From: Vitalii Irkha Date: Thu, 21 Nov 2019 16:37:45 +0000 (+0200) Subject: Added changes for SVR DB Validity API X-Git-Tag: submit/tizen/20191128.075235~7 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2a48d33152759b69583c6503f8ea8eae30adde73;p=platform%2Fupstream%2Fiotivity.git Added changes for SVR DB Validity API Don't stop stack initialization process even if DVR DB corrupted https://github.sec.samsung.net/RS7-IOTIVITY/IoTivity/commit/582794baea0c4db4dc8fdca566a7a8553b6d764c (cherry-picked from 582794baea0c4db4dc8fdca566a7a8553b6d764c) Change-Id: I0adf81f55a7a012730a792bac5e7f5b423190be7 Signed-off-by: Vitalii Irkha Signed-off-by: DoHyun Pyun --- diff --git a/resource/csdk/security/include/internal/aclresource.h b/resource/csdk/security/include/internal/aclresource.h index 8b28c3a9b..42c75a937 100644 --- a/resource/csdk/security/include/internal/aclresource.h +++ b/resource/csdk/security/include/internal/aclresource.h @@ -189,7 +189,7 @@ void printACL(const OicSecAcl_t* acl); * @param permission value for matching * @return OC_STACK_OK if permissions matched, else::OC_STACK_ERROR. */ -OCStackResult CheckSecurityACEPermision(uint16_t permission); +OCStackResult CheckSecurityACEPermission(uint16_t permission); #ifdef __cplusplus } diff --git a/resource/csdk/security/include/internal/psinterface.h b/resource/csdk/security/include/internal/psinterface.h index 9dbfc53eb..6848bfe4d 100644 --- a/resource/csdk/security/include/internal/psinterface.h +++ b/resource/csdk/security/include/internal/psinterface.h @@ -36,6 +36,14 @@ typedef enum PS_NO_EXTERNAL_DB_SET = 99, // no external DB set (initial state) } PSStatus_t; +//SVR DB Validity status +typedef enum +{ + SVRDB_NOT_VALID = 0, + SVRDB_VALID = 1, + SVRDB_NOT_CHECKED = 255 +} SVRDBValidStatus_t; + /** * Reads the Secure Virtual Database from PS into dynamically allocated * memory buffer. @@ -122,6 +130,13 @@ OCStackResult CreateResetProfile(void); */ void SetPSStatus(PSStatus_t status); +/** + * This function return SVR DB state: valid, not valid or was not checked yet + * + * @return Status of SVR DB + */ +SVRDBValidStatus_t GetSVRDBValidStatus(void); + /** * This method prints debug log that displays persistent storage status. */ diff --git a/resource/csdk/security/src/aclresource.c b/resource/csdk/security/src/aclresource.c index 566bf7945..b1a3bc8d4 100644 --- a/resource/csdk/security/src/aclresource.c +++ b/resource/csdk/security/src/aclresource.c @@ -2896,7 +2896,7 @@ OCStackResult GetAclRownerId(OicUuid_t *rowneruuid) return retVal; } -OCStackResult CheckSecurityACEPermision(uint16_t permission) +OCStackResult CheckSecurityACEPermission(uint16_t permission) { OIC_LOG_V(DEBUG, TAG, "IN: %s", __func__); @@ -2937,6 +2937,7 @@ OCStackResult CheckSecurityACEPermision(uint16_t permission) goto exit; } } + ret = OC_STACK_OK; exit: OIC_LOG_V(DEBUG, TAG, "OUT: %s", __func__); diff --git a/resource/csdk/security/src/psinterface.c b/resource/csdk/security/src/psinterface.c index e1e5a43f7..351492044 100644 --- a/resource/csdk/security/src/psinterface.c +++ b/resource/csdk/security/src/psinterface.c @@ -61,12 +61,24 @@ static oc_mutex g_mutexDb = NULL; // Persistent Storage status static PSStatus_t g_psStatus = PS_NO_EXTERNAL_DB_SET; +//SVR DB Validation status +static SVRDBValidStatus_t g_svrdbValidStatus = SVRDB_NOT_CHECKED; + static resetSVRDBCB_t g_resetSVRDBCB = {0}; resetSVRDBCB_t* const GetResetSVRDBCB(void) { return &g_resetSVRDBCB; } + +/** + * Set status of SVR DB after call CheckSVRDBValidity() API + */ +static void SetSVRDBValidStatus(SVRDBValidStatus_t status) +{ + g_svrdbValidStatus = status; +} + /** * Update the Persistent Storage Database size. */ @@ -1219,6 +1231,11 @@ void SetPSStatus(PSStatus_t status) g_psStatus = status; } +SVRDBValidStatus_t GetSVRDBValidStatus() +{ + return g_svrdbValidStatus; +} + void PrintPSStatus(void) { switch(g_psStatus) @@ -1303,7 +1320,7 @@ OCStackResult CheckSVRDBValidity(void) isPstatRownerUuidEmpty = false; } - OicSecDpm_t cm = 0; + OicSecDpm_t cm = NORMAL; VERIFY_SUCCESS(TAG, OC_STACK_OK == GetPstatCm(&cm), ERROR); if (OC_STACK_OK != GetAclRownerId(&resRowneruuid)) @@ -1347,6 +1364,7 @@ OCStackResult CheckSVRDBValidity(void) if(!GetPstatIsop() || (cm & TAKE_OWNER)) { + OIC_LOG_V(ERROR, TAG, "%s - isop or cm properties are incorrect!", __func__); res = OC_STACK_ERROR; goto exit; } @@ -1372,8 +1390,9 @@ OCStackResult CheckSVRDBValidity(void) goto exit; } - if (OC_STACK_OK != CheckSecurityACEPermision(PERMISSION_READ)) + if (OC_STACK_OK != CheckSecurityACEPermission(PERMISSION_READ)) { + OIC_LOG_V(ERROR, TAG, "%s - ACE permission doesn't match to READ", __func__); res = OC_STACK_ERROR; goto exit; } @@ -1414,8 +1433,9 @@ OCStackResult CheckSVRDBValidity(void) goto exit; } - if (OC_STACK_OK != CheckSecurityACEPermision(PERMISSION_READ | PERMISSION_WRITE)) + if (OC_STACK_OK != CheckSecurityACEPermission(PERMISSION_READ | PERMISSION_WRITE)) { + OIC_LOG_V(ERROR, TAG, "%s - ACE permission doesn't match to READ|WRITE", __func__); res = OC_STACK_ERROR; goto exit; } @@ -1434,22 +1454,18 @@ OCStackResult CheckSVRDBValidity(void) } else { - SetPSStatus(PS_PARSE_FAIL); - res = DestroySecureResources(); - if(OC_STACK_OK == res) - { - res = InitSecureResources(); - if(OC_STACK_OK != res) - { - res = OC_STACK_INCONSISTENT_DB; - } - } - else - { - res = OC_STACK_INCONSISTENT_DB; - } + res = OC_STACK_INCONSISTENT_DB; } } + + if(OC_STACK_OK == res) + { + SetSVRDBValidStatus(SVRDB_VALID); + } + else + { + SetSVRDBValidStatus(SVRDB_NOT_VALID); + } OIC_LOG_V(DEBUG, TAG, "Out %s", __func__); return res; @@ -1497,4 +1513,4 @@ bool isResetPFExist(void) OIC_LOG_V(DEBUG, TAG, "Out %s", __func__); return ret; -} \ No newline at end of file +} diff --git a/resource/csdk/stack/src/ocstack.c b/resource/csdk/stack/src/ocstack.c index e1ffc3df2..57c14d9fa 100644 --- a/resource/csdk/stack/src/ocstack.c +++ b/resource/csdk/stack/src/ocstack.c @@ -4674,8 +4674,6 @@ OCStackResult initResources() OIC_LOG_V(ERROR, TAG,"%s - SVR DB is not valid!",__func__); } - result = validRes; - if(result == OC_STACK_OK) { CreateResetProfile();