));
+ ThrowMsg(Exception::SocketStreamException,
+ "Connection closed : " << strerror(errno) << ". Couldn't write whole data");
+
+ }else if(errno != EAGAIN && errno != EWOULDBLOCK){
+ throwWithErrnoMessage("write()");
+ }
+ }
+ current_offset += write_res;
+ bytes_to_write -= write_res;
+ }
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file SocketStream.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of socket stream class.
+ */
+
+#ifndef SOCKETSTREAM_H_
+#define SOCKETSTREAM_H_
+
+#include <string>
+#include <sys/socket.h>
+#include <sys/select.h>
+#include <dpl/serialization.h>
+#include <dpl/log/log.h>
+
+/*
+ * This class implements binary read/write from socket used for DPL serialization and deserialization
+ * It can read or write buffers of max *total* size 10kB.
+ * I does not maintain socket descriptor.
+ */
+
+/*
+ * Throws SocketStreamException when buffer is null or its size exceeds max size or when
+ * there is an error during read or write.
+ */
+
+
+
+class SocketStream : public DPL::IStream {
+public:
+ class Exception
+ {
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, SocketStreamException)
+ };
+
+ explicit SocketStream(int socket_fd) : m_socketFd(socket_fd),
+ m_bytesRead(0),
+ m_bytesWrote(0)
+ {
+ LogInfo("Created");
+ }
+ void Read(size_t num, void * bytes);
+ void Write(size_t num, const void * bytes);
+private:
+ void throwWithErrnoMessage(std::string specificInfo);
+ int m_socketFd;
+ int m_bytesRead;
+ int m_bytesWrote;
+};
+
+#endif /* SOCKETSTREAM_H_ */
--- /dev/null
+# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# @file CMakeLists.txt
+# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
+#
+
+SET(DAEMON_BASIC_DEP
+ dpl-efl
+ dpl-dbus-efl
+ dpl-utils-efl
+ libsoup-2.4
+ openssl
+ libsmack
+ )
+
+IF(SMACK_ENABLE)
+ LIST(APPEND DAEMON_BASIC_DEP libprivilege-control)
+ENDIF(SMACK_ENABLE)
+
+PKG_CHECK_MODULES(DAEMON_DEP
+ ${DAEMON_BASIC_DEP}
+ REQUIRED)
+
+SET(DAEMON_SOURCES_PATH ${PROJECT_SOURCE_DIR}/src)
+
+SET(DAEMON_SOURCES
+ #socket connection
+ ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp
+ ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp
+ #caller
+ ${DAEMON_SOURCES_PATH}/services/caller/security_caller.cpp
+ #daemon
+ ${DAEMON_SOURCES_PATH}/daemon/dbus/security_dbus_service.cpp
+ ${DAEMON_SOURCES_PATH}/daemon/sockets/security_socket_service.cpp
+ ${DAEMON_SOURCES_PATH}/daemon/security_daemon.cpp
+ ${DAEMON_SOURCES_PATH}/main.cpp
+ #ocsp
+ ${DAEMON_SOURCES_PATH}/services/ocsp/dbus/ocsp_server_dbus_interface.cpp
+ ${DAEMON_SOURCES_PATH}/services/ocsp/socket/ocsp_service_callbacks.cpp
+ ${DAEMON_SOURCES_PATH}/services/ocsp/ocsp_service.cpp
+ #ace
+ ${DAEMON_SOURCES_PATH}/services/ace/dbus/ace_server_dbus_interface.cpp
+ ${DAEMON_SOURCES_PATH}/services/ace/socket/ace_service_callbacks.cpp
+ ${DAEMON_SOURCES_PATH}/services/ace/ace_service.cpp
+ ${DAEMON_SOURCES_PATH}/services/ace/logic/security_controller.cpp
+ ${DAEMON_SOURCES_PATH}/services/ace/logic/attribute_facade.cpp
+ ${DAEMON_SOURCES_PATH}/services/ace/logic/security_logic.cpp
+ ${DAEMON_SOURCES_PATH}/services/ace/logic/simple_roaming_agent.cpp
+ #popup
+ ${DAEMON_SOURCES_PATH}/services/popup/dbus/popup_response_dbus_interface.cpp
+ ${DAEMON_SOURCES_PATH}/services/popup/socket/popup_service_callbacks.cpp
+ )
+
+SET_SOURCE_FILES_PROPERTIES(${DAEMON_SOURCES} PROPERTIES COMPILE_FLAGS "-std=c++0x")
+
+############################# Lets start compilation process ##################
+#ace library
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
+#socket connection library
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/socket_connection/connection)
+#daemon
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/dbus)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets/api)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets)
+#caller
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/caller)
+#ace
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/dbus)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket/api)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/logic)
+#ocsp
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket/api)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/logic)
+#popup
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/dbus)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket/api)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/logic)
+INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include)
+INCLUDE_DIRECTORIES(${DAEMON_DEP_INCLUDE_DIRS})
+
+ADD_EXECUTABLE(${TARGET_DAEMON}
+ ${DAEMON_SOURCES})
+
+TARGET_LINK_LIBRARIES(${TARGET_DAEMON}
+ ${DAEMON_DEP_LIBRARIES}
+ ${TARGET_ACE_LIB}
+ ${TARGET_ACE_DAO_RW_LIB})
+
+INSTALL(TARGETS ${TARGET_DAEMON}
+ DESTINATION bin)
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/daemon/dbus/org.tizen.SecurityDaemon.service
+ DESTINATION /usr/share/dbus-1/services
+ )
+
+INSTALL(FILES
+ ${PROJECT_SOURCE_DIR}/src/services/ace/ace_server_api.h
+ ${PROJECT_SOURCE_DIR}/src/services/ocsp/ocsp_server_api.h
+ ${PROJECT_SOURCE_DIR}/src/services/popup/popup_response_server_api.h
+ ${PROJECT_SOURCE_DIR}/src/services/popup/popup_ace_data_types.h
+ ${PROJECT_SOURCE_DIR}/src/daemon/dbus/security_daemon_dbus_config.h
+ DESTINATION /usr/include/wrt-security
+ )
--- /dev/null
+Security Daemon todos:
+
+* One runtime instance should be allowed (DONE)
+* Hide application symbols that should not be exported.
+* Add support for service/module dependencies.
+* Signals blocking/handlers should be added.
+* Connections to other databases should be set.
+* Make it a real daemon (demonize ? auto restarting support ?)
+* Same of the files needs to be separated from the rest of WebRuntime sources:
+ - global_config.cpp
+
--- /dev/null
+[D-BUS Service]
+Name=org.tizen.SecurityDaemon
+Exec=/usr/bin/wrt-security-daemon
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file security_daemon_dbus_config.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file contains security daemon DBus configuration.
+ */
+#ifndef WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_
+#define WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_
+
+#include <string>
+
+namespace WrtSecurity {
+
+struct SecurityDaemonConfig {
+ static const std::string OBJECT_PATH()
+ {
+ return "/org/tizen/SecurityDaemon";
+ }
+
+ static const std::string SERVICE_NAME()
+ {
+ return "org.tizen.SecurityDaemon";
+ }
+};
+
+} // namespace WrtSecurity
+
+#endif // WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file security_dbus_service.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
+ * @version 1.0
+ * @brief This file contains implementation of security DBus service.
+ */
+#include <dpl/log/log.h>
+#include <algorithm>
+#include <gio/gio.h>
+#include <dpl/exception.h>
+#include <dpl/dbus/interface.h>
+#include <dpl/dbus/connection.h>
+#include "security_dbus_service.h"
+#include "security_daemon_dbus_config.h"
+#include <ace_server_dbus_interface.h>
+#include <ocsp_server_dbus_interface.h>
+#include <popup_response_dbus_interface.h>
+
+
+void SecurityDBusService::start()
+{
+ LogDebug("SecurityDBusService starting");
+ m_connection = DPL::DBus::Connection::systemBus();
+ std::for_each(m_objects.begin(),
+ m_objects.end(),
+ [this] (const DPL::DBus::ObjectPtr& object)
+ {
+ m_connection->registerObject(object);
+ });
+ m_connection->registerService(
+ WrtSecurity::SecurityDaemonConfig::SERVICE_NAME());
+}
+
+void SecurityDBusService::stop()
+{
+ LogDebug("SecurityDBusService stopping");
+ m_connection.reset();
+}
+
+void SecurityDBusService::initialize()
+{
+ LogDebug("SecurityDBusService initializing");
+ g_type_init();
+
+ addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
+ std::make_shared<RPC::AceServerDBusInterface>());
+ addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
+ std::make_shared<RPC::OcspServerDBusInterface>());
+ addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(),
+ std::make_shared<RPC::PopupResponseDBusInterface>());
+}
+
+void SecurityDBusService::addInterface(const std::string& objectPath,
+ const InterfaceDispatcherPtr& dispatcher)
+{
+ auto ifaces =
+ DPL::DBus::Interface::fromXMLString(dispatcher->getXmlSignature());
+ if (ifaces.empty())
+ {
+ ThrowMsg(DPL::Exception, "No interface description.");
+ }
+
+ auto iface = ifaces.at(0);
+ iface->setDispatcher(dispatcher.get());
+
+ m_dispatchers.push_back(dispatcher);
+ m_objects.push_back(DPL::DBus::Object::create(objectPath, iface));
+}
+
+void SecurityDBusService::deinitialize()
+{
+ LogDebug("SecurityDBusService deinitializing");
+ m_objects.clear();
+ m_dispatchers.clear();
+}
+
+#ifdef DBUS_CONNECTION
+DAEMON_REGISTER_SERVICE_MODULE(SecurityDBusService)
+#endif //DBUS_CONNECTION
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file security_dbus_service.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
+ * @version 1.0
+ * @brief This file contains definitions of security DBus service.
+ */
+#ifndef WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_
+#define WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_
+
+#include <memory>
+#include <vector>
+#include <dpl/dbus/connection.h>
+#include <dpl/dbus/object.h>
+#include <dpl/dbus/dispatcher.h>
+#include <dpl/dbus/dbus_interface_dispatcher.h>
+#include <security_daemon.h>
+
+class SecurityDBusService : public SecurityDaemon::DaemonService {
+private:
+ virtual void initialize();
+ virtual void start();
+ virtual void stop();
+ virtual void deinitialize();
+
+private:
+ typedef std::shared_ptr<DPL::DBus::InterfaceDispatcher> InterfaceDispatcherPtr;
+ typedef std::shared_ptr<DPL::DBus::Dispatcher> DispatcherPtr;
+
+ void addInterface(const std::string& objectPath,
+ const InterfaceDispatcherPtr& dispatcher);
+
+ DPL::DBus::ConnectionPtr m_connection;
+ std::vector<DPL::DBus::ObjectPtr> m_objects;
+ std::vector<DispatcherPtr> m_dispatchers;
+};
+
+#endif // WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file security_daemon.cpp
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This is implementation file of Security Daemon
+ */
+
+#include "security_daemon.h"
+
+#include <dpl/assert.h>
+#include <dpl/foreach.h>
+#include <dpl/log/log.h>
+
+#include <dpl/framework_efl.h>
+
+#include <dpl/singleton_impl.h>
+IMPLEMENT_SINGLETON(SecurityDaemon::SecurityDaemon)
+
+#include <ace-dao-rw/AceDAO.h>
+
+namespace SecurityDaemon {
+
+//This is declared not in SecurityDaemon class, so no Ecore.h is needed there.
+static Ecore_Event_Handler *g_exitHandler;
+static Eina_Bool exitHandler(void */*data*/, int /*type*/, void */*event*/)
+{
+ auto& daemon = SecurityDaemonSingleton::Instance();
+ daemon.terminate(0);
+
+ return ECORE_CALLBACK_CANCEL;
+}
+
+SecurityDaemon::SecurityDaemon() :
+ m_initialized(false),
+ m_terminating(false),
+ m_returnValue(0)
+{
+}
+
+void SecurityDaemon::initialize(int& /*argc*/, char** /*argv*/)
+{
+ DPL::Log::LogSystemSingleton::Instance().SetTag("SECURITY_DAEMON");
+ LogDebug("Initializing");
+ Assert(!m_initialized && "Already Initialized");
+
+ g_exitHandler = ecore_event_handler_add(ECORE_EVENT_SIGNAL_EXIT,
+ &exitHandler,
+ NULL);
+
+ DatabaseService::initialize();
+ FOREACH (service, m_servicesList) {
+ (*service)->initialize();
+ }
+ m_initialized = true;
+ LogDebug("Initialized");
+}
+
+int SecurityDaemon::execute()
+{
+ Assert(m_initialized && "Not Initialized");
+ LogDebug("Starting execute");
+ FOREACH (service, m_servicesList) {
+ (*service)->start();
+ }
+ ecore_main_loop_begin();
+ return m_returnValue;
+}
+
+void SecurityDaemon::terminate(int returnValue)
+{
+ Assert(m_initialized && "Not Initialized");
+ Assert(!m_terminating && "Already terminating");
+ LogDebug("Terminating");
+
+ ecore_event_handler_del(g_exitHandler);
+
+ m_returnValue = returnValue;
+ m_terminating = true;
+
+ FOREACH (service, m_servicesList) {
+ (*service)->stop();
+ }
+
+ ecore_main_loop_quit();
+}
+
+void SecurityDaemon::shutdown()
+{
+ LogDebug("Shutdown");
+ Assert(m_initialized && "Not Initialized");
+ Assert(m_terminating && "Not terminated");
+
+ DatabaseService::deinitialize();
+ FOREACH (service, m_servicesList) {
+ (*service)->deinitialize();
+ }
+
+ m_initialized = false;
+}
+
+namespace DatabaseService {
+
+void initialize(void)
+{
+ LogDebug("Ace/Wrt database services initializing...");
+ AceDB::AceDAO::attachToThreadRW();
+}
+
+void deinitialize(void)
+{
+ LogDebug("Ace/Wrt database services deinitializing...");
+ AceDB::AceDAO::detachFromThread();
+}
+
+} //namespace DatabaseService
+
+} //namespace SecurityDaemon
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file security_daemon.h
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This is header file of Security Daemon
+ */
+
+#ifndef WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H
+#define WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H
+
+#include <utility>
+#include <memory>
+#include <list>
+#include <dpl/noncopyable.h>
+#include <dpl/singleton.h>
+#include <dpl/assert.h>
+
+
+namespace SecurityDaemon {
+
+class DaemonService : DPL::Noncopyable {
+ public:
+ virtual void initialize() = 0;
+ virtual void start() = 0;
+ virtual void stop() = 0;
+ virtual void deinitialize() = 0;
+};
+
+class SecurityDaemon : DPL::Noncopyable
+{
+ public:
+ SecurityDaemon();
+
+ void initialize(int& argc, char** argv);
+ int execute();
+ void terminate(int returnValue = 0);
+
+ template<typename ServiceType, typename ...Args>
+ void registerService(Args&&... args)
+ {
+ Assert(!m_initialized && "Too late for registration");
+
+ m_servicesList.push_back(
+ std::make_shared<ServiceType>(std::forward<Args>(args)...));
+ }
+
+ void shutdown();
+
+ private:
+ bool m_initialized;
+ bool m_terminating;
+ int m_returnValue;
+ typedef std::list<std::shared_ptr<DaemonService>> DaemonServiceList;
+ DaemonServiceList m_servicesList;
+};
+
+namespace DatabaseService {
+ void initialize();
+ void deinitialize();
+};
+
+} //namespace SecurityDaemon
+
+typedef DPL::Singleton<SecurityDaemon::SecurityDaemon> SecurityDaemonSingleton;
+
+#define DAEMON_REGISTER_SERVICE_MODULE(Type) \
+ namespace { \
+ static int initializeModule(); \
+ static int initializeModuleHelper = initializeModule(); \
+ int initializeModule() \
+ { \
+ (void)initializeModuleHelper; \
+ SecurityDaemonSingleton::Instance().registerService<Type>(); \
+ return 0; \
+ } \
+ }
+
+
+#endif /* WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file callback_api.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief This header provides types and exceptions required for security service callbacks
+ */
+
+#ifndef CALLBACK_API_H_
+#define CALLBACK_API_H_
+
+#include <dpl/exception.h>
+
+typedef void (*socketServerCallback) (SocketConnection * connector);
+
+typedef bool (*securityCheck) (int socketfd);
+
+namespace ServiceCallbackApi{
+
+ class Exception{
+ public:
+ DECLARE_EXCEPTION_TYPE(DPL::Exception, Base)
+ DECLARE_EXCEPTION_TYPE(Base, ServiceCallbackException)
+ };
+
+}
+
+#endif /* CALLBACK_API_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file security_daemon_socket_config.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#ifndef SECURITY_DAEMON_SOCKET_CONFIG_H_
+#define SECURITY_DAEMON_SOCKET_CONFIG_H_
+
+#include <string>
+#include <signal.h>
+
+namespace WrtSecurity {
+
+struct SecurityDaemonSocketConfig {
+ static const std::string SERVER_ADDRESS()
+ {
+ return "/tmp/server";
+ }
+};
+
+} // namespace WrtSecurity
+#endif /* SECURITY_DAEMON_SOCKET_CONFIG_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file security_socket_service.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implementation of socket server
+ */
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/signalfd.h>
+#include <sys/select.h>
+#include <sys/stat.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <cstring>
+#include <unistd.h>
+#include <dpl/log/log.h>
+#include "ace_service_callbacks_api.h"
+#include "ocsp_service_callbacks_api.h"
+#include "popup_service_callbacks_api.h"
+#include "security_daemon_socket_config.h"
+#include "security_socket_service.h"
+
+#define TIMEOUT_SEC 0
+#define TIMEOUT_NSEC 100000000
+#define MAX_LISTEN 5
+#define SIGNAL_TO_CLOSE SIGUSR1
+
+void SecuritySocketService::throwWithErrnoMessage(const std::string& specificInfo){
+ LogError(specificInfo << " : " << strerror(errno));
+ ThrowMsg(DPL::Exception, specificInfo << " : " << strerror(errno));
+}
+
+void SecuritySocketService::registerServiceCallback(const std::string &interfaceName,
+ const std::string &methodName,
+ socketServerCallback callbackMethod,
+ securityCheck securityMethod){
+ if(NULL == callbackMethod){
+ LogError("Null callback");
+ ThrowMsg(DPL::Exception, "Null callback");
+ }
+ if(interfaceName.empty() || methodName.empty()){
+ LogError("Interface and method name cannot be empty");
+ ThrowMsg(DPL::Exception, "Empty interface or method name");
+ }
+
+ auto serviceCallbackPtr = std::make_shared<ServiceCallback>(ServiceCallback(callbackMethod, securityMethod));
+ m_callbackMap[interfaceName][methodName] = serviceCallbackPtr;
+}
+
+void SecuritySocketService::addClientSocket(int clientSocket){
+ std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
+ m_clientSocketList.push_back(clientSocket);
+}
+
+void SecuritySocketService::removeClientSocket(int clientSocket){
+ std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
+ m_clientSocketList.remove(clientSocket);
+}
+
+bool SecuritySocketService::popClientSocket(int * clientSocket){
+ std::lock_guard<std::mutex> guard(m_clientSocketListMutex);
+ if(m_clientSocketList.empty())
+ return false;
+ *clientSocket = m_clientSocketList.front();
+ m_clientSocketList.pop_front();
+ return true;
+}
+
+void SecuritySocketService::initialize(){
+
+ LogInfo("Initializing...");
+ m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS();
+ m_signalToClose = SIGNAL_TO_CLOSE;
+
+ //registering Ace callbacks
+ registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
+ WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first,
+ WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second);
+
+ registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
+ WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().first,
+ WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().second);
+
+ registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(),
+ WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().first,
+ WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().second);
+ LogInfo("Registered Ace callbacks");
+
+ //registering Ocsp callbacks
+ registerServiceCallback(WrtSecurity::OcspServerApi::INTERFACE_NAME(),
+ WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first,
+ WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second);
+ LogInfo("Registered Ocsp callbacks");
+
+ //registering Popup callbacks
+ registerServiceCallback(WrtSecurity::PopupServerApi::INTERFACE_NAME(),
+ WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().first,
+ WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().second);
+ LogInfo("Registered Popup callbacks");
+
+ if(-1 == (m_listenFd = socket(AF_UNIX, SOCK_STREAM, 0))){
+ throwWithErrnoMessage("socket()");
+ }
+ LogInfo("Server socket created");
+
+ //socket needs to be nonblocking, because read can block after select
+ int flags;
+ if (-1 == (flags = fcntl(m_listenFd, F_GETFL, 0)))
+ flags = 0;
+ if(-1 == (fcntl(m_listenFd, F_SETFL, flags | O_NONBLOCK))){
+ throwWithErrnoMessage("fcntl");
+ }
+
+ sockaddr_un server_address;
+ bzero(&server_address, sizeof(server_address));
+ server_address.sun_family = AF_UNIX;
+ strcpy(server_address.sun_path, m_serverAddress.c_str());
+ unlink(server_address.sun_path);
+
+ mode_t socket_umask, original_umask;
+ socket_umask = 0;
+ original_umask = umask(socket_umask);
+
+ if(-1 == bind(m_listenFd, (struct sockaddr *)&server_address, SUN_LEN(&server_address))){
+ throwWithErrnoMessage("bind()");
+ }
+
+ umask(original_umask);
+
+ LogInfo("Initialized");
+}
+
+void SecuritySocketService::start(){
+
+ LogInfo("Starting...");
+ if(m_serverAddress.empty()){
+ LogError("Server not initialized");
+ ThrowMsg(DPL::Exception, "Server not initialized");
+ }
+
+ sigset_t sigset;
+ sigemptyset(&sigset);
+ if(-1 == sigaddset(&sigset, m_signalToClose)){
+ throwWithErrnoMessage("sigaddset()");
+ }
+ int returned_value;
+ if ((returned_value = pthread_sigmask(SIG_BLOCK, &sigset, NULL)) < 0) {
+ errno = returned_value;
+ throwWithErrnoMessage("pthread_sigmask()");
+ }
+
+ pthread_t mainThread;
+ if((returned_value = pthread_create(&mainThread, NULL, &serverThread, this)) < 0){
+ errno = returned_value;
+ throwWithErrnoMessage("pthread_create()");
+ }
+ m_mainThread = mainThread;
+
+ LogInfo("Started");
+}
+
+void * SecuritySocketService::serverThread(void * data){
+ pthread_detach(pthread_self());
+ SecuritySocketService &t = *static_cast<SecuritySocketService *>(data);
+ LogInfo("Running server main thread");
+ Try {
+ t.mainLoop();
+ } Catch (DPL::Exception) {
+ LogError("Socket server error. Exiting...");
+ return (void *)1;
+ }
+
+ return (void *)0;
+}
+
+
+void SecuritySocketService::mainLoop(){
+
+ if(listen(m_listenFd, MAX_LISTEN) == -1){
+ throwWithErrnoMessage("listen()");
+ }
+
+ //Settings to catch closing signal in select
+ int signal_fd;
+ sigset_t sigset;
+ if(-1 == (sigemptyset(&sigset))){
+ throwWithErrnoMessage("sigemptyset()");
+ }
+ if(-1 == (sigaddset(&sigset, m_signalToClose))) {
+ throwWithErrnoMessage("sigaddset()");
+ }
+ if((signal_fd = signalfd(-1, &sigset, 0)) < 0){
+ throwWithErrnoMessage("signalfd()");
+ }
+
+ //Setting descriptors for pselect
+ fd_set allset, rset;
+ int maxfd;
+ FD_ZERO(&allset);
+ FD_SET(m_listenFd, &allset);
+ FD_SET(signal_fd, &allset);
+ timespec timeout;
+ maxfd = (m_listenFd > signal_fd) ? (m_listenFd) : (signal_fd);
+ ++maxfd;
+ //this will block SIGPIPE for this thread and every thread created in it
+ //reason : from here on we don't won't to receive SIGPIPE on writing to closed socket
+ //instead of signal we want to receive error from write - hence blocking SIGPIPE
+ sigset_t set;
+ sigemptyset(&set);
+ sigaddset(&set, SIGPIPE);
+ pthread_sigmask(SIG_BLOCK, &set, NULL);
+
+ while(1){
+ timeout.tv_sec = TIMEOUT_SEC;
+ timeout.tv_nsec = TIMEOUT_NSEC;
+ rset = allset;
+ if(-1 == pselect(maxfd, &rset, NULL, NULL, &timeout, NULL)){
+ closeConnections();
+ throwWithErrnoMessage("pselect()");
+ }
+
+ if(FD_ISSET(signal_fd, &rset)){
+ LogInfo("Got signal to close");
+ signalfd_siginfo siginfo;
+ ssize_t res;
+ res = read(signal_fd, &siginfo, sizeof(siginfo));
+ if(res <= 0){
+ closeConnections();
+ throwWithErrnoMessage("read()");
+ }
+ if((size_t)res != sizeof(siginfo)){
+ closeConnections();
+ LogError("couldn't read whole siginfo");
+ ThrowMsg(DPL::Exception, "couldn't read whole siginfo");
+ }
+ if((int)siginfo.ssi_signo == m_signalToClose){
+ LogInfo("Server thread got signal to close");
+ closeConnections();
+ return;
+ } else {
+ LogInfo("Got not handled signal");
+ }
+ }
+ if(FD_ISSET(m_listenFd, &rset)){
+ int client_fd;
+ if(-1 == (client_fd = accept(m_listenFd, NULL, NULL))){
+ closeConnections();
+ throwWithErrnoMessage("accept()");
+ }
+ LogInfo("Got incoming connection");
+ Connection_Info * connection = new Connection_Info(client_fd, (void *)this);
+ int res;
+ pthread_t client_thread;
+ if((res = pthread_create(&client_thread, NULL, &connectionThread, connection)) < 0){
+ delete connection;
+ errno = res;
+ closeConnections();
+ throwWithErrnoMessage("pthread_create()");
+ }
+ addClientSocket(client_fd);
+ }
+ }
+}
+
+void * SecuritySocketService::connectionThread(void * data){
+ pthread_detach(pthread_self());
+ std::auto_ptr<Connection_Info> c (static_cast<Connection_Info *>(data));
+ SecuritySocketService &t = *static_cast<SecuritySocketService *>(c->data);
+ LogInfo("Starting connection thread");
+ Try {
+ t.connectionService(c->connfd);
+ } Catch (DPL::Exception){
+ LogError("Connection thread error : " << _rethrown_exception.DumpToString());
+ t.removeClientSocket(c->connfd);
+ close(c->connfd);
+ return (void*)1;
+ }
+ LogInfo("Client serviced");
+ return (void*)0;
+}
+
+void SecuritySocketService::connectionService(int fd){
+
+ SocketConnection connector = SocketConnection(fd);
+ std::string interfaceName, methodName;
+
+ Try {
+ connector.read(&interfaceName, &methodName);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection read error");
+ ReThrowMsg(DPL::Exception, "Socket Connection read error");
+ }
+
+ LogDebug("Got interface : " << interfaceName);
+ LogDebug("Got method : " << methodName);
+
+ if( m_callbackMap.find(interfaceName) == m_callbackMap.end()){
+ LogError("Unknown interface : " << interfaceName);
+ ThrowMsg(DPL::Exception, "Unknown interface : " << interfaceName);
+ }
+
+ if(m_callbackMap[interfaceName].find(methodName) == m_callbackMap[interfaceName].end()){
+ LogError("Unknown method : " << methodName);
+ ThrowMsg(DPL::Exception, "Unknown method");
+ }
+
+ if(m_callbackMap[interfaceName][methodName]->securityCallback != NULL){
+ if(!m_callbackMap[interfaceName][methodName]->securityCallback(fd)){
+ LogError("Security check returned false");
+ ThrowMsg(DPL::Exception, "Security check returned false");
+ }
+ }
+
+ LogInfo("Calling service");
+ Try{
+ m_callbackMap[interfaceName][methodName]->serviceCallback(&connector);
+ } Catch (ServiceCallbackApi::Exception::ServiceCallbackException){
+ LogError("Service callback error");
+ ReThrowMsg(DPL::Exception, "Service callback error");
+ }
+
+ LogInfo("Removing client");
+ removeClientSocket(fd);
+ close(fd);
+
+ LogInfo("Call served");
+
+}
+
+void SecuritySocketService::stop(){
+ LogInfo("Stopping");
+ if(-1 == close(m_listenFd))
+ if(errno != ENOTCONN)
+ throwWithErrnoMessage("close()");
+ int returned_value;
+ if((returned_value = pthread_kill(m_mainThread, m_signalToClose)) < 0){
+ errno = returned_value;
+ throwWithErrnoMessage("pthread_kill()");
+ }
+ pthread_join(m_mainThread, NULL);
+
+ LogInfo("Stopped");
+}
+
+void SecuritySocketService::closeConnections(){
+
+ int clientSocket;
+ LogInfo("Closing client sockets");
+ while(popClientSocket(&clientSocket)){
+ if(-1 == close(clientSocket)){
+ LogError("close() : " << strerror(errno));
+ }
+ }
+
+ LogInfo("Connections closed");
+}
+
+void SecuritySocketService::deinitialize(){
+ m_serverAddress.clear();
+
+ LogInfo("Deinitialized");
+
+}
+
+#ifdef SOCKET_CONNECTION
+DAEMON_REGISTER_SERVICE_MODULE(SecuritySocketService)
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file security_socket_service.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of socket server class
+ */
+
+#ifndef SECURITY_SOCKET_SERVICE_H_
+#define SECURITY_SOCKET_SERVICE_H_
+
+#include <map>
+#include <list>
+#include <memory>
+#include <mutex>
+#include <pthread.h>
+#include <security_daemon.h>
+#include <SocketConnection.h>
+#include <callback_api.h>
+
+class SecuritySocketService : public SecurityDaemon::DaemonService {
+
+private:
+
+ virtual void initialize();
+ virtual void start();
+ virtual void stop();
+ virtual void deinitialize();
+
+
+private:
+
+ //Function for registering callback with given interface and method name and possibly security check callback
+ void registerServiceCallback(const std::string& interfaceName,
+ const std::string& methodName,
+ socketServerCallback serviceCallback,
+ securityCheck securityCallback = NULL);
+ //Thread function for server
+ static void * serverThread(void *);
+ //Main function for server
+ void mainLoop();
+ //Thread function for connection serving
+ static void * connectionThread(void *);
+ //Main function for connection serving
+ void connectionService(int fd);
+ //closing all connections
+ void closeConnections();
+ //logs an error and throws an exception with message containing errno message
+ void throwWithErrnoMessage(const std::string &specificInfo);
+
+ //concurrency safe methods for client socket list - add, remove and pop (with returned value)
+ void addClientSocket(int clientThread);
+ void removeClientSocket(int clientThread);
+ bool popClientSocket(int* clientThread);
+
+ //Address of socket server
+ std::string m_serverAddress;
+ //Signal used for informing threads to stop
+ int m_signalToClose;
+ //Socket for listening
+ int m_listenFd;
+ //Number of main thread
+ pthread_t m_mainThread;
+ //Numbers of all created threads for connections
+ std::list<int> m_clientSocketList;
+
+ //Thread list mutex
+ std::mutex m_clientSocketListMutex;
+
+ //Structure for callback maps
+ class ServiceCallback
+ {
+ public:
+ ServiceCallback(socketServerCallback ser, securityCheck sec) : serviceCallback(ser), securityCallback(sec){}
+ socketServerCallback serviceCallback;
+ securityCheck securityCallback;
+ };
+
+ typedef std::shared_ptr<ServiceCallback> ServiceCallbackPtr;
+ //Map for callback methods, key is a method name and value is a callback to method
+ typedef std::map<std::string, ServiceCallbackPtr> ServiceMethodCallbackMap;
+ //Map for interface methods, key is an interface name and value is a map of available methods with callbacks
+ std::map<std::string, ServiceMethodCallbackMap> m_callbackMap;
+
+ //Structure passed to connection thread
+ struct Connection_Info{
+ Connection_Info(int fd, void * data) : connfd(fd), data(data)
+ {}
+ int connfd;
+ void * data;
+ };
+
+};
+
+#endif /* SECURITY_SOCKET_SERVICE_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file main.cpp
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This is main routing for Security Daemon
+ */
+
+#include <dpl/log/log.h>
+#include <dpl/single_instance.h>
+
+#include "security_daemon.h"
+
+#include <pthread.h>
+
+static const std::string DAEMON_INSTANCE_UUID =
+ "5ebf3f24-dad6-4a27-88b4-df7970efe7a9";
+
+int main(int argc, char* argv[])
+{
+ DPL::SingleInstance instance;
+ if (!instance.TryLock(DAEMON_INSTANCE_UUID)) {
+ LogError("Security Daemon is already running");
+ return -1;
+ }
+
+ auto& daemon = SecurityDaemonSingleton::Instance();
+
+ daemon.initialize(argc, argv);
+
+ //Run daemon
+ auto retVal = daemon.execute();
+
+ daemon.shutdown();
+ instance.Release();
+
+ return retVal;
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_server_api.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief This file contains definitions of ACE server interface name & methods.
+ */
+
+#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_
+#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_
+
+#include<string>
+
+
+namespace WrtSecurity{
+namespace AceServerApi{
+
+ // DBus interface names
+ inline const std::string INTERFACE_NAME()
+ {
+ return "org.tizen.AceCheckAccessInterface";
+ }
+
+ // IN string subject
+ // IN string resource
+ // IN vector<string> function param names
+ // IN vector<string> function param values
+ // OUT int allow, deny, popup type
+ inline const std::string CHECK_ACCESS_METHOD()
+ {
+ return "check_access";
+ }
+
+ // IN string subject
+ // IN string resource
+ // OUT int allow, deny, popup type
+ inline const std::string CHECK_ACCESS_INSTALL_METHOD()
+ {
+ return "check_access_install";
+ }
+
+ // Policy update trigger
+ inline const std::string UPDATE_POLICY_METHOD()
+ {
+ return "update_policy";
+ }
+};
+};
+
+
+#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_service.cpp
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief This is implementation file of AceService service
+ */
+
+#include <dpl/log/log.h>
+#include <security_controller.h>
+
+#include "security_daemon.h"
+
+namespace AceService
+{
+
+class AceService : public SecurityDaemon::DaemonService
+{
+ private:
+ virtual void initialize()
+ {
+ LogDebug("AceService initializing");
+
+ SecurityControllerSingleton::Instance().Touch();
+ SecurityControllerSingleton::Instance().SwitchToThread(NULL);
+
+ CONTROLLER_POST_SYNC_EVENT(
+ SecurityController,
+ SecurityControllerEvents::InitializeSyncEvent());
+ }
+
+ virtual void start()
+ {
+ LogDebug("Starting AceService");
+ }
+
+ virtual void stop()
+ {
+ LogDebug("Stopping AceService");
+ }
+
+ virtual void deinitialize()
+ {
+ LogDebug("AceService deinitializing");
+ SecurityControllerSingleton::Instance().SwitchToThread(NULL);
+ //this is direct call inside
+ CONTROLLER_POST_SYNC_EVENT(
+ SecurityController,
+ SecurityControllerEvents::TerminateSyncEvent());
+ }
+
+};
+
+DAEMON_REGISTER_SERVICE_MODULE(AceService)
+
+}//namespace AceService
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_service_dbus_interface.cpp
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief Implementation of ACE server API.
+ */
+#include <dpl/foreach.h>
+#include <vector>
+#include <string>
+#include "ace_server_dbus_interface.h"
+#include <dpl/dbus/dbus_server_deserialization.h>
+#include <dpl/dbus/dbus_server_serialization.h>
+
+#include <ace/Request.h>
+#include <ace/PolicyResult.h>
+#include <security_controller.h>
+#include <attribute_facade.h>
+
+
+namespace RPC {
+
+void AceServerDBusInterface::onMethodCall(const gchar* methodName,
+ GVariant* parameters,
+ GDBusMethodInvocation* invocation)
+{
+ using namespace WrtSecurity;
+
+ if (0 == g_strcmp0(methodName, AceServerApi::ECHO_METHOD().c_str()))
+ {
+ std::string str;
+ DPL::DBus::ServerDeserialization::deserialize(parameters, &str);
+ g_dbus_method_invocation_return_value(invocation,
+ DPL::DBus::ServerSerialization::serialize(str));
+ } else if (0 == g_strcmp0(methodName,
+ AceServerApi::CHECK_ACCESS_METHOD().c_str()))
+ {
+ int widgetHandle;
+ std::string subject, resource, sessionId;
+ std::vector<std::string> paramNames, paramValues;
+ if (!DPL::DBus::ServerDeserialization::deserialize(parameters,
+ &widgetHandle,
+ &subject,
+ &resource,
+ ¶mNames,
+ ¶mValues,
+ &sessionId)) {
+ g_dbus_method_invocation_return_dbus_error(
+ invocation,
+ "org.tizen.AceCheckAccessInterface.UnknownError",
+ "Error in deserializing input parameters");
+ return;
+ }
+ if (paramNames.size() != paramValues.size()) {
+ g_dbus_method_invocation_return_dbus_error(
+ invocation,
+ "org.tizen.AceCheckAccessInterface.UnknownError",
+ "Varying sizes of parameter names and parameter values");
+ return;
+ }
+ LogDebug("We got subject: " << subject);
+ LogDebug("We got resource: " << resource);
+
+ FunctionParamImpl params;
+ for (size_t i = 0; i < paramNames.size(); ++i) {
+ params.addAttribute(paramNames[i], paramValues[i]);
+ }
+
+ Request request(widgetHandle,
+ WidgetExecutionPhase_Invoke,
+ ¶ms);
+ request.addDeviceCapability(resource);
+
+ PolicyResult result(PolicyEffect::DENY);
+ CONTROLLER_POST_SYNC_EVENT(
+ SecurityController,
+ SecurityControllerEvents::CheckRuntimeCallSyncEvent(
+ &result,
+ &request,
+ sessionId));
+
+ int response = PolicyResult::serialize(result);
+ g_dbus_method_invocation_return_value(invocation,
+ DPL::DBus::ServerSerialization::serialize(response));
+ } else if (0 == g_strcmp0(methodName,
+ AceServerApi::CHECK_ACCESS_INSTALL_METHOD().c_str()))
+ {
+ int widgetHandle;
+ std::string resource;
+ if (!DPL::DBus::ServerDeserialization::deserialize(parameters,
+ &widgetHandle,
+ &resource)) {
+ g_dbus_method_invocation_return_dbus_error(
+ invocation,
+ "org.tizen.AceCheckAccessInterface.UnknownError",
+ "Error in deserializing input parameters");
+ return;
+ }
+ LogDebug("We got handle: " << widgetHandle);
+ LogDebug("We got resource: " << resource);
+
+ Request request(widgetHandle,
+ WidgetExecutionPhase_WidgetInstall);
+ request.addDeviceCapability(resource);
+
+ PolicyResult result(PolicyEffect::DENY);
+ CONTROLLER_POST_SYNC_EVENT(
+ SecurityController,
+ SecurityControllerEvents::CheckFunctionCallSyncEvent(
+ &result,
+ &request));
+
+ int response = PolicyResult::serialize(result);
+ g_dbus_method_invocation_return_value(invocation,
+ DPL::DBus::ServerSerialization::serialize(response));
+ } else if (0 == g_strcmp0(methodName,
+ AceServerApi::UPDATE_POLICY_METHOD().c_str()))
+ {
+ LogDebug("Policy update DBus message received");
+ CONTROLLER_POST_SYNC_EVENT(
+ SecurityController,
+ SecurityControllerEvents::UpdatePolicySyncEvent());
+ g_dbus_method_invocation_return_value(invocation, NULL);
+ } else {
+ // invalid method name
+ g_dbus_method_invocation_return_value(invocation, NULL);
+ }
+}
+
+} // namespace RPC
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_service_dbus_interface.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief Class that handles ACE server API.
+ */
+#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_
+#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_
+
+#include <dpl/dbus/dbus_interface_dispatcher.h>
+#include "api/ace_server_dbus_api.h"
+
+namespace RPC {
+
+class AceServerDBusInterface : public DPL::DBus::InterfaceDispatcher {
+ public:
+ AceServerDBusInterface():
+ DPL::DBus::InterfaceDispatcher(WrtSecurity::AceServerApi::INTERFACE_NAME())
+ {
+ using namespace WrtSecurity;
+
+ setXmlSignature("<node>"
+ " <interface name='" + AceServerApi::INTERFACE_NAME() + "'>"
+ " <method name='" + AceServerApi::ECHO_METHOD() + "'>"
+ " <arg type='s' name='input' direction='in'/>"
+ " <arg type='s' name='output' direction='out'/>"
+ " </method>"
+ " <method name='" + AceServerApi::CHECK_ACCESS_METHOD() + "'>"
+ " <arg type='i' name='handle' direction='in'/>"
+ " <arg type='s' name='subject' direction='in'/>"
+ " <arg type='s' name='resource' direction='in'/>"
+ " <arg type='as' name='parameter names' direction='in'/>"
+ " <arg type='as' name='parameter values' direction='in'/>"
+ " <arg type='s' name='session' direction='in'/>"
+ " <arg type='i' name='output' direction='out'/>"
+ " </method>"
+ " <method name='" + AceServerApi::CHECK_ACCESS_INSTALL_METHOD() + "'>"
+ " <arg type='i' name='handle' direction='in'/>"
+ " <arg type='s' name='resource' direction='in'/>"
+ " <arg type='i' name='output' direction='out'/>"
+ " </method>"
+ " <method name='" + AceServerApi::UPDATE_POLICY_METHOD() + "'>"
+ " </method>"
+ " </interface>"
+ "</node>");
+ }
+
+ virtual ~AceServerDBusInterface()
+ {}
+
+ virtual void onMethodCall(const gchar* methodName,
+ GVariant* parameters,
+ GDBusMethodInvocation* invocation);
+};
+
+} // namespace RPC
+
+#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_server_api.h
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief This file contains definitions ACE server interface & methods specifically needed by DBUS.
+ */
+#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
+#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
+
+#include "ace_server_api.h"
+#include<string>
+
+namespace WrtSecurity{
+namespace AceServerApi{
+
+ // RPC test function
+ // IN std::string
+ // OUT std::string
+ inline const std::string ECHO_METHOD()
+ {
+ return "echo";
+ }
+};
+};
+
+
+#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * This file contain consts for Signing Template and Policy Manager
+ * This values will be used to specified and identified algorithms in xml policy documents.
+ * Its consistent with BONDI 1.0 released requirements
+ *
+ * NOTE: This values should be verified when ACF will be updated to the latest version of BONDI requirements
+ * This values comes from widget digital signature 1.0 - required version of this doc is very important
+ *
+ **/
+
+#ifndef ACF_CONSTS_TYPES_H
+#define ACF_CONSTS_TYPES_H
+
+//Digest Algorithms
+extern const char* DIGEST_ALG_SHA256;
+
+//Canonicalization Algorithms
+extern const char* CANONICAL_ALG_C14N;
+
+//Signature Algorithms
+extern const char* SIGNATURE_ALG_RSA_with_SHA256;
+extern const char* SIGNATURE_ALG_DSA_with_SHA1;
+extern const char* SIGNATURE_ALG_ECDSA_with_SHA256;
+
+#endif
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ *
+ * This file contains classes that implement WRT_INTERFACE.h interfaces,
+ * so that ACE could access WRT specific and other information during
+ * the decision making.
+ *
+ * @file attribute_.cpp
+ * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @author Ming Jin(ming79.jin@samsung.com)
+ * @version 1.0
+ * @brief Implementation file for attributes obtaining.
+ */
+
+#include <dpl/exception.h>
+#include <sstream>
+#include <algorithm>
+#include <list>
+#include <string>
+#include <sstream>
+#include <stdexcept>
+#include <map>
+#include <cstdlib>
+#include <ace-dao-ro/AceDAOReadOnly.h>
+#include <ace/WRT_INTERFACE.h>
+#include <map>
+#include <dpl/log/log.h>
+#include <dpl/foreach.h>
+#include <attribute_facade.h>
+#include <ace/Request.h>
+#include <simple_roaming_agent.h>
+
+namespace // anonymous
+{
+typedef std::list<std::string> AttributeHandlerResponse;
+
+typedef AttributeHandlerResponse (*AttributeHandler)(
+ const WidgetExecutionPhase &phase,
+ const WidgetHandle &widgetHandle);
+typedef AttributeHandlerResponse (*ResourceAttributeHandler)(
+ const WidgetExecutionPhase &phase,
+ const WidgetHandle &widgetHandle,
+ const Request &request);
+
+AttributeHandlerResponse AttributeClassHandler(const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle & /*widgetHandle*/)
+{
+ AttributeHandlerResponse response;
+ response.push_back("widget");
+ return response;
+}
+
+AttributeHandlerResponse AttributeInstallUriHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+ std::string value = AceDB::AceDAOReadOnly::getShareHref(widgetHandle);
+ if(!value.empty())
+ response.push_back(value);
+ return response;
+}
+
+AttributeHandlerResponse AttributeVersionHandler(const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+
+ std::string value = AceDB::AceDAOReadOnly::getVersion(widgetHandle);
+
+ if (!value.empty()) {
+ response.push_back(value);
+ }
+
+ return response;
+}
+
+AttributeHandlerResponse AttributeDistributorKeyCnHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+ response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
+ AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY);
+ return response;
+}
+
+AttributeHandlerResponse AttributeDistributorKeyFingerprintHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+ response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
+ AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY);
+ return response;
+}
+
+AttributeHandlerResponse AttributeDistributorKeyRootCnHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+ response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
+ AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT);
+ return response;
+}
+
+AttributeHandlerResponse AttributeDistributorKeyRootFingerprintHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+ response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
+ AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT);
+ return response;
+}
+
+AttributeHandlerResponse AttributeAuthorKeyCnHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+ response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
+ AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY);
+ return response;
+}
+
+AttributeHandlerResponse AttributeAuthorKeyFingerprintHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+ response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
+ AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY);
+ return response;
+}
+
+AttributeHandlerResponse AttributeAuthorKeyRootCnHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+ response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle,
+ AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT);
+ return response;
+}
+
+AttributeHandlerResponse AttributeAuthorKeyRootFingerprintHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+ response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle,
+ AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT);
+ return response;
+}
+
+AttributeHandlerResponse AttributeNetworkAccessUriHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle & /*widgetHandle*/)
+{
+ AttributeHandlerResponse response;
+ return response;
+}
+
+AttributeHandlerResponse AttributeIdHandler(const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+
+ std::string wGUID = AceDB::AceDAOReadOnly::getGUID(widgetHandle);
+
+ if (!wGUID.empty()) {
+ response.push_back(wGUID);
+ }
+ return response;
+}
+
+AttributeHandlerResponse AttributeAuthorNameHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle &widgetHandle)
+{
+ AttributeHandlerResponse response;
+
+ std::string value = AceDB::AceDAOReadOnly::getAuthorName(widgetHandle);
+
+ if (!value.empty()) {
+ response.push_back(value);
+ }
+
+ return response;
+}
+
+AttributeHandlerResponse AttributeRoamingHandler(
+ const WidgetExecutionPhase &phase,
+ const WidgetHandle & /*widgetHandle*/)
+{
+ AttributeHandlerResponse response;
+
+ if (WidgetExecutionPhase_WidgetInstall == phase) {
+ // TODO undetermind value
+ response.push_back(std::string(""));
+ } else if (SimpleRoamingAgentSingleton::Instance().IsRoamingOn()) {
+ response.push_back(std::string("true"));
+ } else {
+ response.push_back(std::string("false"));
+ }
+
+ return response;
+}
+
+AttributeHandlerResponse AttributeBearerTypeHandler(
+ const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle & /*widgetHandle*/)
+{
+ AttributeHandlerResponse response;
+
+ std::string bearerName = "undefined-bearer-name";
+
+ if (bearerName.empty()) {
+ LogWarning("Bearer-type is NOT SET or empty");
+ } else {
+ response.push_back(bearerName);
+ }
+
+ return response;
+}
+
+struct AttributeHandlerContext
+{
+ std::string name;
+ WidgetExecutionPhase allowedPhaseMask;
+ AttributeHandler handler;
+};
+
+// Private masks
+const WidgetExecutionPhase WidgetExecutionPhase_All =
+ static_cast<WidgetExecutionPhase>(
+ WidgetExecutionPhase_WidgetInstall |
+ WidgetExecutionPhase_WidgetInstantiate |
+ WidgetExecutionPhase_WebkitBind |
+ WidgetExecutionPhase_Invoke);
+const WidgetExecutionPhase WidgetExecutionPhase_NoWidgetInstall =
+ static_cast<WidgetExecutionPhase>(
+ WidgetExecutionPhase_WidgetInstantiate |
+ WidgetExecutionPhase_WebkitBind |
+ WidgetExecutionPhase_Invoke);
+
+#define ALL_PHASE(name, handler) \
+ { # name, WidgetExecutionPhase_All, handler },
+
+#define NO_INSTALL(name, handler) \
+ { # name, WidgetExecutionPhase_NoWidgetInstall, handler },
+
+AttributeHandlerContext HANDLED_ATTRIBUTES_LIST[] = {
+ ALL_PHASE(Class, &AttributeClassHandler)
+ ALL_PHASE(install-uri, &AttributeInstallUriHandler)
+ ALL_PHASE(version, &AttributeVersionHandler)
+ ALL_PHASE(distributor-key-cn, &AttributeDistributorKeyCnHandler)
+ ALL_PHASE(distributor-key-fingerprint,
+ &AttributeDistributorKeyFingerprintHandler)
+ ALL_PHASE(distributor-key-root-cn,
+ &AttributeDistributorKeyRootCnHandler)
+ ALL_PHASE(distributor-key-root-fingerprint,
+ &AttributeDistributorKeyRootFingerprintHandler)
+ ALL_PHASE(author-key-cn, &AttributeAuthorKeyCnHandler)
+ ALL_PHASE(author-key-fingerprint, &AttributeAuthorKeyFingerprintHandler)
+ ALL_PHASE(author-key-root-cn, &AttributeAuthorKeyRootCnHandler)
+ ALL_PHASE(author-key-root-fingerprint,
+ &AttributeAuthorKeyRootFingerprintHandler)
+ ALL_PHASE(network-access-uri, &AttributeNetworkAccessUriHandler)
+ ALL_PHASE(id, &AttributeIdHandler)
+// ALL_PHASE(name, &AttributeNameHandler)
+// ALL_PHASE(widget-attr:name, &AttributeWidgetAttrNameHandler)
+ ALL_PHASE(author-name, &AttributeAuthorNameHandler)
+ /* Enviroment attributes*/
+ NO_INSTALL(roaming, &AttributeRoamingHandler)
+ NO_INSTALL(bearer-type, &AttributeBearerTypeHandler)
+};
+
+#undef ALL_PHASE
+#undef NO_INSTALL
+
+const size_t HANDLED_ATTRIBUTES_LIST_COUNT =
+ sizeof(HANDLED_ATTRIBUTES_LIST) / sizeof(HANDLED_ATTRIBUTES_LIST[0]);
+
+template<class T>
+class lambdaCollectionPusher
+{
+ public:
+ std::list<T>& m_collection;
+ lambdaCollectionPusher(std::list<T>& collection) : m_collection(collection)
+ {
+ }
+ void operator()(const T& element) const
+ {
+ m_collection.push_back(element);
+ }
+};
+
+AttributeHandlerResponse AttributeDeviceCapHandler(const WidgetExecutionPhase & /*phase*/,
+ const WidgetHandle & /*widgetHandle*/,
+ const Request &request)
+{
+ AttributeHandlerResponse response;
+
+ Request::DeviceCapabilitySet capSet = request.getDeviceCapabilitySet();
+ LogDebug("device caps set contains");
+ FOREACH(dc, capSet)
+ {
+ LogDebug("-> " << *dc);
+ }
+
+ std::for_each(
+ capSet.begin(),
+ capSet.end(),
+ lambdaCollectionPusher<std::string>(response));
+
+ return response;
+}
+
+//class lambdaFeatureEquality :
+// public std::binary_function<FeatureHandle, int, bool>
+//{
+// public:
+// bool operator()(const FeatureHandle& wFeature,
+// const int& resurceId) const
+// {
+// return wFeature == resurceId;
+// }
+//};
+//
+//class lambdaPushFeatureName :
+// public std::binary_function<WidgetFeature, AttributeHandlerResponse, void>
+//{
+// void operator()(const WidgetFeature& wFeature,
+// AttributeHandlerResponse& response) const
+// {
+// response.push_back(DPL::ToUTF8String(wFeature.name));
+// }
+//};
+
+AttributeHandlerResponse AttributeApiFeatureHandler(
+ const WidgetExecutionPhase & /* phase */,
+ const WidgetHandle & /* widgetHandle */,
+ const Request & /* request */)
+{
+ LogDebug("WAC 2.0 does not support api-feature and resource-id in policy.");
+ AttributeHandlerResponse response;
+ return response;
+}
+
+AttributeHandlerResponse AttributeFeatureInstallUriHandler(
+ const WidgetExecutionPhase & /* phase */,
+ const WidgetHandle & /* widgetHandle */,
+ const Request & /* request */)
+{
+ LogDebug("WAC 2.0 does not support feature-install-uri is policy!");
+ AttributeHandlerResponse response;
+ return response;
+}
+
+AttributeHandlerResponse AttributeFeatureFeatureKeyCnHandler(
+ const WidgetExecutionPhase & /* phase */,
+ const WidgetHandle & /* widgetHandle */,
+ const Request & /* request */)
+{
+ LogDebug("WAC 2.0 does not support feature-key-cn is policy!");
+ AttributeHandlerResponse response;
+ return response;
+}
+
+AttributeHandlerResponse AttributeFeatureKeyRootCnHandler(
+ const WidgetExecutionPhase & /* phase */,
+ const WidgetHandle & /* widgetHandle */,
+ const Request & /* request */)
+{
+ LogDebug("WAC 2.0 does not support feature-key-root-cn is policy!");
+ AttributeHandlerResponse response;
+ return response;
+}
+
+AttributeHandlerResponse AttributeFeatureKeyRootFingerprintHandler(
+ const WidgetExecutionPhase & /* phase */,
+ const WidgetHandle & /* widgetHandle */,
+ const Request & /* request */)
+{
+ LogDebug("WAC 2.0 does not support"
+ " feature-key-root-fingerprint is policy!");
+ AttributeHandlerResponse response;
+ return response;
+}
+
+struct ResourceAttributeHandlerContext
+{
+ std::string name;
+ WidgetExecutionPhase allowedPhaseMask;
+ ResourceAttributeHandler handler;
+};
+
+#define ALL_PHASE(name, handler) \
+ { # name, WidgetExecutionPhase_All, handler },
+
+ResourceAttributeHandlerContext HANDLED_RESOURCE_ATTRIBUTES_LIST[] = {
+ ALL_PHASE(device-cap, &AttributeDeviceCapHandler)
+ ALL_PHASE(api-feature, &AttributeApiFeatureHandler)
+ // For compatiblity with older policies we tread resource-id
+ // identically as api-feature
+ ALL_PHASE(resource-id, &AttributeApiFeatureHandler)
+
+ ALL_PHASE(feature-install-uri, &AttributeFeatureInstallUriHandler)
+ ALL_PHASE(feature-key-cn, &AttributeFeatureFeatureKeyCnHandler)
+ ALL_PHASE(feature-key-root-cn, &AttributeFeatureKeyRootCnHandler)
+ ALL_PHASE(feature-key-root-fingerprint,
+ &AttributeFeatureKeyRootFingerprintHandler)
+};
+
+#undef ALL_PHASE
+
+const size_t HANDLED_RESOURCE_ATTRIBUTES_LIST_COUNT =
+ sizeof(HANDLED_RESOURCE_ATTRIBUTES_LIST) /
+ sizeof(HANDLED_RESOURCE_ATTRIBUTES_LIST[0]);
+} // namespace anonymous
+
+/*
+ * class WebRuntimeImpl
+ */
+int WebRuntimeImpl::getAttributesValuesLoop(const Request &request,
+ std::list<ATTRIBUTE>* attributes,
+ WidgetExecutionPhase executionPhase)
+{
+ UNHANDLED_EXCEPTION_HANDLER_BEGIN
+ {
+ WidgetHandle widgetHandle = request.getWidgetHandle();
+
+ FOREACH(itr, *attributes)
+ {
+ // Get attribute name
+ std::string attribute = *itr->first;
+
+ // Search for attribute handler
+ bool attributeFound = false;
+
+ for (size_t i = 0; i < HANDLED_ATTRIBUTES_LIST_COUNT; ++i) {
+ if (HANDLED_ATTRIBUTES_LIST[i].name == attribute) {
+ // Check if execution phase is valid
+ if ((executionPhase &
+ HANDLED_ATTRIBUTES_LIST[i].allowedPhaseMask) == 0) {
+ // Attribute found, but execution state
+ // forbids to execute handler
+ LogWarning(
+ "Request for attribute: '" <<
+ attribute << "' which is supported " <<
+ "but forbidden at widget execution phase: "
+ <<
+ executionPhase);
+ } else {
+ // Execution phase allows handler
+ AttributeHandlerResponse attributeResponse =
+ (*HANDLED_ATTRIBUTES_LIST[i].handler)(
+ executionPhase,
+ widgetHandle);
+ std::copy(attributeResponse.begin(),
+ attributeResponse.end(),
+ std::back_inserter(*itr->second));
+ }
+
+ attributeFound = true;
+ break;
+ }
+ }
+
+ if (!attributeFound) {
+ LogWarning("Request for attribute: '" <<
+ attribute << "' which is not supported");
+ }
+ }
+
+ return 0;
+ }
+ UNHANDLED_EXCEPTION_HANDLER_END
+}
+
+int WebRuntimeImpl::getAttributesValues(const Request &request,
+ std::list<ATTRIBUTE>* attributes)
+{
+ UNHANDLED_EXCEPTION_HANDLER_BEGIN
+ {
+ // Get current execution state
+ WidgetExecutionPhase executionPhase =
+ request.getExecutionPhase();
+
+ return getAttributesValuesLoop(request, attributes, executionPhase);
+ }
+ UNHANDLED_EXCEPTION_HANDLER_END
+}
+
+std::string WebRuntimeImpl::getSessionId(const Request & /* request */)
+{
+ std::string result;
+ LogError("Not implemented!");
+ return result;
+}
+
+WebRuntimeImpl::WebRuntimeImpl()
+{
+}
+
+/*
+ * class ResourceInformationImpl
+ */
+
+int ResourceInformationImpl::getAttributesValuesLoop(const Request &request,
+ std::list<ATTRIBUTE>* attributes,
+ WidgetExecutionPhase executionPhase)
+{
+ // Currently, we assume widgets have internal representation of integer IDs
+ WidgetHandle widgetHandle = request.getWidgetHandle();
+ //TODO add resource id string analyzys
+ FOREACH(itr, *attributes)
+ {
+ // Get attribute name
+ std::string attribute = *itr->first;
+ LogDebug("getting attribute value for: " << attribute);
+ FOREACH(aaa, *itr->second)
+ {
+ LogDebug("its value is: " << *aaa);
+ }
+
+ // Search for attribute handler
+ bool attributeFound = false;
+
+ for (size_t i = 0; i < HANDLED_RESOURCE_ATTRIBUTES_LIST_COUNT; ++i) {
+ if (HANDLED_RESOURCE_ATTRIBUTES_LIST[i].name == attribute) {
+ // Check if execution phase is valid
+ if ((executionPhase &
+ HANDLED_RESOURCE_ATTRIBUTES_LIST[i].allowedPhaseMask) ==
+ 0) {
+ // Attribute found, but execution state
+ // forbids to execute handler
+ LogDebug(
+ "Request for attribute: '" <<
+ attribute <<
+ "' which is supported but forbidden " <<
+ "at widget execution phase: " << executionPhase);
+ itr->second = NULL;
+ } else {
+ // Execution phase allows handler
+ AttributeHandlerResponse attributeResponse =
+ (*HANDLED_RESOURCE_ATTRIBUTES_LIST[i].handler)(
+ executionPhase,
+ widgetHandle,
+ request);
+ std::copy(attributeResponse.begin(),
+ attributeResponse.end(),
+ std::back_inserter(*itr->second));
+
+ std::ostringstream attributeResponseFull;
+
+ for (AttributeHandlerResponse::const_iterator
+ it = attributeResponse.begin();
+ it != attributeResponse.end(); ++it) {
+ attributeResponseFull <<
+ (it == attributeResponse.begin() ? "" : ", ") <<
+ *it;
+ }
+
+ LogDebug("Attribute(" << attribute << ") = " <<
+ attributeResponseFull.str());
+ }
+
+ attributeFound = true;
+ break;
+ }
+ }
+
+ if (!attributeFound) {
+ LogWarning("Request for attribute: '" << attribute <<
+ "' which is not supported");
+ }
+ }
+ return 0;
+}
+
+int ResourceInformationImpl::getAttributesValues(const Request &request,
+ std::list<ATTRIBUTE>* attributes)
+{
+ UNHANDLED_EXCEPTION_HANDLER_BEGIN
+ {
+ // Get current execution state
+ WidgetExecutionPhase executionPhase =
+ request.getExecutionPhase();
+ return getAttributesValuesLoop(request, attributes, executionPhase);
+ }
+ UNHANDLED_EXCEPTION_HANDLER_END
+}
+
+ResourceInformationImpl::ResourceInformationImpl()
+{
+}
+
+/*
+ * class OperationSystemImpl
+ */
+
+int OperationSystemImpl::getAttributesValues(const Request &request,
+ std::list<ATTRIBUTE>* attributes)
+{
+ UNHANDLED_EXCEPTION_HANDLER_BEGIN
+ {
+ //FIXME:
+ //GetExecution name without widget name
+ WidgetExecutionPhase executionPhase =
+ request.getExecutionPhase();
+
+ FOREACH(itr, *attributes)
+ {
+ // Get attribute name
+ std::string attribute = *itr->first;
+
+ // Search for attribute handler
+ bool attributeFound = false;
+
+ for (size_t i = 0; i < HANDLED_ATTRIBUTES_LIST_COUNT; ++i) {
+ if (HANDLED_ATTRIBUTES_LIST[i].name == attribute) {
+ // Check if execution phase is valid
+ if ((executionPhase &
+ HANDLED_ATTRIBUTES_LIST[i].allowedPhaseMask) == 0) {
+ // Attribute found, but execution state forbids
+ // to execute handler
+ LogDebug("Request for attribute: '" << attribute <<
+ "' which is supported but forbidden at " <<
+ "widget execution phase: " << executionPhase);
+ itr->second = NULL;
+ } else {
+ // Execution phase allows handler
+ AttributeHandlerResponse attributeResponse =
+ (*HANDLED_ATTRIBUTES_LIST[i].handler)(
+ executionPhase,
+ 0);
+ std::copy(attributeResponse.begin(),
+ attributeResponse.end(),
+ std::back_inserter(*itr->second));
+
+ std::ostringstream attributeResponseFull;
+
+ typedef AttributeHandlerResponse::const_iterator Iter;
+ FOREACH(it, attributeResponse)
+ {
+ attributeResponseFull <<
+ (it == attributeResponse.begin()
+ ? "" : ", ") << *it;
+ }
+
+ LogDebug("Attribute(" << attribute <<
+ ") = " << attributeResponseFull.str());
+ }
+
+ attributeFound = true;
+ break;
+ }
+ }
+
+ if (!attributeFound) {
+ LogWarning("Request for attribute: '" << attribute <<
+ "' which is not supported");
+ }
+ }
+
+ return 0;
+ }
+ UNHANDLED_EXCEPTION_HANDLER_END
+}
+
+OperationSystemImpl::OperationSystemImpl()
+{
+}
+
+/*
+ * end of class OperationSystemImpl
+ */
+
+int FunctionParamImpl::getAttributesValues(const Request & /*request*/,
+ std::list<ATTRIBUTE> *attributes)
+{
+ FOREACH(iter, *attributes)
+ {
+ std::string attributeName = *(iter->first);
+
+ ParamMap::const_iterator i;
+ std::pair<ParamMap::const_iterator, ParamMap::const_iterator> jj =
+ paramMap.equal_range(attributeName);
+
+ for (i = jj.first; i != jj.second; ++i) {
+ iter->second->push_back(i->second);
+ LogDebug("Attribute: " << attributeName << " Value: " <<
+ i->second);
+ }
+ }
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file attribute_facade.h
+ * @author Jaroslaw Osmanski (j.osmanski@samsung.com)
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @version 1.0
+ * @brief This file contains the declaration of WebRuntimeImpl,
+ * ResourceInformationImpl, OperationSystemImpl
+ */
+
+#ifndef ATTRIBUTE_FACADE_H
+#define ATTRIBUTE_FACADE_H
+
+#include <string>
+#include <map>
+#include <vector>
+
+#include <ace/WRT_INTERFACE.h>
+
+class Request;
+
+class WebRuntimeImpl : public IWebRuntime
+{
+ public:
+ // Return current sessionId
+ int getAttributesValuesLoop(const Request &request,
+ std::list<ATTRIBUTE>* attributes,
+ WidgetExecutionPhase executionPhase);
+
+ int getAttributesValues(const Request &request,
+ std::list<ATTRIBUTE>* attributes);
+ virtual std::string getSessionId(const Request &request);
+ WebRuntimeImpl();
+};
+
+class ResourceInformationImpl : public IResourceInformation
+{
+ public:
+ int getAttributesValuesLoop(const Request &request,
+ std::list<ATTRIBUTE>* attributes,
+ WidgetExecutionPhase executionPhase);
+ int getAttributesValues(const Request &request,
+ std::list<ATTRIBUTE>* attributes);
+ ResourceInformationImpl();
+};
+
+class OperationSystemImpl : public IOperationSystem
+{
+ public:
+ /**
+ * gather and set attributes values for specified attribute name
+ * @param attributes is a list of pairs(
+ * first: pointer to attribute name
+ * second: list of values for attribute (std::string) -
+ * its a list of string (BONDI requirement), but usually there
+ * will be only one string
+ */
+ int getAttributesValues(const Request &request,
+ std::list<ATTRIBUTE>* attributes);
+ OperationSystemImpl();
+};
+
+class FunctionParamImpl : public IFunctionParam
+{
+ public:
+ virtual int getAttributesValues(const Request & /*request*/,
+ std::list<ATTRIBUTE> *attributes);
+ void addAttribute(const std::string &key,
+ const std::string &value)
+ {
+ paramMap.insert(make_pair(key, value));
+ }
+ virtual ~FunctionParamImpl()
+ {
+ }
+
+ private:
+ typedef std::multimap<std::string, std::string> ParamMap;
+ ParamMap paramMap;
+};
+
+typedef std::vector <FunctionParamImpl> FunctionParams;
+
+#endif //ATTRIBUTE_FACADE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * This class simply redirects the access requests to access control engine.
+ * The aim is to hide access control engine specific details from WRT modules.
+ * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
+ * WRT specific and other information during the decision making.
+ *
+ * @file security_controller.cpp
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @author Ming Jin(ming79.jin@samsung.com)
+ * @version 1.0
+ * @brief Implementation file for security controller
+ */
+#include <security_controller.h>
+#include <ace/PolicyEnforcementPoint.h>
+#include <ace/WRT_INTERFACE.h>
+//#include <engine/PolicyEvaluatorFactory.h>
+//#include <logic/attribute_facade.h>
+#include <dpl/singleton_impl.h>
+#include <dpl/log/log.h>
+#include <security_logic.h>
+#include <security_caller.h>
+
+IMPLEMENT_SINGLETON(SecurityController)
+
+struct SecurityController::Impl
+{
+ SecurityLogic logic;
+};
+
+SecurityController::SecurityController()
+{
+ m_impl.Reset(new Impl);
+}
+
+SecurityController::~SecurityController()
+{
+}
+
+void SecurityController::OnEventReceived(
+ const SecurityControllerEvents::InitializeSyncEvent & /* event */)
+{
+ SecurityCallerSingleton::Instance().Run();
+ m_impl->logic.initialize();
+}
+
+void SecurityController::OnEventReceived(
+ const SecurityControllerEvents::UpdatePolicySyncEvent& /* event */)
+{
+ m_impl->logic.updatePolicy();
+}
+
+void SecurityController::OnEventReceived(
+ const SecurityControllerEvents::TerminateSyncEvent & /*event*/)
+{
+ SecurityCallerSingleton::Instance().Quit();
+ m_impl->logic.terminate();
+}
+
+void SecurityController::OnEventReceived(
+ const SecurityControllerEvents::CheckFunctionCallSyncEvent &ev)
+{
+ *ev.GetArg0() = m_impl->logic.checkFunctionCall(ev.GetArg1());
+}
+
+void SecurityController::OnEventReceived(
+ const SecurityControllerEvents::CheckRuntimeCallSyncEvent &ev)
+{
+ *ev.GetArg0() = m_impl->logic.checkFunctionCall(ev.GetArg1(), ev.GetArg2());
+}
+
+void SecurityController::OnEventReceived(
+ const SecurityControllerEvents::ValidatePopupResponseEvent &ev)
+{
+ m_impl->logic.validatePopupResponse(ev.GetArg0(),
+ ev.GetArg1(),
+ ev.GetArg2(),
+ ev.GetArg3(),
+ ev.GetArg4());
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * This class simply redirects the access requests to access control engine.
+ * The aim is to hide access control engine specific details from WRT modules.
+ * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
+ * WRT specific and other information during the decision making.
+ *
+ * @file security_controller.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @author Ming Jin(ming79.jin@samsung.com)
+ * @version 1.0
+ * @brief Header file for security controller
+ */
+#ifndef SECURITY_CONTROLLER_H
+#define SECURITY_CONTROLLER_H
+
+#include <dpl/singleton.h>
+#include <dpl/event/controller.h>
+#include <dpl/generic_event.h>
+#include <dpl/scoped_ptr.h>
+#include <dpl/type_list.h>
+#include <string>
+#include <ace-dao-ro/PreferenceTypes.h>
+#include <ace/AbstractPolicyEnforcementPoint.h>
+#include <ace-dao-ro/PromptModel.h>
+#include <string>
+#include <dpl/event/inter_context_delegate.h>
+
+namespace Jobs {
+class Job;
+}
+
+namespace SecurityControllerEvents {
+DECLARE_GENERIC_EVENT_0(InitializeSyncEvent)
+DECLARE_GENERIC_EVENT_0(TerminateSyncEvent)
+DECLARE_GENERIC_EVENT_0(UpdatePolicySyncEvent)
+
+DECLARE_GENERIC_EVENT_2(CheckFunctionCallSyncEvent,
+ PolicyResult *,
+ Request *
+ )
+
+DECLARE_GENERIC_EVENT_3(CheckRuntimeCallSyncEvent,
+ PolicyResult *,
+ Request *,
+ std::string //sessionId
+ )
+
+DECLARE_GENERIC_EVENT_5(ValidatePopupResponseEvent,
+ Request *,
+ bool, //is allowed
+ Prompt::Validity,
+ std::string, //sessionId
+ bool* //check return value
+ )
+
+} // namespace SecurityControllerEvents
+
+typedef DPL::TypeListDecl<
+ SecurityControllerEvents::InitializeSyncEvent,
+ SecurityControllerEvents::TerminateSyncEvent,
+ SecurityControllerEvents::UpdatePolicySyncEvent,
+ SecurityControllerEvents::ValidatePopupResponseEvent,
+ SecurityControllerEvents::CheckRuntimeCallSyncEvent,
+ SecurityControllerEvents::CheckFunctionCallSyncEvent>::Type
+SecurityControllerEventsTypeList;
+
+class SecurityController :
+ public DPL::Event::Controller<SecurityControllerEventsTypeList>
+{
+ protected:
+ virtual void OnEventReceived(
+ const SecurityControllerEvents::InitializeSyncEvent &event);
+ virtual void OnEventReceived(
+ const SecurityControllerEvents::UpdatePolicySyncEvent &event);
+ virtual void OnEventReceived(
+ const SecurityControllerEvents::ValidatePopupResponseEvent &e);
+ virtual void OnEventReceived(
+ const SecurityControllerEvents::TerminateSyncEvent &event);
+ virtual void OnEventReceived(
+ const SecurityControllerEvents::CheckFunctionCallSyncEvent &e);
+ virtual void OnEventReceived(
+ const SecurityControllerEvents::CheckRuntimeCallSyncEvent &e);
+
+ private:
+ class Impl;
+ DPL::ScopedPtr<Impl> m_impl;
+
+ SecurityController();
+ //This desctructor must be in implementation file (cannot be autogenerated)
+ ~SecurityController();
+
+ friend class DPL::Singleton<SecurityController>;
+};
+
+typedef DPL::Singleton<SecurityController> SecurityControllerSingleton;
+
+#endif // SECURITY_CONTROLLER_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * This class simply redirects the access requests to access control engine.
+ * The aim is to hide access control engine specific details from WRT modules.
+ * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
+ * WRT specific and other information during the decision making.
+ *
+ * @file security_controller.h
+ # @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @author Ming Jin(ming79.jin@samsung.com)
+ * @author Piotr Kozbial (p.kozbial@samsung.com)
+ * @version 1.0
+ * @brief Header file for security logic
+ */
+
+#include <security_logic.h>
+#include <attribute_facade.h>
+#ifdef WRT_SMACK_ENABLED
+#include <privilege-control.h>
+#endif
+#include <ace-dao-rw/AceDAO.h>
+#include <ace-dao-ro/AceDAOConversions.h>
+#include <ace/PolicyInformationPoint.h>
+#include <ace/PromptDecision.h>
+#include <dpl/log/log.h>
+
+namespace {
+
+Request::ApplicationType getAppType(const Request *request) {
+ AceDB::AppTypes appType =
+ AceDB::AceDAOReadOnly::getWidgetType(request->getWidgetHandle());
+ switch (appType) {
+ case AceDB::AppTypes::Tizen:
+ LogDebug("==== Found Tizen application. ====");
+ return Request::APP_TYPE_TIZEN;
+ case AceDB::AppTypes::WAC20:
+ LogDebug("==== Found Wac20 application. ====");
+ return Request::APP_TYPE_WAC20;
+ default:
+ LogDebug("==== Unknown application type. ====");
+ }
+ return Request::APP_TYPE_UNKNOWN;
+}
+
+} // anonymous namespace
+
+void SecurityLogic::initialize() {
+ AceDB::AceDAO::attachToThreadRW();
+ m_policyEnforcementPoint.initialize(new WebRuntimeImpl(),
+ new ResourceInformationImpl(),
+ new OperationSystemImpl());
+}
+
+void SecurityLogic::terminate() {
+ m_policyEnforcementPoint.terminate();
+ AceDB::AceDAO::detachFromThread();
+}
+
+
+void SecurityLogic::grantPlatformAccess(const Request& request)
+{
+ (void)request;
+#ifdef WRT_SMACK_ENABLED
+ try {
+ unsigned long long id =
+ static_cast<unsigned long long>(request.getWidgetHandle());
+ Request::DeviceCapabilitySet dc = request.getDeviceCapabilitySet();
+
+ size_t i,size = dc.size();
+ std::unique_ptr<const char*[]> array(new const char*[size+1]);
+
+ array[size] = NULL;
+ auto it = dc.begin();
+
+ for(i=0; (i<size) && (it!=dc.end()); ++i,++it) {
+ array[i] = it->c_str();
+ }
+ int ret = wrt_permissions_add(id, array.get());
+ if (PC_OPERATION_SUCCESS != ret) {
+ LogError("smack rules couldn't be granted");
+ }
+ } catch (std::bad_alloc&) {
+ LogError("smack rules couldn't be granted: memory allocation failed");
+ }
+#endif
+}
+
+PolicyResult SecurityLogic::checkFunctionCall(Request* request)
+{
+ Assert(NULL != request);
+
+ LogDebug("=== Check widget existance ===");
+ Try {
+ request->setAppType(getAppType(request));
+ } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ LogError("==== Couldn't find widget for handle: " <<
+ request->getWidgetHandle() << ". Access denied. ====");
+ return PolicyEffect::DENY;
+ }
+
+ PolicyResult aceResult = m_policyEnforcementPoint.check(*request).policyResult;
+
+ if (aceResult == PolicyEffect::PERMIT) {
+ grantPlatformAccess(*request);
+ return PolicyEffect::PERMIT;
+ } else if (aceResult == PolicyEffect::PROMPT_ONESHOT ||
+ aceResult == PolicyEffect::PROMPT_SESSION ||
+ aceResult == PolicyEffect::PROMPT_BLANKET ||
+ aceResult == PolicyDecision::NOT_APPLICABLE ||
+ aceResult == PolicyResult::UNDETERMINED)
+ {
+ // TODO: check stored user answers!!!
+ // if necessary, grant SMACK rules
+ // return appropriately - the following is a dummy:
+ return aceResult;
+ } else {
+ return PolicyEffect::DENY;
+ }
+}
+
+PolicyResult SecurityLogic::checkFunctionCall(Request* request, const std::string &sessionId)
+{
+ Assert(NULL != request);
+ LogDebug("=== Check existance of widget === ");
+ Try {
+ request->setAppType(getAppType(request));
+ } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ LogError("==== Couldn't find widget for handle: " <<
+ request->getWidgetHandle() << ". Access denied. ====");
+ return PolicyEffect::DENY;
+ }
+
+ ExtendedPolicyResult exAceResult = m_policyEnforcementPoint.check(*request);
+ PolicyResult aceResult = exAceResult.policyResult;
+
+ LogDebug("Result returned by policy " << aceResult << ". RuleID: " << exAceResult.ruleId);
+
+ if (aceResult == PolicyEffect::PERMIT) {
+ LogDebug("Grant access.");
+ grantPlatformAccess(*request);
+ return PolicyEffect::PERMIT;
+ }
+
+ if (aceResult == PolicyEffect::PROMPT_ONESHOT ||
+ aceResult == PolicyEffect::DENY)
+ {
+ return aceResult;
+ }
+
+ OptionalCachedPromptDecision decision = AceDB::AceDAOReadOnly::getPromptDecision(
+ request->getWidgetHandle(),
+ exAceResult.ruleId);
+
+ if (decision.IsNull()) {
+ LogDebug("No CachedPromptDecision found.");
+ return aceResult;
+ }
+
+ if (aceResult == PolicyEffect::PROMPT_BLANKET) {
+ if (decision->decision == PromptDecision::ALLOW_ALWAYS) {
+ LogDebug("Found user decision. Result changed to PERMIT. Access granted");
+ grantPlatformAccess(*request);
+ return PolicyEffect::PERMIT;
+ }
+ if (decision->decision == PromptDecision::DENY_ALWAYS) {
+ LogDebug("Found user decision. Result changed to DENY.");
+ return PolicyEffect::DENY;
+ }
+ if (decision->decision == PromptDecision::ALLOW_FOR_SESSION
+ && !(decision->session.IsNull())
+ && sessionId == DPL::ToUTF8String(*(decision->session)))
+ {
+ LogDebug("Result changed to PERMIT. Access granted.");
+ grantPlatformAccess(*request);
+ return PolicyEffect::PERMIT;
+ }
+ if (decision->decision == PromptDecision::DENY_FOR_SESSION
+ && !(decision->session.IsNull())
+ && sessionId == DPL::ToUTF8String(*(decision->session)))
+ {
+ LogDebug("Found user decision. Result changed to DENY.");
+ return PolicyEffect::DENY;
+ }
+ return aceResult;
+ }
+
+ if (aceResult == PolicyEffect::PROMPT_SESSION) {
+ if (decision->decision == PromptDecision::ALLOW_FOR_SESSION
+ && !(decision->session.IsNull())
+ && sessionId == DPL::ToUTF8String(*(decision->session)))
+ {
+ LogDebug("Found user decision. Result changed to PERMIT. Access granted.");
+ grantPlatformAccess(*request);
+ return PolicyEffect::PERMIT;
+ }
+ if (decision->decision == PromptDecision::DENY_FOR_SESSION
+ && !(decision->session.IsNull())
+ && sessionId == DPL::ToUTF8String(*(decision->session)))
+ {
+ LogDebug("Found user decision. Result changed to DENY.");
+ return PolicyEffect::DENY;
+ }
+ return aceResult;
+ }
+
+ // This should not happend - all PolicyEffect values were supported before.
+ // This mean that someone has modyfied PolicyEffect enum. SPANK SPANK SPANK
+ LogError("Unsupported PolicyEffect!");
+ return PolicyEffect::DENY;
+}
+
+void SecurityLogic::validatePopupResponse(Request* request,
+ bool allowed,
+ Prompt::Validity validity,
+ const std::string& sessionId,
+ bool* retValue)
+{
+ Assert(NULL != retValue);
+ Assert(NULL != request);
+
+ LogDebug("Start");
+ LogDebug("User answered: " << allowed << " with validity: " << validity);
+ LogDebug("Check widget existance");
+ Try {
+ request->setAppType(getAppType(request));
+ } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) {
+ LogError("==== Couldn't find widget for handle: " <<
+ request->getWidgetHandle() << ". Access denied. ====");
+ retValue = false;
+ return;
+ }
+
+ *retValue = false;
+ OptionalExtendedPolicyResult extendedAceResult =
+ m_policyEnforcementPoint.checkFromCache(*request);
+ if (extendedAceResult.IsNull()) {
+ LogDebug("No cached policy result - but it should be here");
+ LogDebug("returning " << *retValue);
+ return;
+ }
+
+ PolicyResult aceResult = extendedAceResult->policyResult;
+ if (aceResult == PolicyEffect::DENY) {
+ LogDebug("returning " << *retValue);
+ return;
+ }
+ if (aceResult == PolicyEffect::PERMIT) {
+ // TODO we were asked for prompt validation
+ // but we got that no prompt should be opened - is this OK?
+ // (this is on the diagram in wiki)
+ *retValue = true;
+ } else if (aceResult == PolicyEffect::PROMPT_ONESHOT ||
+ aceResult == PolicyEffect::PROMPT_SESSION ||
+ aceResult == PolicyEffect::PROMPT_BLANKET)
+ {
+ Request::DeviceCapabilitySet devCaps =
+ request->getDeviceCapabilitySet();
+
+ FOREACH (it, devCaps) {
+ Request::DeviceCapability resourceId = *it;
+ LogDebug("Recheck: " << *it);
+ // 1) check if per-widget settings permit
+ AceDB::PreferenceTypes wgtPref =
+ AceDB::AceDAOReadOnly::getWidgetDevCapSetting(
+ resourceId,
+ request->getWidgetHandle());
+ if (AceDB::PreferenceTypes::PREFERENCE_DENY == wgtPref) {
+ LogDebug("returning " << *retValue);
+ return;
+ }
+ // 2) check if per-dev-cap settings permit
+ AceDB::PreferenceTypes resPerf =
+ AceDB::AceDAOReadOnly::getDevCapSetting(resourceId);
+ if (AceDB::PreferenceTypes::PREFERENCE_DENY == resPerf) {
+ LogDebug("returning " << *retValue);
+ return;
+ }
+
+ // 3) check for stored propmt answer - should not be there
+ // TODO - is this check necessary?
+ AceDB::BaseAttributeSet attributes;
+ AceDB::AceDAOReadOnly::getAttributes(&attributes);
+ Request req(request->getWidgetHandle(),
+ request->getExecutionPhase());
+ req.addDeviceCapability(resourceId);
+ PolicyInformationPoint *pip =
+ m_policyEnforcementPoint.getPip();
+
+ Assert(NULL != pip);
+
+ pip->getAttributesValues(&req, &attributes);
+ auto attrHash = AceDB::AceDaoConversions::convertToHash(attributes);
+
+ // 4) validate consistency of answer with policy result
+ Prompt::Validity clampedValidity =
+ clampPromptValidity(validity, *(aceResult.getEffect()));
+
+ // 5) store answer in database if appropriate
+ // TODO how about userParam? sessionId?
+ DPL::String userParam = DPL::FromUTF8String(sessionId);
+ DPL::OptionalString sessionOptional =
+ DPL::FromUTF8String(sessionId);
+
+ switch (clampedValidity) {
+ case Prompt::Validity::ALWAYS: {
+ AceDB::AceDAO::setPromptDecision(
+ request->getWidgetHandle(),
+ extendedAceResult->ruleId,
+ sessionOptional,
+ allowed ?
+ PromptDecision::ALLOW_ALWAYS :
+ PromptDecision::DENY_ALWAYS);
+ break; }
+ case Prompt::Validity::SESSION: {
+ AceDB::AceDAO::setPromptDecision(
+ request->getWidgetHandle(),
+ extendedAceResult->ruleId,
+ sessionOptional,
+ allowed ?
+ PromptDecision::ALLOW_FOR_SESSION :
+ PromptDecision::DENY_FOR_SESSION);
+ break; }
+
+ case Prompt::Validity::ONCE: {
+ LogInfo("Validity ONCE, not saving prompt decision to cache");
+ break; }
+ }
+
+ }
+ // access granted!
+ *retValue = allowed;
+ }
+ if (*retValue) {
+ // 6) grant smack label if not granted yet
+ grantPlatformAccess(*request);
+ }
+ LogDebug("Finish");
+ LogDebug("returning " << *retValue);
+}
+
+void SecurityLogic::updatePolicy()
+{
+ LogDebug("SecurityLogic::updatePolicy");
+ m_policyEnforcementPoint.updatePolicy();
+}
+
+Prompt::Validity SecurityLogic::clampPromptValidity(
+ Prompt::Validity validity,
+ PolicyEffect effect)
+{
+ switch (effect) {
+ case PolicyEffect::PROMPT_BLANKET: {
+ return validity; }
+ case PolicyEffect::PROMPT_SESSION: {
+ if (Prompt::Validity::ALWAYS == validity) {
+ LogInfo("ALWAYS returned from prompt in PROMPT_SESSION");
+ return Prompt::Validity::SESSION;
+ }
+ return validity; }
+ case PolicyEffect::PROMPT_ONESHOT: {
+ if (Prompt::Validity::ONCE != validity) {
+ LogInfo("Not ONCE returned from prompt in PROMPT_ONESHOT");
+ }
+ return Prompt::Validity::ONCE; }
+ case PolicyEffect::DENY:
+ case PolicyEffect::PERMIT:
+ default: {// other options - should not happen
+ LogError("This kind of policy effect does not deal with prompts");
+ return Prompt::Validity::ONCE; }
+ }
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * This class simply redirects the access requests to access control engine.
+ * The aim is to hide access control engine specific details from WRT modules.
+ * It also implements WRT_INTERFACE.h interfaces, so that ACE could access
+ * WRT specific and other information during the decision making.
+ *
+ * @file security_controller.h
+ * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com)
+ * @author Ming Jin(ming79.jin@samsung.com)
+ * @author Piotr Kozbial (p.kozbial@samsung.com)
+ * @version 1.0
+ * @brief Header file for security logic
+ */
+#ifndef SECURITY_LOGIC_H
+#define SECURITY_LOGIC_H
+
+#include <ace/Request.h>
+#include <ace/PolicyResult.h>
+#include <ace/AbstractPolicyEnforcementPoint.h>
+#include <ace/Preference.h>
+#include <ace/PolicyEnforcementPoint.h>
+#include <ace-dao-ro/PromptModel.h>
+
+/* SecurityLogic
+ * May only be created and used by SecurityController.
+ * There may be only one instance.
+ */
+class SecurityLogic {
+ public:
+ SecurityLogic() {}
+ ~SecurityLogic() {}
+ // initialize/terminate
+ /** */
+ void initialize();
+ /** */
+ void terminate();
+
+ /** */
+ PolicyResult checkFunctionCall(Request*);
+ PolicyResult checkFunctionCall(Request*, const std::string &session);
+
+ void validatePopupResponse(Request* request,
+ bool allowed,
+ Prompt::Validity validity,
+ const std::string& sessionId,
+ bool* retValue);
+
+ /**
+ * Updates policy and clears policy cache
+ */
+ void updatePolicy();
+
+ private:
+ PolicyEnforcementPoint m_policyEnforcementPoint;
+
+ Prompt::Validity clampPromptValidity(Prompt::Validity validity,
+ PolicyEffect effect);
+ void grantPlatformAccess(const Request& request);
+};
+
+#endif // SECURITY_CONTROLLER_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file simple_roaming_agent.cpp
+ * @author Pawel Sikorski (p.sikorski@samsung.com)
+ * @author Lukasz Marek (l.marek@samsung.com)
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief roaming agent
+ */
+
+#include "simple_roaming_agent.h"
+#include <vconf.h>
+#include <dpl/fast_delegate.h>
+#include <dpl/log/log.h>
+#include <dpl/singleton_impl.h>
+IMPLEMENT_SINGLETON(SimpleRoamingAgent)
+
+SimpleRoamingAgent::SimpleRoamingAgent()
+{
+ if (vconf_notify_key_changed(
+ VCONFKEY_TELEPHONY_SVC_ROAM,
+ vConfChagedCallback, this) < 0)
+ {
+ LogError("Cannot add vconf callback [" <<
+ VCONFKEY_TELEPHONY_SVC_ROAM << "]");
+ Assert(false && "Cannot add vconf callback");
+ }
+
+ int result = 0;
+ if (vconf_get_int(VCONFKEY_TELEPHONY_SVC_ROAM, &result) != 0) {
+ LogError("Cannot get current roaming status");
+ Assert(false && "Cannot get current roaming status");
+ } else {
+ bool type = (result == VCONFKEY_TELEPHONY_SVC_ROAM_ON);
+ m_networkType = type ? ROAMING : HOME;
+ LogInfo("Network type is " << (type ? "ROAMING" : "HOME"));
+ }
+
+}
+
+SimpleRoamingAgent::~SimpleRoamingAgent()
+{
+ if (vconf_ignore_key_changed(
+ VCONFKEY_TELEPHONY_SVC_ROAM,
+ vConfChagedCallback) < 0)
+ {
+ LogError("Cannot rm vconf callback [" <<
+ VCONFKEY_TELEPHONY_SVC_ROAM << "]");
+ Assert(false && "Cannot remove vconf callback");
+ }
+
+}
+
+void SimpleRoamingAgent::vConfChagedCallback(keynode_t *keyNode, void *data)
+{
+ LogInfo("SimpleRoamingAgent::vConfChagedCallback ");
+ char *key = vconf_keynode_get_name(keyNode);
+
+ if (NULL == key) {
+ LogWarning("vconf key is null.");
+ return;
+ }
+ std::string keyString = key;
+ if (VCONFKEY_TELEPHONY_SVC_ROAM != keyString) {
+ LogError("Wrong key found");
+ Assert(false && "Wrong key found in vconf callback");
+ return;
+ }
+ SimpleRoamingAgent *agent = static_cast<SimpleRoamingAgent *>(data);
+ if (NULL == agent) {
+ LogError("Bad user arg from vconf lib");
+ Assert(false && "Bad user arg from vconf lib");
+ return;
+ }
+ int result = 0;
+ if (vconf_get_int(VCONFKEY_TELEPHONY_SVC_ROAM, &result) != 0) {
+ LogError("Cannot get current roaming status");
+ Assert(false && "Cannot get current roaming status");
+ } else {
+ bool type = (result == VCONFKEY_TELEPHONY_SVC_ROAM_ON);
+ agent->m_networkType = type ? ROAMING : HOME;
+ LogInfo("Network type is " << (type ? "ROAMING" : "HOME"));
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file simple_roaming_agent.h
+ * @author Pawel Sikorski (p.sikorski@samsung.com)
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief simple roaming agent
+ */
+
+#ifndef WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_
+#define WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_
+
+#include <string>
+#include <dpl/singleton.h>
+#include <dpl/noncopyable.h>
+#include <vconf.h>
+
+class SimpleRoamingAgent : DPL::Noncopyable
+{
+ public:
+ bool IsRoamingOn() const
+ {
+ return ROAMING == m_networkType;
+ }
+
+ private:
+ enum NetworkType {ROAMING, HOME};
+
+ NetworkType m_networkType;
+
+ SimpleRoamingAgent();
+ virtual ~SimpleRoamingAgent();
+
+ static void vConfChagedCallback(keynode_t *keyNode, void *userParam);
+
+ friend class DPL::Singleton<SimpleRoamingAgent>;
+};
+
+typedef DPL::Singleton<SimpleRoamingAgent> SimpleRoamingAgentSingleton;
+
+#endif//WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_service_callbacks.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implementation of Ace Service callbacks
+ */
+#include <string>
+#include <vector>
+#include <dpl/log/log.h>
+#include "ace_service_callbacks.h"
+#include <callback_api.h>
+#include <ace/Request.h>
+#include <ace/PolicyResult.h>
+#include <security_controller.h>
+#include <security_caller.h>
+#include <attribute_facade.h>
+
+namespace RPC {
+
+void AceServiceCallbacks::checkAccess(SocketConnection * connector){
+
+ int widgetHandle = 0;
+ std::string subject, resource, sessionId;
+ std::vector<std::string> paramNames, paramValues;
+ Try {
+ connector->read(&widgetHandle,
+ &subject,
+ &resource,
+ ¶mNames,
+ ¶mValues,
+ &sessionId);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection read error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket Connection read error");
+ }
+
+ if (paramNames.size() != paramValues.size()) {
+ ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, "Varying sizes of parameter names and parameter values");
+ }
+ LogDebug("We got subject: " << subject);
+ LogDebug("We got resource: " << resource);
+
+ FunctionParamImpl params;
+ for (size_t i = 0; i < paramNames.size(); ++i) {
+ params.addAttribute(paramNames[i], paramValues[i]);
+ }
+
+ Request request(widgetHandle,
+ WidgetExecutionPhase_Invoke,
+ ¶ms);
+ request.addDeviceCapability(resource);
+
+ PolicyResult result(PolicyEffect::DENY);
+ SecurityCallerSingleton::Instance().SendSyncEvent(
+ SecurityControllerEvents::CheckRuntimeCallSyncEvent(
+ &result,
+ &request,
+ sessionId));
+
+ int response = PolicyResult::serialize(result);
+
+ Try{
+ connector->write(response);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection write error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket Connection write error");
+ }
+}
+
+void AceServiceCallbacks::checkAccessInstall(SocketConnection * connector){
+
+ int widgetHandle;
+ std::string resource;
+
+ Try {
+ connector->read(&widgetHandle,
+ &resource);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection read error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket Connection read error");
+ }
+
+ LogDebug("We got handle: " << widgetHandle);
+ LogDebug("We got resource: " << resource);
+
+ Request request(widgetHandle,
+ WidgetExecutionPhase_WidgetInstall);
+ request.addDeviceCapability(resource);
+
+ PolicyResult result(PolicyEffect::DENY);
+ SecurityCallerSingleton::Instance().SendSyncEvent(
+ SecurityControllerEvents::CheckFunctionCallSyncEvent(
+ &result,
+ &request));
+
+ int response = PolicyResult::serialize(result);
+
+ Try{
+ connector->write(response);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection write error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket Connection write error");
+ }
+}
+
+void AceServiceCallbacks::updatePolicy(SocketConnection * /*connector*/){
+
+
+ LogDebug("Policy update socket message received");
+ SecurityCallerSingleton::Instance().SendSyncEvent(
+ SecurityControllerEvents::UpdatePolicySyncEvent());
+}
+
+} //namespace RPC
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_service_callbacks.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of Ace Service callbacks
+ */
+
+#ifndef ACE_SERVICE_CALLBACKS_H_
+#define ACE_SERVICE_CALLBACKS_H_
+
+#include <memory>
+#include <SocketConnection.h>
+#include <dpl/log/log.h>
+
+namespace RPC {
+
+namespace AceServiceCallbacks {
+
+ // IN string subject
+ // IN string resource
+ // IN vector<string> function param names
+ // IN vector<string> function param values
+ // OUT int allow, deny, popup type
+ void checkAccess(SocketConnection * connector);
+
+ // IN string subject
+ // IN string resource
+ // OUT int allow, deny, popup type
+ void checkAccessInstall(SocketConnection * connector);
+
+ // Policy update trigger
+ void updatePolicy(SocketConnection * connector);
+
+};
+
+} //namespace RPC
+
+#endif /* ACE_SERVICE_CALLBACKS_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ace_service_callbacks_api.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header with api of implemented Ace Service callbacks
+ */
+#ifndef ACE_SERVICE_CALLBACKS_API_H_
+#define ACE_SERVICE_CALLBACKS_API_H_
+
+#include <string>
+#include <utility>
+#include "ace_server_api.h"
+#include "ace_service_callbacks.h"
+#include "callback_api.h"
+
+namespace WrtSecurity{
+namespace AceServiceCallbacksApi{
+
+inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_METHOD_CALLBACK() {
+ return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD(),
+ RPC::AceServiceCallbacks::checkAccess);
+}
+
+inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_INSTALL_METHOD_CALLBACK() {
+ return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_INSTALL_METHOD(),
+ RPC::AceServiceCallbacks::checkAccessInstall);
+}
+
+inline const std::pair<std::string, socketServerCallback> UPDATE_POLICY_METHOD_CALLBACK() {
+ return std::make_pair(WrtSecurity::AceServerApi::UPDATE_POLICY_METHOD(),
+ RPC::AceServiceCallbacks::updatePolicy);
+}
+
+} // namespace AceServiceCallbacksApi
+} // namespace WrtSecurity
+
+
+#endif // ACE_SERVICE_CALLBACKS_API_H_
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file popup_service_callbacks.cpp
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief Implementation of Security Caller Thread singleton
+ */
+
+#include <security_caller.h>
+#include <dpl/singleton_impl.h>
+
+IMPLEMENT_SINGLETON(SecurityCallerThread)
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file popup_service_callbacks.cpp
+ * @author Lukasz Wrzosek (l.wrzosek@samsung.com)
+ * @version 1.0
+ * @brief Header of Security Caller class used by services socket callbacks
+ */
+
+#ifndef SECURITY_CALLER_H__
+#define SECURITY_CALLER_H__
+
+#include <dpl/thread.h>
+#include <dpl/assert.h>
+#include <dpl/singleton.h>
+
+#include <security_controller.h>
+
+#include <pthread.h>
+
+class IEventHolder
+{
+ public:
+ virtual void FinalizeSending() = 0;
+ virtual ~IEventHolder() {};
+};
+
+template<class EventType>
+class EventHolderImpl : public IEventHolder
+{
+ EventType event;
+
+ public:
+ EventHolderImpl(const EventType& e) : event(e) {}
+ virtual void FinalizeSending()
+ {
+ LogDebug("sending real sync event");
+ CONTROLLER_POST_SYNC_EVENT(SecurityController, event);
+ }
+};
+
+/*
+ * Because Security Controller is a DPL::Controler class, its events
+ * can be send only from a DPL managed thread. SecurityCallerTread class
+ * has been implemented as a workaround of that constraint.
+ * This class is a DPL managed thread that waits for requests
+ * from non DPL managed threads and when receives one it posts event
+ * to the Security Controler in charge of the calling thread.
+ */
+
+
+class SecurityCallerThread : public DPL::Thread
+{
+ private:
+ pthread_mutex_t m_mutex2;
+ pthread_mutex_t m_mutex;
+ pthread_cond_t m_cond;
+ pthread_cond_t m_cond2;
+ bool m_continue;
+ bool m_finished;
+ IEventHolder* m_eventHolder;
+ pthread_mutex_t m_syncMutex;
+
+
+ SecurityCallerThread() :
+ Thread(),
+ m_mutex2(PTHREAD_MUTEX_INITIALIZER),
+ m_mutex(PTHREAD_MUTEX_INITIALIZER),
+ m_cond(PTHREAD_COND_INITIALIZER),
+ m_cond2(PTHREAD_COND_INITIALIZER),
+ m_continue(true),
+ m_finished(false),
+ m_eventHolder(NULL),
+ m_syncMutex(PTHREAD_MUTEX_INITIALIZER)
+ {
+ LogDebug("constructor");
+ }
+
+ virtual ~SecurityCallerThread()
+ {
+ pthread_mutex_unlock(&m_syncMutex);
+ pthread_cond_destroy(&m_cond);
+ pthread_cond_destroy(&m_cond2);
+ pthread_mutex_destroy(&m_mutex2);
+ pthread_mutex_destroy(&m_mutex);
+ pthread_mutex_destroy(&m_syncMutex);
+ }
+
+ protected:
+ /* main routine of the SecurityCallerThread */
+ virtual int ThreadEntry()
+ {
+ LogDebug("SecurityCallerThread start");
+ pthread_mutex_lock(&m_mutex); // lock shared data
+
+ while (m_continue) // main loop
+ {
+ if (m_eventHolder) // if m_eventHolder is set, the request has been received
+ {
+ m_eventHolder->FinalizeSending(); // send actual event in charge of calling thread
+ delete m_eventHolder;
+ m_eventHolder = NULL;
+ LogDebug("setting finished state");
+ pthread_mutex_lock(&m_syncMutex); // lock m_finished
+ m_finished = true;
+ pthread_mutex_unlock(&m_syncMutex); // unlock m_finished
+ LogDebug("finished");
+ pthread_cond_signal(&m_cond2); // signal a calling thread that event has been posted.
+ }
+ LogDebug("waiting for event");
+ // atomically:
+ // unlock m_mutex, wait on m_cond until signal received, lock m_mutex
+ pthread_cond_wait(&m_cond, &m_mutex);
+ LogDebug("found an event");
+ }
+
+ pthread_mutex_unlock(&m_mutex);
+
+ return 0;
+ }
+
+ public:
+ void Quit()
+ {
+ LogDebug("Quit called");
+ pthread_mutex_lock(&m_mutex); // lock shared data
+ m_continue = false; // main loop condition set to false
+ pthread_mutex_unlock(&m_mutex); // unlock shard data
+ pthread_cond_signal(&m_cond);
+ }
+
+ template <class EventType>
+ void SendSyncEvent(const EventType& event)
+ {
+ // prevent SendSyncEvent being called by multiple threads at the same time.
+ pthread_mutex_lock(&m_mutex2);
+ LogDebug("sending sync event");
+ bool correct_thread = false;
+ Try {
+ LogDebug("Checking if this is unmanaged thread");
+ DPL::Thread::GetCurrentThread();
+ } Catch (DPL::Thread::Exception::UnmanagedThread) {
+ correct_thread = true;
+ }
+ Assert(correct_thread &&
+ "This method may not be called from DPL managed thread or main thread");
+ LogDebug("putting an event to be posted");
+ pthread_mutex_lock(&m_mutex); // lock shared data
+ Assert(m_eventHolder == NULL && "Whooops");
+ m_eventHolder = new EventHolderImpl<EventType>(event); // put an event to be posted
+ pthread_mutex_unlock(&m_mutex); // unlock shared data
+ LogDebug("Signal caller thread that new event has been created");
+ pthread_cond_signal(&m_cond); // signal SecurityCallerThread to wake up because new
+ // event is waiting to be posted
+
+ LogDebug("waiting untill send completes");
+ pthread_mutex_lock(&m_syncMutex); /* wait until send completes */
+ while (!m_finished)
+ {
+ pthread_cond_wait(&m_cond2, &m_syncMutex); // wait until event is posted
+ }
+ LogDebug("done");
+ m_finished = false;
+ pthread_mutex_unlock(&m_syncMutex);
+ pthread_mutex_unlock(&m_mutex2);
+ }
+
+ private:
+ friend class DPL::Singleton<SecurityCallerThread>;
+};
+
+typedef DPL::Singleton<SecurityCallerThread> SecurityCallerSingleton;
+
+
+
+#endif //SECURITY_CALLER_H__
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ocsp_server_api.h
+ * @author
+ * @version 1.0
+ * @brief This file contains definitions OCSP server interface & methods specifically needed by DBus.
+ */
+#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
+#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
+
+#include "ocsp_server_api.h"
+#include<string>
+
+namespace WrtSecurity{
+namespace OcspServerApi{
+
+
+// RPC test function
+// IN std::string
+// OUT std::string
+inline const std::string ECHO_METHOD()
+{
+ return "echo";
+}
+
+
+
+}
+};
+
+#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ocsp_service_dbus_interface.cpp
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @version 1.0
+ * @brief Implementation of OCSP server API.
+ */
+#include "ocsp_server_dbus_interface.h"
+
+namespace RPC {
+
+using namespace WrtSecurity;
+
+OcspServerDBusInterface::OcspServerDBusInterface():
+ DPL::DBus::InterfaceDispatcher(OcspServerApi::INTERFACE_NAME())
+{
+ setXmlSignature("<node>"
+ " <interface name='" + OcspServerApi::INTERFACE_NAME() + "'>"
+ " <method name='" + OcspServerApi::ECHO_METHOD() + "'>"
+ " <arg type='s' name='input' direction='in'/>"
+ " <arg type='s' name='output' direction='out'/>"
+ " </method>"
+ " <method name='" + OcspServerApi::CHECK_ACCESS_METHOD() + "'>"
+ " <arg type='i' name='input' direction='in'/>"
+ " <arg type='i' name='output' direction='out'/>"
+ " </method>"
+ " </interface>"
+ "</node>");
+}
+
+
+void OcspServerDBusInterface::onMethodCall(
+ const gchar* argMethodName,
+ GVariant* argParameters,
+ GDBusMethodInvocation* argInvocation)
+{
+ if (OcspServerApi::ECHO_METHOD() == argMethodName){
+ // TODO: Deserialization should use
+ // DBus::SErverDeserialization::deserialize()
+ const gchar* arg = NULL;
+ g_variant_get(argParameters, "(&s)", &arg);
+ // TODO: Serialization should use
+ // DBus::SErverDeserialization::serialize()
+ gchar* response = g_strdup_printf(arg);
+ g_dbus_method_invocation_return_value(argInvocation,
+ g_variant_new ("(s)", response));
+ g_free (response);
+ } else if (OcspServerApi::CHECK_ACCESS_METHOD() == argMethodName) {
+ gint32 value;
+ g_variant_get(argParameters, "(i)", &value);
+
+ // TODO: this is making OCSP service a stub! this HAS to be moved
+ // with proper implementation to cert-svc daemon
+ gint32 response = 0; // Certificates are valid for now
+
+ GVariant* varResponse = g_variant_new ("(i)", response);
+ //This function will unref invocation and it will be freed
+ LogDebug("OCSP dbus interface tries to send result");
+ g_dbus_method_invocation_return_value(argInvocation, varResponse);
+ }
+}
+
+} // namespace RPC
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ocsp_service_dbus_interface.h
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @version 1.0
+ * @brief Class that handles OCSP server API.
+ */
+#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_
+#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_
+
+#include <list>
+#include <dpl/dbus/dbus_interface_dispatcher.h>
+#include "api/ocsp_server_dbus_api.h"
+
+namespace RPC {
+
+class OcspServerDBusInterface :
+ public DPL::DBus::InterfaceDispatcher
+{
+ public:
+ OcspServerDBusInterface();
+
+ virtual ~OcspServerDBusInterface()
+ {}
+
+ virtual void onMethodCall(const gchar* method_name,
+ GVariant* parameters,
+ GDBusMethodInvocation* invocation);
+};
+
+} // namespace RPC
+
+#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ocsp_server_api.h
+ * @author
+ * @version 1.0
+ * @brief This file contains definitions OCSP server interface & methods.
+ */
+#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_
+#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_
+
+#include "ocsp_server_api.h"
+#include<string>
+
+namespace WrtSecurity{
+namespace OcspServerApi{
+
+// DBus interface name
+inline const std::string INTERFACE_NAME()
+{
+ return "org.tizen.OcspCheck";
+}
+
+// Function checks WidgetStatus for installed widget.
+// https://106.116.37.24/wiki/WebRuntime/Security/Widget_Signatures
+// IN WidgetHandle Widget ID in Database
+// OUT WidgetStatus GOOD/REVOKED
+inline const std::string CHECK_ACCESS_METHOD()
+{
+ return "OcspCheck";
+}
+
+}
+};
+
+#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file ocsp_service.cpp
+ * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com)
+ * @version 1.0
+ * @brief This is implementation file of Ocsp service
+ */
+
+#include "security_daemon.h"
+
+namespace OcspService {
+
+class OcspService : public SecurityDaemon::DaemonService
+{
+ private:
+ virtual void initialize()
+ {
+ }
+
+ virtual void start()
+ {
+ }
+
+ virtual void stop()
+ {
+ }
+
+ virtual void deinitialize()
+ {
+ }
+
+};
+
+DAEMON_REGISTER_SERVICE_MODULE(OcspService)
+
+}//namespace OcspService
+
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ocsp_service_callbacks_api.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header with api of implemented Ocsp Service callbacks
+ */
+
+#ifndef OCSP_SERVICE_CALLBACKS_API_H_
+#define OCSP_SERVICE_CALLBACKS_API_H_
+
+#include <string>
+#include <utility>
+#include "SocketConnection.h"
+#include "ocsp_server_api.h"
+#include "ocsp_service_callbacks.h"
+#include "callback_api.h"
+
+namespace WrtSecurity{
+namespace OcspServiceCallbacksApi{
+
+inline const std::pair<std::string, socketServerCallback> CHECK_ACCESS_METHOD_CALLBACK(){
+ return std::make_pair(WrtSecurity::OcspServerApi::CHECK_ACCESS_METHOD(),
+ RPC::OcspServiceCallbacks::checkAccess);
+}
+
+} // namespace OcspServiceCallbacksApi
+} // namespace WrtSecurity
+
+#endif // OCSP_SERVICE_CALLBACKS_API_H_
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ocsp_service_callbacks.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implementation of Ocsp Service callbacks
+ */
+
+#include "ocsp_service_callbacks.h"
+#include <callback_api.h>
+
+namespace RPC {
+
+void OcspServiceCallbacks::checkAccess(SocketConnection * connector){
+ int response = 0;
+ Try {
+ connector->write(response);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket Connection write error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket Connection write error");
+ }
+}
+
+} // namespace RPC
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file ocsp_service_callbacks.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of Ocsp Service callbacks class
+ */
+
+#ifndef OCSP_SERVICE_CALLBACKS_H_
+#define OCSP_SERVICE_CALLBACKS_H_
+
+#include <SocketConnection.h>
+
+namespace RPC {
+
+namespace OcspServiceCallbacks {
+ void checkAccess(SocketConnection * connector);
+};
+
+} // namespace RPC
+#endif /* OCSP_SERVICE_CALLBACKS_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file popup_response_dispatcher.cpp
+ * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#include "popup_response_dbus_interface.h"
+#include <vector>
+#include <string>
+#include <dpl/dbus/dbus_server_deserialization.h>
+#include <dpl/dbus/dbus_server_serialization.h>
+#include <ace/Request.h>
+#include <ace-dao-ro/PromptModel.h>
+#include "popup_ace_data_types.h"
+//#include "access-control/engine/PromptModel.h"
+#include "attribute_facade.h"
+//#include "Request.h"
+#include "security_controller.h"
+
+namespace RPC
+{
+
+void PopupResponseDBusInterface::onMethodCall(const gchar* methodName,
+ GVariant* parameters,
+ GDBusMethodInvocation* invocation)
+{
+ using namespace WrtSecurity;
+#if 1
+ if (0 == g_strcmp0(methodName,
+ PopupServerApi::VALIDATION_METHOD().c_str()))
+ {
+ // popup answer data
+ bool allowed = false;
+ int serializedValidity = 0;
+
+ // ACE data
+ AceUserdata acedata;
+
+ if (!DPL::DBus::ServerDeserialization::deserialize(
+ parameters,
+ &allowed,
+ &serializedValidity,
+ &(acedata.handle),
+ &(acedata.subject),
+ &(acedata.resource),
+ &(acedata.paramKeys),
+ &(acedata.paramValues),
+ &(acedata.sessionId)))
+ {
+ g_dbus_method_invocation_return_dbus_error(
+ invocation,
+ "org.tizen.PopupResponse.UnknownError",
+ "Error in deserializing input parameters");
+ return;
+ }
+
+ if (acedata.paramKeys.size() != acedata.paramValues.size()) {
+ g_dbus_method_invocation_return_dbus_error(
+ invocation,
+ "org.tizen.PopupResponse.UnknownError",
+ "Varying sizes of parameter names and parameter values");
+ return;
+ }
+
+ FunctionParamImpl params;
+ for (size_t i = 0; i < acedata.paramKeys.size(); ++i) {
+ params.addAttribute(acedata.paramKeys[i], acedata.paramValues[i]);
+ }
+ Request request(acedata.handle,
+ WidgetExecutionPhase_Invoke,
+ ¶ms);
+ request.addDeviceCapability(acedata.resource);
+
+ Prompt::Validity validity = static_cast<Prompt::Validity>(serializedValidity);
+
+ bool response = false;
+ SecurityControllerEvents::ValidatePopupResponseEvent ev(
+ &request,
+ allowed,
+ validity,
+ acedata.sessionId,
+ &response);
+ CONTROLLER_POST_SYNC_EVENT(SecurityController, ev);
+
+ g_dbus_method_invocation_return_value(
+ invocation,
+ DPL::DBus::ServerSerialization::serialize(response));
+ }
+#endif
+}
+
+}
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file popup_response_dbus_interface.h
+ * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
+ * @author Tomasz Swierczek (t.swierczek@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#ifndef WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H
+#define WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H
+
+#include <dpl/dbus/dbus_interface_dispatcher.h>
+#include "popup_response_server_api.h"
+
+namespace RPC {
+
+class PopupResponseDBusInterface : public DPL::DBus::InterfaceDispatcher
+{
+public:
+ PopupResponseDBusInterface():
+ DPL::DBus::InterfaceDispatcher(
+ WrtSecurity::PopupServerApi::INTERFACE_NAME())
+ {
+ using namespace WrtSecurity;
+
+ setXmlSignature("<node>"
+ " <interface name='" +
+ PopupServerApi::INTERFACE_NAME() + "'>"
+ " <method name='" +
+ PopupServerApi::VALIDATION_METHOD() + "'>"
+ // popup answer data
+ " <arg type='b' name='allowed' direction='in'/>"
+ " <arg type='i' name='valid' direction='in'/>"
+ // this is copied from ace_server_dbus_interface
+ " <arg type='i' name='handle' direction='in'/>"
+ " <arg type='s' name='subject' direction='in'/>"
+ " <arg type='s' name='resource' direction='in'/>"
+ " <arg type='as' name='parameter names' direction='in'/>"
+ " <arg type='as' name='parameter values' direction='in'/>"
+ " <arg type='s' name='sessionId' direction='in'/>"
+ " <arg type='b' name='response' direction='out'/>"
+ " </method>"
+ " </interface>"
+ "</node>");
+
+ }
+
+ virtual ~PopupResponseDBusInterface()
+ {}
+
+ virtual void onMethodCall(const gchar* methodName,
+ GVariant* parameters,
+ GDBusMethodInvocation* invocation);
+};
+
+}
+
+#endif // WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file popup_ace_data_types.h
+ * @author Pawel Sikorski (p.sikorski@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#ifndef POPUP_ACE_DATA_TYPES_H_
+#define POPUP_ACE_DATA_TYPES_H_
+
+#include <vector>
+#include <string>
+
+// additional data needed by PolicyEvaluaor to recognize Popup Response
+struct AceUserdata
+{
+ //TODO INVALID_WIDGET_HANDLE is defined in wrt_plugin_export.h.
+ // I do not want to include that file here...
+ AceUserdata(): handle(-1) {}
+
+ int handle;
+ std::string subject;
+ std::string resource;
+ std::vector<std::string> paramKeys;
+ std::vector<std::string> paramValues;
+ std::string sessionId;
+};
+
+typedef bool SecurityStatus;
+
+#endif /* POPUP_ACE_DATA_TYPES_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file popup_response_server_api.h
+ * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com)
+ * @version 1.0
+ * @brief
+ */
+
+#ifndef WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H
+#define WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H
+
+#include <string>
+
+namespace WrtSecurity{
+namespace PopupServerApi{
+
+inline const std::string INTERFACE_NAME()
+{
+ return "org.tizen.PopupResponse";
+}
+
+inline const std::string VALIDATION_METHOD()
+{
+ return "validate";
+}
+
+}
+}
+
+#endif // WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H
+
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file popup_service_callbacks_api.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header with api of Popup Service callbacks
+ */
+
+#ifndef POPUP_SERVICE_CALLBACKS_API_H_
+#define POPUP_SERVICE_CALLBACKS_API_H_
+
+#include <string>
+#include <utility>
+#include "SocketConnection.h"
+#include "popup_response_server_api.h"
+#include "popup_service_callbacks.h"
+#include <callback_api.h>
+
+namespace WrtSecurity{
+namespace PopupServiceCallbacksApi{
+
+inline std::pair<std::string, socketServerCallback> VALIDATION_METHOD_CALLBACK(){
+ return std::make_pair(WrtSecurity::PopupServerApi::VALIDATION_METHOD(), RPC::PopupServiceCallbacks::validate);
+}
+
+} // namespace PopupServiceCallbacksApi
+} // namespace WrtSecurity
+
+#endif /* POPUP_SERVICE_CALLBACKS_API_H_ */
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file popup_service_callbacks.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Implementation of Popup Service callbacks
+ */
+
+#include "popup_service_callbacks.h"
+#include <callback_api.h>
+#include <ace/Request.h>
+#include <ace-dao-ro/PromptModel.h>
+#include <dpl/log/log.h>
+#include "attribute_facade.h"
+#include "popup_ace_data_types.h"
+#include "security_controller.h"
+#include <security_caller.h>
+
+namespace RPC {
+
+void PopupServiceCallbacks::validate(SocketConnection * connector){
+
+ bool allowed = false;
+ int serializedValidity = 0;
+
+ AceUserdata acedata;
+
+ Try {
+ connector->read(&allowed,
+ &serializedValidity,
+ &(acedata.handle),
+ &(acedata.subject),
+ &(acedata.resource),
+ &(acedata.paramKeys),
+ &(acedata.paramValues),
+ &(acedata.sessionId));
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket connection read error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket connection read error");
+ }
+
+ if (acedata.paramKeys.size() != acedata.paramValues.size()) {
+ ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Varying sizes of parameter names vector and parameter values vector");
+ }
+ FunctionParamImpl params;
+ for (size_t i = 0; i < acedata.paramKeys.size(); ++i) {
+ params.addAttribute(acedata.paramKeys[i], acedata.paramValues[i]);
+ }
+ Request request(acedata.handle,
+ WidgetExecutionPhase_Invoke,
+ ¶ms);
+ request.addDeviceCapability(acedata.resource);
+
+ Prompt::Validity validity = static_cast<Prompt::Validity>(serializedValidity);
+
+ bool response = false;
+ SecurityControllerEvents::ValidatePopupResponseEvent ev(
+ &request,
+ allowed,
+ validity,
+ acedata.sessionId,
+ &response);
+ SecurityCallerSingleton::Instance().SendSyncEvent(ev);
+
+ Try {
+ connector->write(response);
+ } Catch (SocketConnection::Exception::SocketConnectionException){
+ LogError("Socket connection write error");
+ ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException,
+ "Socket connection write error");
+ }
+}
+
+} // namespace RPC
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file popup_service_callbacks.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief Header of Popup Service callbacks
+ */
+
+#ifndef POPUP_SERVICE_CALLBACKS_H_
+#define POPUP_SERVICE_CALLBACKS_H_
+
+#include <memory>
+#include <SocketConnection.h>
+
+namespace RPC {
+
+namespace PopupServiceCallbacks {
+ void validate(SocketConnection * connector);
+};
+
+} // namespace RPC
+#endif /* POPUP_SERVICE_CALLBACKS_H_ */
--- /dev/null
+ADD_SUBDIRECTORY(src)
\ No newline at end of file
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/*
+ * @file wrt_oscp_api.h
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief This is C api for WRT OCSP
+ */
+#ifndef WRT_OCSP_API_H
+#define WRT_OCSP_API_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef enum{
+ WRT_OCSP_OK,
+ WRT_OCSP_INVALID_ARGUMENTS,
+ WRT_OCSP_INTERNAL_ERROR
+}wrt_ocsp_return_t;
+
+typedef int wrt_ocsp_widget_handle_t;
+typedef enum {
+ //The certificate has not been revoked.
+ WRT_OCSP_WIDGET_VERIFICATION_STATUS_GOOD,
+
+ //The certificate has been revoked.
+ WRT_OCSP_WIDGET_VERIFICATION_STATUS_REVOKED
+
+
+}wrt_ocsp_widget_verification_status_t;
+
+//-------------Initialization and shutdown-------------------
+/*
+ * Establishes connection to security server. Must be called only once.
+ * Returns WRT_OCSP_OK or error
+ */
+wrt_ocsp_return_t wrt_ocsp_initialize(void);
+
+/*
+ * Deinitializes internal structures. Must be called only once.
+ * Returns WRT_OCSP_OK or error
+ */
+
+wrt_ocsp_return_t wrt_ocsp_shutdown(void);
+
+//-------------Widget verification------------------------------
+/*
+ * Requests verification for widget identified with 'handle'.
+ * 'status holds server response.
+ * Returns WRT_OCSP_OK or error
+ */
+
+wrt_ocsp_return_t wrt_ocsp_verify_widget(wrt_ocsp_widget_handle_t handle,
+ wrt_ocsp_widget_verification_status_t* status);
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif //WRT_OCSP_API_H
--- /dev/null
+include(FindPkgConfig)
+
+PKG_CHECK_MODULES(WRT_OCSP_DEPS
+ dpl-efl
+ dpl-dbus-efl
+ REQUIRED
+ )
+
+SET(WRT_OCSP_DIR
+ ${PROJECT_SOURCE_DIR}/wrt_ocsp
+ )
+
+SET(WRT_OCSP_SRC_DIR
+ ${WRT_OCSP_DIR}/src
+ )
+
+SET(WRT_OCSP_INCLUDE_DIR
+ ${WRT_OCSP_DIR}/include
+ )
+
+SET(WRT_OCSP_SOURCES
+ ${COMMUNICATION_CLIENT_SOURCES}
+ ${WRT_OCSP_SRC_DIR}/wrt_ocsp_api.cpp
+ )
+
+SET(WRT_OCSP_INCLUDES
+ ${WRT_OCSP_DEPS_INCLUDE_DIRS}
+ ${WRT_OCSP_INCLUDE_DIR}
+ ${COMMUNICATION_CLIENT_INCLUDES}
+ ${PROJECT_SOURCE_DIR}/src/services/ocsp
+ ${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus/api
+ ${PROJECT_SOURCE_DIR}/src/daemon/dbus
+ )
+
+ADD_DEFINITIONS(${WRT_OCSP_DEPS_CFLAGS})
+ADD_DEFINITIONS(${WRT__CFLAGS_OTHER})
+
+INCLUDE_DIRECTORIES(${WRT_OCSP_INCLUDES})
+
+ADD_LIBRARY(${TARGET_WRT_OCSP_LIB} SHARED ${WRT_OCSP_SOURCES})
+
+SET_TARGET_PROPERTIES(${TARGET_WRT_OCSP_LIB} PROPERTIES
+ SOVERSION ${API_VERSION}
+ VERSION ${VERSION})
+
+SET_TARGET_PROPERTIES(${TARGET_WRT_OCSP_LIB} PROPERTIES
+ COMPILE_FLAGS -fPIC)
+
+TARGET_LINK_LIBRARIES(${TARGET_WRT_OCSP_LIB}
+ ${WRT_OCSP_DEPS_LIBRARIES}
+ ${WRT_OCSP_DEPS_LDFLAGS}
+ )
+
+INSTALL(TARGETS ${TARGET_WRT_OCSP_LIB}
+ DESTINATION lib)
+
+INSTALL(FILES
+ ${WRT_OCSP_INCLUDE_DIR}/wrt_ocsp_api.h
+ DESTINATION include/wrt-ocsp
+ )
--- /dev/null
+/*
+ * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * @file wrt_ocsp_api.cpp
+ * @author Zofia Abramowska (z.abramowska@samsung.com)
+ * @version 1.0
+ * @brief This file contains implementation of WRT OCSP api
+ */
+
+#include <dpl/log/log.h>
+#include <dpl/dbus/dbus_client.h>
+#include "ocsp_server_api.h"
+#include "SecurityCommunicationClient.h"
+
+#include "wrt_ocsp_api.h"
+
+static WrtSecurity::Communication::Client *communicationClient = NULL;
+
+wrt_ocsp_return_t wrt_ocsp_initialize(void){
+ if (NULL != communicationClient) {
+ LogError("wrt_ocsp_api already initialized");
+ return WRT_OCSP_INTERNAL_ERROR;
+ }
+
+ Try {
+ communicationClient = new WrtSecurity::Communication::Client(WrtSecurity::OcspServerApi::INTERFACE_NAME());
+ } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
+ LogError("Can't connect to daemon");
+ return WRT_OCSP_INTERNAL_ERROR;
+ }
+ LogInfo("Initialized");
+ return WRT_OCSP_OK;
+}
+
+wrt_ocsp_return_t wrt_ocsp_shutdown(void){
+ if (NULL == communicationClient) {
+ LogError("wrt_ocsp_api not initialized");
+ return WRT_OCSP_INTERNAL_ERROR;
+ }
+ delete communicationClient;
+ communicationClient = NULL;
+ LogInfo("Shutdown");
+ return WRT_OCSP_OK;
+}
+
+wrt_ocsp_return_t wrt_ocsp_verify_widget(wrt_ocsp_widget_handle_t handle,
+ wrt_ocsp_widget_verification_status_t* status){
+
+ LogInfo("Verifying");
+ if (NULL == status) {
+ LogError("Invalid arguments");
+ return WRT_OCSP_INVALID_ARGUMENTS;
+ }
+ int intResponse;
+
+ Try {
+ communicationClient->call(WrtSecurity::OcspServerApi::CHECK_ACCESS_METHOD(),
+ handle,
+ &intResponse);
+ } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) {
+ LogError("Problem with connection to daemon");
+ return WRT_OCSP_INTERNAL_ERROR;
+ }
+ (*status) = static_cast<wrt_ocsp_widget_verification_status_t>(intResponse);
+ LogInfo("Widget verified with response " << intResponse);
+ return WRT_OCSP_OK;
+}