}
return retVal;
}
+
+OCStackResult CheckSecurityACEPermision(uint16_t permission)
+{
+ OIC_LOG_V(DEBUG, TAG, "IN: %s", __func__);
+
+ OCStackResult ret = OC_STACK_ERROR;
+ OicSecAce_t *ace = NULL;
+ OicSecAce_t *tempAce = NULL;
+
+ if(NULL == gAcl)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s - gAcl is NULL!", __func__);
+ ret = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ LL_FOREACH_SAFE(gAcl->aces, ace, tempAce)
+ {
+ if(0 != memcmp(&ace->subjectuuid, &WILDCARD_SUBJECT_ID, sizeof(OicUuid_t)))
+ {
+ continue;
+ }
+
+ OicSecRsrc_t* rsrc = NULL;
+ int flag = 0;
+ LL_FOREACH(ace->resources, rsrc)
+ {
+ if(strncmp(rsrc->href, OIC_RSRC_DOXM_URI, strlen(OIC_RSRC_DOXM_URI) + 1) == 0 ||
+ strncmp(rsrc->href, OIC_RSRC_CRED_URI, strlen(OIC_RSRC_CRED_URI) + 1) == 0 ||
+ strncmp(rsrc->href, OIC_RSRC_PSTAT_URI, strlen(OIC_RSRC_PSTAT_URI) + 1) == 0)
+ {
+ flag = 1;
+ break;
+ }
+ }
+
+ if (flag && !(permission & ace->permission) )
+ {
+ ret = OC_STACK_ERROR;
+ goto exit;
+ }
+ }
+
+ exit:
+ OIC_LOG_V(DEBUG, TAG, "OUT: %s", __func__);
+ return ret;
+}
#include "psinterface.h"
#include "doxmresource.h"
#include "octhread.h"
+#include "aclresource.h"
+#include "credresource.h"
#define TAG "OIC_SRM_PSI"
}
}
+
+OCStackResult CheckSVRDBValidity(void)
+{
+ OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
+
+ OCStackResult res = OC_STACK_ERROR;
+ OicUuid_t emptyUuid = {.id={0}};
+
+ bool isOwned = false;
+ res = GetDoxmIsOwned(&isOwned);
+
+ if( OC_STACK_OK != res)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s - doxm is NULL!", __func__);
+ goto exit;
+ }
+
+ OicUuid_t devOwnerUuid = {.id={0}};
+ OicUuid_t devRownerUuid = {.id={0}};
+ OicUuid_t resRowneruuid = {.id={0}};
+ bool isDevOwnerUuidEmpty = false;
+ bool isDevRownerUuidEmpty = false;
+ bool isPstatRownerUuidEmpty = false;
+ bool isAclRownerUuidEmpty = false;
+ bool isCredRownerUuidEmpty = false;
+
+ if(OC_STACK_OK != GetDoxmDevOwnerId(&devOwnerUuid) |
+ OC_STACK_OK != GetDoxmRownerId(&devRownerUuid))
+ {
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if (0 == memcmp(&devOwnerUuid, &emptyUuid, sizeof(devOwnerUuid)))
+ {
+ isDevOwnerUuidEmpty = true;
+ }
+ else
+ {
+ isDevOwnerUuidEmpty = false;
+ }
+
+ if (0 == memcmp(&devRownerUuid, &emptyUuid, sizeof(devRownerUuid)))
+ {
+ isDevRownerUuidEmpty = true;
+ }
+ else
+ {
+ isDevRownerUuidEmpty = false;
+ }
+
+ if (OC_STACK_OK != GetPstatRownerId(&resRowneruuid))
+ {
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if (0 == memcmp(&resRowneruuid, &emptyUuid, sizeof(resRowneruuid)))
+ {
+ isPstatRownerUuidEmpty = true;
+ }
+ else
+ {
+ isPstatRownerUuidEmpty = false;
+ }
+
+ OicSecDpm_t cm = 0;
+ VERIFY_SUCCESS(TAG, OC_STACK_OK == GetPstatCm(&cm), ERROR);
+
+ if (OC_STACK_OK != GetAclRownerId(&resRowneruuid))
+ {
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if (0 == memcmp(&resRowneruuid, &emptyUuid, sizeof(resRowneruuid)))
+ {
+ isAclRownerUuidEmpty = true;
+ }
+ else
+ {
+ isAclRownerUuidEmpty = false;
+ }
+
+ if (OC_STACK_OK != GetCredRownerId(&resRowneruuid))
+ {
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if (0 == memcmp(&resRowneruuid, &emptyUuid, sizeof(resRowneruuid)))
+ {
+ isCredRownerUuidEmpty = true;
+ }
+ else
+ {
+ isCredRownerUuidEmpty = false;
+ }
+
+ if(true == isOwned)
+ {
+ if ( isDevOwnerUuidEmpty ||isDevRownerUuidEmpty )
+ {
+ OIC_LOG_V(ERROR, TAG, "%s - uuid is empty for owned device!", __func__);
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if(!GetPstatIsop() || (cm & TAKE_OWNER))
+ {
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if (isPstatRownerUuidEmpty)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s - pstatRownerUuid is empty for owned device!", __func__);
+ res = OC_STACK_ERROR;;
+ goto exit;
+ }
+
+ if (isAclRownerUuidEmpty)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s - aclRownerUuid is empty for owned device!", __func__);
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if (isCredRownerUuidEmpty)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s - credRownerUuid is empty for owned device!", __func__);
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if (OC_STACK_OK != CheckSecurityACEPermision(PERMISSION_READ))
+ {
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+ }
+ else
+ {
+ if ( !isDevOwnerUuidEmpty ||!isDevRownerUuidEmpty )
+ {
+ OIC_LOG_V(ERROR, TAG, "%s - uuid is not empty for unOwned device!", __func__);
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if (!isPstatRownerUuidEmpty)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s - pstatRownerUuid is not empty for unOwned device!", __func__);
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if(GetPstatIsop() || !(cm & TAKE_OWNER))
+ {
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if (!isAclRownerUuidEmpty)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s - aclRownerUuid is not empty for unOwned device!", __func__);
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if (!isCredRownerUuidEmpty)
+ {
+ OIC_LOG_V(ERROR, TAG, "%s - credRownerUuid is not empty for unOwned device!", __func__);
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ if (OC_STACK_OK != CheckSecurityACEPermision(PERMISSION_READ | PERMISSION_WRITE))
+ {
+ res = OC_STACK_ERROR;
+ goto exit;
+ }
+
+ }
+ res = OC_STACK_OK;
+
+ exit:
+
+ if (OC_STACK_OK != res)
+ {
+ if (isResetPFExist() && !isOwned)
+ {
+ res = ResetSecureResourceInPS();
+ OIC_LOG_V(INFO, TAG, "%s - Secure resources reseted (%d)", __func__, res);
+ }
+ else
+ {
+ SetPSStatus(PS_PARSE_FAIL);
+ res = DestroySecureResources();
+ if(OC_STACK_OK == res)
+ {
+ res = InitSecureResources();
+ if(OC_STACK_OK != res)
+ {
+ res = OC_STACK_INCONSISTENT_DB;
+ }
+ }
+ else
+ {
+ res = OC_STACK_INCONSISTENT_DB;
+ }
+ }
+ }
+ OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
+
+ return res;
+}
+
+bool isResetPFExist(void)
+{
+ OIC_LOG_V(DEBUG, TAG, "In %s", __func__);
+
+ bool ret = false;
+ size_t dbSize = 0;
+ uint8_t *dbData = NULL;
+
+ OCStackResult ocRes = OC_STACK_ERROR;
+
+ ocRes = GetSecureVirtualDatabaseFromPS(NULL, &dbData, &dbSize);
+ if (OC_STACK_OK != ocRes)
+ {
+ OIC_LOG_V(ERROR, TAG, "GetSecureVirtualDatabaseFromPS() is failed(%d)", ocRes);
+ }
+ if (dbData && dbSize)
+ {
+ ocRes = OC_STACK_ERROR;
+ {
+ CborParser parser;
+ CborValue cbor;
+ cbor_parser_init(dbData, dbSize, 0, &parser, &cbor);
+ CborValue curVal = {0};
+ CborError cborFindResult = CborNoError;
+
+ cborFindResult = cbor_value_map_find_value(&cbor, OIC_JSON_RESET_PF_NAME, &curVal);
+ if (CborNoError == cborFindResult && cbor_value_is_byte_string(&curVal))
+ {
+ OIC_LOG(DEBUG, TAG, "Reset Profile already exists!");
+ ret = true;
+ }
+ else
+ {
+ OIC_LOG(DEBUG, TAG, "Reset Profile doesn't exists!");
+ ret = false;
+ }
+ }
+ }
+ OICFree(dbData);
+ OIC_LOG_V(DEBUG, TAG, "Out %s", __func__);
+
+ return ret;
+}
\ No newline at end of file