From: Aleksander Zdyb Date: Mon, 18 Aug 2014 11:05:58 +0000 (+0200) Subject: Add start point in Storage::checkPolicy() X-Git-Tag: submit/R4/20141115.054144~95 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2324fffe9befd04cc57d396265f12750216bfd5a;p=platform%2Fcore%2Fsecurity%2Fcynara.git Add start point in Storage::checkPolicy() Storage::checkPolicy() now accepts id of bucket to start search with. Additional parameter (recursive) indicates, if search should go down into encountered buckets. Change-Id: I23ff8e044fc9ff0198183c335ffe845e75efe08b --- diff --git a/src/common/types/PolicyBucket.h b/src/common/types/PolicyBucket.h index b865d9e..c4675c2 100644 --- a/src/common/types/PolicyBucket.h +++ b/src/common/types/PolicyBucket.h @@ -48,12 +48,19 @@ public: typedef PolicyCollection::value_type value_type; typedef const_policy_iterator const_iterator; + // TODO: Review usefulness of ctors PolicyBucket() : m_defaultPolicy(PredefinedPolicyType::DENY) {} PolicyBucket(const PolicyBucketId &id, const PolicyResult &defaultPolicy) : m_defaultPolicy(defaultPolicy), m_id(id) {} PolicyBucket(const PolicyCollection &policies) : m_policyCollection(makePolicyMap(policies)), m_defaultPolicy(PredefinedPolicyType::DENY) {} + PolicyBucket(const PolicyBucketId &id, + const PolicyResult &defaultPolicy, + const PolicyCollection &policies) + : m_policyCollection(makePolicyMap(policies)), + m_defaultPolicy(defaultPolicy), + m_id(id) {} PolicyBucket filtered(const PolicyKey &key) const; void insertPolicy(PolicyPtr policy); diff --git a/src/service/storage/Storage.cpp b/src/service/storage/Storage.cpp index 7f92c34..8e81edc 100644 --- a/src/service/storage/Storage.cpp +++ b/src/service/storage/Storage.cpp @@ -38,12 +38,15 @@ namespace Cynara { -PolicyResult Storage::checkPolicy(const PolicyKey &key) { - auto policies = m_backend.searchDefaultBucket(key); - return minimalPolicy(policies, key); +PolicyResult Storage::checkPolicy(const PolicyKey &key, + const PolicyBucketId &startBucketId /*= defaultPolicyBucketId*/, + bool recursive /*= true*/) { + auto policies = m_backend.searchBucket(startBucketId, key); + return minimalPolicy(policies, key, recursive); }; -PolicyResult Storage::minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key) { +PolicyResult Storage::minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key, + bool recursive) { bool hasMinimal = false; PolicyResult minimal = bucket.defaultPolicy(); @@ -63,9 +66,11 @@ PolicyResult Storage::minimalPolicy(const PolicyBucket &bucket, const PolicyKey case PredefinedPolicyType::DENY: return policyResult; // Do not expect lower value than DENY case PredefinedPolicyType::BUCKET: { - auto bucketResults = m_backend.searchBucket(policyResult.metadata(), key); - auto minimumOfBucket = minimalPolicy(bucketResults, key); - proposeMinimal(minimumOfBucket); + if (recursive == true) { + auto bucketResults = m_backend.searchBucket(policyResult.metadata(), key); + auto minimumOfBucket = minimalPolicy(bucketResults, key, true); + proposeMinimal(minimumOfBucket); + } continue; } case PredefinedPolicyType::ALLOW: diff --git a/src/service/storage/Storage.h b/src/service/storage/Storage.h index adee6ec..82052d0 100644 --- a/src/service/storage/Storage.h +++ b/src/service/storage/Storage.h @@ -43,7 +43,9 @@ class Storage public: Storage(StorageBackend &backend) : m_backend(backend) {} - PolicyResult checkPolicy(const PolicyKey &key); + PolicyResult checkPolicy(const PolicyKey &key, + const PolicyBucketId &startBucketId = defaultPolicyBucketId, + bool recursive = true); void insertPolicies(const std::map> &policiesByBucketId); void deletePolicies(const std::map> &keysByBucketId); @@ -55,7 +57,7 @@ public: void save(void); protected: - PolicyResult minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key); + PolicyResult minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key, bool recursive); private: StorageBackend &m_backend; // backend strategy diff --git a/src/service/storage/StorageBackend.h b/src/service/storage/StorageBackend.h index cc711f9..b015bf0 100644 --- a/src/service/storage/StorageBackend.h +++ b/src/service/storage/StorageBackend.h @@ -37,6 +37,7 @@ class StorageBackend { public: virtual ~StorageBackend() {} + // TODO: Remove searchDefaultBucket() virtual PolicyBucket searchDefaultBucket(const PolicyKey &key) = 0; virtual PolicyBucket searchBucket(const PolicyBucketId &bucket, const PolicyKey &key) = 0; diff --git a/test/storage/storage/check.cpp b/test/storage/storage/check.cpp index e71e40f..f56e7fe 100644 --- a/test/storage/storage/check.cpp +++ b/test/storage/storage/check.cpp @@ -49,7 +49,7 @@ TEST(storage, checkEmpty) { Cynara::Storage storage(backend); PolicyKey pk = Helpers::generatePolicyKey(); - EXPECT_CALL(backend, searchDefaultBucket(pk)) + EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk)) .WillOnce(ReturnPointee(&emptyBucket)); // Default bucket empty -- return DENY @@ -66,7 +66,7 @@ TEST(storage, checkSimple) { Cynara::Storage storage(backend); PolicyKey pk = Helpers::generatePolicyKey(); - EXPECT_CALL(backend, searchDefaultBucket(pk)) + EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk)) .WillRepeatedly(ReturnPointee(&bucket)); // Default bucket empty -- return DENY @@ -81,6 +81,7 @@ TEST(storage, checkSimple) { ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(pk).policyType()); } +// TODO: Refactorize to resemble checkNonrecursive() TEST(storage, checkBucket) { using ::testing::ReturnPointee; @@ -97,9 +98,6 @@ TEST(storage, checkBucket) { PolicyBucket additionalBucket; - EXPECT_CALL(backend, searchDefaultBucket(pk)) - .WillRepeatedly(ReturnPointee(&defaultBucket)); - EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk)) .WillRepeatedly(ReturnPointee(&defaultBucket)); @@ -136,9 +134,6 @@ TEST(storage, checkBucketWildcard) { FakeStorageBackend backend; Cynara::Storage storage(backend); - EXPECT_CALL(backend, searchDefaultBucket(checkKey)) - .WillRepeatedly(ReturnPointee(&defaultBucket)); - EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, checkKey)) .WillRepeatedly(ReturnPointee(&defaultBucket)); @@ -166,9 +161,6 @@ TEST(storage, checkBucketWildcardOtherDefault) { FakeStorageBackend backend; Cynara::Storage storage(backend); - EXPECT_CALL(backend, searchDefaultBucket(checkKey)) - .WillRepeatedly(ReturnPointee(&defaultBucket)); - EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, checkKey)) .WillRepeatedly(ReturnPointee(&defaultBucket)); @@ -179,3 +171,21 @@ TEST(storage, checkBucketWildcardOtherDefault) { // Should return additional bucket's default policy ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(checkKey)); } + +TEST(storage, checkNonrecursive) { + using ::testing::ReturnPointee; + + PolicyKey pk = Helpers::generatePolicyKey(); + PolicyBucketId bucketId = "a-bucket"; + + PolicyBucket bucket(bucketId, PredefinedPolicyType::ALLOW, + { Policy::bucketWithKey(pk, "must-not-be-touched") }); + FakeStorageBackend backend; + + Cynara::Storage storage(backend); + + EXPECT_CALL(backend, searchBucket(bucketId, pk)) + .WillOnce(ReturnPointee(&bucket)); + + ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(pk, bucketId, false)); +}