From: Jinkun Jang Date: Fri, 15 Mar 2013 16:17:58 +0000 (+0900) Subject: merge with master X-Git-Tag: 2.1b_release~6 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=37a0aed5cebf4e0d1a7751f21928cd20c4315741;p=framework%2Fsecurity%2Fsecurity-server.git merge with master --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 402ac47..740aa89 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -41,102 +41,22 @@ SET(CMAKE_CXX_FLAGS_RELEASE "-O2 -std=c++0x -g") SET(CMAKE_C_FLAGS_CCOV "-O2 -g --coverage") SET(CMAKE_CXX_FLAGS_CCOV "-O2 -std=c++0x -g --coverage") -#SET(SMACK_ENABLE ON) - -OPTION(DPL_LOG "DPL logs status" ON) -IF(DPL_LOG) - MESSAGE(STATUS "Logging enabled for DPL") - ADD_DEFINITIONS("-DDPL_LOGS_ENABLED") -ELSE(DPL_LOG) - MESSAGE(STATUS "Logging disabled for DPL") -ENDIF(DPL_LOG) - # If supported for the target machine, emit position-independent code,suitable # for dynamic linking and avoiding any limit on the size of the global offset # table. This option makes a difference on the m68k, PowerPC and SPARC. # (BJ: our ARM too?) ADD_DEFINITIONS("-fPIC") -# Set the default ELF image symbol visibility to hidden - all symbols will be -# marked with this unless overridden within the code. -#ADD_DEFINITIONS("-fvisibility=hidden") # Set compiler warning flags -#ADD_DEFINITIONS("-Werror") # Make all warnings into errors. ADD_DEFINITIONS("-Wall") # Generate all warnings ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings -ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM) -ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features -ADD_DEFINITIONS("-std=c++0x") # No warnings about deprecated features - -ADD_DEFINITIONS("-DSOCKET_CONNECTION") #defines sockets as used IPC -#ADD_DEFINITIONS("-DDBUS_CONNECTION") #defines DBus as used IPC STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}") ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"") -IF(SMACK_ENABLE) - ADD_DEFINITIONS("-DWRT_SMACK_ENABLED") -ENDIF(SMACK_ENABLE) - -############################# Targets names ################################### - -SET(TARGET_DAEMON "security-server") -SET(TARGET_ACE_DAO_RO_LIB "ace-dao-ro") -SET(TARGET_ACE_DAO_RW_LIB "ace-dao-rw") -SET(TARGET_ACE_LIB "ace") -SET(TARGET_ACE_CLIENT_LIB "ace-client") -SET(TARGET_ACE_SETTINGS_LIB "ace-settings") -SET(TARGET_ACE_INSTALL_LIB "ace-install") -SET(TARGET_ACE_POPUP_VALIDATION_LIB "ace-popup-validation") -SET(TARGET_COMMUNICATION_CLIENT_LIB "communication-client") -SET(TARGET_WRT_OCSP_LIB "wrt-ocsp") -SET(TARGET_SEC_SRV_LIB "sec-srv") -SET(security-server-client "security-server-client") - -############################# Communicatin Client ############################# - -SET(COMMUNICATION_CLIENT_DIR - ${PROJECT_SOURCE_DIR}/communication_client - ) +SET(TARGET_SECURITY_SERVER "security-server") +SET(TARGET_SECURITY_CLIENT "security-server-client") -SET(COMMUNICATION_CLIENT_SRC_DIR - ${COMMUNICATION_CLIENT_DIR}/src - ) - -SET(COMMUNICATION_CLIENT_INCLUDE_DIR - ${COMMUNICATION_CLIENT_DIR}/include - ) - -SET(COMMUNICATION_CLIENT_SOURCES - ${COMMUNICATION_CLIENT_SRC_DIR}/SecurityCommunicationClient.cpp - ${PROJECT_SOURCE_DIR}/socket_connection/client/SecuritySocketClient.cpp - ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp - ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp - ) - -SET(COMMUNICATION_CLIENT_INCLUDES - ${COMMUNICATION_CLIENT_DEPS_INCLUDE_DIRS} - ${COMMUNICATION_CLIENT_INCLUDE_DIR} - ${PROJECT_SOURCE_DIR}/src/daemon/sockets - ${PROJECT_SOURCE_DIR}/src/daemon/dbus - ${PROJECT_SOURCE_DIR}/src/daemon/socket - ${PROJECT_SOURCE_DIR}/src/daemon/socket/api - ${PROJECT_SOURCE_DIR}/socket_connection/client - ${PROJECT_SOURCE_DIR}/socket_connection/connection - ) - -############################# subdirectories ################################## - -ADD_SUBDIRECTORY(ace) -ADD_SUBDIRECTORY(ace_client) -ADD_SUBDIRECTORY(ace_common) -ADD_SUBDIRECTORY(ace_install) -ADD_SUBDIRECTORY(ace_settings) -ADD_SUBDIRECTORY(ace_popup_validation) -ADD_SUBDIRECTORY(communication_client) -ADD_SUBDIRECTORY(wrt_ocsp) ADD_SUBDIRECTORY(src) ADD_SUBDIRECTORY(build) -ADD_SUBDIRECTORY(etc) - diff --git a/LICENSE.APLv2.0 b/LICENSE similarity index 98% rename from LICENSE.APLv2.0 rename to LICENSE index 467a417..247c97d 100644 --- a/LICENSE.APLv2.0 +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2010 - 2013 Samsung Electronics Co., Ltd. All rights reserved. +Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved. Apache License Version 2.0, January 2004 @@ -188,7 +188,7 @@ Copyright (c) 2010 - 2013 Samsung Electronics Co., Ltd. All rights reserved. same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright (c) 2013 Samsung Electronics Co., Ltd. All rights reserved. + Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/NOTICE b/NOTICE index 5719d03..ccdad52 100755 --- a/NOTICE +++ b/NOTICE @@ -1,3 +1,3 @@ -Copyright (c) 2010 - 2013 Samsung Electronics Co., Ltd. All rights reserved. +Copyright (c) Samsung Electronics Co., Ltd. All rights reserved. Except as noted, this software is licensed under Apache License, Version 2. -Please, see the LICENSE.APLv2.0 file for Apache License, Version 2 terms and conditions. +Please, see the LICENSE file for Apache License terms and conditions. diff --git a/ace/CMakeLists.txt b/ace/CMakeLists.txt deleted file mode 100644 index 4fbfcdf..0000000 --- a/ace/CMakeLists.txt +++ /dev/null @@ -1,140 +0,0 @@ -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -###################################################################### - -#DB vcore -PKG_CHECK_MODULES(ACE_DB_DEP - dpl-efl - REQUIRED) - -#DB ace -ADD_CUSTOM_COMMAND( - OUTPUT ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h - COMMAND ${CMAKE_SOURCE_DIR}/ace/orm/gen_db_md5.sh - ARGS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h - ${CMAKE_SOURCE_DIR}/ace/orm/ace_db - DEPENDS ${CMAKE_SOURCE_DIR}/ace/orm/ace_db - ${CMAKE_SOURCE_DIR}/ace/orm/gen_db_md5.sh - COMMENT "Generating ACE database checksum" - ) - -STRING(REPLACE ";" ":" DEPENDENCIES "${ACE_DB_DEP_INCLUDE_DIRS}") - -ADD_CUSTOM_COMMAND( OUTPUT .ace.db - COMMAND rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db - COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h -I${PROJECT_SOURCE_DIR}/ace/orm -E ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h | grep --invert-match "^#" > ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql - COMMAND sqlite3 ${CMAKE_CURRENT_BINARY_DIR}/.ace.db ".read ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql" || rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db - DEPENDS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db - ) - -ADD_CUSTOM_COMMAND( OUTPUT .ace.db-journal - COMMAND touch - ARGS ${CMAKE_CURRENT_BINARY_DIR}/.ace.db-journal - ) - -ADD_CUSTOM_TARGET(Sqlite3DbACE ALL DEPENDS .ace.db .ace.db-journal) - -INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql - DESTINATION share/wrt-engine/ - ) - -########################################################### - -INCLUDE(FindPkgConfig) - -SET(ACE_TEST_PATH "/usr/apps/org.tizen.policy") - -INSTALL(FILES - ${CMAKE_CURRENT_SOURCE_DIR}/configuration/bondixml.xsd - ${CMAKE_CURRENT_SOURCE_DIR}/configuration/UnrestrictedPolicy.xml - ${CMAKE_CURRENT_SOURCE_DIR}/configuration/WAC2.0Policy.xml - ${CMAKE_CURRENT_SOURCE_DIR}/configuration/TizenPolicy.xml - DESTINATION /usr/etc/ace - PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE) - -SET(ACE_LIB_DEPS_BASIC - dpl-efl - dpl-db-efl - dpl-event-efl - ecore - appcore-efl - openssl - sqlite3 - dlog - vconf - db-util - libpcrecpp - icu-uc - libxml-2.0 - ) - -IF(SMACK_ENABLED) - LIST(APPEND ACE_LIB_DEPS_BASIC libprivilege-control) -ENDIF(SMACK_ENABLED) - -PKG_CHECK_MODULES(ACE_LIB_DEPS ${ACE_LIB_DEPS_BASIC} REQUIRED) - -SET(WRT_ACE_DIR ${PROJECT_SOURCE_DIR}/ace) - -SET(ACE_SOURCES - ${WRT_ACE_DIR}/engine/PolicyEvaluator.cpp - ${WRT_ACE_DIR}/engine/PolicyInformationPoint.cpp - ${WRT_ACE_DIR}/engine/CombinerImpl.cpp - ${WRT_ACE_DIR}/engine/parser.cpp - ${WRT_ACE_DIR}/engine/PolicyEnforcementPoint.cpp - ${WRT_ACE_DIR}/engine/SettingsLogic.cpp - ${WRT_ACE_DIR}/engine/Attribute.cpp - ${WRT_ACE_DIR}/engine/Condition.cpp - ${WRT_ACE_DIR}/engine/Policy.cpp - ${WRT_ACE_DIR}/engine/Rule.cpp - ${WRT_ACE_DIR}/engine/Subject.cpp - ${WRT_ACE_DIR}/engine/TreeNode.cpp - ${WRT_ACE_DIR}/engine/ConfigurationManager.cpp -) - -INCLUDE_DIRECTORIES(${ACE_LIB_DEPS_INCLUDE_DIRS}) -INCLUDE_DIRECTORIES(${WRT_ACE_DIR}/include) - -SET(WITH_ACE_SETTINGS_SERVER_SOURCES - ${WITH_ACE_SETTINGS_SERVER_NONE_SOURCES} - ) - -ADD_LIBRARY(${TARGET_ACE_LIB} SHARED - ${ACE_SOURCES} - ${WITH_ACE_SETTINGS_SERVER_SOURCES} -) - -SET_TARGET_PROPERTIES(${TARGET_ACE_LIB} PROPERTIES - SOVERSION ${API_VERSION} - VERSION ${VERSION}) - -SET_TARGET_PROPERTIES(${TARGET_ACE_LIB} PROPERTIES - COMPILE_FLAGS -fPIC) - -TARGET_LINK_LIBRARIES(${TARGET_ACE_LIB} - ${TARGET_ACE_DAO_RW_LIB} - ${ACE_LIB_DEPS_LIBRARIES} -) - -INSTALL(TARGETS ${TARGET_ACE_LIB} - DESTINATION lib) - -INSTALL(FILES - include/ace/WRT_INTERFACE.h - DESTINATION - include/ace - ) - -add_subdirectory(dao) diff --git a/ace/DESCRIPTION b/ace/DESCRIPTION deleted file mode 100644 index aac5ef6..0000000 --- a/ace/DESCRIPTION +++ /dev/null @@ -1,2 +0,0 @@ -!!!options!!! stop -ACE - Access Control Engine - security module for Device APIs diff --git a/ace/configuration/TizenPolicy.xml b/ace/configuration/TizenPolicy.xml deleted file mode 100644 index 1f21ab3..0000000 --- a/ace/configuration/TizenPolicy.xml +++ /dev/null @@ -1,547 +0,0 @@ - - - - - - - sha-1 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - sha-1 AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/ace/configuration/UnrestrictedPolicy.xml b/ace/configuration/UnrestrictedPolicy.xml deleted file mode 100644 index 558f2dc..0000000 --- a/ace/configuration/UnrestrictedPolicy.xml +++ /dev/null @@ -1,5 +0,0 @@ - - - - - diff --git a/ace/configuration/WAC2.0Policy.xml b/ace/configuration/WAC2.0Policy.xml deleted file mode 100644 index 1a6e0ed..0000000 --- a/ace/configuration/WAC2.0Policy.xml +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - sha-1 4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38 - - - - - - sha-1 A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2 - - - - - - sha-1 A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1 - - - - - - sha-1 8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - wgt-private - wgt-private-tmp - wgt-package - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/ace/configuration/bondixml.xsd b/ace/configuration/bondixml.xsd deleted file mode 100644 index d16a14d..0000000 --- a/ace/configuration/bondixml.xsd +++ /dev/null @@ -1,184 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/ace/dao/AceDAO.cpp b/ace/dao/AceDAO.cpp deleted file mode 100644 index 4d4ce06..0000000 --- a/ace/dao/AceDAO.cpp +++ /dev/null @@ -1,461 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file AceDAO.cpp - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 0.1 - * @brief - */ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace DPL::DB::ORM; -using namespace DPL::DB::ORM::ace; -using namespace AceDB::AceDaoUtilities; -using namespace AceDB::AceDaoConversions; - -namespace { -char const * const EMPTY_SESSION = ""; -} // namespace - -namespace AceDB{ - -void AceDAO::setPromptDecision( - WidgetHandle widgetHandle, - int ruleId, - const DPL::OptionalString &session, - PromptDecision decision) -{ - Try { - ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); - - ACE_DB_DELETE(del, AcePromptDecision, &AceDaoUtilities::m_databaseInterface); - del->Where( - And( - Equals(widgetHandle), - Equals(ruleId))); - del->Execute(); - - AcePromptDecision::Row row; - row.Set_rule_id(ruleId); - row.Set_decision(promptDecisionToInt(decision)); - row.Set_app_id(widgetHandle); - row.Set_session(session); - ACE_DB_INSERT(insert, AcePromptDecision, &AceDaoUtilities::m_databaseInterface); - insert->Values(row); - insert->Execute(); - - transaction.Commit(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to setUserSetting"); - } -} - -void AceDAO::removePolicyResult( - const BaseAttributeSet &attributes) -{ - Try { - ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); - - auto attrHash = convertToHash(attributes); - - ACE_DB_DELETE(del, - AcePolicyResult, - &AceDaoUtilities::m_databaseInterface); - del->Where(Equals(attrHash)); - del->Execute(); - transaction.Commit(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to removeVerdict"); - } -} - -void AceDAO::clearAllSettings(void) -{ - clearWidgetDevCapSettings(); - clearDevCapSettings(); -} - -void AceDAO::setDevCapSetting(const std::string &resource, - PreferenceTypes preference) -{ - Try { - ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface); - AceDevCap::Row row; - row.Set_general_setting(preferenceToInt(preference)); - update->Values(row); - update->Where( - Equals(DPL::FromUTF8String(resource))); - update->Execute(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to SetResourceSetting"); - } -} - -void AceDAO::removeDevCapSetting(const std::string &resource) -{ - Try { - ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface); - AceDevCap::Row row; - row.Set_general_setting(preferenceToInt(PreferenceTypes::PREFERENCE_DEFAULT)); - update->Values(row); - update->Where( - Equals(DPL::FromUTF8String(resource))); - update->Execute(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to removeResourceSetting"); - } -} - - -void AceDAO::setWidgetDevCapSetting(const std::string &resource, - WidgetHandle handler, - PreferenceTypes preference) -{ - Try { - ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); - // TODO JOIN - AceDevCap::Row rrow; - if (!getResourceByUri(resource, rrow)) { - ThrowMsg(Exception::DatabaseError, "Resource not found"); - } - - ACE_DB_INSERT(insert, - AceWidgetDevCapSetting, - &AceDaoUtilities::m_databaseInterface); - - AceWidgetDevCapSetting::Row row; - row.Set_app_id(handler); - int rid = rrow.Get_resource_id(); - row.Set_resource_id(rid); - row.Set_access_value(preferenceToInt(preference)); - insert->Values(row); - insert->Execute(); - - transaction.Commit(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to setUserSetting"); - } -} - -void AceDAO::removeWidgetDevCapSetting(const std::string &resource, - WidgetHandle handler) -{ - Try { - ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); - AceDevCap::Row rrow; - if (!getResourceByUri(resource, rrow)) { - ThrowMsg(Exception::DatabaseError, "resource not found"); - } - - ACE_DB_DELETE(del, - AceWidgetDevCapSetting, - &AceDaoUtilities::m_databaseInterface); - - Equals e1(handler); - Equals e2(rrow.Get_resource_id()); - del->Where(And(e1, e2)); - del->Execute(); - transaction.Commit(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings"); - } -} - - -void AceDAO::setPolicyResult(const BaseAttributeSet &attributes, - const ExtendedPolicyResult &exResult) -{ - Try { - ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); - - // TODO: this call is connected with logic. - // It should be moved to PolicyEvaluator - addAttributes(attributes); - - auto attrHash = convertToHash(attributes); - - ACE_DB_DELETE(del, AcePolicyResult, &AceDaoUtilities::m_databaseInterface) - del->Where(Equals(attrHash)); - del->Execute(); - - ACE_DB_INSERT(insert, AcePolicyResult, &AceDaoUtilities::m_databaseInterface); - AcePolicyResult::Row row; - row.Set_decision(PolicyResult::serialize(exResult.policyResult)); - row.Set_hash(attrHash); - row.Set_rule_id(exResult.ruleId); - insert->Values(row); - insert->Execute(); - - transaction.Commit(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to addVerdict"); - } -} - -void AceDAO::resetDatabase(void) -{ - Try { - ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); - ACE_DB_DELETE(del1, AcePolicyResult, &AceDaoUtilities::m_databaseInterface); - del1->Execute(); - ACE_DB_DELETE(del2, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface); - del2->Execute(); - ACE_DB_DELETE(del3, AceDevCap, &AceDaoUtilities::m_databaseInterface); - del3->Execute(); - ACE_DB_DELETE(del4, AceSubject, &AceDaoUtilities::m_databaseInterface); - del4->Execute(); - ACE_DB_DELETE(del5, AceAttribute, &AceDaoUtilities::m_databaseInterface); - del5->Execute(); - ACE_DB_DELETE(del6, AcePromptDecision, &AceDaoUtilities::m_databaseInterface); - del6->Execute(); - - transaction.Commit(); - - // TODO there is no such query yet in ORM. - // GlobalConnection::DataCommandAutoPtr command = - // GlobalConnectionSingleton::Instance().PrepareDataCommand( - // "VACUUM"); - // command->Step(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to resetDatabase"); - } -} - -void AceDAO::clearPolicyCache(void) -{ - Try { - ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); - ACE_DB_DELETE(del1, AcePolicyResult, &AceDaoUtilities::m_databaseInterface); - del1->Execute(); - ACE_DB_DELETE(del2, AceAttribute, &AceDaoUtilities::m_databaseInterface); - del2->Execute(); - ACE_DB_DELETE(del3, AcePromptDecision, &AceDaoUtilities::m_databaseInterface); - del3->Execute(); - - transaction.Commit(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to clearPolicyCache"); - } -} - -void AceDAO::clearDevCapSettings() -{ - Try { - ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface); - AceDevCap::Row row; - row.Set_general_setting(-1); - update->Values(row); - update->Execute(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to clearResourceSettings"); - } -} - -void AceDAO::clearWidgetDevCapSettings() -{ - Try { - ACE_DB_DELETE(del, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface); - del->Execute(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings"); - } -} - -int AceDAO::addResource(const std::string &request) -{ - LogDebug("addResource: " << request); - Try { - ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); - AceDevCap::Row rrow; - if (getResourceByUri(request, rrow)) { - transaction.Commit(); - return rrow.Get_resource_id(); - } - - ACE_DB_INSERT(insert, AceDevCap, &AceDaoUtilities::m_databaseInterface); - AceDevCap::Row row; - row.Set_id_uri(DPL::FromUTF8String(request)); - row.Set_general_setting(-1); - insert->Values(row); - int id = insert->Execute(); - transaction.Commit(); - return id; - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed in addResource"); - } -} - -void AceDAO::addAttributes(const BaseAttributeSet &attributes) -{ - Try { - BaseAttributeSet::const_iterator iter; - - for (iter = attributes.begin(); iter != attributes.end(); ++iter) { - ACE_DB_SELECT(select, AceAttribute, &AceDaoUtilities::m_databaseInterface); - select->Where(Equals(DPL::FromUTF8String( - *(*iter)->getName()))); - std::list rows = select->GetRowList(); - if (!rows.empty()) { - continue; - } - - ACE_DB_INSERT(insert, AceAttribute, &AceDaoUtilities::m_databaseInterface); - AceAttribute::Row row; - row.Set_name(DPL::FromUTF8String(*(*iter)->getName())); - row.Set_type(attributeTypeToInt((*iter)->getType())); - insert->Values(row); - insert->Execute(); - } - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed in addAttributes"); - } -} - -void AceDAO::setRequestedDevCaps( - WidgetHandle widgetHandle, - const RequestedDevCapsMap &permissions) -{ - Try { - FOREACH(it, permissions) { - ACE_DB_INSERT(insert, AceRequestedDevCaps, - &AceDaoUtilities::m_databaseInterface); - AceRequestedDevCaps::Row row; - row.Set_app_id(widgetHandle); - row.Set_dev_cap(it->first); - row.Set_grant_smack(it->second ? 1 : 0); - insert->Values(row); - insert->Execute(); - } - } Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed in setStaticDevCapPermissions"); - } -} - -void AceDAO::setAcceptedFeature( - WidgetHandle widgetHandle, - const FeatureNameVector &vector) -{ - Try { - ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); - FOREACH(it, vector) { - ACE_DB_INSERT(insert, AceAcceptedFeature, - &AceDaoUtilities::m_databaseInterface); - AceAcceptedFeature::Row row; - row.Set_app_id(widgetHandle); - row.Set_feature(*it); - insert->Values(row); - insert->Execute(); - } - transaction.Commit(); - } Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed in setAcceptedFeature"); - } -} - -void AceDAO::removeAcceptedFeature( - WidgetHandle widgetHandle) -{ - Try - { - ACE_DB_DELETE(del, AceAcceptedFeature, - &AceDaoUtilities::m_databaseInterface); - del->Where(Equals(widgetHandle)); - del->Execute(); - } Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed in removeAcceptedFeature"); - } -} - -void AceDAO::registerWidgetInfo(WidgetHandle handle, - const WidgetRegisterInfo& info, - const WidgetCertificateDataList& dataList) -{ - Try - { - ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); - - ACE_DB_INSERT(insert, WidgetInfo, &AceDaoUtilities::m_databaseInterface); - WidgetInfo::Row wi; - wi.Set_app_id(handle); - wi.Set_widget_type(static_cast(info.type)); - wi.Set_widget_id(info.widget_id); - wi.Set_widget_version(info.version); - wi.Set_author_name(info.authorName); - wi.Set_share_href(info.shareHref); - insert->Values(wi); - insert->Execute(); - - WidgetCertificateDataList::const_iterator it; - for (it = dataList.begin(); it != dataList.end(); ++it) - { - WidgetCertificateFingerprint::Row wcf; - wcf.Set_app_id(handle); - wcf.Set_owner(it->owner); - wcf.Set_chainid(it->chainId); - wcf.Set_type(it->type); - wcf.Set_md5_fingerprint(DPL::FromUTF8String(it->strMD5Fingerprint)); - wcf.Set_sha1_fingerprint(DPL::FromUTF8String(it->strSHA1Fingerprint)); - wcf.Set_common_name(it->strCommonName); - ACE_DB_INSERT(insert, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface); - insert->Values(wcf); - insert->Execute(); - } - transaction.Commit(); - } Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed in registerWidgetInfo"); - } -} - -void AceDAO::unregisterWidgetInfo(WidgetHandle handle) -{ - if(AceDAO::isWidgetInstalled(handle)) { - Try - { - ACE_DB_DELETE(del, WidgetInfo, &AceDaoUtilities::m_databaseInterface); - del->Where(Equals(handle)); - del->Execute(); - } Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed in unregisterWidgetInfo"); - } - } -} - -} diff --git a/ace/dao/AceDAOConversions.cpp b/ace/dao/AceDAOConversions.cpp deleted file mode 100644 index 61e5a86..0000000 --- a/ace/dao/AceDAOConversions.cpp +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file AceDaoConversions.h - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#include -#include - -#include - -namespace AceDB { - -DPL::String AceDaoConversions::convertToHash(const BaseAttributeSet &attributes) -{ - unsigned char attrHash[MD5_DIGEST_LENGTH]; - std::string attrString; - FOREACH(it, attributes) { - // [CR] implementation of it->toString() is not secure, 24.03.2010 - attrString.append((*it)->toString()); - } - - MD5((unsigned char *) attrString.c_str(), attrString.length(), attrHash); - - char attrHashCoded[MD5_DIGEST_LENGTH*2 + 1]; - for (int i = 0; i < MD5_DIGEST_LENGTH; ++i) { - sprintf(&attrHashCoded[i << 1], - "%02X", - static_cast(attrHash[i])); - } - return DPL::FromASCIIString(attrHashCoded); -} - - -} diff --git a/ace/dao/AceDAOReadOnly.cpp b/ace/dao/AceDAOReadOnly.cpp deleted file mode 100644 index 48e2c2b..0000000 --- a/ace/dao/AceDAOReadOnly.cpp +++ /dev/null @@ -1,570 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file AceDAOReadOnlyReadOnly.cpp - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#include -#include - -#include -#include -#include -#include -#include - -using namespace DPL::DB::ORM; -using namespace DPL::DB::ORM::ace; -using namespace AceDB::AceDaoUtilities; -using namespace AceDB::AceDaoConversions; - -namespace AceDB { - -static const int DB_ALLOW_ALWAYS = 0; -static const int DB_ALLOW_FOR_SESSION = 1; -static const int DB_ALLOW_THIS_TIME = 2; -static const int DB_DENY_ALWAYS = 3; -static const int DB_DENY_FOR_SESSION = 4; -static const int DB_DENY_THIS_TIME = 5; - -static const int DB_APP_UNKNOWN = 0; -static const int DB_APP_WAC20 = 1; -static const int DB_APP_TIZEN = 2; - -int AceDAOReadOnly::promptDecisionToInt(PromptDecision decision) -{ - if (PromptDecision::ALLOW_ALWAYS == decision) { - return DB_ALLOW_ALWAYS; - } else if (PromptDecision::DENY_ALWAYS == decision) { - return DB_DENY_ALWAYS; - } else if (PromptDecision::ALLOW_THIS_TIME == decision) { - return DB_ALLOW_THIS_TIME; - } else if (PromptDecision::DENY_THIS_TIME == decision) { - return DB_DENY_THIS_TIME; - } else if (PromptDecision::ALLOW_FOR_SESSION == decision) { - return DB_ALLOW_FOR_SESSION; - } - // DENY_FOR_SESSION - return DB_DENY_FOR_SESSION; -} - -PromptDecision AceDAOReadOnly::intToPromptDecision(int dec) { - if (dec == DB_ALLOW_ALWAYS) { - return PromptDecision::ALLOW_ALWAYS; - } else if (dec == DB_DENY_ALWAYS) { - return PromptDecision::DENY_ALWAYS; - } else if (dec == DB_ALLOW_THIS_TIME) { - return PromptDecision::ALLOW_THIS_TIME; - } else if (dec == DB_DENY_THIS_TIME) { - return PromptDecision::DENY_THIS_TIME; - } else if (dec == DB_ALLOW_FOR_SESSION) { - return PromptDecision::ALLOW_FOR_SESSION; - } - // DB_DENY_FOR_SESSION - return PromptDecision::DENY_FOR_SESSION; -} - -int AceDAOReadOnly::appTypeToInt(AppTypes app_type) -{ - switch (app_type) { - case AppTypes::Unknown: - return DB_APP_UNKNOWN; - case AppTypes::WAC20: - return DB_APP_WAC20; - case AppTypes::Tizen: - return DB_APP_TIZEN; - default: - return DB_APP_UNKNOWN; - } - -} - -AppTypes AceDAOReadOnly::intToAppType(int app_type) -{ - switch (app_type) { - case DB_APP_UNKNOWN: - return AppTypes::Unknown; - case DB_APP_WAC20: - return AppTypes::WAC20; - case DB_APP_TIZEN: - return AppTypes::Tizen; - default: - return AppTypes::Unknown; - } -} - -void AceDAOReadOnly::attachToThreadRO() -{ - AceDaoUtilities::m_databaseInterface.AttachToThread( - DPL::DB::SqlConnection::Flag::RO); -} - -void AceDAOReadOnly::attachToThreadRW() -{ - AceDaoUtilities::m_databaseInterface.AttachToThread( - DPL::DB::SqlConnection::Flag::RW); -} - -void AceDAOReadOnly::detachFromThread() -{ - AceDaoUtilities::m_databaseInterface.DetachFromThread(); -} - -OptionalCachedPromptDecision AceDAOReadOnly::getPromptDecision( - WidgetHandle widgetHandle, - int ruleId) -{ - Try { - // get matching subject verdict - ACE_DB_SELECT(select, AcePromptDecision, &AceDaoUtilities::m_databaseInterface); - - select->Where( - And( - Equals(ruleId), - Equals(widgetHandle))); - - std::list rows = select->GetRowList(); - if (rows.empty()) { - return OptionalCachedPromptDecision(); - } - - AcePromptDecision::Row row = rows.front(); - CachedPromptDecision decision; - decision.decision = intToPromptDecision(row.Get_decision()); - decision.session = row.Get_session(); - - return OptionalCachedPromptDecision(decision); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getPromptDecision"); - } -} - -void AceDAOReadOnly::getAttributes(BaseAttributeSet *attributes) -{ - if (NULL == attributes) { - LogError("NULL pointer"); - return; - } - attributes->clear(); - std::string aname; - int type; - Try { - ACE_DB_SELECT(select, AceAttribute, &AceDaoUtilities::m_databaseInterface); - typedef std::list RowList; - RowList list = select->GetRowList(); - - FOREACH(i, list) { - BaseAttributePtr attribute(new BaseAttribute()); - DPL::String name = i->Get_name(); - aname = DPL::ToUTF8String(name); - type = i->Get_type(); - - attribute->setName(&aname); - attribute->setType(intToAttributeType(type)); - attributes->insert(attribute); - } - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getAttributes"); - } -} - -OptionalExtendedPolicyResult AceDAOReadOnly::getPolicyResult( - const BaseAttributeSet &attributes) -{ - - auto attrHash = convertToHash(attributes); - return getPolicyResult(attrHash); -} - -OptionalExtendedPolicyResult AceDAOReadOnly::getPolicyResult( - const DPL::String &attrHash) -{ - Try { - // get matching subject verdict - ACE_DB_SELECT(select, AcePolicyResult, &AceDaoUtilities::m_databaseInterface); - Equals e1(attrHash); - select->Where(e1); - - std::list rows = select->GetRowList(); - if (rows.empty()) { - return OptionalExtendedPolicyResult(); - } - - AcePolicyResult::Row row = rows.front(); - int decision = row.Get_decision(); - ExtendedPolicyResult res; - res.policyResult = PolicyResult::deserialize(decision); - res.ruleId = row.Get_rule_id(); - return OptionalExtendedPolicyResult(res); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getVerdict"); - } -} - -PreferenceTypes AceDAOReadOnly::getDevCapSetting(const std::string &resource) -{ - Try { - AceDevCap::Row row; - if (!getResourceByUri(resource, row)) { - return PreferenceTypes::PREFERENCE_DEFAULT; - } - return intToPreference(row.Get_general_setting()); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getResourceSetting"); - } -} - -void AceDAOReadOnly::getDevCapSettings(PreferenceTypesMap *globalSettingsMap) -{ - if (NULL == globalSettingsMap) { - LogError("Null pointer"); - return; - } - globalSettingsMap->clear(); - Try { - ACE_DB_SELECT(select, AceDevCap, &AceDaoUtilities::m_databaseInterface); - typedef std::list RowList; - RowList list = select->GetRowList(); - - FOREACH(i, list) { - PreferenceTypes p = intToPreference(i->Get_general_setting()); - globalSettingsMap->insert(make_pair(DPL::ToUTF8String( - i->Get_id_uri()), p)); - } - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getResourceSettings"); - } -} - -void AceDAOReadOnly::getWidgetDevCapSettings(BasePermissionList *outputList) -{ - if (NULL == outputList) { - LogError("NULL pointer"); - return; - } - outputList->clear(); - Try { - std::string resourceName; - PreferenceTypes allowAccess; - - ACE_DB_SELECT(select, - AceWidgetDevCapSetting, - &AceDaoUtilities::m_databaseInterface); - - typedef std::list RowList; - RowList list = select->GetRowList(); - - // TODO JOIN - FOREACH(i, list) { - int app_id = i->Get_app_id(); - int res_id = i->Get_resource_id(); - - ACE_DB_SELECT(resourceSelect, AceDevCap, &AceDaoUtilities::m_databaseInterface); - resourceSelect->Where(Equals(res_id)); - AceDevCap::Row rrow = resourceSelect->GetSingleRow(); - - resourceName = DPL::ToUTF8String(rrow.Get_id_uri()); - - if (!resourceName.empty()) { - allowAccess = intToPreference(i->Get_access_value()); - outputList->push_back( - BasePermission(app_id, - resourceName, - allowAccess)); - } - } - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to findUserSettings"); - } -} - -PreferenceTypes AceDAOReadOnly::getWidgetDevCapSetting( - const std::string &resource, - WidgetHandle handler) -{ - Try { - AceDevCap::Row rrow; - if (!getResourceByUri(resource, rrow)) { - return PreferenceTypes::PREFERENCE_DEFAULT; - } - int resourceId = rrow.Get_resource_id(); - - // get matching user setting - ACE_DB_SELECT(select, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface); - - select->Where(And(Equals(resourceId), - Equals(handler))); - - std::list values = - select->GetValueList(); - if (values.empty()) { - return PreferenceTypes::PREFERENCE_DEFAULT; - } - return intToPreference(values.front()); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed in getUserSetting"); - } -} - -void AceDAOReadOnly::getRequestedDevCaps( - WidgetHandle widgetHandle, - RequestedDevCapsMap *permissions) -{ - if (NULL == permissions) { - LogError("NULL pointer"); - return; - } - permissions->clear(); - Try { - ACE_DB_SELECT(select, AceRequestedDevCaps, - &AceDaoUtilities::m_databaseInterface); - select->Where( - Equals(widgetHandle)); - std::list list = select->GetRowList(); - - FOREACH(i, list) { - permissions->insert(std::make_pair(i->Get_dev_cap(), - i->Get_grant_smack() == 1)); - } - } Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getRequestedDevCaps"); - } -} - -void AceDAOReadOnly::getAcceptedFeature( - WidgetHandle widgetHandle, - FeatureNameVector *fvector) -{ - if (NULL == fvector) { - LogError("NULL pointer"); - return; - } - - fvector->clear(); - Try { - ACE_DB_SELECT(select, AceAcceptedFeature, - &AceDaoUtilities::m_databaseInterface); - select->Where( - Equals(widgetHandle)); - std::list list = select->GetRowList(); - - FOREACH(i, list) { - fvector->push_back(i->Get_feature()); - } - } Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getRequestedDevCaps"); - } -} - -AppTypes AceDAOReadOnly::getWidgetType(WidgetHandle handle) -{ - Try { - ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); - select->Where(Equals(handle)); - WidgetInfo::Select::RowList rows = select->GetRowList(); - DPL::OptionalInt res; - if (!rows.empty()) { - res = rows.front().Get_widget_type(); - AppTypes retType = (res.IsNull() ? AppTypes::Unknown : static_cast(*res)); - return retType; - } else { - LogDebug("Can not find widget type"); - return AppTypes::Unknown; - } - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getWidgetType"); - } -} - -std::string AceDAOReadOnly::getVersion(WidgetHandle widgetHandle) -{ - Try - { - ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); - select->Where(Equals(widgetHandle)); - WidgetInfo::Select::RowList rows = select->GetRowList(); - DPL::OptionalString res; - if(!rows.empty()) { - res = rows.front().Get_widget_version(); - return (res.IsNull() ? "" : DPL::ToUTF8String(*res)); - } else { - LogDebug("Widget not installed"); - return ""; - } - } Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getVersion"); - } -} - -std::string AceDAOReadOnly::getAuthorName(WidgetHandle widgetHandle) -{ - Try - { - ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); - select->Where(Equals(widgetHandle)); - WidgetInfo::Select::RowList rows = select->GetRowList(); - DPL::OptionalString res; - if(!rows.empty()) { - res = rows.front().Get_author_name(); - return (res.IsNull() ? "" : DPL::ToUTF8String(*res)); - } else { - LogDebug("Widget not installed"); - return ""; - } - } Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getAuthorName"); - } -} - -std::string AceDAOReadOnly::getGUID(WidgetHandle widgetHandle) -{ - Try - { - ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); - select->Where(Equals(widgetHandle)); - WidgetInfo::Select::RowList rows = select->GetRowList(); - DPL::OptionalString res; - if(!rows.empty()) { - res = rows.front().Get_widget_id(); - return (res.IsNull() ? "" : DPL::ToUTF8String(*res)); - } else { - LogDebug("Widget not installed"); - return ""; - } - } Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getGUID"); - } -} - -WidgetCertificateCNList AceDAOReadOnly::getKeyCommonNameList( - WidgetHandle widgetHandle, - WidgetCertificateData::Owner owner, - WidgetCertificateData::Type type) -{ - Try { - ACE_DB_SELECT(select, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface); - select->Where(And(And( - Equals(widgetHandle), - Equals(owner)), - Equals(type))); - WidgetCertificateFingerprint::Select::RowList rows = select->GetRowList(); - - WidgetCertificateCNList out; - FOREACH(it, rows) - { - DPL::Optional cn = it->Get_common_name(); - out.push_back(cn.IsNull() ? "" : DPL::ToUTF8String(*cn)); - } - return out; - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getKeyCommonNameList"); - } -} - -FingerPrintList AceDAOReadOnly::getKeyFingerprints( - WidgetHandle widgetHandle, - WidgetCertificateData::Owner owner, - WidgetCertificateData::Type type) -{ - Try - { - ACE_DB_SELECT(select, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface); - select->Where(And(And( - Equals(widgetHandle), - Equals(owner)), - Equals(type))); - WidgetCertificateFingerprint::Select::RowList rows = select->GetRowList(); - - FingerPrintList keys; - FOREACH(it, rows) - { - DPL::Optional sha1 = it->Get_sha1_fingerprint(); - if (!sha1.IsNull()) - keys.push_back(DPL::ToUTF8String(*sha1)); - DPL::Optional md5 = it->Get_md5_fingerprint(); - if (!md5.IsNull()) - keys.push_back(DPL::ToUTF8String(*md5)); - } - return keys; - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getKeyFingerprints"); - } -} - -std::string AceDAOReadOnly::getShareHref(WidgetHandle widgetHandle) -{ - Try - { - ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); - select->Where(Equals(widgetHandle)); - WidgetInfo::Select::RowList rows = select->GetRowList(); - - if(rows.empty()) - ThrowMsg(Exception::DatabaseError, "Cannot find widget. Handle: " << widgetHandle); - - DPL::Optional value = rows.front().Get_share_href(); - std::string ret = ""; - if(!value.IsNull()) - ret = DPL::ToUTF8String(*value); - return ret; - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to getShareHref"); - } -} - -WidgetHandleList AceDAOReadOnly::getHandleList() -{ - LogDebug("Getting DbWidgetHandle List"); - Try - { - ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); - return select->GetValueList(); - } - Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed to list of widget handles"); - } -} - -bool AceDAOReadOnly::isWidgetInstalled(WidgetHandle handle) -{ - Try { - ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); - select->Where(Equals(handle)); - WidgetInfo::Select::RowList rows = select->GetRowList(); - return !rows.empty() ? true : false; - } Catch(DPL::DB::SqlConnection::Exception::Base) { - ReThrowMsg(Exception::DatabaseError, "Failed in isWidgetInstalled"); - } -} - -} diff --git a/ace/dao/AceDAOUtilities.cpp b/ace/dao/AceDAOUtilities.cpp deleted file mode 100644 index 4d5292e..0000000 --- a/ace/dao/AceDAOUtilities.cpp +++ /dev/null @@ -1,193 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file AceDaoReadOnly.h - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#include -#include -#include - -#include -#include -#include - -namespace AceDB { - -namespace { -const char* ACE_DB_DATABASE = "/opt/dbspace/.ace.db"; -DPL::DB::SqlConnection::Flag::Type ACE_DB_FLAGS = - DPL::DB::SqlConnection::Flag::UseLucene; -} - -DPL::DB::ThreadDatabaseSupport AceDaoUtilities::m_databaseInterface( - ACE_DB_DATABASE, ACE_DB_FLAGS); - -BaseAttribute::Type AceDaoUtilities::intToAttributeType(int val) -{ - switch (val) { - case 0: - return BaseAttribute::Type::Subject; - case 1: - return BaseAttribute::Type::Environment; - case 2: - return BaseAttribute::Type::Resource; - case 3: - return BaseAttribute::Type::FunctionParam; - case 4: - return BaseAttribute::Type::WidgetParam; - - default: - Assert(0 && "Unknown Attribute type value"); - return BaseAttribute::Type::Subject; //remove compilation warrning - } -} - -int AceDaoUtilities::attributeTypeToInt(BaseAttribute::Type type) -{ - // we cannot cast enum -> int because this cast will be removed from next c++ standard - switch (type) { - case BaseAttribute::Type::Subject: - return 0; - case BaseAttribute::Type::Environment: - return 1; - case BaseAttribute::Type::Resource: - return 2; - case BaseAttribute::Type::FunctionParam: - return 3; - case BaseAttribute::Type::WidgetParam: - return 4; - - default: - Assert(0 && "Unknown Attribute type!"); - return 0; //remove compilation warrning - } -} - -int AceDaoUtilities::preferenceToInt(PreferenceTypes p) -{ - switch (p) { - case PreferenceTypes::PREFERENCE_PERMIT: - return 1; - case PreferenceTypes::PREFERENCE_DENY: - return 0; - case PreferenceTypes::PREFERENCE_BLANKET_PROMPT: - return 2; - case PreferenceTypes::PREFERENCE_SESSION_PROMPT: - return 3; - case PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: - return 4; - - default: - return -1; - } -} - -PreferenceTypes AceDaoUtilities::intToPreference(int p) -{ - switch (p) { - case 1: - return PreferenceTypes::PREFERENCE_PERMIT; - case 0: - return PreferenceTypes::PREFERENCE_DENY; - case 2: - return PreferenceTypes::PREFERENCE_BLANKET_PROMPT; - case 3: - return PreferenceTypes::PREFERENCE_SESSION_PROMPT; - case 4: - return PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT; - - default: - return PreferenceTypes::PREFERENCE_DEFAULT; - } -} - -VerdictTypes AceDaoUtilities::intToVerdict(int v) -{ - switch (v) { - case -1: - return VerdictTypes::VERDICT_UNKNOWN; - case 0: - return VerdictTypes::VERDICT_DENY; - case 1: - return VerdictTypes::VERDICT_PERMIT; - case 2: - return VerdictTypes::VERDICT_INAPPLICABLE; - - default: - Assert(0 && "Cannot convert int to verdict"); - return VerdictTypes::VERDICT_UNKNOWN; // remove compile warrning - } -} - -int AceDaoUtilities::verdictToInt(VerdictTypes v) -{ - switch (v) { - case VerdictTypes::VERDICT_UNKNOWN: - return -1; - case VerdictTypes::VERDICT_DENY: - return 0; - case VerdictTypes::VERDICT_PERMIT: - return 1; - case VerdictTypes::VERDICT_INAPPLICABLE: - return 2; - - default: - Assert(0 && "Unknown Verdict value"); - return -1; // remove compile warrning - } -} - -bool AceDaoUtilities::getSubjectByUri(const std::string &uri, - DPL::DB::ORM::ace::AceSubject::Row &row) -{ - using namespace DPL::DB::ORM; - using namespace DPL::DB::ORM::ace; - ACE_DB_SELECT(select, AceSubject, &m_databaseInterface); - select->Where(Equals(DPL::FromUTF8String(uri))); - std::list rows = select->GetRowList(); - if (rows.empty()) { - return false; - } - - row = rows.front(); - return true; -} - -bool AceDaoUtilities::getResourceByUri(const std::string &uri, - DPL::DB::ORM::ace::AceDevCap::Row &row) -{ - using namespace DPL::DB::ORM; - using namespace DPL::DB::ORM::ace; - ACE_DB_SELECT(select, AceDevCap, &m_databaseInterface); - select->Where(Equals(DPL::FromUTF8String(uri))); - std::list rows = select->GetRowList(); - if (rows.empty()) { - return false; - } - - row = rows.front(); - return true; -} - - -} diff --git a/ace/dao/AceDatabase.cpp b/ace/dao/AceDatabase.cpp deleted file mode 100644 index 6c91951..0000000 --- a/ace/dao/AceDatabase.cpp +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file AceDatabase.cpp - * @author Lukasz Marek (l.marek@samsung.com) - * @version 1.0 - * @brief This file contains the declaration of ace database - */ - -#include - -DPL::Mutex g_aceDbQueriesMutex; diff --git a/ace/dao/BaseAttribute.cpp b/ace/dao/BaseAttribute.cpp deleted file mode 100644 index e15785c..0000000 --- a/ace/dao/BaseAttribute.cpp +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file BaseAttribute.cpp - * @author Lukasz Marek (l.marek@samsung.com) - * @version 0.1 - * @brief - */ - -#include -#include - -#include - -namespace AceDB { - -const char* BaseAttribute::typeToString(Type type) -{ - const char * ret = NULL; - switch (type) { - case Type::Resource: - ret = "resource"; - break; - case Type::Subject: - ret = "subject"; - break; - case Type::Environment: - ret = "environment"; - break; - default: - ret = "unknown type"; - break; - } - - return ret; -} - -std::string BaseAttribute::toString() const -{ - std::string ret; - const char * SEPARATOR = ";"; - - ret.append(m_name); - ret.append(SEPARATOR); - ret.append(typeToString(m_typeId)); - ret.append(SEPARATOR); - if (m_undetermindState) { - ret.append("true"); - } else { - ret.append("false"); - } - ret.append(SEPARATOR); - for (std::list::const_iterator it = value.begin(); - it != value.end(); - ++it) { - std::stringstream num; - num << it->size(); - ret.append(num.str()); - ret.append(SEPARATOR); - ret.append(*it); - ret.append(SEPARATOR); - } - - return ret; -} - -} diff --git a/ace/dao/CMakeLists.txt b/ace/dao/CMakeLists.txt deleted file mode 100644 index 013608f..0000000 --- a/ace/dao/CMakeLists.txt +++ /dev/null @@ -1,82 +0,0 @@ - -SET(ACE_DAO_DEPS_LIST - dpl-efl - dpl-db-efl - ecore - appcore-efl - openssl - vconf - db-util - libpcrecpp - icu-uc - libxml-2.0 - ) - -PKG_CHECK_MODULES(ACE_DAO_DEPS ${ACE_DAO_DEPS_LIST} REQUIRED) - -set(ACE_SRC_DIR ${PROJECT_SOURCE_DIR}/ace/dao) - -set(ACE_DAO_RO_SOURCES - ${ACE_SRC_DIR}/AceDAOReadOnly.cpp - ${ACE_SRC_DIR}/AceDAOUtilities.cpp - ${ACE_SRC_DIR}/AceDAOConversions.cpp - ${ACE_SRC_DIR}/BaseAttribute.cpp - ${ACE_SRC_DIR}/AceDatabase.cpp - ${ACE_SRC_DIR}/PromptModel.cpp -) - -set(ACE_DAO_RW_SOURCES - ${ACE_SRC_DIR}/AceDAO.cpp -) - -INCLUDE_DIRECTORIES(${ACE_SRC_DIR}) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/orm) -INCLUDE_DIRECTORIES(${ACE_DAO_DEPS_INCLUDE_DIRS}) - -ADD_LIBRARY(${TARGET_ACE_DAO_RO_LIB} SHARED - ${ACE_DAO_RO_SOURCES} -) - -SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES - SOVERSION ${API_VERSION} - VERSION ${VERSION}) - -SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES - COMPILE_FLAGS -fPIC) - -SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES - COMPILE_FLAGS "-include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h") - -target_link_libraries(${TARGET_ACE_DAO_RO_LIB} - ${TARGET_DPL_EFL} - ${TARGET_DPL_DB_EFL} - ${ACE_DAO_DEPS_LIBRARY} - ${ACE_DAO_DEPS_LDFLAGS} -) - -ADD_LIBRARY(${TARGET_ACE_DAO_RW_LIB} SHARED - ${ACE_DAO_RW_SOURCES} -) - -SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES - SOVERSION ${API_VERSION} - VERSION ${VERSION}) - -SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES - COMPILE_FLAGS -fPIC) - -SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES - COMPILE_FLAGS "-include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h") - -target_link_libraries(${TARGET_ACE_DAO_RW_LIB} - ${ACE_DAO_DEPS_LIST_LIBRARIES} - ${TARGET_ACE_DAO_RO_LIB} -) - -INSTALL(TARGETS ${TARGET_ACE_DAO_RO_LIB} - DESTINATION lib) - -INSTALL(TARGETS ${TARGET_ACE_DAO_RW_LIB} - DESTINATION lib) - diff --git a/ace/dao/PromptModel.cpp b/ace/dao/PromptModel.cpp deleted file mode 100644 index ece84c6..0000000 --- a/ace/dao/PromptModel.cpp +++ /dev/null @@ -1,178 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* @file PromptModel.cpp - * @author Justyna Mejzner (j.kwiatkowsk@samsung.com) - * @author Jaroslaw Osmanski (j.osmanski@samsung.com) - * @version 1.0 - * - */ - -#include - -#include -#include -#include - -namespace { - -const char INFO[] = "Widget requires access to:"; -const char DENY[] = "Deny"; -const char ALLOW[] = "Permit"; - -const char BLANKET_CHECKBOX_LABEL[] = "Keep setting as permanent"; -const char SESSION_CHECKBOX_LABEL[] = "Remember for one run"; - -Prompt::ButtonLabels aceQuestionLabel = {DENY, ALLOW}; - -static Prompt::PromptLabels* getModel( - Prompt::PromptModel::PromptType promptType, - const std::string& resourceId) -{ - std::string strLabel; - strLabel = INFO; - strLabel += "
"; - strLabel += resourceId; - - return new Prompt::PromptLabels(promptType, aceQuestionLabel, strLabel); -} - -Prompt::Validity fromPromptTypeToValidity(int aPromptType, bool checkClicked) -{ - using namespace Prompt; - PromptModel::PromptType promptTypeEnum = - static_cast(aPromptType); - switch (promptTypeEnum) { - case PromptModel::PROMPT_ONESHOT: - return Validity::ONCE; - case PromptModel::PROMPT_SESSION: - if (checkClicked) - { - return Validity::SESSION; - } - else - { - return Validity::ONCE; - } - case PromptModel::PROMPT_BLANKET: - if (checkClicked) - { - return Validity::ALWAYS; - } - else - { - return Validity::ONCE; - } - default: - Assert(0); - return Validity::ONCE; - } -} -} // namespace anonymous - -namespace Prompt { - - -PromptLabels::PromptLabels(int promptType, - const Prompt::ButtonLabels& questionLabel, - const std::string& mainLabel) : - m_promptType(promptType), - m_buttonLabels(questionLabel), - m_mainLabel(mainLabel) -{ - -} - -int PromptLabels::getPromptType() const -{ - return m_promptType; -} -const ButtonLabels& PromptLabels::getButtonLabels() const -{ - return m_buttonLabels; -} -const std::string& PromptLabels::getMainLabel() const -{ - return m_mainLabel; -} - -DPL::OptionalString PromptLabels::getCheckLabel() const -{ - if (PromptModel::PROMPT_BLANKET == m_promptType) - { - return DPL::OptionalString( - DPL::FromUTF8String(BLANKET_CHECKBOX_LABEL)); - } - else if (PromptModel::PROMPT_SESSION == m_promptType) - { - return DPL::OptionalString( - DPL::FromUTF8String(SESSION_CHECKBOX_LABEL)); - } - - return DPL::OptionalString::Null; -} - -bool PromptLabels::isAllowed(const size_t buttonClicked) const -{ - Assert(buttonClicked < aceQuestionLabel.size() && - "Button Clicked number is not in range of questionLabel"); - - return aceQuestionLabel[buttonClicked] == ALLOW; -} - -PromptAnswer::PromptAnswer(bool isAccessAllowed, Validity validity) : - m_isAccessAllowed(isAccessAllowed), - m_validity(validity) -{ - -} - -PromptAnswer::PromptAnswer( - int aPromptType, unsigned int buttonAns, bool checkAns) -{ - Assert(buttonAns < aceQuestionLabel.size() && - "Button Clicked number is not in range of questionLabel"); - - m_isAccessAllowed = aceQuestionLabel[buttonAns] == ALLOW; - m_validity = fromPromptTypeToValidity(aPromptType, checkAns); -} - -bool PromptAnswer::isAccessAllowed() const -{ - return m_isAccessAllowed; -} - -Validity PromptAnswer::getValidity() const -{ - return m_validity; -} - -PromptLabels* PromptModel::getOneShotModel(const std::string& resourceId) -{ - return getModel(PROMPT_ONESHOT, resourceId); -} - -PromptLabels* PromptModel::getSessionModel(const std::string& resourceId) -{ - return getModel(PROMPT_SESSION, resourceId); -} - -PromptLabels* PromptModel::getBlanketModel(const std::string& resourceId) -{ - return getModel(PROMPT_BLANKET, resourceId); -} - - -} // Prompt diff --git a/ace/engine/Attribute.cpp b/ace/engine/Attribute.cpp deleted file mode 100644 index 56cfc44..0000000 --- a/ace/engine/Attribute.cpp +++ /dev/null @@ -1,886 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include -#include -#include -#include -#include -#include - -const bool Attribute::alpha[256] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, - 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0 -}; -const bool Attribute::digit[256] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0 -}; - -const bool Attribute::mark[256] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0 -}; - -bool Attribute::searchAndCut(const char *str) -{ - //TODO - size_t pos = m_name.rfind(str); - if (pos == std::string::npos) { - return false; - } - if ((strlen(str) + pos) == m_name.size()) { - m_name.erase(pos, std::string::npos); - return true; - } - return false; -} - -Attribute::Attribute(const std::string *name, - const Match matchFunc, - const Type type_) : - matchFunction(matchFunc) -{ - m_name = *name; - m_typeId = type_; - m_undetermindState = false; - if (matchFunction != Match::Equal - && matchFunction != Match::Glob - && matchFunction != Match::Regexp) - { - //LogDebug("MID: " << matchFunction); - Assert(0 && "Match function problem"); - } - - if (searchAndCut(".scheme")) { - modifierFunction = Modifier::Scheme; - } else if (searchAndCut(".authority")) { - modifierFunction = Modifier::Authority; - } else if (searchAndCut(".scheme-authority")) { - modifierFunction = Modifier::SchemeAuthority; - } else if (searchAndCut(".host")) { - modifierFunction = Modifier::Host; - } else if (searchAndCut(".path")) { - modifierFunction = Modifier::Path; - } else { - modifierFunction = Modifier::Non; - } -} - -static Attribute::MatchResult equal_comparator(const std::string *first, - const std::string *second) -{ - if((*first) == (*second)) { - return Attribute::MatchResult::MRTrue; - } - return Attribute::MatchResult::MRFalse; -} - -static Attribute::MatchResult glob_comparator(const std::string *first, - const std::string *second) -{ - // order is important - if (!fnmatch(first->c_str(), second->c_str(), 0)) { - return Attribute::MatchResult::MRTrue; - } - return Attribute::MatchResult::MRFalse; -} - -static Attribute::MatchResult regexp_comparator(const std::string *first, - const std::string *second) -{ - // order is important - pcrecpp::RE re(first->c_str()); - if (re.FullMatch(second->c_str())) { - return Attribute::MatchResult::MRTrue; - } - return Attribute::MatchResult::MRFalse; -} - -Attribute::MatchResult Attribute::lists_comparator( - const std::list *first, - const std::list *second, - Attribute::MatchResult (*comparator)(const std::string *, - const std::string *)) const -{ - //NOTE: BONDI defines all availabe matching function as: if some string from first input bag - //matches some input string from second input bag, so it's required to find only one matching string - MatchResult result = MatchResult::MRFalse; - - for (std::list::const_iterator second_iter = second->begin(); - (second_iter != second->end()) && (result != MatchResult::MRTrue); - ++second_iter) - { - std::string *modified_value = applyModifierFunction(&(*second_iter)); - //Value was not an URI, it will be removed from the string bag (ignored) - if (modified_value == NULL) { - continue; - } - - for (std::list::const_iterator first_iter = first->begin(); - first_iter != first->end(); - ++first_iter) { - //Compare attributes - if ((*comparator)(&(*first_iter), modified_value) == MatchResult::MRTrue) { - result = MatchResult::MRTrue; - break; //Only one match is enough - } - } - if (modified_value) { - delete modified_value; - modified_value = NULL; - } - } - - if (result == MatchResult::MRTrue) { - LogDebug("Returning TRUE"); - } else if (result == MatchResult::MRFalse) { - LogDebug("Returning FALSE"); - } else if (result == MatchResult::MRUndetermined) { - LogDebug("Returning UNDETERMINED"); - } - return result; -} - -std::string * Attribute::applyModifierFunction(const std::string * val) const -{ - std::string * result = NULL; - switch (modifierFunction) { - case Modifier::Scheme: - result = uriScheme(val); - break; - case Modifier::Authority: - result = uriAuthority(val); - break; - case Modifier::SchemeAuthority: - result = uriSchemeAuthority(val); - break; - case Modifier::Host: - result = uriHost(val); - break; - case Modifier::Path: - result = uriPath(val); - break; - default: - result = new std::string(*val); - } - - return result; -} - -/** - * this - attribute obtained from xmlPolicy tree - * attribute - attribute obtained from PIP - */ -Attribute::MatchResult Attribute::matchAttributes( - const BaseAttribute *attribute) const -{ - std::string tempNam = *(attribute->getName()); - std::string tempVal; - std::string myVal; - - if (!(attribute->getValue()->empty())) { - tempVal = attribute->getValue()->front(); - } - - if (!(this->value.empty())) { - myVal = this->value.front(); - } - - LogDebug("Comparing attribute: " << this->m_name << "(" << - myVal << ") with: " << tempNam << - "(" << tempVal << ")"); - - Assert( - (this->m_name == *(attribute->getName())) && - "Two completely different attributes are being compared!"); - Assert( - (this->m_typeId == attribute->getType()) && - "Two completely different attributes are being compared!"); - - if (attribute->isUndetermind()) { - LogDebug("Attribute match undetermined"); - return MatchResult::MRUndetermined; - } - - //Regardles the algorithm used, if we have empty - //bag the result is always false - if (this->isValueEmpty() || attribute->isValueEmpty()) { - if (this->isValueEmpty()) { - LogDebug("empty bag in condition comparing"); - } - if (attribute->isValueEmpty()) { - LogDebug("empty bag in attribute comparing"); - } - return MatchResult::MRFalse; - } - - if (this->matchFunction == Match::Equal) { - return lists_comparator(&(this->value), - attribute->getValue(), - equal_comparator); - } else if (this->matchFunction == Match::Glob) { - return lists_comparator(&(this->value), - attribute->getValue(), - glob_comparator); - } else if (this->matchFunction == Match::Regexp) { - return lists_comparator(&(this->value), - attribute->getValue(), - regexp_comparator); - } //[CR] Change to Assert - Assert(false && " ** Critical :: no match function selected!"); - return MatchResult::MRFalse; // to remove compilator warning -} - -void Attribute::addValue(const std::string *val) -{ - this->getValue()->push_back(*val); -} - -std::ostream & operator<<(std::ostream & out, - const Attribute & attr) -{ - out << "attr: m_name: " << *(attr.getName()) - << " type: " << Attribute::typeToString(attr.getType()) - << " value: "; - if (attr.m_undetermindState) { - out << "Undetermined"; - } else if (attr.getValue()->empty()) { - out << "Empty string bag"; - } else { - FOREACH (it, *attr.getValue()) { - out << *it; - } - } - return out; -} - -bool -Attribute::parse(const std::string *input, - std::string *val) const -{ - static const char *pattern = - "^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"; - pcrecpp::RE re(pattern); - re.FullMatch(input->c_str(), &val[0], &val[1], - &val[2], &val[3], &val[4], - &val[5], &val[6], &val[7], &val[8]); - -#ifdef ALL_LOGS - for (int i = 0; i < 9; i++) { - LogDebug("val " << i << " :" << val[i]); - } -#endif - - if (find_error(val)) { - LogDebug("Input is not an URI " << *input); - for (int i = 0; i < 9; ++i) { - val[i].clear(); - } - return false; - } - - return true; -} - -Attribute::~Attribute() -{ -} - -std::string * Attribute::uriScheme(const std::string *input) const -{ - std::string part[9]; - if (!parse(input, part)) { - return NULL; - } - return new string(part[1]); -} - -std::string * -Attribute::uriAuthority(const std::string *input) const -{ - std::string part[9]; - if (!parse(input, part)) { - return NULL; - } - return new string(part[3]); -} - -std::string * -Attribute::uriSchemeAuthority(const std::string *input) const -{ - std::string part[9]; - if (!parse(input, part)) { - return NULL; - } - - if (part[0].size() == 0 || part[2].size() == 0) { - return new std::string(); - } - return new string(part[0] + part[2]); -} - -std::string * -Attribute::uriHost(const std::string *input) const -{ - std::string part[9]; - if (!parse(input, part)) { - return NULL; - } - return getHost(&(part[3])); -} - -std::string * -Attribute::uriPath(const std::string *input) const -{ - //TODO right now uriPath leaves leading '/' in uri, this slash is removed from the string - //it's not clear if leading '/' is a part of path component or only the separator - std::string part[9]; - if (!parse(input, part)) { - return NULL; - } - - std::string * temp = NULL; - - if (part[4].at(0) == '/') { - temp = new string(part[4].substr(1, part[4].length() - 1)); - } else { - temp = new string(part[4]); - } - - return temp; -} - -bool Attribute::find_error(const std::string *tab) const -{ - //We are checking tab[1] which contains scheme without ':' at the end - if (!checkScheme(&(tab[1]))) { - LogDebug("Check scheme failed, URI is invalid"); - return true; //error found - } - if (!checkAuthority(&(tab[3]))) { - LogDebug("Check authority failed, URI is invalid"); - return true; //error found - } - - if (!checkPath(&(tab[4]))) { - LogDebug("Check path failed, URI is invalid"); - return true; //error found - } - - return false; -} - -bool Attribute::checkScheme(const std::string *part) const -{ - Assert(part != NULL && "Checking NULLable string. This should never happen"); - - bool result = true; - - //TODO change part->at to data=part->c_str() - //TODO can scheme be empty? In absolute URI no, in relative URI yes - if (part->empty()) { - //Empty string is a correct schema - result = true; - } else if (alpha[(int) (part->at(0))] == 0) { - result = false; // First scheme character must be alpha - } else { - // rest must be alpha or digit or '+' or '-' or '.' - for (unsigned int i = 1; i < part->size(); ++i) { - int c = static_cast(part->at(i)); - if (!isSchemeAllowedCharacter(c)) { - result = false; - break; - } - } - } - return result; -} - -bool Attribute::checkAuthority(const std::string *part) const -{ - Assert(part != NULL && "Checking NULLable string. This should never happen"); - - //Server is a subset of reg_m_names so here we only check if authority matches reg_m_name - //Additional check if authority is a valid 'server' component is done in getHost - if (part->empty()) { - return true; //empty authority is valid uri - } - bool result = true; - - const char * data = part->c_str(); - for (size_t i = 0; i < part->length(); ++i) { - int c = (int) data[i]; - if (isUnreserved(c)) { - continue; - } - if (c == '$') { - continue; - } - if (c == ',') { - continue; - } - if (c == ';') { - continue; - } - if (c == ':') { - continue; - } - if (c == '@') { - continue; - } - if (c == '&') { - continue; - } - if (c == '=') { - continue; - } - if (c == '+') { - continue; - } - if (c == '%') { - if (isEscaped(data + i)) { - i += 2; //rewind the two escaped characters - continue; - } - } - result = false; - break; - } - - return result; -} - -std::string * Attribute::getHost(const std::string *part) const -{ - if (part->empty()) { - return new std::string(""); - } - - //Check userinfo - size_t userInfoPos = part->find("@"); - if (userInfoPos != std::string::npos) { - std::string data = part->substr(0, userInfoPos); - if (!isUserInfoAllowedString(&data)) { - return new string(""); //the authority is not composed of 'server' part - } - } - - std::string host; - //If we use host modifier then authority is composed of 'server' part so - //the port must contain only digits - size_t portPos = part->find(":"); - if (portPos != std::string::npos) { - for (unsigned int i = portPos + 1; i < part->size(); ++i) { - if (!digit[(int) part->at(i)]) { - return new string(""); //the authority is not composed of 'server' part - } - } - host = part->substr(userInfoPos + 1, portPos - (userInfoPos + 1)); - } else { - host = part->substr(userInfoPos + 1, part->length() - (userInfoPos + 1)); - } - - if (!isHostAllowedString(&host)) { - //Even if the string is not allowed for host this can still be a valid uri - return new string(""); - } - - return new std::string(host); -} - -bool Attribute::checkPath(const std::string *part) const -{ - bool result = true; - - const char * data = part->c_str(); - - for (unsigned int i = 0; i < part->size(); ++i) { - int c = data[i]; - if (c == '/') { - //If we found slash then the next character must be a part of segment - //It cannot be '/' so we have to check it immediately - i++; - c = data[i]; - if (!isSegmentAllowedCharacter(c)) { - result = false; - break; - } - } else if (c == ';') { - //Start param part of segment - i++; //Param can be empty so we don't have to check what's right after semicolon - continue; - } else if (c == '%') { - //We have to handle escaped characters differently than other segment allowed characters - //because we need an array - if (isEscaped(data + i)) { - i += 2; - } else { - result = false; - break; - } - } else { - if (!isSegmentAllowedCharacter(c)) { - result = false; - break; - } - } - } - - return result; -} - -bool Attribute::isSchemeAllowedCharacter(int c) const -{ - bool result = false; - if (isAlphanum(c)) { - result = true; - } else if (c == '+') { - result = true; - } else if (c == '-') { - result = true; - } else if (c == '.') { - result = true; - } - - return result; -} - -bool Attribute::isSegmentAllowedCharacter(int c) const -{ - bool result = true; - - // LogDebug("Checking is segment allowed for char "<<(char)c); - - if (isUnreserved(c)) { //do nothing, result = true - } else if (c == ':') { //do nothing, result = true - } else if (c == '@') { //do nothing, result = true - } else if (c == '&') { //do nothing, result = true - } else if (c == '=') { //do nothing, result = true - } else if (c == '+') { //do nothing, result = true - } else if (c == '$') { //do nothing, result = true - } else if (c == ',') { //do nothing, result = true - } else { - result = false; - } - - return result; -} - -bool Attribute::isUserInfoAllowedString(const std::string * str) const -{ - bool result = false; - - const char * data = str->c_str(); - - for (unsigned int i = 0; i < str->length(); ++i) { - int c = data[i]; - if (isUnreserved(c)) { - result = true; - } else if (c == '%') { - //isEsacped method checks if we don't cross array bounds, so we can - //safely give data[i] here - result = isEscaped((data + i)); - if (result == false) { - break; - } - i += 2; //rewind the next two characters sEsacped method checks if we don't cross array bounds, so we can safely rewind - } else if (c == ',') { - result = true; - } else if (c == '$') { - result = true; - } else if (c == '+') { - result = true; - } else if (c == '=') { - result = true; - } else if (c == '&') { - result = true; - } else if (c == '@') { - result = true; - } else if (c == ':') { - result = true; - } - } - return result; -} - -bool Attribute::isUnreserved(int c) const -{ - return isAlphanum(c) || mark[c]; -} - -bool Attribute::isAlphanum(int c) const -{ - return alpha[c] || digit[c]; -} - -bool Attribute::isHex(int c) const -{ - bool result = false; - - if (digit[c]) { - result = true; - } else if (c == 'A') { - result = true; - } else if (c == 'B') { - result = true; - } else if (c == 'C') { - result = true; - } else if (c == 'D') { - result = true; - } else if (c == 'E') { - result = true; - } else if (c == 'F') { - result = true; - } else if (c == 'a') { - result = true; - } else if (c == 'b') { - result = true; - } else if (c == 'c') { - result = true; - } else if (c == 'd') { - result = true; - } else if (c == 'e') { - result = true; - } else if (c == 'f') { - result = true; - } - - return result; -} - -bool Attribute::isEscaped(const char esc[3]) const -{ - if (esc == NULL) { - return false; - } - - if ((esc[0] == 0) || (esc[1] == 0) || (esc[2] == 0)) { - //We get an array that seems to be out of bounds. - //To be on the safe side return here - LogDebug("HEX NULLS"); - return false; - } - - if (esc[0] != '%') { - LogDebug( - "Error: first character of escaped value must be a precent but is " - << - esc[0]); - return false; - } - -#ifdef ALL_LOGS - for (int i = 0; i < 3; i++) { - LogDebug("HEX " << esc[i]); - } -#endif - return isHex((int) esc[1]) && isHex((int) esc[2]); -} - -bool Attribute::isHostAllowedString(const std::string * str) const -{ - bool result = true; - - if (digit[(int) str->at(0)]) { - //IPv4 address - result = isIPv4AllowedString(str); - } else { - //Hostname - result = isHostNameAllowedString(str); - } - - return result; -} - -bool Attribute::isIPv4AllowedString(const std::string * str) const -{ - LogDebug("Is hostIPv4 allowed String for " << *str); - - const char * data = str->c_str(); - bool result = true; - int digitCounter = 0; - int dotCounter = 0; - - for (unsigned int i = 0; i < str->length(); ++i) { - if (data[i] == '.') { - dotCounter++; - digitCounter = 0; - } else if (digit[(int) data[i]]) { - digitCounter++; - if ((digitCounter > 3) || !digitCounter) { - result = false; - break; - } - } else { - result = false; - break; - } - } - if (dotCounter != 3) { - result = false; - } - return result; -} - -bool Attribute::isHostNameAllowedString(const std::string * str) const -{ - LogDebug("Is hostname allowed String for " << *str); - - int lastPosition = 0; //the position of last dot + 1 - const char * data = str->c_str(); - bool finalDot = false; - size_t end = str->length(); - bool result = false; - - for (size_t i = 0; i < end; ++i) { - if (data[i] == '.') { - if (i == str->length() - 1) { //ending dot - //There can be a leading '.' int the hostm_name - finalDot = true; - break; - } else { - //we found domain label - if (!isDomainLabelAllowedString(data + lastPosition, i - - lastPosition)) { - result = false; - goto end; - } - lastPosition = i + 1; //Set position to position of last dot + 1 - } - } - } - - if (finalDot) { - //we have to rewind one position to check the rightmost string - //but only in case we find final dot - end--; - } - //Compare only the rightmost string aaa.bbbb.rightmostString. - result = isTopLabelAllowedString(data + lastPosition, end - lastPosition); - -end: - - if (result) { - LogInfo("Hostname is allowed"); - } else { - LogInfo("Hostname is NOT allowed"); - } - - return result; -} - -bool Attribute::isDomainLabelAllowedString(const char * data, - int length) const -{ - LogDebug( - "Is domain allowed String for " << data << " taking first " << - length << - " chars"); - - if (!isAlphanum((int) data[0]) || !isAlphanum((int) data[length - 1])) { - return false; - } - - for (int i = 0; i < length; i++) { - if ((!isAlphanum(data[i])) && !(data[i] == '-')) { - return false; - } - } - return true; -} - -bool Attribute::isTopLabelAllowedString(const char * data, - int length) const -{ - if ((!alpha[(int) data[0]]) || (!isAlphanum((int) data[length - 1]))) { - return false; - } - - for (int i = 1; i < length - 1; i++) { - if ((!isAlphanum(data[i])) && !(data[i] == '-')) { - return false; - } - } - return true; -} - -void printAttributes(const AttributeSet& attrs) -{ - if (attrs.empty()) { - LogWarning("Empty attribute set"); - } else { - LogDebug("PRINT ATTRIBUTES:"); - for (AttributeSet::const_iterator it = attrs.begin(); - it != attrs.end(); - ++it) - { - LogDebug("name: " << *(*it)->getName()); - } - } -} - -void printAttributes(const std::list & attrs) -{ - if (attrs.empty()) { - LogWarning("Empty attribute set"); - } else { - LogDebug("PRINT ATTRIBUTES:"); - for (std::list::const_iterator it = attrs.begin(); - it != attrs.end(); - ++it - ) { - LogDebug(*it); - } - } -} - -//KW const char * matchResultToString(Attribute::MatchResult result){ -//KW -//KW const char * ret = NULL; -//KW -//KW switch(result){ -//KW -//KW case Attribute::MRTrue: -//KW ret = "true"; -//KW break; -//KW case Attribute::MRFalse: -//KW ret = "false"; -//KW break; -//KW case Attribute::MRUndetermined: -//KW ret = "undetermined"; -//KW break; -//KW default: -//KW ret = "Wrong match result"; -//KW } -//KW -//KW return ret; -//KW -//KW } diff --git a/ace/engine/CombinerImpl.cpp b/ace/engine/CombinerImpl.cpp deleted file mode 100644 index bbd179c..0000000 --- a/ace/engine/CombinerImpl.cpp +++ /dev/null @@ -1,333 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : CombinerImpl.cpp -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#include -#include -#include - -#include -#include -#include - -namespace { - -bool denyOverridesPredecessor( - const ExtendedEffect &first, - const ExtendedEffect &second) -{ - if (first.getEffect() == second.getEffect()) - return first.getRuleId() < second.getRuleId(); - return first.getEffect() < second.getEffect(); -} - -bool permitOverridePredecessor( - const ExtendedEffect &first, - const ExtendedEffect &second) -{ - if (first.getEffect() == second.getEffect()) - return first.getRuleId() < second.getRuleId(); - return first.getEffect() > second.getEffect(); -} - -} //anonymous namespace - -ExtendedEffect CombinerImpl::denyOverrides(const ExtendedEffectList &effects) -{ - if (isError(effects)) { - return Error; - } - - ExtendedEffect result(Inapplicable); - - FOREACH(it, effects) { - if (denyOverridesPredecessor(*it, result)) { - result = *it; - } - } - return result; -} - -ExtendedEffect CombinerImpl::permitOverrides(const ExtendedEffectList &effects) -{ - if (isError(effects)) { - return Error; - } - - // This magic number must be bigger that the bigest ruleId number from policy file. - ExtendedEffect result(Deny, 999999); - - //Flag used to indicate that any of Deny,prompt-*,permit options appear - //Consequently if flag is true then result should be return, otherwise inapplicable should be returned - bool flag = false; - bool flagUndetermined = false; - - FOREACH(it,effects) { - ExtendedEffect effect = *it; - - if (effect.getEffect() == Permit) { - return effect; - } // no need for further check if "permit" found - if (effect.getEffect() == Undetermined) { - flagUndetermined = true; - } //check for undetermined - - //Set the flag and the result even if effect is equal to result - //It is done to mark if any "Deny" effect occured - if (permitOverridePredecessor(effect, result) - && effect.getEffect() != Inapplicable - && effect.getEffect() != Undetermined) - { - result = effect; - flag = true; - } - } - - if (flagUndetermined) { - return ExtendedEffect(Undetermined); - } - - if (!flag) { - return ExtendedEffect(Inapplicable); - } - return result; -} - -ExtendedEffect CombinerImpl::firstApplicable( - const ExtendedEffectList & effects) -{ - if (isError(effects)) { - return Error; - } - - FOREACH(it,effects) { - if (it->getEffect() != Inapplicable) { - return *it; - } - } - return Inapplicable; -} - -ExtendedEffect CombinerImpl::firstMatchingTarget( - const ExtendedEffectList &effects) -{ - if (isError(effects)) { - return Error; - } - // effect list constains result of policies which target has been matched. - // - // If target does not match policy result is NotMatchingTarget - // NotMatchingTarget values are not stored on the effects list - // (you can check it in combinePolicies function). - // - // So we are intrested in first value on the list. - return effects.empty() ? Inapplicable : effects.front(); -} - -bool CombinerImpl::isError(const ExtendedEffectList &effects) -{ - FOREACH(it, effects) - { - if (Error == it->getEffect()) { - return true; - } - } - return false; -} - -ExtendedEffect CombinerImpl::combineRules(const TreeNode * policy) -{ - const Policy * policyObj = dynamic_cast(policy->getElement()); - if (!policyObj) { - LogError("dynamic_cast failed. PolicyObj is null."); - return Error; - } - - Policy::CombineAlgorithm algorithm = policyObj->getCombineAlgorithm(); - - Assert( - algorithm != Policy::FirstTargetMatching && - "Policy cannot have algorithm first target matching"); - - bool isUndetermined = false; - - if (!checkIfTargetMatches(policyObj->getSubjects(), isUndetermined)) { - if (isUndetermined) { - //TODO Target is undetermined what should we do now ?? - //Right now simply return NotMatchingTarget - } - //Target doesn't match - return NotMatchingTarget; - } - //Get all rules - const ChildrenSet & children = policy->getChildrenSet(); - ChildrenConstIterator it = children.begin(); - ExtendedEffectList effects; - - while (it != children.end()) { - const Rule * rule = dynamic_cast((*it)->getElement()); - - if (!rule) { - LogError("Error in dynamic_cast. rule is null"); - return ExtendedEffect(Error); - } - - ExtendedEffect effect = rule->evaluateRule(this->getAttributeSet()); - effects.push_back(effect); - if (algorithm == Policy::FirstApplicable && effect.getEffect() != Inapplicable) { - //For first applicable algorithm we may stop after evaluating first policy - //which has effect other than inapplicable - break; - } - ++it; - } //end policy children iteration - - //Use combining algorithm - ExtendedEffect ef = combine(policyObj->getCombineAlgorithm(), effects); - return ef; -} - -//WARNING this method makes an assumption that Policy target is a policy child -ExtendedEffect CombinerImpl::combinePolicies(const TreeNode * policy) -{ - const Policy * policySet = dynamic_cast(policy->getElement()); - - if (!policySet) { - LogError("dynamic_cast failed. Policy set is null."); - return Error; - } - - bool isUndetermined = false; - Policy::CombineAlgorithm algorithm = policySet->getCombineAlgorithm(); - - if (!checkIfTargetMatches(policySet->getSubjects(), isUndetermined)) { - /* I can't explain this... - if (isUndetermined) { - if (algorithm == Policy::FirstTargetMatching) { - return Undetermined; - } - } - */ - //Target doesn't match - return NotMatchingTarget; - } - - const ChildrenSet & children = policy->getChildrenSet(); - - ExtendedEffectList effects; - - FOREACH(it, children) { - ExtendedEffect effect; - - if ((*it)->getTypeID() == TreeNode::PolicySet) { - effect = combinePolicies(*it); - if (effect.getEffect() != NotMatchingTarget) { - effects.push_back(effect); - } - } else if ((*it)->getTypeID() == TreeNode::Policy) { - effect = combineRules(*it); - if (effect.getEffect() != NotMatchingTarget) { - effects.push_back(effect); - } - } else { - // [CR] fix it - LogError("effect value is not initialized!"); - return ExtendedEffect(Error); - } - - if (algorithm == Policy::FirstTargetMatching - && effect.getEffect() != NotMatchingTarget) - { - //In First matching target algorithm we may return when first result is found - break; - } - } - - //Use combining algorithm - return combine(policySet->getCombineAlgorithm(), effects); -} - -ExtendedEffect CombinerImpl::combine( - Policy::CombineAlgorithm algorithm, - ExtendedEffectList &effects) -{ - LogDebug("Effects to be combined with algorithm: " << ::toString(algorithm)); - showEffectList(effects); - - switch (algorithm) { - case Policy::DenyOverride: - return denyOverrides(effects); - break; - case Policy::PermitOverride: - return permitOverrides(effects); - break; - case Policy::FirstApplicable: - return firstApplicable(effects); - break; - case Policy::FirstTargetMatching: - return firstMatchingTarget(effects); - break; - default: - Assert(false && "Wrong combining algorithm used"); - return Error; - } -} - -/** - * - * @param attrSet set of Subject attributes in policy that identifies target - * @return true if target is determined and matches, false and isUndertmined is set to true if the target is undetermined - * false and isUndetermined set to false if target is determined but doesn't match - */ -bool CombinerImpl::checkIfTargetMatches( - const std::list * subjectsList, - bool &isUndetermined) -{ - if (subjectsList->empty()) { - return true; - } - - std::list::const_iterator it = subjectsList->begin(); - bool match = false; - //According to BONDI 1.0 at least one target must match - while (it != subjectsList->end()) { - match = (*it)->matchSubject(this->getAttributeSet(), isUndetermined); - if (match) { //at least one match - break; - } - ++it; - } - - #ifdef _DEBUG - if (match == Attribute::MRTrue) { - LogDebug("Target matches "); - } else if (match == Attribute::MRUndetermined) { - LogDebug("Target match undetermined "); - } else { - LogDebug("Target doesn't match"); - } - #endif - return match; -} - diff --git a/ace/engine/Condition.cpp b/ace/engine/Condition.cpp deleted file mode 100644 index e6121a4..0000000 --- a/ace/engine/Condition.cpp +++ /dev/null @@ -1,236 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// File: Condition.cpp -// Author: notroot -// -// Created on June 3, 2009, 9:00 AM -// - -#include -#include -#include -#include - -/** - * Check if attribute in condition matches the values obtained from PIP - * attrSet - attributes from PIP - */ - -Attribute::MatchResult Condition::evaluateCondition( - const AttributeSet * attrSet) const -{ - //Condition may include either matches of attributes or other conditions - //in this method all attributes are matched at first and if possible the - //condition is evaluated. If evaluation is not possible based solely on - //attributes then we start recursion into child conditions. - - Attribute::MatchResult match; - bool undeterminedMatchFound = false; - bool isFinalMatch = false; - - LogDebug("Attributes to be matched"); - printAttributes(*attrSet); - LogDebug("Condition attributes values"); - printAttributes(attributes); - - if (this->isEmpty()) { - LogDebug("Condition is empty, returning true"); - //Condition is empty, it means it evaluates to TRUE - return Attribute::MatchResult::MRTrue; - } - - match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound); - if (isFinalMatch) { - LogDebug("Evaluate attributes returning verdict" ) ; //<< match); - return match; - } - - match = evaluateChildConditions(attrSet, - isFinalMatch, - undeterminedMatchFound); - if (isFinalMatch) { - LogDebug("Evaluate child conditions returning verdict" ); // << match); - return match; - } - - if (undeterminedMatchFound) { - //If any child condition/attribute-match was undetermined and - //so far we couldn't make a decision then we must return undetermined - LogDebug("Evaluate condition returning MRUndetermined"); - return Attribute::MatchResult::MRUndetermined; - } - - if (this->isAndCondition()) { - match = Attribute::MatchResult::MRTrue; - } else if (this->isOrCondition()) { - match = Attribute::MatchResult::MRFalse; - } else { - Assert(false && "Condition has to be either AND or OR"); - } - return match; -} - -// KW Attribute::MatchResult Condition::performORalgorithm(const std::set* attrSet) const{ -// KW -// KW Attribute::MatchResult match; -// KW bool undeterminedMatchFound = false; -// KW bool isFinalMatch = false; -// KW -// KW LogDebug("Performing OR algorithm"); -// KW -// KW match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound); -// KW if(isFinalMatch){ -// KW LogDebug("OR algorithm evaluate attributes returning verdict" << match); -// KW return match; -// KW } -// KW -// KW match = evaluateChildConditions(attrSet, isFinalMatch, undeterminedMatchFound); -// KW if(isFinalMatch){ -// KW return match; -// KW } -// KW -// KW if(undeterminedMatchFound){ -// KW //If any child condition/attribute-match was undetermined and -// KW //so far we couldn't make a decision then we must return undetermined -// KW LogDebug("OR algorithm returning MRUndetermined"); -// KW return Attribute::MRUndetermined; -// KW } -// KW -// KW LogDebug("OR algorithm returning MRFalse"); -// KW return Attribute::MRFalse; -// KW } - -// KW Attribute::MatchResult Condition::performANDalgorithm(const std::set* attrSet) const{ -// KW -// KW -// KW Attribute::MatchResult match; -// KW bool undeterminedMatchFound = false; -// KW bool isFinalMatch = false; -// KW -// KW LogDebug("Performing AND algorithm"); -// KW match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound); -// KW if(isFinalMatch){ -// KW LogDebug("AND algorithm evaluate attributes returning verdict" << match); -// KW return match; -// KW } -// KW match = evaluateChildConditions(attrSet, isFinalMatch, undeterminedMatchFound); -// KW if(isFinalMatch){ -// KW LogDebug("AND algorithm evaluate child returning verdict " << match); -// KW return match; -// KW } -// KW if(undeterminedMatchFound){ -// KW //If any child condition/attribute-match was undetermined and -// KW //so far we couldn't make a decision then we must return undetermined -// KW LogDebug("AND algorithm returning Undetermined"); -// KW return Attribute::MRUndetermined; -// KW } -// KW -// KW LogDebug("AND algorithm returning MRTrue"); -// KW return Attribute::MRTrue; -// KW -// KW } - -Attribute::MatchResult Condition::evaluateAttributes( - const AttributeSet * attrSet, - bool& isFinalMatch, - bool & undeterminedMatchFound) const -{ - Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined; - - std::list::const_iterator condIt = this->attributes.begin(); - while (condIt != this->attributes.end()) { - //Find the value of needed attribute, based on attribute name - AttributeSet::const_iterator attr = - std::find_if(attrSet->begin(), - attrSet->end(), - AceDB::BaseAttribute::UnaryPredicate(&(*condIt))); - if (attr == attrSet->end()) { - LogError("Couldn't find required attribute. This should not happen"); - Assert( - false && - "Couldn't find attribute required in condition. This should not happen" - "This means that some attributes has not been obtained from PIP"); - //Return undetermined here because it seems one of the attributes is unknown/undetermined - isFinalMatch = true; - match = Attribute::MatchResult::MRUndetermined; - break; - } - - match = condIt->matchAttributes(&(*(*attr))); - if ((match == Attribute::MatchResult::MRFalse) && isAndCondition()) { - //FALSE match found in AND condition - isFinalMatch = true; - break; - } else if ((match == Attribute::MatchResult::MRTrue) && isOrCondition()) { - //TRUE match found in OR condition - isFinalMatch = true; - break; - } else if (match == Attribute::MatchResult::MRUndetermined) { - //Just mark that there was undetermined value found - undeterminedMatchFound = true; - } - ++condIt; - } - - return match; -} - -Attribute::MatchResult Condition::evaluateChildConditions( - const AttributeSet * attrSet, - bool& isFinalMatch, - bool & undefinedMatchFound) const -{ - Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined; - - std::list::const_iterator it = conditions.begin(); - while (it != conditions.end()) { - match = it->evaluateCondition(attrSet); - - if ((match == Attribute::MatchResult::MRFalse) && isAndCondition()) { - //FALSE match found in AND condition - LogDebug("Child conditions results MRFalse)"); - isFinalMatch = true; - break; - } else if ((match == Attribute::MatchResult::MRTrue) && isOrCondition()) { - //TRUE match found in OR condition - LogDebug("Child conditions result MRTrue"); - isFinalMatch = true; - break; - } else if (match == Attribute::MatchResult::MRUndetermined) { - undefinedMatchFound = true; - } - ++it; - } - - return match; -} - -void Condition::getAttributes(AttributeSet * attrSet) -{ - //Get attributes from current condition - FOREACH (it, attributes) - { - AceDB::BaseAttributePtr attr(new Attribute(it->getName(), it->getMatchFunction(), it->getType())); - attrSet->insert(attr); - } - //Get attributes from any child conditions - FOREACH (it, conditions) - { - it->getAttributes(attrSet); - } -} - diff --git a/ace/engine/ConfigurationManager.cpp b/ace/engine/ConfigurationManager.cpp deleted file mode 100644 index f1edffb..0000000 --- a/ace/engine/ConfigurationManager.cpp +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace std; - -namespace { -const string currentXMLSchema("bondixml.xsd"); -} - -ConfigurationManager * ConfigurationManager::instance = NULL; - - -string ConfigurationManager::getCurrentPolicyFile(void) const -{ - LogError("ConfigurationManager::getCurrentPolicyFile is DEPRECATED"); - return ""; -} - -string ConfigurationManager::getFullPathToCurrentPolicyFile(void) const -{ - LogError("ConfigurationManager::getFullPathToCurrentPolicyFile" - "is DEPRECATED"); - return ""; -} - -string ConfigurationManager::getFullPathToCurrentPolicyXMLSchema(void) const -{ - LogError("ConfigurationManager::getFullPathToCurrentPolicyXMLSchema" - "is DEPRECATED"); - return ""; -} - -int ConfigurationManager::addPolicyFile(const string &) -{ - LogError("ConfigurationManager::addPolicyFile is DEPRECATED"); - return CM_GENERAL_ERROR; -} - -int ConfigurationManager::removePolicyFile(const string&) -{ - LogError("ConfigurationManager::removePolicyFile is DEPRECATED"); - return CM_GENERAL_ERROR; -} - -int ConfigurationManager::changeCurrentPolicyFile(const string&) -{ - LogError("ConfigurationManager::changeCurrentPolicyFile is DEPRECATED"); - return CM_GENERAL_ERROR; -} - -string ConfigurationManager::extractFilename(const string&) const -{ - LogError("ConfigurationManager::extractFilename is DEPRECATED"); - return ""; -} - - -int ConfigurationManager::parse(const string&) -{ - LogError("ConfigurationManager::parse is DEPRECATED"); - return CM_GENERAL_ERROR; -} - -bool ConfigurationManager::copyFile(FILE*, FILE*, int) const -{ - LogError("ConfigurationManager::copyFile is DEPRECATED"); - return false; -} - -bool ConfigurationManager::checkIfFileExistst(const string&) const -{ - LogError("ConfigurationManager::checkIfFileExistst is DEPRECATED"); - return false; -} - -const list & ConfigurationManager::getPolicyFiles() const -{ - LogError("ConfigurationManager::getPolicyFiles is DEPRECATED"); - static list aList; - return aList; -} - -const string & ConfigurationManager::getConfigFile() const -{ - LogError("ConfigurationManager::getConfigFile is DEPRECATED"); - static string returnString(""); - return returnString; -} - -string ConfigurationManager::getFullPathToPolicyFile(PolicyType policy) const -{ - string storagePath = getStoragePath(); - string fileName; - - switch (policy) { - case PolicyType::WAC2_0: { - fileName = ACE_WAC_POLICY_FILE_NAME; - break; } - case PolicyType::Tizen: { - fileName = ACE_TIZEN_POLICY_FILE_NAME; - break; } - default: { - LogError("Invalid policy file requested"); - return ""; } - } - - return storagePath + fileName; -} - -string ConfigurationManager::getFullPathToPolicyXMLSchema() const -{ - string storagePath = getStoragePath(); - if (*(storagePath.rbegin()) == '/') - { - return storagePath + currentXMLSchema; - } - return storagePath + "/" + currentXMLSchema; -} - -string ConfigurationManager::getStoragePath(void) const -{ - return ACE_MAIN_STORAGE; -} diff --git a/ace/engine/Policy.cpp b/ace/engine/Policy.cpp deleted file mode 100644 index 7443090..0000000 --- a/ace/engine/Policy.cpp +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : Policy.cpp -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#include - -Policy::~Policy() -{ - for (std::list::iterator it = subjects->begin(); - it != subjects->end(); - ++it) { - delete *it; - } - delete subjects; -} - -void Policy::printData() -{ - std::string subject; - if (subjects != NULL && subjects->size()) { - subject = (subjects->front())->getSubjectId(); - } - std::string algorithm = printCombineAlgorithm(this->combineAlgorithm); - - std::cout << "subject: " << subject << " algorithm: " << algorithm << - std::endl; -} - -std::string Policy::printCombineAlgorithm(CombineAlgorithm algorithm) -{ - switch (algorithm) { - case DenyOverride: - return "DenyOverride"; - case PermitOverride: - return "PermitOverride"; - case FirstApplicable: - return "FirstApplicable"; - case FirstTargetMatching: - return "FirstTargetMatching"; - default: - return "ERROR: Wrong Algorithm"; - } -} - -const char * toString(Policy::CombineAlgorithm algorithm) -{ - switch (algorithm) { - case Policy::DenyOverride: - return "DenyOverride"; - case Policy::PermitOverride: - return "PermitOverride"; - case Policy::FirstApplicable: - return "FirstApplicable"; - case Policy::FirstTargetMatching: - return "FirstTargetMatching"; - default: - return "ERROR: Wrong Algorithm"; - } -} diff --git a/ace/engine/PolicyEnforcementPoint.cpp b/ace/engine/PolicyEnforcementPoint.cpp deleted file mode 100644 index 1db8488..0000000 --- a/ace/engine/PolicyEnforcementPoint.cpp +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file security_logic.cpp - * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) - * @author Ming Jin(ming79.jin@samsung.com) - * @version 1.0 - * @brief Implementation file for security logic - */ -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include -#include -#include - -PolicyEnforcementPoint::PolicyEnforcementPoint() : - m_wrt(0), - m_res(0), - m_sys(0), - m_pdp(0), - m_pip(0) -{} - -void PolicyEnforcementPoint::terminate() -{ - LogInfo("PolicyEnforcementPoint is being deinitialized."); - - delete m_sys; - delete m_res; - delete m_wrt; - delete m_pdp; - delete m_pip; - m_sys = 0; - m_res = 0; - m_wrt = 0; - m_pdp = 0; - m_pip = 0; -} - -PolicyEnforcementPoint::~PolicyEnforcementPoint() -{ - Assert((m_sys == 0) && "You must run " - "PolicyEnforcementPoint::Deinitialize before exit program!"); -} - -void PolicyEnforcementPoint::initialize( - IWebRuntime *wrt, - IResourceInformation *resource, - IOperationSystem *operation) -{ - if (m_wrt) { - ThrowMsg(PEPException::AlreadyInitialized, - "Policy Enforcement Point is already initialzed"); - } - - m_wrt = wrt; - m_res = resource; - m_sys = operation; - - if (this->m_pip != NULL) { - this->m_pip->update(m_wrt, m_res, m_sys); - return; - } - - this->m_pip = new PolicyInformationPoint(wrt, m_res, m_sys); - this->m_pdp = new PolicyEvaluator(m_pip); - - if (!this->m_pdp->initPDP()) { - Assert(0); - } -} - -ExtendedPolicyResult PolicyEnforcementPoint::check(Request &request) -{ - return m_pdp->getPolicyForRequest(request); -} - -void PolicyEnforcementPoint::updatePolicy(const std::string &policy) -{ - LogDebug("ACE updatePolicy: " << policy); - int errorCode = 0; - - if (m_pdp == NULL) { - LogError("Evaluator not set. Ignoring message."); - Assert(false && "UpdateClient error on receiving event"); - } else { - LogDebug("Emitting update signal."); - errorCode = m_pdp->updatePolicy(policy.c_str()); - } - - LogDebug("Sending reponse: " << errorCode); -} - -void PolicyEnforcementPoint::updatePolicy() -{ - LogDebug("ACE updatePolicy"); - if (m_pdp == NULL) { - LogError("Evaluator not set. Ignoring message."); - } else { - m_pdp->updatePolicy(); - } -} - -OptionalExtendedPolicyResult PolicyEnforcementPoint::checkFromCache(Request &request) -{ - return m_pdp->getPolicyForRequestFromCache(request); -} - -OptionalExtendedPolicyResult PolicyEnforcementPoint::check(Request &request, - bool fromCacheOnly) -{ - return m_pdp->getPolicyForRequest(request, fromCacheOnly); -} diff --git a/ace/engine/PolicyEvaluator.cpp b/ace/engine/PolicyEvaluator.cpp deleted file mode 100644 index 73d2f6e..0000000 --- a/ace/engine/PolicyEvaluator.cpp +++ /dev/null @@ -1,544 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : PolicyEvaluator.cpp -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -using namespace AceDB; - -PolicyEvaluator::~PolicyEvaluator() -{ - delete m_combiner; -} - -PolicyEvaluator::PolicyEvaluator(PolicyInformationPoint * pip) : - m_uniform_policy(NULL), - m_wac_policy(NULL), - m_tizen_policy(NULL), - m_policy_to_use(PolicyType::WAC2_0), - m_combiner(new CombinerImpl()), - m_verdictListener(NULL), - m_pip(pip) -{} - -bool PolicyEvaluator::initPDP() -{ - updatePolicy(); - // TODO change return value someday to void? - return true; -} - -bool PolicyEvaluator::fillAttributeWithPolicy() -{ - if (m_attributeSet.empty()) { - if (!extractAttributes(m_uniform_policy)) { - LogInfo("Warning attribute set cannot be extracted. " - "Returning Deny"); - return false; - } - // Adding widget type attribute to distinguish WAC/Tizen widgets - /** - * This special attribute of WidgetParam type is handled - * in PolicyInformationPoint, it is based on WidgetType - * fron WRT database. - * - * It is needed to distinguish cached policy results and cached prompt - * responses for different policies (WAC/Tizen/any possible - * other in the future). - */ - AceDB::BaseAttributePtr attribute(new AceDB::BaseAttribute()); - attribute->setName(POLICY_WIDGET_TYPE_ATTRIBUTE_NAME); - attribute->setType(AceDB::BaseAttribute::Type::WidgetParam); - m_attributeSet.insert(attribute); - AceDAO::addAttributes(m_attributeSet); - } else { - LogDebug("Required attribute set already loaded"); - } - return true; -} - -PolicyResult PolicyEvaluator::effectToPolicyResult(Effect effect) -{ - if (Effect::Deny == effect) { - return PolicyEffect::DENY; - } - if (Effect::Undetermined == effect) { - return PolicyResult::Value::UNDETERMINED; - } - if (Effect::PromptOneShot == effect) { - return PolicyEffect::PROMPT_ONESHOT; - } - if (Effect::PromptSession == effect) { - return PolicyEffect::PROMPT_SESSION; - } - if (Effect::PromptBlanket == effect) { - return PolicyEffect::PROMPT_BLANKET; - } - if (Effect::Permit == effect) { - return PolicyEffect::PERMIT; - } - if (Effect::Inapplicable == effect) { - return PolicyDecision::Value::NOT_APPLICABLE; - } - return PolicyEffect::DENY; -} - -OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequestInternal( - bool fromCacheOnly) -{ - //ADD_PROFILING_POINT("Search cached verdict in database", "start"); - - OptionalExtendedPolicyResult result = AceDAO::getPolicyResult(m_attributeSet); - - //ADD_PROFILING_POINT("Search cached verdict in database", "stop"); - - if (fromCacheOnly || !result.IsNull()) { - return result; - } - - //ADD_PROFILING_POINT("EvaluatePolicy", "start"); - - ExtendedEffect policyEffect = evaluatePolicies(getCurrentPolicyTree()); - - //ADD_PROFILING_POINT("EvaluatePolicy", "stop"); - - LogDebug("Policy effect is: " << toString(policyEffect.getEffect())); - - ExtendedPolicyResult exResult( - effectToPolicyResult(policyEffect.getEffect()), - policyEffect.getRuleId()); - - AceDAO::setPolicyResult(this->m_attributeSet, exResult); - return OptionalExtendedPolicyResult(exResult); -} - -// +----------------+---------+---------+------+--------+ -// |\User setting | PERMIT | PROMPT* | DENY | DEF | -// | \ | | | | | -// |Policy result\ | | | | | -// |----------------+---------+---------+------+--------+ -// |PERMIT | PERMIT | PROMPT* | DENY | PERMIT | -// |----------------+---------+---------+------+--------+ -// |PROMPT* | PROMPT* | PR MIN | DENY | PROMPT*| -// |----------------+---------+---------+------+--------+ -// |DENY | DENY | DENY | DENY | DENY | -// |----------------+---------+---------+------+--------+ -// |UNDETERMIND | UNDET | UNDET | DENY | UNDET | -// |----------------+---------+---------+------+--------+ -// |NOT_AP | PEMIT | PROMPT* | DENY | NOT_AP | -// +----------------+---------+---------+------+--------+ - -static PolicyResult getMostRestrict( - PreferenceTypes globalPreference, - const PolicyResult &policyResult) -{ - if (globalPreference == PreferenceTypes::PREFERENCE_PERMIT - && policyResult == PolicyEffect::PERMIT) { - return PolicyEffect::PERMIT; - } - - if (globalPreference == PreferenceTypes::PREFERENCE_DENY - || policyResult == PolicyEffect::DENY) { - return PolicyEffect::DENY; - } - - if (policyResult == PolicyResult::UNDETERMINED) { - return PolicyResult::UNDETERMINED; - } - - if (globalPreference == PreferenceTypes::PREFERENCE_DEFAULT) { - return policyResult; - } - - if (globalPreference == PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT - || policyResult == PolicyEffect::PROMPT_ONESHOT) { - return PolicyEffect::PROMPT_ONESHOT; - } - - if (globalPreference == PreferenceTypes::PREFERENCE_SESSION_PROMPT - || policyResult == PolicyEffect::PROMPT_SESSION) { - return PolicyEffect::PROMPT_SESSION; - } - - if (globalPreference == PreferenceTypes::PREFERENCE_BLANKET_PROMPT - || policyResult == PolicyEffect::PROMPT_BLANKET) { - return PolicyEffect::PROMPT_BLANKET; - } - - return PolicyEffect::PERMIT; -} - -OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequestFromCache( - const Request &request) -{ - return getPolicyForRequest(request, true); -} - -ExtendedPolicyResult PolicyEvaluator::getPolicyForRequest(const Request &request) -{ - auto result = this->getPolicyForRequest(request, false); - Assert(!result.IsNull() - && "Policy always has to be evaluated to valid state"); - return *result; -} - -OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequest( - const Request &request, - bool fromCacheOnly) -{ - //ADD_PROFILING_POINT("getPolicyForRequest", "start"); - m_attributeSet.clear(); - - switch (request.getAppType()) { - case Request::APP_TYPE_TIZEN: - m_policy_to_use = PolicyType::Tizen; - LogDebug("==== Using Tizen policy ===="); - break; - case Request::APP_TYPE_WAC20: - m_policy_to_use = PolicyType::WAC2_0; - LogDebug("==== Using WAC policy ===="); - break; - default: - LogError("Unsupported(unknown) widget type. Access denied."); - return OptionalExtendedPolicyResult( - ExtendedPolicyResult(PolicyEffect::DENY)); - } - - try { - // Check which attributes should be used - // memory alocated, free in destructor - //ADD_PROFILING_POINT("getAttributes", "start"); - AceDB::AceDAO::getAttributes(&m_attributeSet); - //ADD_PROFILING_POINT("getAttributes", "stop"); - - // If attributes can't be resolved then check the policy - if (!fillAttributeWithPolicy()) { - //ADD_PROFILING_POINT("getPolicyForRequest", "stop"); - return OptionalExtendedPolicyResult( - ExtendedPolicyResult(PolicyEffect::DENY)); - } - - //ADD_PROFILING_POINT("getAttributesValues", "start"); - m_pip->getAttributesValues(&request, &m_attributeSet); - //ADD_PROFILING_POINT("getAttributesValues", "stop"); - LogDebug("==== Attributes set by PIP ===="); - printAttributes(m_attributeSet); - LogDebug("==== End of attributes set by PIP ===="); - - OptionalExtendedPolicyResult policyResult = getPolicyForRequestInternal( - fromCacheOnly); - - if (policyResult.IsNull()) { - if (!fromCacheOnly) { - LogError("Policy evaluated to NULL value"); - Assert(false && "Policy evaluated to NULL value"); - } - return OptionalExtendedPolicyResult::Null; - } - LogDebug("==== getPolicyForRequestInternal result (PolicyResult): " - << policyResult->policyResult << "====="); - - PreferenceTypes globalPreference = - SettingsLogic::findGlobalUserSettings(request); - - auto ret = getMostRestrict(globalPreference, policyResult->policyResult); - //ADD_PROFILING_POINT("getPolicyForRequest", "stop"); - return OptionalExtendedPolicyResult( - ExtendedPolicyResult(ret, policyResult->ruleId)); - - } catch (AceDB::AceDAO::Exception::DatabaseError &e) { - LogError("Database error"); - DPL::Exception::DisplayKnownException(e); - //ADD_PROFILING_POINT("getPolicyForRequest", "stop"); - return OptionalExtendedPolicyResult( - ExtendedPolicyResult(PolicyEffect::DENY)); - } -} - -bool PolicyEvaluator::extractAttributes(TreeNode* policyTree) -{ - if (NULL == policyTree) { - return false; - } - - //We check if root target matches. In general the root's target should - //be empty. Otherwise it would have to have all the subjects available - //specified but just to be on the safe side (and for tests) this checking - const Policy * policy = - dynamic_cast(policyTree->getElement()); - Assert(policy != NULL - && "Policy element has been null while attribute extracting"); - - extractTargetAttributes(policy); - extractAttributesFromSubtree(policyTree); //Enter recursion - - return true; -} - -void PolicyEvaluator::extractTargetAttributes(const Policy *policy) -{ - std::list::const_iterator it = - policy->getSubjects()->begin(); - for (; it != policy->getSubjects()->end(); ++it) { - const std::list & attrList = (*it)->getTargetAttributes(); - FOREACH(it2, attrList) - { - BaseAttributePtr attr( - new Attribute((*it2).getName(), (*it2).getMatchFunction(), - (*it2).getType())); - m_attributeSet.insert(attr); - } - } -} - -TreeNode * PolicyEvaluator::getCurrentPolicyTree() -{ - TreeNode * currentPolicy = NULL; - switch (m_policy_to_use) { - case PolicyType::Tizen: { - currentPolicy = m_tizen_policy; - break;} - case PolicyType::WAC2_0: { - currentPolicy = m_wac_policy; - break;} - default: { - LogError("Invalid policy type to use");} - } - return currentPolicy; -} - -/** - * - * @param *root - the root of the original (full) subtree of politics - * @param *newRoot - the pointer to the root of the copy (reduced) subtree of politics - */ -void PolicyEvaluator::extractAttributesFromSubtree(const TreeNode *root) -{ - const ChildrenSet & children = root->getChildrenSet(); - - for (std::list::const_iterator it = children.begin(); - it != children.end(); ++it) { - TreeNode * node = *it; - if (node->getTypeID() != TreeNode::Policy - && node->getTypeID() != TreeNode::PolicySet) { - //It is not a policy so we may be sure that we have already - //checked that SubjectId matches - //Add new node to new tree and extract attributes - - extractAttributesFromRules(node); - } else { //TreeNode is a Policy or PolicySet - const Policy * policy = - dynamic_cast(node->getElement()); - //We will be needing also the attributes from target - if (policy) { - extractTargetAttributes(policy); - } else { - LogError(" extractAttributesFromSubtree policy=NULL"); - } - //Enter recursion - extractAttributesFromSubtree(node); - } - } -} - -bool PolicyEvaluator::extractAttributesFromRules(const TreeNode *root) -{ - Assert(root->getTypeID() == TreeNode::Rule - && "Tree structure, extracting attributes from node that is not a rule"); - Rule * rule = dynamic_cast(root->getElement());Assert - (rule != NULL); - //Get attributes from rule - rule->getAttributes(&m_attributeSet); - - //[CR] consider returned value, because its added only to eliminate errors - return true; -} - -ExtendedEffect PolicyEvaluator::evaluatePolicies(const TreeNode * root) -{ - if (root == NULL) { - LogInfo("Error: policy tree doesn't exist. " - "Probably xml file is missing"); - return Deny; - } - - if (m_attributeSet.empty()) { - LogInfo("Warning: evaluatePolicies: attribute set was empty"); - } - m_combiner->setAttributeSet(&m_attributeSet); - return m_combiner->combinePolicies(root); -} - - -int PolicyEvaluator::updatePolicy(const char* newPolicy) -{ - LogError("PolicyEvaluator::updatePolicy is DEPRECATED"); - ConfigurationManager* configMgr = ConfigurationManager::getInstance(); - if (NULL == configMgr) { - LogError("ACE fatal error: failed to create configuration manager"); - return POLICY_PARSING_ERROR; - } - int result = POLICY_PARSING_SUCCESS; - if (newPolicy == NULL) { - LogError("Policy Update: incorrect policy name"); - return POLICY_FILE_ERROR; - } - LogDebug("Starting update policy: " << newPolicy); - - Parser parser; - TreeNode *backup = m_uniform_policy; - - m_uniform_policy = parser.parse(newPolicy, - configMgr->getFullPathToPolicyXMLSchema()); - - if (NULL == m_uniform_policy) { - m_uniform_policy = backup; - LogError("Policy Update: corrupted policy file"); - result = POLICY_PARSING_ERROR; - } else { - m_currentPolicyFile = newPolicy; - m_wac_policy = m_uniform_policy; //we must be able to use WAC widgets - m_tizen_policy = m_uniform_policy;//we must be able to use Tizen widgets - m_attributeSet.clear(); - backup->releaseResources(); - LogInfo("Policy Update: successful."); - try { - AceDAO::resetDatabase(); // TODO: this is strange, but this - // method is deprecated so not changing - // it (will disappear with entire method) - } catch (AceDAO::Exception::DatabaseError &e) { - } - } - return result; -} - -TreeNode * PolicyEvaluator::getDefaultSafePolicyTree(void) -{ - Policy * policy = new Policy; - Rule * rule = new Rule; - TreeNode * mainTree = NULL, - * childTree = NULL; - - policy->setCombineAlgorithm(Policy::CombineAlgorithm::DenyOverride); - rule->setEffect(Deny); - - mainTree = new TreeNode(m_uniform_policy, TreeNode::Policy, policy); - childTree = new TreeNode(mainTree, TreeNode::Rule, rule); - mainTree->addChild(childTree); - - LogError("Loading default safe policy tree"); - return mainTree; -} - -void PolicyEvaluator::updatePolicy() -{ - ConfigurationManager *configMgr = ConfigurationManager::getInstance(); - Assert(NULL != configMgr && "ACE fatal error: failed to " - "create configuration manager"); - AceDAO::clearPolicyCache(); - if (NULL != m_uniform_policy) { - m_uniform_policy->releaseResources(); - } - Parser parserWac, parserTizen; - m_wac_policy = parserWac.parse( - configMgr->getFullPathToPolicyFile(PolicyType::WAC2_0), - configMgr->getFullPathToPolicyXMLSchema()); - if (NULL == m_wac_policy) { - LogError("ACE fatal error: cannot parse XML file (WAC policy)"); - m_wac_policy = getDefaultSafePolicyTree(); - } - m_tizen_policy = parserTizen.parse( - configMgr->getFullPathToPolicyFile(PolicyType::Tizen), - configMgr->getFullPathToPolicyXMLSchema()); - if (NULL == m_tizen_policy) { - LogError("ACE fatal error: cannot parse XML file (Tizen policy)"); - m_tizen_policy = getDefaultSafePolicyTree(); - } - // Policy set is usefull for releasing all policies in case of - // policy change - Policy * policySet = new PolicySet(); - policySet->setCombineAlgorithm(Policy::CombineAlgorithm::DenyOverride); - m_uniform_policy = new TreeNode(NULL, TreeNode::PolicySet, policySet); - m_uniform_policy->addChild(m_wac_policy); - m_uniform_policy->addChild(m_tizen_policy); - - // Creating attribute set for the first time after loading policy - // to speed up queries - m_attributeSet.clear(); - fillAttributeWithPolicy(); -} - -std::string PolicyEvaluator::getCurrentPolicy() -{ - LogError("PolicyEvaluator::getCurrentPolicy is DEPRECATED"); - return m_currentPolicyFile; -} - -const char * toString(Validity validity) -{ - switch (validity) { - case Validity::ONCE: - return "Once"; - break; - case Validity::SESSION: - return "Session"; - case Validity::ALWAYS: - return "Always"; - default: - return "WRONG VALIDITY"; - } -} - -const char * toString(Verdict verdict) -{ - switch (verdict) { - case Verdict::VERDICT_PERMIT: - return "Permit"; - case Verdict::VERDICT_DENY: - return "Deny"; - case Verdict::VERDICT_INAPPLICABLE: - return "Inapplicable"; - case Verdict::VERDICT_UNKNOWN: - return "Unknown"; - case Verdict::VERDICT_UNDETERMINED: - return "Undetermined"; - case Verdict::VERDICT_ERROR: - return "Error"; - case Verdict::VERDICT_ASYNC: - return "Async"; - default: - return "Wrong verdict value"; - } -} diff --git a/ace/engine/PolicyInformationPoint.cpp b/ace/engine/PolicyInformationPoint.cpp deleted file mode 100644 index b273809..0000000 --- a/ace/engine/PolicyInformationPoint.cpp +++ /dev/null @@ -1,278 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// -// @ Project : Access Control Engine -// @ File Name : PolicyInformationPoint.cpp -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// -#include -#include -#include - -#include -#include - -#include -#include -#include - -#include -#include -#include - -using namespace AceDB; - -PolicyInformationPoint::PolicyInformationPoint(IWebRuntime *wrt, - IResourceInformation *resource, - IOperationSystem *system) : wrtInterface(wrt), - resourceInformation(resource), - operationSystem(system) -{ - AceDB::AceDAOReadOnly::attachToThreadRO(); -} - -PolicyInformationPoint::~PolicyInformationPoint() -{ - AceDB::AceDAOReadOnly::detachFromThread(); -} - -/* gather attributes values from adequate interfaces */ -PipResponse PolicyInformationPoint::getAttributesValues(const Request* request, - AttributeSet* attributes) -{ - int subjectReturn = 0; - int resourceReturn = 0; - int operationReturn = 0; - int functionReturn = 0; - /* create query lists */ - createQueries(attributes); - - /* check if subject attributes query has any elements*/ - if (!subjectAttributesQuery.empty()) { - /* get Subject Attributes */ - subjectReturn = wrtInterface->getAttributesValues( - *request, - &subjectAttributesQuery); - } - - AttributeSet::const_iterator iter2; - FOREACH(iter, subjectAttributesQuery) - { - if (iter->second == NULL) { - Attribute attr(*(iter->first)); - attr.setType(Attribute::Type::Subject); - iter2 = std::find_if(attributes->begin(), - attributes->end(), - BaseAttribute::UnaryPredicate(&attr)); - Assert(iter2 != attributes->end() && "This should not happen, " - "the attribute MUST be in attribute set"); - (*iter2)->setUndetermind(true); - } - } - - /* check if resource attributes query has any elements*/ - if (!resourceAttributesQuery.empty()) { - /* get Resource Attributes */ - resourceReturn = resourceInformation->getAttributesValues( - *request, - &resourceAttributesQuery); - /* error analyzys*/ - resourceReturn <<= ERROR_SHIFT_RESOURCE; - } - - FOREACH(iter, resourceAttributesQuery) - { - if (iter->second == NULL) { - LogInfo("Found undetermined attribute"); - Attribute attr(*(iter->first)); - attr.setType(Attribute::Type::Resource); - iter2 = std::find_if(attributes->begin(), - attributes->end(), - BaseAttribute::UnaryPredicate(&attr)); - Assert(iter2 != attributes->end() && "This should not happen, " - "the attribute MUST be in attribute set"); - (*iter2)->setUndetermind(true); - } - } - - /* check if resource attributes query has any elements*/ - if (!environmentAttributesQuery.empty()) { - /* get enviroment attributes */ - operationReturn = operationSystem->getAttributesValues( - *request, - &environmentAttributesQuery); - /* error analyzys*/ - operationReturn <<= ERROR_SHIFT_OS; - } - - FOREACH(iter, environmentAttributesQuery) - { - if (iter->second == NULL) { - //it doesnt change uniqueness of a set element so we can const_cast - Attribute attr(*(iter->first)); - attr.setType(Attribute::Type::Environment); - iter2 = find_if(attributes->begin(), - attributes->end(), - BaseAttribute::UnaryPredicate(&attr)); - Assert(iter2 != attributes->end() && "This should not happen, " - "the attribute MUST be in attribute set"); - (*iter2)->setUndetermind(true); - } - } - - /* check if functionParam attributes query has any elements*/ - if (!functionParamAttributesQuery.empty() && request->getFunctionParam()) { - /* get params attributes */ - functionReturn = request->getFunctionParam()->getAttributesValues( - *request, - &functionParamAttributesQuery); - /* error analyzys*/ - functionReturn <<= ERROR_SHIFT_FP; - } - - FOREACH(iter, functionParamAttributesQuery) - { - if (iter->second == NULL) { - //it doesnt change uniqueness of a set element so we can const_cast - Attribute attr(*(iter->first)); - attr.setType(Attribute::Type::FunctionParam); - iter2 = find_if(attributes->begin(), - attributes->end(), - BaseAttribute::UnaryPredicate(&attr)); - Assert(iter2 != attributes->end() && "This should not happen, " - "the attribute MUST be in attribute set"); - (*iter2)->setUndetermind(true); - } - } - - // Here we must add to attributes proper marking of policy type - // (Tizen or WAC widget) - /** - * This part of code seems odd here, but we don't want to keep it in - * attribute fascade, as it is maintained by ACE clients and we are not - * sure if this kind of distinction between different policies will be ok - * as final solution. - * - * This is somehow private part of ACE, so it may be moved into - * separate ACEAttributeFascade kind of a class in (already planned) - * refactoring, when moving to new, C-only API for ACE. - */ - if (widgetParamAttributesQuery.empty()) { - LogError("No attrbutes of WidgetParam type present - " - "should be widget type at least"); - } else { - LogDebug("WidgetParam type atributes present, searching for widget type"); - FOREACH(iter, widgetParamAttributesQuery) { - const std::string *name = iter->first; - if (POLICY_WIDGET_TYPE_ATTRIBUTE_NAME == *name) { - LogDebug("Widget type attribute found"); - - // Extracting widget type - std::list attrValue; - Try { - AceDB::AppTypes appType = - AceDB::AceDAOReadOnly::getWidgetType( - request->getWidgetHandle()); - switch (appType) { - case AceDB::AppTypes::Tizen : { - attrValue.push_back(POLICY_NAME_TIZEN); - LogDebug("==== Using Tizen policy in PIP ===="); - break;} - case AceDB::AppTypes::WAC20 : { - attrValue.push_back(POLICY_NAME_WAC2_0); - LogDebug("==== Using WAC policy in PIP ===="); - break;} - default: { - LogError("Invalid widget type"); - } - } - } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) - { - LogError("Couldn't find widget for handle " - << request->getWidgetHandle()); - } - - // Setting real attribute value - Attribute attr(*(iter->first)); - attr.setType(Attribute::Type::WidgetParam); - iter2 = find_if(attributes->begin(), - attributes->end(), - BaseAttribute::UnaryPredicate(&attr)); - Assert(iter2 != attributes->end() && "This should not happen, " - "the attribute MUST be in attribute set"); - (*iter2)->setUndetermind(false); - (*iter2)->setValue(attrValue); - } - } - } - - /** clear query lists*/ - resourceAttributesQuery.clear(); - environmentAttributesQuery.clear(); - subjectAttributesQuery.clear(); - functionParamAttributesQuery.clear(); - widgetParamAttributesQuery.clear(); - - return subjectReturn | resourceReturn | operationReturn | functionReturn; -} - -/** create query lists */ -void PolicyInformationPoint::createQueries(AttributeSet* attributes) -{ - AttributeSet::const_iterator it; - - enum Attribute::Type type; - - /**iterate all attributes and split them into adequate query */ - FOREACH (it, *attributes) { - type = (*it)->getType(); - - switch (type) { - case Attribute::Type::Subject: - subjectAttributesQuery.push_back(ATTRIBUTE((*it)->getName(), - (*it)->getValue())); - break; - - case Attribute::Type::Environment: - environmentAttributesQuery.push_back(ATTRIBUTE((*it)->getName(), - (*it)->getValue())); - break; - - case Attribute::Type::Resource: - resourceAttributesQuery.push_back(ATTRIBUTE((*it)->getName(), - (*it)->getValue())); - break; - - case Attribute::Type::FunctionParam: - functionParamAttributesQuery.push_back(ATTRIBUTE((*it)->getName(), - (*it)->getValue())); - break; - - case Attribute::Type::WidgetParam: - widgetParamAttributesQuery.push_back(ATTRIBUTE((*it)->getName(), - (*it)->getValue())); - break; - default: - break; - } - } -} - diff --git a/ace/engine/Rule.cpp b/ace/engine/Rule.cpp deleted file mode 100644 index c1703bb..0000000 --- a/ace/engine/Rule.cpp +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : Rule.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#include -#include - -#include - -void Rule::printData() -{ - std::cout << "Rule: effect: " << printEffect(this->effect) << - " condition: " << this->condition; -} - -std::string Rule::printEffect(const ExtendedEffect &effect) const -{ - switch (effect.getEffect()) { - case Deny: - return "Deny"; - case PromptBlanket: - return "PromptBlanket"; - case PromptOneShot: - return "PromptOneShot"; - case PromptSession: - return "PromptSession"; - case Permit: - return "Permit"; - case Inapplicable: - return "Inapplicable"; - case Error: - return "Error"; - default: - return "ERROR"; - } -} - -ExtendedEffect Rule::evaluateRule(const AttributeSet * attrSet) const -{ - Attribute::MatchResult result = condition.evaluateCondition(attrSet); - - if (result == Attribute::MatchResult::MRUndetermined) { - // LogInfo("Rule is undetermined"); - return ExtendedEffect(Undetermined); - } else if (result == Attribute::MatchResult::MRTrue) { - // LogInfo("Rule effect "< - -#include -#include - -#include - -using namespace AceDB; - -Preference SettingsLogic::findGlobalUserSettings( - const std::string &resource, - WidgetHandle handler) -{ - Preference p = AceDAO::getWidgetDevCapSetting(resource, handler); - if (PreferenceTypes::PREFERENCE_DEFAULT == p) { - return AceDAO::getDevCapSetting(resource); - } else { - return p; - } -} - -Preference SettingsLogic::findGlobalUserSettings( - const Request &request) -{ - Request::DeviceCapabilitySet devset = request.getDeviceCapabilitySet(); - Assert(!devset.empty() && "No device cap set in request"); - return findGlobalUserSettings( - *(devset.begin()), - request.getWidgetHandle()); -} - -Preference SettingsLogic::getDevCapSetting(const std::string &resource) -{ - return AceDAO::getDevCapSetting(resource); -} - -void SettingsLogic::getDevCapSettings(PreferenceMap *globalSettingsMap) -{ - AceDAO::getDevCapSettings(globalSettingsMap); // NULL check inside -} - - -void SettingsLogic::setDevCapSetting(const std::string &resource, - Preference preference) -{ - if (resource.empty()) { - LogInfo("WARNING: setting resource settings for empty resource name"); - } - - AceDAO::addResource(resource); - - if (preference == PreferenceTypes::PREFERENCE_DEFAULT) { - return; - } - - Assert((PreferenceTypes::PREFERENCE_PERMIT == preference || - PreferenceTypes::PREFERENCE_DENY == preference || - PreferenceTypes::PREFERENCE_BLANKET_PROMPT == preference || - PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT == preference || - PreferenceTypes::PREFERENCE_SESSION_PROMPT == preference)); - - AceDAO::setDevCapSetting(resource,preference); -} - -void SettingsLogic::setAllDevCapSettings( - const std::list < std::pair < const std::string*, - Preference > > &resourcesList) -{ - std::list < std::pair < const std::string*, - Preference > >::const_iterator iter; - for (iter = resourcesList.begin(); iter != resourcesList.end(); ++iter) { - SettingsLogic::setDevCapSetting(*(iter->first), iter->second); - } -} - -void SettingsLogic::removeDevCapSetting(const std::string &resource) -{ - AceDAO::removeDevCapSetting(resource); -} - -void SettingsLogic::updateDevCapSetting(const std::string &resource, - Preference p) -{ - if (PreferenceTypes::PREFERENCE_DEFAULT == p) { - SettingsLogic::removeDevCapSetting(resource); - } else { - SettingsLogic::setDevCapSetting(resource, p); - } -} - -Preference SettingsLogic::getWidgetDevCapSetting( - const std::string &resource, - WidgetHandle handler) -{ - return AceDAO::getWidgetDevCapSetting(resource, handler); -} - -void SettingsLogic::getWidgetDevCapSettings(PermissionList *outputList) -{ - AceDAO::getWidgetDevCapSettings(outputList); // NULL check inside -} - - -void SettingsLogic::setWidgetDevCapSetting( - const std::string &resource, - WidgetHandle handler, - Preference preference) -{ - if (resource.empty()) { - LogError("Empty resource"); - return; - } - - LogDebug("userSetting, resource: " << resource << - " app_id: " << handler); - - AceDAO::addResource(resource); - SettingsLogic::removeWidgetDevCapSetting(resource, handler); - - if (PreferenceTypes::PREFERENCE_DEFAULT == preference) { - return; - } - - Assert((PreferenceTypes::PREFERENCE_PERMIT == preference || - PreferenceTypes::PREFERENCE_DENY == preference || - PreferenceTypes::PREFERENCE_BLANKET_PROMPT == preference || - PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT == preference || - PreferenceTypes::PREFERENCE_SESSION_PROMPT == preference)); - - AceDAO::setWidgetDevCapSetting(resource, handler, preference); -} - - -void SettingsLogic::setWidgetDevCapSettings(const PermissionList &permissionsList) -{ - FOREACH(i, permissionsList) { - SettingsLogic::setWidgetDevCapSetting(i->devCap, - i->appId, - i->access); - } -} - - -void SettingsLogic::removeWidgetDevCapSetting(const std::string &resource, - WidgetHandle handler) -{ - AceDAO::removeWidgetDevCapSetting(resource, handler); -} diff --git a/ace/engine/Subject.cpp b/ace/engine/Subject.cpp deleted file mode 100644 index 57724be..0000000 --- a/ace/engine/Subject.cpp +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include -#include - -#include - -bool Subject::matchSubject(const AttributeSet *attrSet, - bool &isUndetermined) const -{ - bool result = true; - Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined; - - FOREACH(it, targetAttributes) - { - AttributeSet::const_iterator attr = - std::find_if(attrSet->begin(), - attrSet->end(), - AceDB::BaseAttribute::UnaryPredicate(&(*it))); - if (attr == attrSet->end()) { - LogError("Cannot find attribute value for " << *(it->getName())); - Assert(false && - "Attribute for subject hasn't been found." - "It shoud not happen. This attribute should be undetermined," - "not missing"); - result = false; //According to BONDI 1.0 for signle subject all attributes must match - isUndetermined = true; - break; - } - - match = it->matchAttributes(&(*(*attr))); - - if (match == Attribute::MatchResult::MRUndetermined) { - result = false; - isUndetermined = true; - /// LogError("Subject doesn match and UNDETERMINED"); - break; //According to BONDI 1.0 for signle subject all attributes must match - } else if (match == Attribute::MatchResult::MRFalse) { - result = false; - // LogError("Subject doesn match and DETERMINED"); - break; //According to BONDI 1.0 for signle subject all attributes must match - } - } - - return result; -} - -const std::list& Subject::getTargetAttributes() const -{ - return targetAttributes; -} - diff --git a/ace/engine/TreeNode.cpp b/ace/engine/TreeNode.cpp deleted file mode 100644 index 039ada6..0000000 --- a/ace/engine/TreeNode.cpp +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include -#include -#include - -//Tree node destructor is a tricky part, only the original tree should remove the elements -//release resources should be called when we want to destroy the whole tree -TreeNode::~TreeNode() -{ -} - -//TODO release resources is releaseTheSubtree and delete the element -void TreeNode::releaseResources() -{ - Assert(this != 0); - delete element; - std::list::iterator it = this->children.begin(); - while (it != children.end()) { - (*it)->releaseResources(); - ++it; - } - delete this; -} - -int TreeNode::level = 0; - -std::ostream & operator<<(std::ostream & out, - const TreeNode * node) -{ - std::string tmp; - - switch (node->getTypeID()) { - case TreeNode::Policy: - tmp = "Policy"; - break; - case TreeNode::PolicySet: - tmp = "PolicySet"; - break; - case TreeNode::Rule: - tmp = "Rule"; - break; - default: - break; - } - - out << "" << tmp << "-> children count: " << node->children.size() << - ": " << std::endl; - AbstractTreeElement * el = node->getElement(); - if (el != NULL) { - el->printData(); - } else { - std::cout << "Empty element!" << std::endl; - } - - return out; -} - diff --git a/ace/engine/parser.cpp b/ace/engine/parser.cpp deleted file mode 100644 index fa9ae36..0000000 --- a/ace/engine/parser.cpp +++ /dev/null @@ -1,744 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include -#include -#include -#include -#include - -#include -#include - -namespace { - -class ParserWarningLogger -{ - public: - void operator()(const std::string& logMsg) - { - LogWarning(logMsg); - } -}; - -class ParserErrorLogger -{ - public: - void operator()(const std::string& logMsg) - { - LogError(logMsg); - } -}; - -template -void xmlLogFunction(void* /*ctx*/, const char *msg, ...) -{ - const int BUFFER_SIZE = 1024; - char buffer[BUFFER_SIZE]; - buffer[BUFFER_SIZE - 1] = '\0'; - Logger l; - - va_list va; - va_start(va, msg); - vsnprintf(buffer, BUFFER_SIZE - 1, msg, va); - va_end(va); - - std::string logmsg(buffer); - l(logmsg); -} - -} - -const char *Parser::TOKEN_PARAM = "param:"; - -Parser::Parser() : - ruleId(0), - reader(NULL), - root(NULL), - currentRoot(NULL), - currentSubject(NULL), - currentCondition(NULL), - currentAttribute(NULL), - currentText(NULL), - processingSignature(false), - canonicalizeOnce(false) -{ - processingSignature = true; - canonicalizeOnce = true; -} - -Parser::~Parser() -{ - /* parse function destroys reader */ - // free(this->xmlFilename); -} - -TreeNode* Parser::parse(const std::string& filename, const std::string& schema) -{ - if(root != NULL) { - root->releaseResources(); - root = NULL; - } - - LogDebug("Parser: opening file " << filename); - - xmlDocPtr xmlDocument = xmlParseFile(filename.c_str()); - if (!xmlDocument) { - LogError("Couldn't parse file " << filename); - return root; - } - - std::unique_ptr > - doc(xmlDocument, xmlFreeDoc); - - xmlSchemaParserCtxtPtr xmlSchemaParserContext = - xmlSchemaNewParserCtxt(schema.c_str()); - - if (!xmlSchemaParserContext) { - LogError("Couldn't load xml schema: " << schema); - return root; - } - - std::unique_ptr < - xmlSchemaParserCtxt, - std::function > - schemaContext( - xmlSchemaParserContext, - xmlSchemaFreeParserCtxt); - - LogDebug("Setting callbacks"); - - xmlSchemaSetParserErrors( - schemaContext.get(), - static_cast - (&xmlLogFunction), - static_cast - (&xmlLogFunction), - NULL); - - xmlSchemaPtr xmlSchema = xmlSchemaParse(schemaContext.get()); - - if (!xmlSchema) { - LogError("Couldn't parse xml schema: " << xmlSchema); - return root; - } - - xmlSchemaValidCtxtPtr xmlValidContext = xmlSchemaNewValidCtxt(xmlSchema); - - if (!xmlValidContext) { - LogError("Couldn't create validation context!"); - return root; - } - - std::unique_ptr < - xmlSchemaValidCtxt, - std::function > - schemaValidContext( - xmlValidContext, - xmlSchemaFreeValidCtxt); - - xmlSchemaSetValidErrors( - schemaValidContext.get(), - static_cast - (&xmlLogFunction), - static_cast - (&xmlLogFunction), - NULL); - - xmlSchemaSetValidOptions( - schemaValidContext.get(), - XML_SCHEMA_VAL_VC_I_CREATE); - - bool result = - (xmlSchemaValidateDoc( - schemaValidContext.get(), - xmlDocument) == 0 ? true : false); - - if (!result) { - LogError("Couldn't validate policy file: " << filename << - " against xml schema: " << schema); - - return root; - } - - LogInfo("Policy file: " << filename << " validated!"); - - xmlTextReaderPtr xmlReader = xmlReaderWalker(xmlDocument); - - //[CR] consider using ASSERT/DASSERT - if (NULL == xmlReader) { - LogError("Error, xml reader cannot be created. Probably xml file is missing (opening file " << filename << ")"); - return root; - } - - std::unique_ptr > - reader(xmlReader, xmlFreeTextReader); - - int ret; - ret = xmlTextReaderRead(reader.get()); - while (ret == 1) { - std::unique_ptr > - name(xmlTextReaderName(reader.get()), xmlFree); - - if (!strcmp("policy-set", (const char *)name.get())) { - processingSignature = false; - } else if (!strcmp("SignedInfo", - (const char *)name.get()) && canonicalizeOnce) { - #if 0 //TODO I think we don't need canonicalization in ACE only in PM, - //we have to verify it tough - extractNodeToFile(reader, "output.xml"); - //TODO we should be able to handle more than one canonicalization algorithm - canonicalize("output.xml", "canon.xml", Canonicalization::C14N); - canonicalizeOnce = false; - #endif - } - //Do not process signature of xml file - if(!processingSignature) { - processNode(reader.get()); - } - ret = xmlTextReaderRead(reader.get()); - } - - if (ret != 0) { - LogError("Error while parsing XML file"); - if (root) { - root->releaseResources(); - root = NULL; - } - } - - return root; -} - -void Parser::processNode(xmlTextReaderPtr reader) -{ - //TODO this is interesting, xmlTextReaderNodeType returns int but I am pretty sure - //those integers coresponds to xmlReaderTypes - xmlReaderTypes type = - static_cast(xmlTextReaderNodeType(reader)); - - switch (type) { - //Start element - case XML_READER_TYPE_ELEMENT: - startNodeHandler(reader); - break; - //End element - case XML_READER_TYPE_END_ELEMENT: - endNodeHandler(reader); - break; - //Text element - case XML_READER_TYPE_TEXT: - textNodeHandler(reader); - break; - default: - //Do not handle other xml tags - break; - } -} - -void Parser::startNodeHandler(xmlTextReaderPtr reader) -{ - xmlChar *name = xmlTextReaderName(reader); - - switch (*name) { - case 'p': //policy and policy-set - if (*(name + 6) == 0) { - handlePolicy(reader, TreeNode::Policy); - } else { - handlePolicy(reader, TreeNode::PolicySet); - } - break; - case 'r': //rule and resource-match - if (*(name + 1) == 'u') { - handleRule(reader); - } else if (*(name + 9) == 'm') { - handleMatch(reader, Attribute::Type::Resource); - } else { - handleAttr(reader); - } - break; - case 's': //subject and subject-match - if (*(name + 7) == 0) { - handleSubject(); - } else if (*(name + 8) == 'm') { //subject match - handleSubjectMatch(reader); - } else { //subject attr - handleAttr(reader); - } - break; - case 'c': //condition - handleCondition(reader); - break; - case 'e': //environment-match - if (*(name + 12) == 'm') { - handleMatch(reader, Attribute::Type::Environment); - } else { //env-attr - handleAttr(reader); - } - break; - } - xmlFree(name); -} - -void Parser::endNodeHandler(xmlTextReaderPtr reader) -{ - xmlChar *name = xmlTextReaderName(reader); - - switch (*name) { - case 'p': //policy and policy-set - //Restore old root - currentRoot = currentRoot->getParent(); - break; - case 'r': //Rule and resource match - if (*(name + 1) == 'u') { //Rule - currentRoot = currentRoot->getParent(); - } else { //Resource-match - consumeCurrentText(); //consume text if any available - consumeCurrentAttribute(); //consume attribute - } - break; - case 's': //subject and subject-match - if (*(name + 7) == 0) { //handle subject - consumeCurrentSubject(); - } else if (*(name + 8) == 'm') { //handle subject match - consumeCurrentText(); - consumeSubjectMatch(); - } - //Subject-match end doesn't require handling - break; - case 'c': //condition - consumeCurrentCondition(); - break; - case 'e': //environment-match - consumeCurrentText(); //consume text if any available - consumeCurrentAttribute(); //consume attribute - break; - } - xmlFree(name); -} - -void Parser::textNodeHandler(xmlTextReaderPtr reader) -{ - delete currentText; - xmlChar * text = xmlTextReaderValue(reader); - Assert(text != NULL && "Parser couldn't parse PCDATA"); - - currentText = new std::string(reinterpret_cast(text)); - trim(currentText); - xmlFree(text); -} - -void Parser::handlePolicy(xmlTextReaderPtr reader, - TreeNode::TypeID type) -{ - Policy::CombineAlgorithm algorithm; - - //Get first attribute - xmlChar * combAlg = xmlTextReaderGetAttribute(reader, BAD_CAST("combine")); - - Assert(combAlg != NULL && "Parser error while getting attributes"); - algorithm = convertToCombineAlgorithm(combAlg); - - //Create TreeNode element - Policy * policy = NULL; - if (type == TreeNode::Policy) { - policy = new Policy(); - } else { - policy = new PolicySet(); - } - policy->setCombineAlgorithm(algorithm); - TreeNode * node = new TreeNode(currentRoot, type, policy); - //Add new tree node to current's root children set - if (currentRoot != NULL) { - currentRoot->addChild(node); - } - - //Switch the current root to the new node - if (!xmlTextReaderIsEmptyElement(reader)) { - //Current root switching is necessary only if tag is not empty - currentRoot = node; - } - if (root == NULL) { - root = currentRoot; - } - - if (NULL == currentRoot) { - node->releaseResources(); - } - - xmlFree(combAlg); -} - -void Parser::handleRule(xmlTextReaderPtr reader) -{ - ExtendedEffect effect(Inapplicable); - - //[CR] create macros for attribute names - xmlChar * eff = xmlTextReaderGetAttribute(reader, BAD_CAST("effect")); //get the rule attribute - - Assert(eff != NULL && "Parser error while getting attributes"); - effect = convertToEffect(eff); - - Rule * rule = NULL; - rule = new Rule(); - rule->setEffect(effect); - - TreeNode * node = new TreeNode(currentRoot, TreeNode::Rule, rule); - //Add new tree node to current's root children set - if (currentRoot != NULL) { // - currentRoot->addChild(node); - } - - if (!xmlTextReaderIsEmptyElement(reader)) { - currentRoot = node; - } - - if (NULL == currentRoot) { - node->releaseResources(); - } - - xmlFree(eff); -} - -void Parser::handleSubject() -{ - currentSubject = new Subject(); - //TODO what about empty subject tag -} - -void Parser::handleCondition(xmlTextReaderPtr reader) -{ - Condition::CombineType combineType = Condition::AND; - - xmlChar * combine = xmlTextReaderGetAttribute(reader, BAD_CAST("combine")); //get the rule attribute - - Assert(combine != NULL && "Parser error while getting attributes"); - - combineType = *combine == 'a' ? Condition::AND : Condition::OR; - - Condition * condition = new Condition(); - condition->setCombineType(combineType); - condition->setParent(currentCondition); - - currentCondition = condition; - //TODO what about empty condition tag? -} - -//Subject match is handled differently than resource or environment match -//Because it cannot have any children tags and can only include PCDATA -void Parser::handleSubjectMatch(xmlTextReaderPtr reader) -{ - //processing Subject - int attributes = xmlTextReaderAttributeCount(reader); - - xmlChar * func = NULL; - xmlChar * value = NULL; - xmlChar * attrName = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute - - if (attributes == 2) { - //match attribute ommited, text value will be used - func = xmlTextReaderGetAttribute(reader, BAD_CAST("func")); - } else if (attributes == 3) { - value = xmlTextReaderGetAttribute(reader, BAD_CAST("match")); - func = xmlTextReaderGetAttribute(reader, BAD_CAST("func")); - } else { - Assert(false && "Wrong XML file format"); - } - - // creating temporiary object is not good idea - // but we have no choice untill Attribute have constructor taking std::string* - std::string temp(reinterpret_cast(attrName)); - Attribute * attr = new Attribute(&temp, convertToMatchFunction( - func), Attribute::Type::Subject); - if (value != NULL) { //add value of the attribute if possible - //[CR] consider create Attribute::addValue(char *) function - std::string temp(reinterpret_cast(value)); - attr->addValue(&temp); - } - currentAttribute = attr; - - if (xmlTextReaderIsEmptyElement(reader)) { - Assert(value != NULL && "XML file format is wrong"); - //Attribute value is required to obtain the match value easier - consumeSubjectMatch(value); - } - - if (attributes == 2 || attributes == 3) { - xmlFree(func); - } - xmlFree(value); - xmlFree(attrName); -} - -void Parser::handleMatch(xmlTextReaderPtr reader, - Attribute::Type type) -{ - int attributes = xmlTextReaderAttributeCount(reader); - - xmlChar * func = NULL; - xmlChar * value = NULL; - xmlChar * attrName = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute - - if (attributes == 2) { - //match attribute ommited, text value will be used - func = xmlTextReaderGetAttribute(reader, BAD_CAST("func")); - //the content may be resource-attr or PCDATA - } else if (attributes == 3) { - value = xmlTextReaderGetAttribute(reader, BAD_CAST("match")); - func = xmlTextReaderGetAttribute(reader, BAD_CAST("func")); - } else { - Assert(false && "Wrong XML file format"); - } - - // FunctionParam type is sybtype of Resource. - // FunctionParam is used to storage attriburess of call functions. - if (0 == - xmlStrncmp(attrName, BAD_CAST(TOKEN_PARAM), - xmlStrlen(BAD_CAST(TOKEN_PARAM))) && type == - Attribute::Type::Resource) { - type = Attribute::Type::FunctionParam; - } - - std::string temp(reinterpret_cast(attrName)); - Attribute * attr = new Attribute(&temp, convertToMatchFunction(func), type); - currentAttribute = attr; - - if (xmlTextReaderIsEmptyElement(reader)) { - Assert(value != NULL && "XML is currupted"); - std::string tempVal(reinterpret_cast(value)); - currentAttribute->addValue(&tempVal); - consumeCurrentAttribute(); - } - - if (attributes == 2 || attributes == 3) { - xmlFree(func); - } - xmlFree(value); - xmlFree(attrName); -} - -Policy::CombineAlgorithm Parser::convertToCombineAlgorithm(xmlChar* algorithm) -{ - switch (*algorithm) { - case 'f': - if (*(algorithm + 6) == 'a') { //first applicable - return Policy::FirstApplicable; - } - return Policy::FirstTargetMatching; - case 'd': - return Policy::DenyOverride; - case 'p': - return Policy::PermitOverride; - default: - Assert(false && "Wrong combine algorithm name"); - return Policy::DenyOverride; - } -} - -ExtendedEffect Parser::convertToEffect(xmlChar *effect) -{ - switch (*effect) { - case 'd': //deny - return Deny; - break; - case 'p': - //permit, prompt-blanket, prompt-session, prompt-oneshot - if (*(effect + 1) == 'e') { - return ExtendedEffect(Permit, ruleId++); - } - switch (*(effect + 7)) { - case 'b': - return ExtendedEffect(PromptBlanket, ruleId++); - case 's': - return ExtendedEffect(PromptSession, ruleId++); - case 'o': - return ExtendedEffect(PromptOneShot, ruleId++); - default: - Assert(false && "Effect is Error"); - return ExtendedEffect(); - } - break; - default: - Assert(false && "Effect is Error"); - return ExtendedEffect(); - } - //return ExtendedEffect(Inapplicable); //unreachable statement -} - -Attribute::Match Parser::convertToMatchFunction(xmlChar * func) -{ - if (func == NULL) { - LogError("[ERROR] match function value is NULL"); - return Attribute::Match::Error; - } - - if (*func == 'g') { - return Attribute::Match::Glob; - } else if (*func == 'e') { - return Attribute::Match::Equal; - } else if (*func == 'r') { - return Attribute::Match::Regexp; - } else { - LogError("[ERROR] match function value is NULL"); - return Attribute::Match::Error; - } -} - -void Parser::handleAttr(xmlTextReaderPtr reader) -{ - xmlChar * attrValue = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute - Assert(attrValue != NULL && "Error while obtaining attribute"); - - std::string temp(reinterpret_cast(attrValue)); - currentAttribute->addValue(&temp); - - xmlFree(attrValue); -} - -void Parser::consumeCurrentText() -{ - Assert(currentText != NULL); - currentAttribute->addValue(currentText); - delete currentText; - - currentText = NULL; -} - -void Parser::consumeCurrentAttribute() -{ - Assert(currentAttribute != NULL); - - currentCondition->addAttribute(*currentAttribute); - delete currentAttribute; - - currentAttribute = NULL; -} - -void Parser::consumeCurrentSubject() -{ - Policy * policy = dynamic_cast(currentRoot->getElement()); - Assert(policy != NULL); - policy->addSubject(currentSubject); - //TODO maybe keep subjects not subject pointers in Policies and consume subjects here - currentSubject = NULL; -} - -void Parser::consumeCurrentCondition() -{ - Condition * temp = NULL; - if (currentCondition != NULL) { - if (currentCondition->getParent() != NULL) { //Condition is a child of another condition - currentCondition->getParent()->addCondition(*currentCondition); - } else { //Condition parent is a Rule - Rule * rule = dynamic_cast(currentRoot->getElement()); - Assert(rule != NULL); - rule->setCondition(*currentCondition); - } - temp = currentCondition->getParent(); - delete currentCondition; - } - currentCondition = temp; //switch current condition ( it may be switched to NULL if condition's parent was rule -} - -void Parser::consumeSubjectMatch(xmlChar * value) -{ - Assert( - currentAttribute != NULL && - "consuming subject match without attribute set"); - - if (currentSubject != NULL) { - currentSubject->addNewAttribute(*currentAttribute); - //[CR] matching/modyfing functions transform uri.host to uri ( etc. ) so strncmp is not needed, string equality will do - if (!strncmp(currentAttribute->getName()->c_str(), "uri", - 3) || - !strncmp(currentAttribute->getName()->c_str(), "id", 2)) { - if (value != NULL) { - currentSubject->setSubjectId(reinterpret_cast( - value)); - } else if (currentAttribute->getValue()->size()) { - currentSubject->setSubjectId( - currentAttribute->getValue()->front()); - } else { - Assert(false); - } - } - } else if (currentCondition != NULL) { - currentCondition->addAttribute(*currentAttribute); - } - - delete currentAttribute; - currentAttribute = NULL; -} - -void Parser::trim(std::string * str) -{ - std::string::size_type pos = str->find_last_not_of(whitespaces); - if (pos != std::string::npos) { - str->erase(pos + 1); - pos = str->find_first_not_of(whitespaces); - if (pos != std::string::npos) { - str->erase(0, pos); - } - } else { - str->erase(str->begin(), str->end()); - LogInfo("Warning, empty string as attribute value"); - } -} - -// KW void Parser::canonicalize(const char * input, const char * output, CanonicalizationAlgorithm canonicalizationAlgorithm){ -// KW -// KW xmlDocPtr doc = xmlParseFile(input); -// KW //xmlDocDump(stdout, doc); -// KW -// KW if(doc == NULL) -// KW { -// KW LogError("Canonicalization error, cannot parser xml file"); -// KW } -// KW -// KW -// KW int mode = -1; -// KW if(canonicalizationAlgorithm == C14N) -// KW { -// KW mode = 0; -// KW } -// KW else if(canonicalizationAlgorithm == C14NEXCLUSIVE) -// KW { -// KW mode = 1; -// KW } -// KW -// KW -// KW xmlC14NDocSave(doc, NULL, mode, NULL, 0, output, 0); -// KW -// KW xmlFreeDoc(doc); -// KW -// KW } - -// KW int Parser::extractNodeToFile(xmlTextReaderPtr reader, const char * filename){ -// KW -// KW xmlNodePtr node = xmlTextReaderExpand(reader); -// KW xmlBufferPtr buff = xmlBufferCreate(); -// KW xmlNodeDump(buff, node->doc, node, 0, 0); -// KW FILE * file = fopen(filename, "w"); -// KW if(file == NULL){ -// KW LogError("Error while trying to open file "< -#include - -namespace AceDB { -namespace AceDaoConversions { - -DPL::String convertToHash(const BaseAttributeSet &attributes); - -} -} - -#endif diff --git a/ace/include/ace-dao-ro/AceDAOReadOnly.h b/ace/include/ace-dao-ro/AceDAOReadOnly.h deleted file mode 100644 index cda83c8..0000000 --- a/ace/include/ace-dao-ro/AceDAOReadOnly.h +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file AceDAOReadOnly.h - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef ACE_DAO_READ_ONLY_H_ -#define ACE_DAO_READ_ONLY_H_ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace AceDB { - -typedef std::map RequestedDevCapsMap; -typedef DPL::String FeatureName; -typedef std::vector FeatureNameVector; - -class AceDAOReadOnly -{ - public: - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, DatabaseError) - }; - - AceDAOReadOnly() {} - - static void attachToThreadRO(void); - static void attachToThreadRW(void); - static void detachFromThread(void); - - // policy effect/decision - static OptionalExtendedPolicyResult getPolicyResult( - const BaseAttributeSet &attributes); - - static OptionalExtendedPolicyResult getPolicyResult( - const DPL::String &attrHash); - - static OptionalCachedPromptDecision getPromptDecision( - WidgetHandle widgetHandle, - int ruleId); - - // resource settings - static PreferenceTypes getDevCapSetting(const std::string &resource); - static void getDevCapSettings(PreferenceTypesMap *preferences); - - // user settings - static void getWidgetDevCapSettings(BasePermissionList *permissions); - static PreferenceTypes getWidgetDevCapSetting( - const std::string &resource, - WidgetHandle handler); - - static void getAttributes(BaseAttributeSet *attributes); - - // Getter for device capabilities that are requested in widgets config. - // - // Additional boolean flag means whether widget will always get - // (at launch) the SMACK permissions needed to use the device cap). - // - // 'permissions' is the map of device cap names and smack status for - // given widget handle. - static void getRequestedDevCaps( - WidgetHandle widgetHandle, - RequestedDevCapsMap *permissions); - - static void getAcceptedFeature( - WidgetHandle widgetHandle, - FeatureNameVector *featureVector); - - static WidgetHandleList getHandleList(); - - static AppTypes getWidgetType(WidgetHandle handle); - static std::string getVersion(WidgetHandle widgetHandle); - static std::string getAuthorName(WidgetHandle widgetHandle); - static std::string getGUID(WidgetHandle widgetHandle); - - static WidgetCertificateCNList getKeyCommonNameList( - WidgetHandle widgetHandle, - WidgetCertificateData::Owner owner, - WidgetCertificateData::Type type); - static FingerPrintList getKeyFingerprints( - WidgetHandle widgetHandle, - WidgetCertificateData::Owner owner, - WidgetCertificateData::Type type); - - static std::string getShareHref(WidgetHandle widgetHandle); - static bool isWidgetInstalled(WidgetHandle handle); - - protected: - static int promptDecisionToInt(PromptDecision decision); - static PromptDecision intToPromptDecision(int decision); - static int appTypeToInt(AppTypes app_type); - static AppTypes intToAppType(int app_type); -}; - -} - -#endif diff --git a/ace/include/ace-dao-ro/AceDAOUtilities.h b/ace/include/ace-dao-ro/AceDAOUtilities.h deleted file mode 100644 index cae59a4..0000000 --- a/ace/include/ace-dao-ro/AceDAOUtilities.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file AceDAOUtil.h - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef WRT_ACE_DAO_UTILITIES_H_ -#define WRT_ACE_DAO_UTILITIES_H_ - -#include -#include -#include -#include -#include - -namespace AceDB { - -namespace AceDaoUtilities { - -BaseAttribute::Type intToAttributeType(int val); -int attributeTypeToInt(BaseAttribute::Type type); -int preferenceToInt(PreferenceTypes p); -PreferenceTypes intToPreference(int p); -VerdictTypes intToVerdict(int v); -int verdictToInt(VerdictTypes v); -bool getSubjectByUri(const std::string &uri, - DPL::DB::ORM::ace::AceSubject::Row &row); -bool getResourceByUri(const std::string &uri, - DPL::DB::ORM::ace::AceDevCap::Row &row); - -extern DPL::DB::ThreadDatabaseSupport m_databaseInterface; - -} - -} - -#endif diff --git a/ace/include/ace-dao-ro/AceDatabase.h b/ace/include/ace-dao-ro/AceDatabase.h deleted file mode 100644 index d5b2838..0000000 --- a/ace/include/ace-dao-ro/AceDatabase.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file AceDatabase.h - * @author Lukasz Marek (l.marek@samsung.com) - * @version 1.0 - * @brief This file contains the declaration of ace database - */ - -#ifndef WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H -#define WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H - -#include -#include - -extern DPL::Mutex g_aceDbQueriesMutex; - -#define ACE_DB_INTERNAL(tlsCommand, InternalType, interface) \ - static DPL::ThreadLocalVariable *tlsCommand ## Ptr = NULL; \ - { \ - DPL::Mutex::ScopedLock lock(&g_aceDbQueriesMutex); \ - if (!tlsCommand ## Ptr) { \ - static DPL::ThreadLocalVariable tmp; \ - tlsCommand ## Ptr = &tmp; \ - } \ - } \ - DPL::ThreadLocalVariable &tlsCommand = *tlsCommand ## Ptr; \ - if (tlsCommand.IsNull()) { tlsCommand = InternalType(interface); } - -#define ACE_DB_SELECT(name, type, interface) \ - ACE_DB_INTERNAL(name, type::Select, interface) - -#define ACE_DB_INSERT(name, type, interface) \ - ACE_DB_INTERNAL(name, type::Insert, interface) - -#define ACE_DB_UPDATE(name, type, interface) \ - ACE_DB_INTERNAL(name, type::Update, interface) - -#define ACE_DB_DELETE(name, type, interface) \ - ACE_DB_INTERNAL(name, type::Delete, interface) - - -#endif // WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H diff --git a/ace/include/ace-dao-ro/AppTypes.h b/ace/include/ace-dao-ro/AppTypes.h deleted file mode 100644 index b8b56fa..0000000 --- a/ace/include/ace-dao-ro/AppTypes.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file AppTypes.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - */ - -#ifndef ACCESS_CONTROL_DAO_APPTYPES_H_ -#define ACCESS_CONTROL_DAO_APPTYPES_H_ - -namespace AceDB{ - -enum class AppTypes -{ - Unknown, - WAC20, - Tizen -}; - -} - -#endif // ACCESS_CONTROL_DAO_APPTYPES_H_ diff --git a/ace/include/ace-dao-ro/BaseAttribute.h b/ace/include/ace-dao-ro/BaseAttribute.h deleted file mode 100644 index 6fb9a83..0000000 --- a/ace/include/ace-dao-ro/BaseAttribute.h +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file IAttribute.h - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef ACCESS_CONTROL_DAO_BASEATTRIBUTE_H_ -#define ACCESS_CONTROL_DAO_BASEATTRIBUTE_H_ - -#include -#include -#include -#include -#include - -namespace AceDB { - -class BaseAttribute; -typedef DPL::SharedPtr BaseAttributePtr; - -class BaseAttribute -{ - - public: - /** - * Types of attributes - */ - enum class Type { Subject, Environment, Resource, FunctionParam, - WidgetParam, Undefined }; - - struct UnaryPredicate - { - public: - UnaryPredicate(const AceDB::BaseAttribute *comp = NULL) : - m_priv(comp) - { - } - - bool operator()(const AceDB::BaseAttributePtr &comp) - { - Assert(m_priv != NULL); - if (m_priv->getName()->compare(*comp->getName()) != 0) { - return false; - } - return m_priv->getType() == comp->getType(); - } - - bool operator()(const AceDB::BaseAttributePtr &comp1, - const AceDB::BaseAttributePtr &comp2) - { - if (comp1->getType() != comp2->getType()) { - return comp1->getType() < comp2->getType(); - } - return comp1->getName()->compare(*comp2->getName()) < 0; - } - - private: - const AceDB::BaseAttribute *m_priv; - }; - - public: - BaseAttribute() : - m_typeId(Type::Undefined), - m_undetermindState(false) - {} - - virtual void setName(const std::string& name) - { - m_name = name; - } - virtual void setName(const std::string* name) - { - m_name = *name; - } - - virtual void setType(const Type& type) - { - m_typeId = type; - } - virtual Type getType() const - { - return m_typeId; - } - - virtual const std::string* getName() const - { - return &m_name; - } - - //TODO think - virtual void setUndetermind(bool tmp) - { - m_undetermindState = tmp; - } - virtual bool isUndetermind() const - { - return m_undetermindState; - } - virtual std::list * getValue() const - { - return const_cast* >(&value); - } - virtual bool isValueEmpty() const - { - return value.empty(); - } - - virtual void setValue(const std::list& arg) - { - value = arg; - } - - virtual ~BaseAttribute() - { - } - - static const char * typeToString(Type type); - - virtual std::string toString() const; - - protected: - std::string m_name; - Type m_typeId; - bool m_undetermindState; - std::list value; //string bag list -}; - -typedef std::set BaseAttributeSet; - -} - -#endif diff --git a/ace/include/ace-dao-ro/BasePermission.h b/ace/include/ace-dao-ro/BasePermission.h deleted file mode 100644 index 103cc58..0000000 --- a/ace/include/ace-dao-ro/BasePermission.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file IPermission.h - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef ACCESS_CONTROL_DAO_BASEPERMISSION_H_ -#define ACCESS_CONTROL_DAO_BASEPERMISSION_H_ - -#include -#include - -namespace AceDB{ - -struct BasePermission -{ - BasePermission(WidgetHandle handler, - const std::string& devCap, - PreferenceTypes accessAllowed) : - appId(handler), - devCap(devCap), - access(accessAllowed) - { - } - - WidgetHandle appId; - std::string devCap; - PreferenceTypes access; -}; - -typedef std::list BasePermissionList; - -} - -#endif diff --git a/ace/include/ace-dao-ro/IRequest.h b/ace/include/ace-dao-ro/IRequest.h deleted file mode 100644 index 2975b8b..0000000 --- a/ace/include/ace-dao-ro/IRequest.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file IRequest.h - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef ACCESS_CONTROL_DAO_IREQUEST_H_ -#define ACCESS_CONTROL_DAO_IREQUEST_H_ - -namespace AceDB{ - -class IRequest -{ -public: - virtual ~IRequest(){} -}; - -} - -#endif diff --git a/ace/include/ace-dao-ro/PreferenceTypes.h b/ace/include/ace-dao-ro/PreferenceTypes.h deleted file mode 100644 index 0f96dc5..0000000 --- a/ace/include/ace-dao-ro/PreferenceTypes.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file PreferenceTypes.h - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef ACCESS_CONTROL_DAO_PREFERENCETYPES_H_ -#define ACCESS_CONTROL_DAO_PREFERENCETYPES_H_ - -#include -#include - -namespace AceDB{ - -enum class PreferenceTypes -{ - PREFERENCE_PERMIT, - PREFERENCE_DENY, - PREFERENCE_DEFAULT, - PREFERENCE_BLANKET_PROMPT, - PREFERENCE_SESSION_PROMPT, - PREFERENCE_ONE_SHOT_PROMPT -}; - - -typedef std::map PreferenceTypesMap; - -} - -#endif diff --git a/ace/include/ace-dao-ro/PromptModel.h b/ace/include/ace-dao-ro/PromptModel.h deleted file mode 100644 index 8819eae..0000000 --- a/ace/include/ace-dao-ro/PromptModel.h +++ /dev/null @@ -1,92 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* @file PromptModel.h - * @author Justyna Mejzner (j.kwiatkowsk@samsung.com) - * @author Jaroslaw Osmanski (j.osmanski@samsung.com) - * @version 1.0 - * - */ - -#ifndef WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_ -#define WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_ - -#include -#include -#include - -#include - -namespace Prompt { -typedef std::vector ButtonLabels; - -class PromptLabels -{ -public: - PromptLabels(int promptType, - const Prompt::ButtonLabels& questionLabel, - const std::string& mainLabel); - DPL::OptionalString getCheckLabel() const; - bool isAllowed(const size_t buttonNumber) const; - int getPromptType() const; - const ButtonLabels& getButtonLabels() const; - const std::string& getMainLabel() const; - -private: - int m_promptType; - ButtonLabels m_buttonLabels; - std::string m_mainLabel; -}; - -typedef std::unique_ptr PromptLabelsPtr; - -enum Validity -{ - ONCE, - SESSION, - ALWAYS -}; - -class PromptAnswer -{ -public: - PromptAnswer(bool isAccessAllowed, Validity validity); - PromptAnswer(int aPromptType, unsigned int buttonAns, bool checkAns); - bool isAccessAllowed() const; - Validity getValidity() const; - -private: - bool m_isAccessAllowed; - Validity m_validity; -}; - -class PromptModel -{ - public: - static PromptLabels* getOneShotModel(const std::string& resourceId); - static PromptLabels* getSessionModel(const std::string& resourceId); - static PromptLabels* getBlanketModel(const std::string& resourceId); - - enum PromptType - { - PROMPT_ONESHOT, - PROMPT_SESSION, - PROMPT_BLANKET - }; -}; - -} // Prompt - -#endif /* WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_ */ diff --git a/ace/include/ace-dao-ro/TimedVerdict.h b/ace/include/ace-dao-ro/TimedVerdict.h deleted file mode 100644 index 8f9be66..0000000 --- a/ace/include/ace-dao-ro/TimedVerdict.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file TimedVerdict.h - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef ACCESS_CONTROL_DAO_TIMEDVERDICT_H_ -#define ACCESS_CONTROL_DAO_TIMEDVERDICT_H_ - -#include - -namespace AceDB{ - -struct TimedVerdict -{ - VerdictTypes decision; - /*Below values are optional,its filled only when verdict depend on session*/ - std::string session; - int subjectVerdictId; -}; - -} - -#endif diff --git a/ace/include/ace-dao-ro/ValidityTypes.h b/ace/include/ace-dao-ro/ValidityTypes.h deleted file mode 100644 index 1283cf1..0000000 --- a/ace/include/ace-dao-ro/ValidityTypes.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file ValidityTypes.h - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef ACCESS_CONTROL_DAO_VALIDITYTYPES_H_ -#define ACCESS_CONTROL_DAO_VALIDITYTYPES_H_ - -namespace AceDB{ - -enum class ValidityTypes -{ - ONCE, - SESSION, - ALWAYS, - UNWRITEABLE -}; - -} - -#endif diff --git a/ace/include/ace-dao-ro/VerdictTypes.h b/ace/include/ace-dao-ro/VerdictTypes.h deleted file mode 100644 index 8a312b5..0000000 --- a/ace/include/ace-dao-ro/VerdictTypes.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file VerdictTypes.h - * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef ACCESS_CONTROL_DAO_VERDICTTYPES_H_ -#define ACCESS_CONTROL_DAO_VERDICTTYPES_H_ - -namespace AceDB{ - -enum class VerdictTypes -{ - VERDICT_PERMIT, - VERDICT_DENY, - //Verdict is innapplicable if policy evaluate to INAPPLICABLE, - //in this case WRT should decide what to do - VERDICT_INAPPLICABLE, - VERDICT_UNDETERMINED, - VERDICT_UNKNOWN, //Verdict is unknown if Verdicts manager cannot find it - VERDICT_ASYNC, - VERDICT_ERROR -}; - -} - -#endif diff --git a/ace/include/ace-dao-ro/common_dao_types.h b/ace/include/ace-dao-ro/common_dao_types.h deleted file mode 100644 index 94b4c5e..0000000 --- a/ace/include/ace-dao-ro/common_dao_types.h +++ /dev/null @@ -1,93 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * @file common_dao_types.h - * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) - * @version 1.1 - * @brief This file contains the declaration of common data types for ace database. - */ -#ifndef ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_ -#define ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_ - -#include -#include -#include -#include "AppTypes.h" - -typedef int WidgetHandle; -typedef std::list WidgetHandleList; - -namespace AceDB { - -enum { - INVALID_PLUGIN_HANDLE = -1 -}; -typedef int DbPluginHandle; - -enum CertificateSource { - SIGNATURE_DISTRIBUTOR = 0, - SIGNATURE_AUTHOR = 1 -}; - -struct WidgetRegisterInfo { - AppTypes type; - DPL::OptionalString widget_id; - DPL::OptionalString authorName; - DPL::OptionalString version; - DPL::OptionalString shareHref; -}; - -typedef std::list WidgetCertificateCNList; - -struct WidgetCertificateData { - enum Owner { AUTHOR, DISTRIBUTOR, UNKNOWN }; - enum Type { ROOT, ENDENTITY }; - - Owner owner; - Type type; - - int chainId; - std::string strMD5Fingerprint; - std::string strSHA1Fingerprint; - DPL::String strCommonName; - - bool operator== (const WidgetCertificateData& certData) const { - return certData.chainId == chainId && - certData.owner == owner && - certData.strCommonName == strCommonName && - certData.strMD5Fingerprint == strMD5Fingerprint && - certData.strSHA1Fingerprint == strSHA1Fingerprint; - } -}; -typedef std::list WidgetCertificateDataList; - -typedef std::list FingerPrintList; - -typedef std::list CertificateChainList; -class IWacSecurity { - public: - virtual ~IWacSecurity() {} - virtual const WidgetCertificateDataList& getCertificateList() const = 0; - virtual bool isRecognized() const = 0; - virtual bool isDistributorSigned() const = 0; - virtual bool isWacSigned() const = 0; - virtual void getCertificateChainList(CertificateChainList& list) const = 0; -}; - -} //namespace AceDB - -#endif /* ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_ */ diff --git a/ace/include/ace-dao-rw/AceDAO.h b/ace/include/ace-dao-rw/AceDAO.h deleted file mode 100644 index 5a01cfe..0000000 --- a/ace/include/ace-dao-rw/AceDAO.h +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file AceDAO.h - * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef ACEDAO_H_ -#define ACEDAO_H_ - -#include -#include -#include - -#include -#include -#include -#include -#include - -namespace AceDB { -/* - * - */ -class AceDAO : public AceDAOReadOnly -{ - public: - - AceDAO() {} - - // Policy Decisions - static void setPolicyResult( - const BaseAttributeSet &attributes, - const ExtendedPolicyResult &policyResult); - - static void removePolicyResult( - const BaseAttributeSet &attributes); - - // PromptDecision - static void setPromptDecision( - WidgetHandle widgetHandle, - int ruleId, - const DPL::OptionalString &session, - PromptDecision decision); - - static void clearPromptDecisions(void); - - // reseting database - static void clearWidgetDevCapSettings(void); - static void clearDevCapSettings(void); - static void clearAllSettings(void); - static void resetDatabase(void); - // clears all databse information relevant to policy cache - static void clearPolicyCache(void); - - // resource settings - static void setDevCapSetting(const std::string &resource, - PreferenceTypes preference); - static void removeDevCapSetting(const std::string &resource); - - // user settings - static void setWidgetDevCapSetting( - const std::string &resource, - WidgetHandle handler, - PreferenceTypes); - static void removeWidgetDevCapSetting( - const std::string &resource, - WidgetHandle handler); - - // resource and subject management - static int addResource(const std::string &request); - - // utilities - static void addAttributes(const BaseAttributeSet &attributes); - - // Setter for device capabilities that are requested in widgets config. - // - // Additional boolean flag means whether widget will always get - // (at launch) the SMACK permissions needed to use the device cap). - // - // 'permissions' is the map of device cap names and smack status for - // given widget handle. - static void setRequestedDevCaps( - WidgetHandle widgetHandle, - const RequestedDevCapsMap &permissions); - - static void setAcceptedFeature( - WidgetHandle widgetHandle, - const FeatureNameVector &vector); - - static void removeAcceptedFeature(WidgetHandle widgetHandle); - - static void registerWidgetInfo(WidgetHandle handle, - const WidgetRegisterInfo& info, - const WidgetCertificateDataList& dataList); - static void unregisterWidgetInfo(WidgetHandle handle); - -}; -} -#endif /* ACEDAO_H_ */ diff --git a/ace/include/ace/AbstractPolicyEnforcementPoint.h b/ace/include/ace/AbstractPolicyEnforcementPoint.h deleted file mode 100644 index ede3792..0000000 --- a/ace/include/ace/AbstractPolicyEnforcementPoint.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H -#define WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H - -#include -#include -#include - -class AbstractPolicyEnforcementPoint -{ - public: - typedef DPL::Event::ICDelegate ResponseReceiver; - virtual ExtendedPolicyResult check(Request &request) = 0; -}; - -#endif /* WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H */ diff --git a/ace/include/ace/AbstractPolicyInformationPoint.h b/ace/include/ace/AbstractPolicyInformationPoint.h deleted file mode 100644 index e8d95ed..0000000 --- a/ace/include/ace/AbstractPolicyInformationPoint.h +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -class AbstractPolicyInformationPoint -{ - public: - virtual ~AbstractPolicyInformationPoint() {} -}; diff --git a/ace/include/ace/AbstractTreeElement.h b/ace/include/ace/AbstractTreeElement.h deleted file mode 100644 index ffe2e89..0000000 --- a/ace/include/ace/AbstractTreeElement.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : AbstractTreeElement.h -// @ Date : 2009-05-25 -// @ Author : Samsung -// -// -#if !defined(_ABSTRACTTREEELEMENT_H) -#define _ABSTRACTTREEELEMENT_H - -#include -#include "Effect.h" -#include - -class AbstractTreeElement -{ - public: - - virtual ~AbstractTreeElement() - { - } - - virtual void printData() = 0; - protected: -}; - -#endif //_ABSTRACTTREEELEMENT_H diff --git a/ace/include/ace/AsyncVerdictResultListener.h b/ace/include/ace/AsyncVerdictResultListener.h deleted file mode 100644 index 47ef573..0000000 --- a/ace/include/ace/AsyncVerdictResultListener.h +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef _ASYNCVERDICT_H -#define _ASYNCVERDICT_H - -#include -#include -#include - -class AsyncVerdictResultListener -{ - public: - virtual void onVerdict(const Verdict &verdict, - const Request *request) = 0; - virtual ~AsyncVerdictResultListener() - { - } -}; - -#endif diff --git a/ace/include/ace/Attribute.h b/ace/include/ace/Attribute.h deleted file mode 100644 index e1a62b4..0000000 --- a/ace/include/ace/Attribute.h +++ /dev/null @@ -1,212 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : Attribute.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#if !defined(_ATTRIBUTE_H) -#define _ATTRIBUTE_H - -#include -#include -#include -#include - -#include - -class Attribute : public AceDB::BaseAttribute -{ - public: - /** - * Types of match functions - */ - enum class Match { Equal, Glob, Regexp, Error }; - /** - * Types of attribute value modifiers - */ - enum class Modifier { Non, Scheme, Authority, SchemeAuthority, Host, Path }; - /** - * Possible match results - */ - enum class MatchResult { MRUndetermined = -1, MRFalse = 0, MRTrue = 1}; - - public: - - /** - * New attribute constructor - * @param name name of the new attribute - * @param matchFunction match function used in the attribute - * @param type attribute type - */ - Attribute(const std::string *name, - const Match matchFunction, - const Type type); - - - /** - * Constructor used to create default attribute ( used for unit tests ) - * @param nm name of the default attribute - */ - Attribute(const std::string& nm) : - matchFunction(Match::Error), - modifierFunction(Modifier::Non) - { - m_name = nm; - m_typeId = Type::Subject; - m_undetermindState = false; - } - - /** - * Destructor - */ - virtual ~Attribute(); - - std::list * getValue() const - { - return AceDB::BaseAttribute::getValue(); - } - Match getMatchFunction() const - { - return matchFunction; - } - - /* --- Setters --- */ - void addValue (const std::string *value); - - MatchResult matchAttributes(const BaseAttribute *) const; - - /** - * Operator used in for attribute set,used to distinguished only attribute names - * It cannot take attribute type into consideration - */ - bool operator< (const Attribute & obj) const - { - int result = this->m_name.compare(*obj.getName()); - if (result == 0) { //If names are equal check attribute types - if (this->m_typeId < obj.getType()) { - result = -1; - } else if (this->m_typeId > obj.getType()) { - result = 1; - } - } - //If result is negative that means that 'this' was '<' than obj - return result < 0; - } - - /** Checks if object type is equal to argument */ - bool instanceOf(Type type_) - { - return type_ == m_typeId; - } - - friend std::ostream & operator<<(std::ostream & out, - const Attribute & attr); - - protected: - - bool searchAndCut(const char *); - - /* - * URI definition from rfc2396 - * - * ://? - * Each of the components may be absent, apart from the scheme. - * Host is a part of authority as in definition below: - * - * authority = server | reg_name - * server = [ [ userinfo "@" ] hostport ] - * @: - * - * Extract from rfc2396 - * The authority component is preceded by a double slash "//" and is - * terminated by the next slash "/", question-mark "?", or by the end of - * the URI. Within the authority component, the characters ";", ":", - * "@", "?", and "/" are reserved. - * - * Modifiers should return pointer to empty string if given part of string was empty. - * Modifiers should return NULL if the string to be modified was not an URI. - */ - std::string * uriScheme(const std::string *) const; - std::string * uriAuthority(const std::string *) const; - std::string * uriSchemeAuthority(const std::string *) const; - std::string * uriHost(const std::string *) const; - std::string * uriPath(const std::string *) const; - std::string * applyModifierFunction(const std::string * val) const; - - bool parse(const std::string *input, - std::string *part) const; - bool find_error(const std::string *part) const; - - bool checkScheme(const std::string *scheme) const; - bool checkAuthority(const std::string *scheme) const; - std::string * getHost(const std::string *scheme) const; - bool checkPath(const std::string *scheme) const; - - bool isSchemeAllowedCharacter(int c) const; - bool isSegmentAllowedCharacter(int c) const; - bool isUserInfoAllowedString(const std::string *str) const; - bool isHostAllowedString(const std::string *str) const; - bool isHostNameAllowedString(const std::string * str) const; - bool isIPv4AllowedString(const std::string * str) const; - bool isDomainLabelAllowedString(const char * data, - int lenght) const; - bool isTopLabelAllowedString(const char* data, - int lenght) const; - - bool isUnreserved(int c) const; - bool isAlphanum(int c) const; - bool isEscaped(const char esc[3]) const; - bool isHex(int c) const; - - MatchResult lists_comparator( - const std::list *first, - const std::list *second, - MatchResult (*comparator)(const std::string *, - const std::string *)) const; - - /** - * Map used to check if character is a 'mark' - */ - static const bool mark[256]; - /** - * Map used to check if character is a 'digit' - * - */ - static const bool digit[256]; - /** - * Map used to check if character is an 'alphanumeric' value - * - */ - static const bool alpha[256]; - - protected: - Match matchFunction; - Modifier modifierFunction; -}; - -typedef AceDB::BaseAttributeSet AttributeSet; - -//TODO remove later or ifdef debug methods -void printAttributes(const AttributeSet& attrs); -void printAttributes(const std::list & attrs); - -#endif //_ATTRIBUTE_H diff --git a/ace/include/ace/Combiner.h b/ace/include/ace/Combiner.h deleted file mode 100644 index 784dcea..0000000 --- a/ace/include/ace/Combiner.h +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : Combiner.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#if !defined(_COMBINER_H) -#define _COMBINER_H - -#include - -#include -#include - -class Combiner -{ - protected: - - const AttributeSet * attrSet; - - public: - - virtual ExtendedEffect combineRules(const TreeNode * rule) = 0; - virtual ExtendedEffect combinePolicies(const TreeNode * policy) = 0; - - const AttributeSet * getAttributeSet() const - { - return this->attrSet; - } - void setAttributeSet(const AttributeSet * attrSet) - { - this->attrSet = attrSet; - } - virtual ~Combiner() - { - } //attrSet is deleted elsewhere -}; - -#endif //_COMBINER_H diff --git a/ace/include/ace/CombinerImpl.h b/ace/include/ace/CombinerImpl.h deleted file mode 100644 index d7c2e21..0000000 --- a/ace/include/ace/CombinerImpl.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : CombinerImpl.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#ifndef _COMBINER_IMPL_H -#define _COMBINER_IMPL_H - -#include -#include - -#include "Combiner.h" -#include "Effect.h" -#include "Policy.h" -#include "Subject.h" - -class CombinerImpl : public Combiner -{ - public: - - virtual ExtendedEffect combineRules(const TreeNode * rule); - virtual ExtendedEffect combinePolicies(const TreeNode * policy); - - virtual ~CombinerImpl() - { - } - - protected: - - bool checkIfTargetMatches(const std::list * subjectsSet, - bool &isUndetermined); - - ExtendedEffect combine(Policy::CombineAlgorithm algorithm, - ExtendedEffectList &effects); - - ExtendedEffect denyOverrides(const ExtendedEffectList &effects); - ExtendedEffect permitOverrides(const ExtendedEffectList &effects); - ExtendedEffect firstApplicable(const ExtendedEffectList &effects); - ExtendedEffect firstMatchingTarget(const ExtendedEffectList &effects); - - std::list * convertEffectsToInts(const std::list * effects); - Effect convertIntToEffect(int intEffect); - - void showEffectList(ExtendedEffectList & effects) - { - ExtendedEffectList::iterator it = effects.begin(); - for (; it != effects.end(); ++it) { - LogDebug(toString(*it)); - } - } - - private: - bool isError(const ExtendedEffectList &effects); -}; - -#endif //_COMBINERIMPL_H diff --git a/ace/include/ace/Condition.h b/ace/include/ace/Condition.h deleted file mode 100644 index 918c1fe..0000000 --- a/ace/include/ace/Condition.h +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// File: Condition.h -// Author: notroot -// -// Created on June 3, 2009, 9:00 AM -// -#ifndef _CONDITION_H -#define _CONDITION_H - -#include -#include -#include -#include - -#include "Attribute.h" -#include "Effect.h" -#include "TreeNode.h" - -class Condition -{ - public: - enum CombineType - { - AND, OR - }; - - void addCondition(const Condition & condition) - { - this->conditions.push_back(condition); - } - - void addAttribute(const Attribute & attribute) - { - this->attributes.push_back(attribute); - } - - void setCombineType(CombineType type) - { - this->combineType = type; - } - - Condition() : combineType(AND), - parent(NULL) - { - } - - Condition(CombineType type) : combineType(type), - parent(NULL) - { - } - - virtual ~Condition() - { - } - - Condition * getParent() - { - return this->parent; - } - - void setParent(Condition * condition) - { - this->parent = condition; - } - - Attribute::MatchResult evaluateCondition( - const AttributeSet * attrSet) const; - - friend std::ostream & operator<<(std::ostream & out, - Condition & condition) - { - FOREACH (it, condition.attributes) - { - out << *it; - } - return out; - } - //[CR] change function name - void getAttributes(AttributeSet * attrSet); - - private: - Attribute::MatchResult evaluateChildConditions( - const AttributeSet * attrSet, - bool &isFinalMatch, - bool & undefinedMatchFound) const; - - Attribute::MatchResult evaluateAttributes( - const AttributeSet * attrSet, - bool& isFinalMatch, - bool & undefinedMatchFound) const; - - // KW Attribute::MatchResult performANDalgorithm(const std::set * attributes) const; - - // KW Attribute::MatchResult performORalgorithm(const std::set * attributes) const; - - bool isEmpty() const - { - return attributes.empty() && conditions.empty(); - } - - bool isAndCondition() const - { - return combineType == AND; - } - - bool isOrCondition() const - { - return combineType == OR; - } - - std::list conditions; - CombineType combineType; - std::list attributes; - Condition *parent; -}; - -#endif /* _CONDITION_H */ - diff --git a/ace/include/ace/ConfigurationManager.h b/ace/include/ace/ConfigurationManager.h deleted file mode 100644 index e15d343..0000000 --- a/ace/include/ace/ConfigurationManager.h +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef _CONFIGURATIONMANAGER_H_ -#define _CONFIGURATIONMANAGER_H_ - -#include -#include -#include -#include "Constants.h" -#include -#include - -enum class PolicyType { - WAC2_0, - Tizen -}; - -#define POLICY_NAME_WAC2_0 "WAC2.0" -#define POLICY_NAME_TIZEN "Tizen" -#define POLICY_WIDGET_TYPE_ATTRIBUTE_NAME "WrtSecurity.WidgetPolicyType" - -#pragma message "ATTR_ACTIVE_POLICY BAD_CAST, PARSER_ERROR, PARSER_SUCCESS\ - macros are DEPRECATED" -#define ATTR_ACTIVE_POLICY BAD_CAST("active") // !! DEPRECATED !! -#define PARSER_ERROR 1 // !! DEPRECATED !! -#define PARSER_SUCCESS 0 // !! DEPRECATED !! - -class ConfigurationManager -{ - public: - // !! DEPRECATED !! - enum ConfigurationManagerResult - { - CM_OPERATION_SUCCESS = 0, - CM_GENERAL_ERROR = -1, - CM_FILE_EXISTS = -2, - CM_REMOVE_ERROR = -3, - CM_REMOVE_CURRENT = -4, - CM_REMOVE_NOT_EXISTING = -5 - }; - - // !! DEPRECATED !! - std::string getCurrentPolicyFile(void) const; - std::string getFullPathToCurrentPolicyFile(void) const; - std::string getFullPathToCurrentPolicyXMLSchema(void) const; - int addPolicyFile(const std::string & filePath); - int removePolicyFile(const std::string& fileName); - int changeCurrentPolicyFile(const std::string& filePath); - std::string extractFilename(const std::string& path) const; - - /** - * ACE policy file path getter - * @return Full path to policy file - */ - std::string getFullPathToPolicyFile(PolicyType policy) const; - - /** - * ACE policy dtd file path getter - * @return Full path to ACE current policy file - */ - std::string getFullPathToPolicyXMLSchema(void) const; - - /** - * ACE policy storage path getter - * @return Full path to ACE policy file storage - */ - std::string getStoragePath(void) const; - - /** - * Method to obtain instance of configuration manager - * @return retuns pointer to configuration manager or NULL in case of error - */ - static ConfigurationManager * getInstance() - { - if (!instance) { - instance = new ConfigurationManager(); - } - return instance; - } - - protected: - - // !! DEPRECATED !! - int parse(const std::string&); - bool copyFile(FILE*, FILE*, int lenght = 1024) const; - bool checkIfFileExistst(const std::string&) const; - const std::list & getPolicyFiles() const; - const std::string & getConfigFile() const; - - ConfigurationManager() - { - } - virtual ~ConfigurationManager() - { - } - -private: - - static ConfigurationManager * instance; -}; - -#endif - diff --git a/ace/include/ace/Constants.h b/ace/include/ace/Constants.h deleted file mode 100644 index ec9d9f0..0000000 --- a/ace/include/ace/Constants.h +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file Constants.h - * @author Piotr Fatyga (p.fatyga@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef _CONSTANTS_H -#define _CONSTANTS_H - -#define ACE_MAIN_STORAGE "/usr/etc/ace" -#define ACE_WAC_POLICY_FILE_NAME "/WAC2.0Policy.xml" -#define ACE_TIZEN_POLICY_FILE_NAME "/TizenPolicy.xml" -#define ACE_DTD_LOCATION ACE_MAIN_STORAGE "/bondixml.dtd" - -// !! DEPRECATED !! -#pragma message "ACE_CONFIGURATION_PATH, ACE_CONFIGURATION_DTD \ - macros are DEPRECATED" -#define ACE_CONFIGURATION_PATH ACE_MAIN_STORAGE "/config.xml" -#define ACE_CONFIGURATION_DTD ACE_MAIN_STORAGE "/config.dtd" - -/////////////////FOR GUI////////////////////// - -#define MYSTERIOUS_BITMAP "/usr/apps/org.tizen.policy/d.png" -#define MYSTERIOUS_BITMAP2 "/usr/apps/org.tizen.policy/file.png" - -///////////////////FOR TESTS////////////////////////// - -#define COMBINER_TEST "/usr/etc/ace/CMTest/com_general-test.xml" -#define CONFIGURATION_MGR_TEST_PATH "/usr/etc/ace/CMTest/" -#define CONFIGURATION_MGR_TEST_CONFIG ACE_MAIN_STORAGE "/CMTest/pms_config.xml" -#define CONFIGURATION_MGR_TEST_POLICY_STORAGE ACE_MAIN_STORAGE "/CMTest/active" -#define CONFIGURATION_MGR_TEST_POLICY_STORAGE_MOVED ACE_MAIN_STORAGE \ - "/CMTest/activeMoved" -#define CONFIGURATION_MGR_TEST_POLICY CONFIGURATION_MGR_TEST_POLICY_STORAGE \ - "/pms_general-test.xml" -#define POLICIES_TO_SIGN_DIR ACE_MAIN_STORAGE "/SignerTests/" - -#define OUTPUT_DIR ACE_MAIN_STORAGE "/SignerTests/signedPolicies/" -#define PRIVATE_KEY_DIR ACE_MAIN_STORAGE "/SignerTests/PrvKey/" -#define X509_DATA_BASE_DIR ACE_MAIN_STORAGE "/SignerTests/X509Data/" - -#endif /* _CONSTANTS_H */ - diff --git a/ace/include/ace/Effect.h b/ace/include/ace/Effect.h deleted file mode 100644 index c771c15..0000000 --- a/ace/include/ace/Effect.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : Effect.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#ifndef _EFFECT_H_ -#define _EFFECT_H_ - -#include - -typedef int RuleId; - -enum Effect -{ - Deny =0, - Undetermined=1, // jk mb added this enum, so the ones below are inceremented!!!!!!! - PromptOneShot =2, - PromptSession =3, - PromptBlanket =4, - Permit =5, - Inapplicable =6, - NotMatchingTarget=7, - Error=8, -}; - -struct ExtendedEffect { -public: - ExtendedEffect(Effect effect = Error, RuleId ruleId = -1) - : m_effect(effect) - , m_ruleId(ruleId) - {} - - ExtendedEffect(const ExtendedEffect &second) - : m_effect(second.m_effect) - , m_ruleId(second.m_ruleId) - {} - - ExtendedEffect& operator=(const ExtendedEffect &second) { - m_effect = second.m_effect; - m_ruleId = second.m_ruleId; - return *this; - } - - Effect getEffect() const { return m_effect; } - - RuleId getRuleId() const { return m_ruleId; } - -private: - Effect m_effect; - RuleId m_ruleId; -}; - -typedef std::list ExtendedEffectList; - -inline const char *toString(const ExtendedEffect &effect) -{ - const char * temp = ""; - - switch (effect.getEffect()) { - case Deny: - temp = "Deny"; - break; - case Undetermined: - temp = "Undetermined"; - break; - case PromptOneShot: - temp = "PromptOneShot"; - break; - case PromptSession: - temp = "PromptSession"; - break; - case PromptBlanket: - temp = "PromptBlanket"; - break; - case Permit: - temp = "Permit"; - break; - case Inapplicable: - temp = "Inapplicable"; - break; - case NotMatchingTarget: - temp = "NotMatchingTarget"; - break; - case Error: - temp = "Error"; - break; - default:; - } - return temp; -} - -#endif //_EFFECT_H_ diff --git a/ace/include/ace/PermissionTriple.h b/ace/include/ace/PermissionTriple.h deleted file mode 100644 index fcb7e47..0000000 --- a/ace/include/ace/PermissionTriple.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : PermissionTriple.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#if !defined(_PERMISSION_TRIPLE_H) -#define _PERMISSION_TRIPLE_H - -#include -#include -#include -#include - -typedef AceDB::BasePermission PermissionTriple; -typedef AceDB::BasePermissionList PermissionList; - -struct GeneralSetting -{ - GeneralSetting(const std::string& resourceName, - AceDB::PreferenceTypes accessAllowed) : generalSettingName(resourceName), - access(accessAllowed) - { - } - std::string generalSettingName; - AceDB::PreferenceTypes access; -}; - -#endif //_PERMISSION_TRIPLE_H diff --git a/ace/include/ace/Policy.h b/ace/include/ace/Policy.h deleted file mode 100644 index 2c43bd5..0000000 --- a/ace/include/ace/Policy.h +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : Policy.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#if !defined(_POLICY_H) -#define _POLICY_H - -#include - -#include -#include -#include -#include -#include -#include - -class Policy : public AbstractTreeElement, - DPL::Noncopyable -{ - public: - enum CombineAlgorithm { DenyOverride, PermitOverride, FirstApplicable, - FirstTargetMatching }; - - Policy() - { - combineAlgorithm = DenyOverride; - subjects = new std::list(); - } - - CombineAlgorithm getCombineAlgorithm() const - { - return this->combineAlgorithm; - } - - void setCombineAlgorithm(CombineAlgorithm algorithm) - { - this->combineAlgorithm = algorithm; - } - - const std::list * getSubjects() const - { - return this->subjects; - } - - void addSubject(const Subject * subject) - { - if (this->subjects == NULL) { - return; - } - this->subjects->push_back(subject); - } - - virtual ~Policy(); - - void printData(); - - std::string printCombineAlgorithm(CombineAlgorithm algorithm); - - private: - std::list *subjects; - CombineAlgorithm combineAlgorithm; -}; - -const char * toString(Policy::CombineAlgorithm algorithm); - -#endif //_POLICY_H diff --git a/ace/include/ace/PolicyEffect.h b/ace/include/ace/PolicyEffect.h deleted file mode 100644 index 43c79d7..0000000 --- a/ace/include/ace/PolicyEffect.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file PolicyEffect.h - * @author B.Grzelewski (b.grzelewski@samsung.com) - * @version 1.0 - * @brief This file contains the declaration of PolicyEffect type. - */ -#ifndef _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_ -#define _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_ - -enum class PolicyEffect { - DENY = 0, - PERMIT, - PROMPT_ONESHOT, - PROMPT_SESSION, - PROMPT_BLANKET -}; - -inline static std::ostream & operator<<(std::ostream& stream, - PolicyEffect effect) -{ - switch (effect) { - case PolicyEffect::DENY: stream << "DENY"; break; - case PolicyEffect::PERMIT: stream << "PERMIT"; break; - case PolicyEffect::PROMPT_ONESHOT: stream << "PROMPT_ONESHOT"; break; - case PolicyEffect::PROMPT_SESSION: stream << "PROMPT_SESSION"; break; - case PolicyEffect::PROMPT_BLANKET: stream << "PROMPT_BLANKET"; break; - default: Assert(false && "Invalid PolicyEffect constant"); - } - return stream; -} - -#endif // _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_ diff --git a/ace/include/ace/PolicyEnforcementPoint.h b/ace/include/ace/PolicyEnforcementPoint.h deleted file mode 100644 index 902587a..0000000 --- a/ace/include/ace/PolicyEnforcementPoint.h +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * This class simply redirects the access requests to access control engine. - * The aim is to hide access control engine specific details from WRT modules. - * It also implements WRT_INTERFACE.h interfaces, so that ACE could access - * WRT specific and other information during the decision making. - * - * @file security_logic.h - * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) - * @author Ming Jin(ming79.jin@samsung.com) - * @brief Implementation file for security logic - */ -#ifndef POLICY_ENFORCEMENT_POINT_H -#define POLICY_ENFORCEMENT_POINT_H - -#include -#include -#include - -//#include -//#include -//#include - -//#include -#include -#include - -#include -#include - -// Forwards -class IWebRuntime; -class IResourceInformation; -class IOperationSystem; -class PolicyEvaluator; -class PolicyInformationPoint; -class Request; - -class PolicyEnforcementPoint : public AbstractPolicyEnforcementPoint -{ - public: - OptionalExtendedPolicyResult checkFromCache(Request &request); - ExtendedPolicyResult check(Request &request); - OptionalExtendedPolicyResult check(Request &request, - bool fromCacheOnly); - - virtual ~PolicyEnforcementPoint(); - - class PEPException - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, AlreadyInitialized) - }; - - /** - * This function take ownership of objects pass in call. - * Object will be deleted after call Deinitialize function. - */ - void initialize(IWebRuntime *wrt, - IResourceInformation *resource, - IOperationSystem *operation); - void terminate(); - - void updatePolicy(const std::string &policy); - void updatePolicy(); - - PolicyEvaluator *getPdp() const { return this->m_pdp; } - PolicyInformationPoint *getPip() const { return this->m_pip; } - - protected: - PolicyEnforcementPoint(); - friend class SecurityLogic; - private: // private data - IWebRuntime *m_wrt; - IResourceInformation *m_res; - IOperationSystem *m_sys; - PolicyEvaluator *m_pdp; - PolicyInformationPoint *m_pip; -}; - -#endif // POLICY_ENFORCEMENT_POINT_H diff --git a/ace/include/ace/PolicyEvaluator.h b/ace/include/ace/PolicyEvaluator.h deleted file mode 100644 index e9c9285..0000000 --- a/ace/include/ace/PolicyEvaluator.h +++ /dev/null @@ -1,153 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : PolicyEvaluator.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#ifndef _POLICY_EVALUATOR_H -#define _POLICY_EVALUATOR_H - -#include -#include -#include - -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -class PolicyEvaluator : DPL::Noncopyable -{ - protected: - - /** - * Internal method used to initiate policy evaluation. Called after attribute set has been fetched - * by PIP. - * @param root root of the policies tree to be evaluated - */ - virtual ExtendedEffect evaluatePolicies(const TreeNode * root); - - // !! DEPRECATED !! - enum updateErrors - { - POLICY_PARSING_SUCCESS = 0, - POLICY_FILE_ERROR = 1, - PARSER_CREATION_ERROR, - POLICY_PARSING_ERROR - }; - private: - AttributeSet m_attributeSet; - - TreeNode *m_uniform_policy, *m_wac_policy, *m_tizen_policy; - std::string m_currentPolicyFile; - PolicyType m_policy_to_use; - - Combiner * m_combiner; - AsyncVerdictResultListener * m_verdictListener; - PolicyInformationPoint * m_pip; - - /** - * @return current policy Tree acc. to m_policy_to_use - */ - TreeNode * getCurrentPolicyTree(); - - /** - * Method used to extract attributes from subtree defined by PolicySet - * @param root original TreeStructure root node - * @param newRoot copy of TreeStructure containing only policies that matches current request - * - */ - void extractAttributesFromSubtree(const TreeNode *root); - - /** - * Method used to extract attributes from Tree Structure - * @return pointer to set of attributes needed to evaluate current request - * @return if extraction has been successful - * TODO return reducte tree structure - * TODO change comments - */ - bool extractAttributesFromRules(const TreeNode *); - - /** - * Extracts attributes from target of a given policy that are required to be fetched by PIP - */ - void extractTargetAttributes(const Policy *policy); - bool extractAttributes(TreeNode*); - - OptionalExtendedPolicyResult getPolicyForRequestInternal(bool fromCacheOnly); - PolicyResult effectToPolicyResult(Effect effect); - - /** - * Return safe policy tree in case of error with loading policy from file - */ - TreeNode * getDefaultSafePolicyTree(void); - - public: - PolicyEvaluator(PolicyInformationPoint * pip); - - bool extractAttributesTest() - { - m_attributeSet.clear(); - if (!extractAttributes(m_uniform_policy)) { - LogInfo("Warnign attribute set cannot be extracted. Returning Deny"); - return true; - } - - return extractAttributes(m_uniform_policy); - } - - AttributeSet * getAttributeSet() - { - return &m_attributeSet; - } - - virtual bool initPDP(); - virtual ~PolicyEvaluator(); - virtual ExtendedPolicyResult getPolicyForRequest(const Request &request); - virtual OptionalExtendedPolicyResult getPolicyForRequestFromCache( - const Request &request); - virtual OptionalExtendedPolicyResult getPolicyForRequest(const Request &request, - bool fromCacheOnly); - bool fillAttributeWithPolicy(); - - virtual int updatePolicy(const char *); - // This function updates policy from well known locations - virtual void updatePolicy(); - - std::string getCurrentPolicy(); -}; - -#endif //_POLICYEVALUATOR_H diff --git a/ace/include/ace/PolicyEvaluatorFactory.h b/ace/include/ace/PolicyEvaluatorFactory.h deleted file mode 100644 index 73e36a1..0000000 --- a/ace/include/ace/PolicyEvaluatorFactory.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file AbstractObjectFactory.h - * @author Piotr Fatyga (p.fatyga@samsung.com) - * @version 0.1 - * @brief - */ - -#ifndef _ABSTRACTOBJECTFACTORY_H -#define _ABSTRACTOBJECTFACTORY_H - -#include - -class AbstractPolicyEvaluatorFactory -{ - public: - virtual PolicyEvaluator * createPolicyEvaluator(PolicyInformationPoint *pip) - const = 0; -}; - -class PolicyEvaluatorFactory : public AbstractPolicyEvaluatorFactory -{ - public: - PolicyEvaluator * createPolicyEvaluator(PolicyInformationPoint *pip) const - { - return new PolicyEvaluator(pip); - } -}; - -#endif /* _ABSTRACTOBJECTFACTORY_H */ - diff --git a/ace/include/ace/PolicyInformationPoint.h b/ace/include/ace/PolicyInformationPoint.h deleted file mode 100644 index ccb9763..0000000 --- a/ace/include/ace/PolicyInformationPoint.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : PolicyInformationPoint.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#ifndef _POLICY_INFORMATION_POINT_H -#define _POLICY_INFORMATION_POINT_H - -#include - -#include -#include -#include -#include -#include - -typedef int PipResponse; - -class PolicyInformationPoint : public DPL::Noncopyable -{ - private: - - /** queries for interfaces*/ - std::list resourceAttributesQuery; - std::list environmentAttributesQuery; - std::list subjectAttributesQuery; - std::list functionParamAttributesQuery; - std::list widgetParamAttributesQuery; - - /** create queries */ - void createQueries(AttributeSet* attributes); - - IWebRuntime* wrtInterface; - IResourceInformation* resourceInformation; - IOperationSystem* operationSystem; - - public: - static const int ERROR_SHIFT_RESOURCE = 3; - static const int ERROR_SHIFT_OS = 6; - static const int ERROR_SHIFT_FP = 9; - - /** Mask used to identify PIP error */ - enum ResponseTypeMask - { - SUCCESS = 0, - /* WebRuntime Error */ - WRT_UNKNOWN_SUBJECT = 1 << 0, - WRT_UNKNOWN_ATTRIBUTE = 1 << 1, - WRT_INTERNAL_ERROR = 1 << 2, - /* Resource Information Storage Error */ - RIS_UNKNOWN_RESOURCE = 1 << 3, - RIS_UNKNOWN_ATTRIBUTE = 1 << 4, - RIS_INTERNAL_ERROR = 1 << 5, - /*Operating system */ - OS_UNKNOWN_ATTRIBUTE = 1 << 6, - OS_INTERNAL_ERROR = 1 << 7 - }; - - //TODO add checking values of attributes - /** gather attributes values from adequate interfaces */ - virtual PipResponse getAttributesValues(const Request* request, - AttributeSet* attributes); - virtual ~PolicyInformationPoint(); - PolicyInformationPoint(IWebRuntime *wrt, - IResourceInformation *resource, - IOperationSystem *system); - virtual void update(IWebRuntime *wrt, - IResourceInformation *resource, - IOperationSystem *system) - { - wrtInterface = wrt; - resourceInformation = resource; - operationSystem = system; - } - IWebRuntime * getWebRuntime() - { - return wrtInterface; - } -}; - -#endif //_POLICY_INFORMATION_POINT_H diff --git a/ace/include/ace/PolicyResult.h b/ace/include/ace/PolicyResult.h deleted file mode 100644 index f59fe80..0000000 --- a/ace/include/ace/PolicyResult.h +++ /dev/null @@ -1,259 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_ -#define _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_ - -#include -#include -#include - -#include - -typedef DPL::Optional OptionalPolicyEffect; - -class PolicyDecision -{ -public: - enum Value { NOT_APPLICABLE = -1 }; - - PolicyDecision(PolicyEffect effect) - : m_isPolicyEffect(true) - , m_effect(effect) - {} - - PolicyDecision(const PolicyDecision &decision) - : m_isPolicyEffect(decision.m_isPolicyEffect) - , m_effect(decision.m_effect) - {} - - PolicyDecision(Value) - : m_isPolicyEffect(false) - {} - - bool operator==(const PolicyDecision &decision) const { - return (m_isPolicyEffect - && decision.m_isPolicyEffect - && m_effect == decision.m_effect) - || (!m_isPolicyEffect && !decision.m_isPolicyEffect); - } - - bool operator==(Value) const { - return !m_isPolicyEffect; - } - - bool operator!=(const PolicyDecision &decision) const { - return !(*this == decision); - } - - bool operator!=(Value value) const { - return !(*this == value); - } - - OptionalPolicyEffect getEffect() const - { - if (!m_isPolicyEffect) { - return OptionalPolicyEffect(); - } - return OptionalPolicyEffect(m_effect); - } - - std::ostream & toStream(std::ostream& stream) { - if (m_isPolicyEffect) - stream << m_effect; - else - stream << "NOT-APPLICABLE"; - return stream; - } - -private: - bool m_isPolicyEffect; - PolicyEffect m_effect; -}; - -inline static bool operator==(PolicyEffect e, const PolicyDecision &d) { - return d.operator==(e); -} - -inline static bool operator!=(PolicyEffect e, const PolicyDecision &d) { - return !(e == d); -} - -inline static std::ostream & operator<<(std::ostream& stream, - PolicyDecision decision) -{ - return decision.toStream(stream); -} - -class PolicyResult { -public: - enum Value { UNDETERMINED = -2 }; - - // This constructor is required by dpl controller and by dpl optional - PolicyResult() - : m_isDecision(false) - , m_decision(PolicyDecision::Value::NOT_APPLICABLE) // don't care - {} - - PolicyResult(PolicyEffect effect) - : m_isDecision(true) - , m_decision(effect) - {} - - PolicyResult(const PolicyDecision &decision) - : m_isDecision(true) - , m_decision(decision) - {} - - PolicyResult(const PolicyResult &result) - : m_isDecision(result.m_isDecision) - , m_decision(result.m_decision) - {} - - PolicyResult(PolicyDecision::Value value) - : m_isDecision(true) - , m_decision(value) - {} - - PolicyResult(Value) - : m_isDecision(false) - , m_decision(PolicyDecision::Value::NOT_APPLICABLE) // don't care - {} - - bool operator==(const PolicyResult &result) const { - return (m_isDecision - && result.m_isDecision - && m_decision == result.m_decision) - || (!m_isDecision && !result.m_isDecision); - } - - bool operator==(Value) const { - return !m_isDecision; - } - - bool operator!=(const PolicyResult &result) const { - return !(*this == result); - } - - bool operator!=(Value value) const { - return !(*this == value); - } - - OptionalPolicyEffect getEffect() const - { - if (!m_isDecision) { - return OptionalPolicyEffect(); - } - return m_decision.getEffect(); - } - - static int serialize(const PolicyResult &policyResult) - { - if (!policyResult.m_isDecision) { - return BD_UNDETERMINED; - } else if (policyResult.m_decision == - PolicyDecision::Value::NOT_APPLICABLE) - { - return BD_NOT_APPLICABLE; - } else if (policyResult.m_decision == PolicyEffect::PROMPT_BLANKET) { - return BD_PROMPT_BLANKET; - } else if (policyResult.m_decision == PolicyEffect::PROMPT_SESSION) { - return BD_PROMPT_SESSION; - } else if (policyResult.m_decision == PolicyEffect::PROMPT_ONESHOT) { - return BD_PROMPT_ONESHOT; - } else if (policyResult.m_decision == PolicyEffect::PERMIT) { - return BD_PERMIT; - } else if (policyResult.m_decision == PolicyEffect::DENY) { - return BD_DENY; - } - Assert(false && "Unknown value of policyResult."); - } - - static PolicyResult deserialize(int dec){ - switch (dec) { - case BD_DENY: - return PolicyEffect::DENY; - case BD_PERMIT: - return PolicyEffect::PERMIT; - case BD_PROMPT_ONESHOT: - return PolicyEffect::PROMPT_ONESHOT; - case BD_PROMPT_SESSION: - return PolicyEffect::PROMPT_SESSION; - case BD_PROMPT_BLANKET: - return PolicyEffect::PROMPT_BLANKET; - case BD_NOT_APPLICABLE: - return PolicyDecision::Value::NOT_APPLICABLE; - case BD_UNDETERMINED: - return Value::UNDETERMINED; - } - Assert(false && "Broken database"); - } - - std::ostream & toStream(std::ostream& stream) { - if (m_isDecision) - stream << m_decision; - else - stream << "UNDETERMINED"; - return stream; - } - -private: - static const int BD_UNDETERMINED = 6; - static const int BD_NOT_APPLICABLE = 5; - static const int BD_PROMPT_BLANKET = 4; - static const int BD_PROMPT_SESSION = 3; - static const int BD_PROMPT_ONESHOT = 2; - static const int BD_PERMIT = 1; - static const int BD_DENY = 0; - - bool m_isDecision; - PolicyDecision m_decision; -}; - -inline static bool operator==(const PolicyDecision &d, const PolicyResult &r) { - return r == d; -} - -inline static bool operator!=(const PolicyDecision &d, const PolicyResult &r) { - return !(d == r); -} - -inline static bool operator==(const PolicyEffect &e, const PolicyResult &r) { - return e == r; -} - -inline static bool operator!=(const PolicyEffect &e, const PolicyResult &r) { - return !(e == r); -} - -inline static std::ostream & operator<<(std::ostream& stream, - PolicyResult result) -{ - return result.toStream(stream); -} - -struct ExtendedPolicyResult { - ExtendedPolicyResult(const PolicyResult pr = PolicyEffect::DENY, int rule = -1) - : policyResult(pr) - , ruleId(rule) - {} - PolicyResult policyResult; - int ruleId; -}; - -typedef DPL::Optional OptionalExtendedPolicyResult; - -#endif // _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_ diff --git a/ace/include/ace/PolicySet.h b/ace/include/ace/PolicySet.h deleted file mode 100644 index de12394..0000000 --- a/ace/include/ace/PolicySet.h +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : PolicySet.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#if !defined(_POLICYSET_H) -#define _POLICYSET_H - -#include "Policy.h" -#include - -class PolicySet : public Policy -{ - public: - - //TODO Clean this class - //PolicySet(CombineAlgorithm algorithm, std::list * targetAttr,const std::string & subjectId) - // : Policy(algorithm,targetAttr,subjectId) - // {} - PolicySet() - { - } - ~PolicySet() - { - } -}; - -#endif //_POLICYSET_H diff --git a/ace/include/ace/Preference.h b/ace/include/ace/Preference.h deleted file mode 100644 index c37fce8..0000000 --- a/ace/include/ace/Preference.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : Preference.h -// @ Date : 2009-05-2 -// @ Author : Samsung -// -// - -#ifndef _Preference_H_ -#define _Preference_H_ - -#include -#include - -#include - -typedef AceDB::PreferenceTypes Preference; -typedef AceDB::PreferenceTypesMap PreferenceMap; - -#endif //_Preference_H - diff --git a/ace/include/ace/PromptDecision.h b/ace/include/ace/PromptDecision.h deleted file mode 100644 index bfe425b..0000000 --- a/ace/include/ace/PromptDecision.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_ -#define _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_ - -#include -#include - -enum class PromptDecision { - ALLOW_ALWAYS, - DENY_ALWAYS, - ALLOW_THIS_TIME, - DENY_THIS_TIME, - ALLOW_FOR_SESSION, - DENY_FOR_SESSION -}; - -typedef DPL::Optional OptionalPromptDecision; - -struct CachedPromptDecision { - PromptDecision decision; - DPL::OptionalString session; -}; - -typedef DPL::Optional OptionalCachedPromptDecision; - -#endif // _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_ diff --git a/ace/include/ace/Request.h b/ace/include/ace/Request.h deleted file mode 100644 index 5e5fa9a..0000000 --- a/ace/include/ace/Request.h +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : Request.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#ifndef _REQUEST_H_ -#define _REQUEST_H_ - -#include -#include -#include - -#include -#include - -class Request : public AceDB::IRequest -{ - public: - typedef std::string DeviceCapability; - typedef std::set DeviceCapabilitySet; - - enum ApplicationType { - APP_TYPE_TIZEN, - APP_TYPE_WAC20, - APP_TYPE_UNKNOWN - }; - - Request(WidgetHandle widgetHandle, - WidgetExecutionPhase phase, - IFunctionParam *functionParam = 0) - : m_widgetHandle(widgetHandle) - , m_phase(phase) - , m_functionParam(functionParam) - , m_appType(APP_TYPE_UNKNOWN) - {} - - WidgetHandle getWidgetHandle() const - { - return m_widgetHandle; - } - - WidgetExecutionPhase getExecutionPhase() const - { - return m_phase; - } - - IFunctionParam *getFunctionParam() const - { - return m_functionParam; - } - - void addDeviceCapability(const std::string& device) - { - m_devcapSet.insert(device); - } - - DeviceCapabilitySet getDeviceCapabilitySet() const - { - return m_devcapSet; - } - - void setAppType(ApplicationType appType) - { - m_appType = appType; - } - - ApplicationType getAppType() const - { - return m_appType; - } - - private: - WidgetHandle m_widgetHandle; - WidgetExecutionPhase m_phase; - //! \brief list of function param (only for intercept) - IFunctionParam *m_functionParam; - //! \brief Set of defice capabilities - DeviceCapabilitySet m_devcapSet; - ApplicationType m_appType; -}; - -typedef std::vector Requests; - -#endif //_REQUEST_H_ diff --git a/ace/include/ace/Rule.h b/ace/include/ace/Rule.h deleted file mode 100644 index dc64389..0000000 --- a/ace/include/ace/Rule.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : Rule.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#if !defined(_RULE_H) -#define _RULE_H - -#include "Attribute.h" -#include "Effect.h" -#include "Condition.h" -#include - -class Rule : public AbstractTreeElement -{ - public: - - ExtendedEffect evaluateRule(const AttributeSet * attrSet) const; - - Rule() - : effect(Inapplicable) - { - //TODO we should set it to deny or smth, not inapplicable - } - - void setEffect(ExtendedEffect effect) - { - //We should not allow to set "Inapplicable" effect. - //Rules cannot have effect that is inapplicable, evaluation of the rules may however - //render the effect inapplicable. - Assert(effect.getEffect() != Inapplicable); - this->effect = effect; - } - void setCondition(Condition condition) - { - this->condition = condition; - } - void getAttributes(AttributeSet * attrSet) - { - condition.getAttributes(attrSet); - } - - //DEBUG methods - std::string printEffect(const ExtendedEffect &effect) const; - void printData(); - - private: - - ExtendedEffect effect; - Condition condition; -}; - -#endif //_RULE_H diff --git a/ace/include/ace/SettingsLogic.h b/ace/include/ace/SettingsLogic.h deleted file mode 100644 index e0d1fdb..0000000 --- a/ace/include/ace/SettingsLogic.h +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * - * @file SettingsLogic.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 0.1 - * @brief Header file for class getting/setting user/global ACE settings - */ - -#ifndef WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_ -#define WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_ - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -class SettingsLogic -{ - public: - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, DatabaseError) - }; - - // global settings - static AceDB::PreferenceTypes findGlobalUserSettings( - const std::string &resource, - WidgetHandle handler); - - static AceDB::PreferenceTypes findGlobalUserSettings( - const Request &request); - - // resource settings - static AceDB::PreferenceTypes getDevCapSetting( - const std::string &request); - static void getDevCapSettings(AceDB::PreferenceTypesMap *preferences); - static void setDevCapSetting(const std::string &resource, - AceDB::PreferenceTypes preference); - static void setAllDevCapSettings( - const std::list > &resourcesList); - static void removeDevCapSetting(const std::string &resource); - static void updateDevCapSetting(const std::string &resource, - AceDB::PreferenceTypes p); - - // user settings - static AceDB::PreferenceTypes getWidgetDevCapSetting( - const std::string &resource, - WidgetHandle handler); - static void getWidgetDevCapSettings(PermissionList *permissions); - static void setWidgetDevCapSetting(const std::string &resource, - WidgetHandle handler, - AceDB::PreferenceTypes preference); - static void setWidgetDevCapSettings(const PermissionList &tripleList); - static void removeWidgetDevCapSetting(const std::string &resource, - WidgetHandle handler); - - private: - SettingsLogic() - { - } - -}; - -#endif /* WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_ */ diff --git a/ace/include/ace/Subject.h b/ace/include/ace/Subject.h deleted file mode 100644 index 5176c99..0000000 --- a/ace/include/ace/Subject.h +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// File: Subject.h -// Author: notroot -// -// Created on June 2, 2009, 8:47 AM -// - -#ifndef _SUBJECT_H -#define _SUBJECT_H - -#include -#include -#include -#include -#include - -#include "Attribute.h" - -class Subject : DPL::Noncopyable -{ - std::string subjectId; - std::list targetAttributes; - - public: - Subject() - {} - - const std::list& getTargetAttributes() const; - - void setSubjectId(const std::string & subjectId) - { - this->subjectId = subjectId; - } - - //TODO maybe we should remove that becuase this causes a memory leak right now!! [CR] maybe thats true, maybe whe can remove this fun - // KW void setTargetAttributes(std::list * targetAttributes){ this->targetAttributes = targetAttributes; } - - const std::string & getSubjectId() const - { - return this->subjectId; - } - - void addNewAttribute(Attribute & attr) - { - this->targetAttributes.push_back(attr); - } - - //TODO in 1.0 change to true/false/undetermined - bool matchSubject(const AttributeSet *attrSet, - bool &isUndetermined) const; - - ~Subject() - {} -}; - -#endif /* _SUBJECT_H */ - diff --git a/ace/include/ace/TestTimer.h b/ace/include/ace/TestTimer.h deleted file mode 100644 index 1f07e61..0000000 --- a/ace/include/ace/TestTimer.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef _TEST_TIMER_H -#define _TEST_TIMER_H - -#include - -class TestTimer -{ - time_t startt, endt; - - public: - void start() - { - time(&startt); - } - void stop() - { - time(&endt); - } - double getTime() - { - return difftime(endt, startt); - } -}; - -#endif //_TEST_TIMER_H - diff --git a/ace/include/ace/TreeNode.h b/ace/include/ace/TreeNode.h deleted file mode 100644 index 473c26f..0000000 --- a/ace/include/ace/TreeNode.h +++ /dev/null @@ -1,130 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : TreeNode.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#ifndef _TREE_NODE_H -#define _TREE_NODE_H - -#include -#include - -#include - -class TreeNode; - -typedef std::list ChildrenSet; -typedef std::list::iterator ChildrenIterator; -typedef std::list::const_iterator ChildrenConstIterator; - -class TreeNode -{ - public: - //TODO nazwac pozadnie TYPY - moze jakas konwencja ... ??!! - enum TypeID { Policy =0, PolicySet=1, Rule=2}; - - const ChildrenSet & getChildrenSet() const - { - return children; - } - - TreeNode * getParent() const - { - return this->parent; - } - - void setParent(TreeNode *parent) - { - this->parent = parent; - } - - TypeID getTypeID() const - { - return this->typeID; - } - - void addChild(TreeNode *child) - { - child->setParent(this); - children.push_back(child); - } - - /** - * Clone the node - */ - // KW TreeNode * clone() { return new TreeNode(NULL,this->getTypeID(),this->getElement()); } - - TreeNode(TreeNode * parent, - TypeID type, - AbstractTreeElement * element) : - parent(parent), - typeID(type), - element(element) - { - } - - AbstractTreeElement * getElement() const - { - return element; - } - - private: - virtual ~TreeNode(); - - public: - /* - * It is common that we create a copy of tree structure created out of xml file. However we don't want to - * copy abstract elements ( Policies and Rules ) because we need them only for reading. We want to modify the - * tree structure though. Therefore we copy TreeNode. When the copy of the original tree is being destroyed method - * releaseTheSubtree should be called on "root". It automatically traverse the tree and call TreeNode destructors for - * each TreeNode in the tree. It doesn't remove the abstract elements in the tree ( there is always at most one abstract - * element instance, when tree is copied it is a shallow copy. - * When we want to completely get rid of the the tree and abstract elements we have to call releaseResources on tree root. - * We may want to do this for instance when we want to serialize the tree to disc. releaseResource method traverses the tree - * and releses the resources, as well as the TreeNode so NO releaseTheSubtree is required any more - */ - void releaseResources(); - - /** - * Used to delete the copies of tree structure. The original tree structure should be removed with releaseResources method. - * ReleaseTheSubtree method doesn't delete the abstract elements, only TreeNodes. It traverses the whole tree, so it should be - * called on behalf of root of the tree - */ - // KW void releaseTheSubtree(); - - friend std::ostream & operator<<(std::ostream & out, - const TreeNode * node); - // KW void printSubtree(); - - private: - // KW TreeNode(const TreeNode& pattern){ (void)pattern; } - - std::list children; - TreeNode * parent; - //TODO standarize ID case - TypeID typeID; - AbstractTreeElement * element; - static int level; -}; - -#endif //_TREE_NODE_H diff --git a/ace/include/ace/UserDecision.h b/ace/include/ace/UserDecision.h deleted file mode 100644 index 67bdbcf..0000000 --- a/ace/include/ace/UserDecision.h +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : UserDecision.h -// @ Date : 2009-05-22 -// @ Author : Samsung -// -// - -#ifndef _USERDECISION_H -#define _USERDECISION_H - -#include -#include - -typedef AceDB::ValidityTypes Validity; - -const char * toString(Validity validity); - -#endif //_USERDECISION_H - diff --git a/ace/include/ace/Verdict.h b/ace/include/ace/Verdict.h deleted file mode 100644 index 83d2d79..0000000 --- a/ace/include/ace/Verdict.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : Verdict.h -// @ Date : 2009-05-2 -// @ Author : Samsung -// -// - -#ifndef _VERDICT_H -#define _VERDICT_H - -#include -#include -#include - -typedef AceDB::VerdictTypes Verdict; -//typedef AceDB::TimedVerdict TimedVerdict; - -const char * toString(Verdict verditct); - -#endif //_VERDICT_H - diff --git a/ace/include/ace/WRT_INTERFACE.h b/ace/include/ace/WRT_INTERFACE.h deleted file mode 100644 index ac8ab93..0000000 --- a/ace/include/ace/WRT_INTERFACE.h +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef _WRT_INERFACE_4_ACE_EXAMPLE_H_ -#define _WRT_INERFACE_4_ACE_EXAMPLE_H_ - -#include -#include -#include - -typedef int WidgetHandle; - -class Request; - -enum WidgetExecutionPhase -{ - WidgetExecutionPhase_Unknown = 0, - WidgetExecutionPhase_WidgetInstall = 1 << 0, - WidgetExecutionPhase_WidgetInstantiate = 1 << 1, - WidgetExecutionPhase_WebkitBind = 1 << 2, - WidgetExecutionPhase_Invoke = 1 << 3 -}; - -struct RequestContext -{ - const WidgetHandle Handle; - WidgetExecutionPhase Phase; - - RequestContext(WidgetHandle handle, - WidgetExecutionPhase phase) : - Handle(handle), - Phase(phase) - { - } -}; - -// Pair of pointer to attribute name and pointer to list of value for -// this attribute name -typedef std::pair< const std::string* const, std::list* > -ATTRIBUTE; - -/* - * Each function should return 0 as success and positive value as error - * - * Possible return value: - * 0 - succes - * 1 - subjectId/resourceId name unknown - * 2 - unknown attribute name - * 4 - interface error - **/ - -/************** Web Runtime ********************/ - -class IWebRuntime -{ - public: - - /** - * gather and set attributes values for specified subjectId - * and attribute name - * @param subjectId is a name of subject (widget or internet site URI ) - * @param attributes is a list of pairs( - * first: pointer to attribute name - * second: list of values for attribute (std::string) - - * its a list of string (BONDI requirement), but usually there will - * be only one string - * */ - virtual int getAttributesValues(const Request &request, - std::list *attributes) = 0; - - /*return current sessionId */ - virtual std::string getSessionId(const Request &request) = 0; - - virtual ~IWebRuntime() - { - } -}; - -/************** Resource Information ********************/ -class IResourceInformation -{ - public: - /** - * gather and set attributes values for specified resourceId - * and attribute name - * @param resourceId is a name of subject (widget or internet site URI ) - * @param attributes is a list of pairs( - * first: pointer to attribute name - * second: list of values for attribute (std::string) - - * its a list of string (BONDI requirement), but usually there will - * be only one string - * */ - virtual int getAttributesValues(const Request &request, - std::list *attributes) = 0; - - virtual ~IResourceInformation() - { - } -}; - -/************** Operation System ********************/ -class IOperationSystem -{ - public: - - /** - * gather and set attributes values for specified attribute name - * @param attributes is a list of pairs( - * first: pointer to attribute name - * second: list of values for attribute (std::string) - - * its a list of string (BONDI requirement), but usually - * there will be only one string - * */ - virtual int getAttributesValues(const Request &request, - std::list *attributes) = 0; - - virtual ~IOperationSystem() - { - } -}; - -class IFunctionParam -{ - public: - virtual int getAttributesValues(const Request &request, - std::list *attributes) = 0; - virtual ~IFunctionParam() - { - } -}; - -#endif //_WRT_INERFACE_4_ACE_EXAMPLE_H_ diff --git a/ace/include/ace/WidgetUsageModel.h b/ace/include/ace/WidgetUsageModel.h deleted file mode 100644 index 09d15f8..0000000 --- a/ace/include/ace/WidgetUsageModel.h +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// @ Project : Access Control Engine -// @ File Name : UserDecision.h -// @ Date : 2009-05-22 -// @ Author : Samsung -// -// - -#ifndef _WIDGET_USAGE_H -#define _WIDGET_USAGE_H - -#include - -#include "Request.h" -#include "AsyncVerdictResultListener.h" - -enum UsageValidity -{ - USAGE_UNKNOWN, - USAGE_ONCE, - USAGE_SESSION, - USAGE_ALWAYS -}; - -enum UsageVerdict -{ - USAGE_VERDICT_PERMIT, - USAGE_VERDICT_DENY, - USAGE_VERDICT_INAPPLICABLE, - USAGE_VERDICT_UNDETERMINED, - USAGE_VERDICT_UNKNOWN, - USAGE_VERDICT_ERROR -}; -//Forward declaration -class PolicyEvaluator; - -class PolicyEvaluatorData -{ - private: - Request m_request; - UsageValidity m_validity; - UsageVerdict m_verdict; - AsyncVerdictResultListener *m_listener; - public: - - PolicyEvaluatorData(const Request& request, - AsyncVerdictResultListener *listener) : - m_request(request), - m_validity(USAGE_UNKNOWN), - m_verdict(USAGE_VERDICT_ERROR), - m_listener(listener) - { - } - - // KW UsageValidity getValidity() const { - // KW return m_validity; - // KW } - // KW - // KW UsageVerdict getVerdict() const { - // KW return m_verdict; - // KW } - // KW - // KW void setValidity(UsageValidity validity) { - // KW this->m_validity = validity; - // KW } - // KW - // KW void setVerdict(UsageVerdict verdict) { - // KW this->m_verdict = verdict; - // KW } - - const Request& getRequest() const - { - return m_request; - } - - AsyncVerdictResultListener* getListener() const - { - return m_listener; - } -}; - -#endif //_USERDECISION_H diff --git a/ace/include/ace/acf_consts.h b/ace/include/ace/acf_consts.h deleted file mode 100644 index 93ecfae..0000000 --- a/ace/include/ace/acf_consts.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * This file contain consts for Signing Template and Policy Manager - * This values will be used to specified and identified algorithms in xml policy documents. - * Its consistent with BONDI 1.0 released requirements - * - * NOTE: This values should be verified when ACF will be updated to the latest version of BONDI requirements - * This values comes from widget digital signature 1.0 - required version of this doc is very important - * - **/ - -#ifndef ACF_CONSTS_TYPES_H -#define ACF_CONSTS_TYPES_H - -//Digest Algorithms -extern const char* DIGEST_ALG_SHA256; - -//Canonicalization Algorithms -extern const char* CANONICAL_ALG_C14N; - -//Signature Algorithms -extern const char* SIGNATURE_ALG_RSA_with_SHA256; -extern const char* SIGNATURE_ALG_DSA_with_SHA1; -extern const char* SIGNATURE_ALG_ECDSA_with_SHA256; - -#endif - diff --git a/ace/include/ace/parser.h b/ace/include/ace/parser.h deleted file mode 100644 index 26f15e2..0000000 --- a/ace/include/ace/parser.h +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -// -// -// -// @ Project : Access Control Engine -// @ File Name : parser.h -// @ Date : 2009-05-06 -// @ Author : Samsung -// -// - -#ifndef _PARSER_H_ -#define _PARSER_H_ - -//#include "/usr/include/libxml2/libxml/parser.h" -#include -#include -#include -#include -#include - -#include "Policy.h" -#include "PolicySet.h" -#include "Request.h" -#include "Rule.h" -#include "Attribute.h" -#include "TreeNode.h" -#include "Subject.h" -#include "Condition.h" -#include "Effect.h" - -#define whitespaces " \n\t\r" - -enum CanonicalizationAlgorithm -{ - C14N, - C14NEXCLUSIVE -}; - -class Parser -{ - private: - RuleId ruleId; - xmlTextReaderPtr reader; - - TreeNode * root; - TreeNode * currentRoot; - Subject * currentSubject; - Condition * currentCondition; - Attribute * currentAttribute; - std::string * currentText; - - bool processingSignature; - bool canonicalizeOnce; - - void processNode(xmlTextReaderPtr reader); - - //Node Handlers - void endNodeHandler(xmlTextReaderPtr reader); - void textNodeHandler(xmlTextReaderPtr reader); - void startNodeHandler(xmlTextReaderPtr reader); - - //Node names handlers - void handleAttr(xmlTextReaderPtr reader); - void handleRule(xmlTextReaderPtr reader); - void handleSubject(); - void handleCondition(xmlTextReaderPtr reader); - void handleSubjectMatch(xmlTextReaderPtr reader); - void handleMatch(xmlTextReaderPtr reader, - Attribute::Type); - void handlePolicy(xmlTextReaderPtr reader, - TreeNode::TypeID type); - - //helpers - Policy::CombineAlgorithm convertToCombineAlgorithm(xmlChar*); - ExtendedEffect convertToEffect(xmlChar *effect); - Attribute::Match convertToMatchFunction(xmlChar * func); - void consumeCurrentText(); - void consumeCurrentAttribute(); - void consumeSubjectMatch(xmlChar * value = NULL); - void consumeCurrentSubject(); - void consumeCurrentCondition(); - void trim(std::string *); - // KW void canonicalize(const char *, const char *, CanonicalizationAlgorithm canonicalizationAlgorithm); - // KW int extractNodeToFile(xmlTextReaderPtr reader, const char * filename); - - static const char *TOKEN_PARAM; - public: - Parser(); - ~Parser(); - TreeNode * parse(const std::string& filename, const std::string& schema); -}; - -#endif //_PARSER_H diff --git a/ace/orm/ace_db b/ace/orm/ace_db deleted file mode 100644 index 7f90ed4..0000000 --- a/ace/orm/ace_db +++ /dev/null @@ -1,92 +0,0 @@ -SQL( - PRAGMA foreign_keys = ON; - BEGIN TRANSACTION; -) - -CREATE_TABLE(AcePolicyResult) - COLUMN_NOT_NULL(decision, INTEGER, check(decision between 0 and 6)) - COLUMN_NOT_NULL(hash, TEXT,) - COLUMN_NOT_NULL(rule_id, INTEGER) - TABLE_CONSTRAINTS( - PRIMARY KEY(hash) - ) -CREATE_TABLE_END() - -CREATE_TABLE(AcePromptDecision) - COLUMN_NOT_NULL(app_id, INTEGER,) - COLUMN_NOT_NULL(decision, INTEGER, check(decision between 0 and 5)) - COLUMN(session, TEXT,) - COLUMN_NOT_NULL(rule_id, INTEGER,) - TABLE_CONSTRAINTS( - PRIMARY KEY(app_id,rule_id) - ) -CREATE_TABLE_END() - -CREATE_TABLE(AceAttribute) - COLUMN_NOT_NULL(attr_id, INTEGER, primary key autoincrement) - COLUMN_NOT_NULL(name, TEXT,) - COLUMN_NOT_NULL(type, INTEGER, check(type between 0 and 4)) - - TABLE_CONSTRAINTS(unique(name,type)) -CREATE_TABLE_END() - -CREATE_TABLE(AceSubject) - COLUMN_NOT_NULL(subject_id, INTEGER, primary key autoincrement) - COLUMN_NOT_NULL(id_uri, TEXT, unique) -CREATE_TABLE_END() - -CREATE_TABLE(AceDevCap) - COLUMN_NOT_NULL(resource_id, INTEGER, primary key autoincrement) - COLUMN_NOT_NULL(id_uri, TEXT, unique) - COLUMN_NOT_NULL(general_setting,INTEGER, check(general_setting between -1 and 4)) -CREATE_TABLE_END() - -CREATE_TABLE(AceWidgetDevCapSetting) - COLUMN_NOT_NULL(app_id, INTEGER, not null) - COLUMN_NOT_NULL(resource_id, INTEGER, references AceDevCap(resource_id)) - COLUMN_NOT_NULL(access_value, INTEGER, check(access_value between -1 and 4)) - - TABLE_CONSTRAINTS(unique(app_id,resource_id)) -CREATE_TABLE_END() - -CREATE_TABLE(AceRequestedDevCaps) - COLUMN_NOT_NULL(app_id, INTEGER, not null) - COLUMN_NOT_NULL(grant_smack, INTEGER, not null) - COLUMN_NOT_NULL(dev_cap, TEXT,) - - TABLE_CONSTRAINTS(unique(app_id,dev_cap)) -CREATE_TABLE_END() - -CREATE_TABLE(AceAcceptedFeature) - COLUMN_NOT_NULL(app_id, INTEGER, not null) - COLUMN_NOT_NULL(feature, TEXT, not null) - - TABLE_CONSTRAINTS(unique(app_id,feature)) -CREATE_TABLE_END() - -CREATE_TABLE(WidgetInfo) - COLUMN_NOT_NULL(app_id, INTEGER, PRIMARY KEY) - COLUMN(widget_type, INT, DEFAULT 1) - COLUMN(widget_id, VARCHAR(256), DEFAULT '') - COLUMN(widget_version, VARCHAR(256), DEFAULT '') - COLUMN(author_name, VARCHAR(256), DEFAULT '') - COLUMN(share_href, VARCHAR(256), DEFAULT '') -CREATE_TABLE_END() - -CREATE_TABLE(WidgetCertificateFingerprint) - COLUMN_NOT_NULL(app_id, INT,) - COLUMN_NOT_NULL(owner, INT,) - COLUMN_NOT_NULL(chainid, INT,) - COLUMN_NOT_NULL(type, INT,) - COLUMN(md5_fingerprint, VARCHAR(64),) - COLUMN(sha1_fingerprint, VARCHAR(64),) - COLUMN(common_name, VARCHAR(64),) - TABLE_CONSTRAINTS( - PRIMARY KEY (app_id, chainid, owner, type) - FOREIGN KEY (app_id) REFERENCES WidgetInfo (app_id) ON DELETE CASCADE - ) -CREATE_TABLE_END() - -SQL( - COMMIT; -) diff --git a/ace/orm/ace_db_definitions b/ace/orm/ace_db_definitions deleted file mode 100644 index 46836e9..0000000 --- a/ace/orm/ace_db_definitions +++ /dev/null @@ -1,6 +0,0 @@ -DATABASE_START(ace) - -#include "ace_db" -#include "version_db" - -DATABASE_END() diff --git a/ace/orm/ace_db_sql_generator.h b/ace/orm/ace_db_sql_generator.h deleted file mode 100644 index 5af05ac..0000000 --- a/ace/orm/ace_db_sql_generator.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file wrt_db_sql_generator.h - * @author Bartosz Janiak (b.janiak@samsung.com) - * @version 1.0 - * @brief Macro definitions for generating the SQL input file from database definition. - */ - -//Do not include this file directly! It is used only for SQL code generation. - -#include - -#include "ace_db_definitions" diff --git a/ace/orm/gen_db_md5.sh b/ace/orm/gen_db_md5.sh deleted file mode 100755 index 38587b7..0000000 --- a/ace/orm/gen_db_md5.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -CHECKSUM=`cat ${2} ${3} 2>/dev/null | md5sum 2>/dev/null | cut -d\ -f1 2>/dev/null` -echo "#define DB_CHECKSUM DB_VERSION_${CHECKSUM}" > ${1} -echo "#define DB_CHECKSUM_STR \"DB_VERSION_${CHECKSUM}\"" >> ${1} - diff --git a/ace/orm/orm_generator_ace.h b/ace/orm/orm_generator_ace.h deleted file mode 100644 index 640dd35..0000000 --- a/ace/orm/orm_generator_ace.h +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef ORM_GENERATOR_ACE_H -#define ORM_GENERATOR_ACE_H - -#define ORM_GENERATOR_DATABASE_NAME ace_db_definitions -#include -#undef ORM_GENERATOR_DATABASE_NAME - -#endif diff --git a/ace/orm/version_db b/ace/orm/version_db deleted file mode 100644 index 7e20d8d..0000000 --- a/ace/orm/version_db +++ /dev/null @@ -1,5 +0,0 @@ -SQL( - BEGIN TRANSACTION; - CREATE TABLE DB_CHECKSUM (version INT); - COMMIT; -) diff --git a/ace_client/CMakeLists.txt b/ace_client/CMakeLists.txt deleted file mode 100644 index 4b7537b..0000000 --- a/ace_client/CMakeLists.txt +++ /dev/null @@ -1 +0,0 @@ -ADD_SUBDIRECTORY(src) diff --git a/ace_client/include/ace-client/ace_client.h b/ace_client/include/ace-client/ace_client.h deleted file mode 100644 index 4b4081b..0000000 --- a/ace_client/include/ace-client/ace_client.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file ace_client.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This file contains definitions of AceThinClient API - */ -#ifndef WRT_ACE_CLIENT_H -#define WRT_ACE_CLIENT_H - -#include -#include -#include -#include - -class WebRuntimeImpl; -class ResourceInformationImpl; -class OperationSystemImpl; - -namespace AceClient { - -class AceThinClientImpl; - -class AceThinClient : private DPL::Noncopyable { - public: - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, AceThinClientException) - }; - - bool checkFunctionCall(const AceRequest& ace_request) const; - AcePreference getWidgetResourcePreference( - const AceResource& resource, - const AceWidgetHandle& handle) const; - AceResourcesPreferences* getGlobalResourcesPreferences() const; - bool isInitialized() const; - - private: - AceThinClient(); - virtual ~AceThinClient(); - - AceThinClientImpl* m_impl; - friend class DPL::Singleton; - WebRuntimeImpl* m_wrt; - ResourceInformationImpl* m_res; - OperationSystemImpl* m_sys; -}; - -typedef DPL::Singleton AceThinClientSingleton; - -} // namespace AceClient - -#endif // WRT_ACE_CLIENT_H diff --git a/ace_client/include/ace-client/ace_client_helper.h b/ace_client/include/ace-client/ace_client_helper.h deleted file mode 100644 index 14c5964..0000000 --- a/ace_client/include/ace-client/ace_client_helper.h +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file ace_client_helper.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This file contains definitions of AceClient helper types and - * functions. - */ -#ifndef WRT_ACE_CLIENT_HELPER_H -#define WRT_ACE_CLIENT_HELPER_H - -#include -#include -#include - -#include -#include - -#include "ace_client_types.h" - -namespace AceClient { - -AcePreference toAcePreference(AceDB::PreferenceTypes preference) -{ - switch (preference) { - case AceDB::PreferenceTypes::PREFERENCE_PERMIT: { - return PREFERENCE_PERMIT; } - case AceDB::PreferenceTypes::PREFERENCE_DENY: { - return PREFERENCE_DENY; } - case AceDB::PreferenceTypes::PREFERENCE_DEFAULT: { - return PREFERENCE_DEFAULT; } - case AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT: { - return PREFERENCE_BLANKET_PROMPT; } - case AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT: { - return PREFERENCE_SESSION_PROMPT; } - case AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: { - return PREFERENCE_ONE_SHOT_PROMPT; } - } - return PREFERENCE_DEFAULT; -} - -typedef std::vector AceParamKeys; -typedef std::vector AceParamValues; - -class AceFunctionParam -{ - public: - virtual ~AceFunctionParam() - { - } - - void addAttribute(const std::string& key, - const std::string& value) - { - m_paramMap.insert(std::make_pair(key, value)); - } - - AceParamKeys getKeys() const - { - AceParamKeys out; - FOREACH (it, m_paramMap) { - out.push_back(it->first); - } - return out; - } - - AceParamValues getValues() const - { - AceParamValues out; - FOREACH (it, m_paramMap) { - out.push_back(it->second); - } - return out; - } - - static std::string aceFunctionParamToken; - - private: - typedef std::multimap ParamMap; - ParamMap m_paramMap; -}; - -typedef std::vector AceFunctionParams; - -class AceBasicRequest : public AceDB::IRequest { - public: - AceBasicRequest(const AceSubject& subject, - const AceResource& resource) : - m_subject(subject), - m_resource(resource) - { - } - - AceBasicRequest(const AceSubject& subject, - const AceResource& resource, - const AceFunctionParam& param) : - m_subject(subject), - m_resource(resource), - m_param(param) - { - } - virtual const std::string& getSubjectId() const - { - return m_subject; - } - virtual const std::string& getResourceId() const - { - return m_resource; - } - virtual const AceFunctionParam& getFunctionParam() const - { - return m_param; - } - - private: - AceSubject m_subject; - AceResource m_resource; - AceFunctionParam m_param; -}; - -typedef std::vector AceBasicRequests; - -} // namespace AceClient - -#endif // WRT_ACE_CLIENT_HELPER_H diff --git a/ace_client/include/ace-client/ace_client_types.h b/ace_client/include/ace-client/ace_client_types.h deleted file mode 100644 index f27a4ba..0000000 --- a/ace_client/include/ace-client/ace_client_types.h +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file ace_client_types.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This file contains definitions of AceClient types - */ -#ifndef WRT_ACE_CLIENT_TYPES_H -#define WRT_ACE_CLIENT_TYPES_H - -#include -#include -#include - -namespace AceClient { - -typedef int AceWidgetHandle; -typedef void* AceJobWidgetInstallId; - -typedef std::string AceResource; -typedef std::string AceSubject; -typedef std::string AceSessionId; - -enum AcePreference -{ - PREFERENCE_PERMIT, - PREFERENCE_DENY, - PREFERENCE_DEFAULT, - PREFERENCE_BLANKET_PROMPT, - PREFERENCE_SESSION_PROMPT, - PREFERENCE_ONE_SHOT_PROMPT -}; - -typedef std::map AceResourcesPreferences; -typedef std::pair AceResurcePreference; - -struct AceParam -{ - const char *name; - const char *value; - - AceParam(): - name(NULL), value(NULL) - {} - - AceParam(const char *name, const char *value): - name(name), value(value) - {} -}; - -struct AceParamList -{ - size_t count; - AceParam* param; - AceParamList(): - count(0), - param(NULL) - {} -}; - -struct AceDeviceCap -{ - size_t devcapsCount; - const char** devCapNames; - size_t paramsCount; - AceParamList* params; - AceDeviceCap(): - devcapsCount(0), - devCapNames(NULL), - paramsCount(0), - params(NULL) - {} -}; - -struct AceApiFeatures -{ - size_t count; - const char** apiFeature; - AceApiFeatures(): - count(0), - apiFeature(NULL) - {} -}; - -struct AceRequest -{ - AceSessionId sessionId; - AceWidgetHandle widgetHandle; - AceApiFeatures apiFeatures; - const char* functionName; - AceDeviceCap deviceCapabilities; - AceRequest(): - widgetHandle(0), - apiFeatures(), - functionName(NULL), - deviceCapabilities() - {} -}; - -} // namespace AceClient - -#endif // WRT_ACE_CLIENT_TYPES_H diff --git a/ace_client/include/ace_api_client.h b/ace_client/include/ace_api_client.h deleted file mode 100644 index 817a988..0000000 --- a/ace_client/include/ace_api_client.h +++ /dev/null @@ -1,118 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_api_client.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This is C api for Access Control Engine (ACE), client mode - * (RO part). - */ - -#ifndef ACE_API_CLIENT_H -#define ACE_API_CLIENT_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * API defined in this header should be used only from one thread. If used - * otherwise, unexpected behaviour may occur, including segmentation faults and - * escalation of global warming. Be warned. - */ - -// --------------- Initialization and deinitialization ------------------------- - -/* - * Function type that must be implemented externally and passed to ACE - * on initialization. This function must show to the user a popup with - * information on access request to single device capability. Will be used by - * implementation of ace_check_access API, when policy requires to display - * popup. - * - * Function must be synchronous and must behave accordingly: - * - * Function may return value other than ACE_OK, but it will be treated as - * denial of access. - * - * If returned value is ACE_OK, then 'validation_result' must hold information - * on whether the access was granted or not. - * - * Executed function must display a popup with readable information presented to - * user, covering 'resource_name' that is to be accessed for 'handle' widget - * which is requesting the access. - * - * In its implementation, after the user answered to displayed question, - * UI handler must call popup answer validation API (ace_validate_answer) - * from separate, ace-popup-validation library, with passed 'param_list', - * 'session_id', 'handle' and given answer as arguments. Validation result - * returned by ace_validate_answer needs to be returned in 'validation_result' - * parameter of UI handler. - * - * 'popup_type' describes what kind of options should be given to user - i.e. - * ONESHOT prompt only gives possibility to answer Permit/Deny and returned - * validity for this prompt must be ONCE. PER_SESSION prompt allows to return - * validity ONCE or PER_SESSION. BLANKET prompt allows to return any validity, - * as defined in ace_validity_t. - * - * This call must be made from properly SMACK labelled, safe process - otherwise - * the validation will not occur in security daemon and caller will not be - * granted access to requested device capability. - */ -typedef ace_return_t (*ace_popup_handler_func_t)( - ace_popup_t popup_type, - const ace_resource_t resource_name, - const ace_session_id_t session_id, - const ace_param_list_t* param_list, - ace_widget_handle_t handle, - ace_bool_t* validation_result); - -/* - * Initializes ACE for check access API (client mode). Must be called only once. - * Keep in mind that initializing ACE in client mode disallows usage of API - * defined in ace_api.h and ace_api_settings.h (RW part). - * - * 'handler' must not be NULL, see definition of ace_popup_handler_func_t for - * more information. - * - * Returns error or ACE_OK. - */ -ace_return_t ace_client_initialize(ace_popup_handler_func_t handler); - -/* - * Deinitializes ACE client for check access API. Can be called only once. - */ -ace_return_t ace_client_shutdown(void); - -// --------------- Check Access API -------------------------------------------- - -/* - * Does ACE check with set of device capabilities and function parameters. - * Checks cache first, if it is non-existent, does full ACE check. - * - * Returns error or ACE_OK and information if access was allowed or not - * (value ACE_TRUE or ACE_FALSE is in 'access' argument, only if returned value - * is ACE_OK - otherwise, 'access' value is undefined) - */ -ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access); - -#ifdef __cplusplus -} -#endif - -#endif // ACE_API_CLIENT_H diff --git a/ace_client/include/ace_popup_handler.h b/ace_client/include/ace_popup_handler.h deleted file mode 100644 index e63630d..0000000 --- a/ace_client/include/ace_popup_handler.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_popup_handler.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief Private header for access to UI handling function. - * (RO part). - */ - -#ifndef ACE_POPUP_HANDLER_H -#define ACE_POPUP_HANDLER_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -extern ace_popup_handler_func_t popup_func; - -#ifdef __cplusplus -} -#endif - -#endif // ACE_POPUP_HANDLER_H diff --git a/ace_client/src/CMakeLists.txt b/ace_client/src/CMakeLists.txt deleted file mode 100644 index 72a7f56..0000000 --- a/ace_client/src/CMakeLists.txt +++ /dev/null @@ -1,71 +0,0 @@ -include(FindPkgConfig) - -PKG_CHECK_MODULES(ACE_CLIENT_DEPS - dpl-efl - dpl-event-efl - dpl-dbus-efl - REQUIRED - ) - -SET(ACE_CLIENT_DIR - ${PROJECT_SOURCE_DIR}/ace_client - ) - -SET(ACE_CLIENT_SRC_DIR - ${ACE_CLIENT_DIR}/src - ) - -SET(ACE_CLIENT_INCLUDE_DIR - ${ACE_CLIENT_DIR}/include - ) - -SET(ACE_CLIENT_SOURCES - ${COMMUNICATION_CLIENT_SOURCES} - ${ACE_CLIENT_SRC_DIR}/ace_client.cpp - ${ACE_CLIENT_SRC_DIR}/ace_api_client.cpp - ${PROJECT_SOURCE_DIR}/src/services/ace/logic/attribute_facade.cpp - ${PROJECT_SOURCE_DIR}/src/services/ace/logic/simple_roaming_agent.cpp - ) - -SET(ACE_CLIENT_INCLUDES - ${COMMUNICATION_CLIENT_INCLUDES} - ${ACE_CLIENT_DEPS_INCLUDE_DIRS} - ${ACE_CLIENT_INCLUDE_DIR} - ${PROJECT_SOURCE_DIR}/ace_common/include - ${PROJECT_SOURCE_DIR}/src/services/ace - ${PROJECT_SOURCE_DIR}/src/services/ace/ - ${PROJECT_SOURCE_DIR}/src/services/ace/logic - ${PROJECT_SOURCE_DIR}/src/services/popup - ${PROJECT_SOURCE_DIR}/popup_process - ${PROJECT_SOURCE_DIR}/ace/include - ) - -ADD_DEFINITIONS(${ACE_CLIENT_DEPS_CFLAGS}) -ADD_DEFINITIONS(${ACE_CLIENT_CFLAGS_OTHER}) - -INCLUDE_DIRECTORIES(${ACE_CLIENT_INCLUDES}) - -ADD_LIBRARY(${TARGET_ACE_CLIENT_LIB} SHARED ${ACE_CLIENT_SOURCES}) - -SET_TARGET_PROPERTIES(${TARGET_ACE_CLIENT_LIB} PROPERTIES - SOVERSION ${API_VERSION} - VERSION ${VERSION}) - -SET_TARGET_PROPERTIES(${TARGET_ACE_CLIENT_LIB} PROPERTIES - COMPILE_FLAGS -fPIC) - -TARGET_LINK_LIBRARIES(${TARGET_ACE_CLIENT_LIB} - ${ACE_CLIENT_DEPS_LIBRARIES} - ${TARGET_ACE_DAO_RO_LIB} - ${TARGET_ACE_LIB} - ) - -INSTALL(TARGETS ${TARGET_ACE_CLIENT_LIB} - DESTINATION lib) - -INSTALL(FILES -# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client.h -# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client_types.h - ${ACE_CLIENT_INCLUDE_DIR}/ace_api_client.h - DESTINATION include/ace-client - ) diff --git a/ace_client/src/ace_api_client.cpp b/ace_client/src/ace_api_client.cpp deleted file mode 100644 index 16d9f36..0000000 --- a/ace_client/src/ace_api_client.cpp +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file ace_api_client.cpp - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This file contains implementation of ACE client API - */ - -#include -#include -#include "ace_api_client.h" -#include "ace-client/ace_client.h" - -#include -#include -#include -#include "popup_response_server_api.h" -#include "security_daemon_dbus_config.h" -//#include "PromptModel.h" - -ace_return_t ace_client_initialize(ace_popup_handler_func_t handler) -{ - if (!AceClient::AceThinClientSingleton::Instance().isInitialized()) { - return ACE_INTERNAL_ERROR; - } - popup_func = handler; - // Changed order of checks to make API run with old popup implementation - // instead of always needing the popup handler to be implemented. - if (NULL == handler) { - LogError("NULL argument(s) passed"); - return ACE_INVALID_ARGUMENTS; - } - return ACE_OK; -} - -ace_return_t ace_client_shutdown(void) -{ - popup_func = NULL; - return ACE_OK; -} - -ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access) -{ - if (NULL == request || NULL == access) { - LogError("NULL argument(s) passed"); - return ACE_INVALID_ARGUMENTS; - } - - AceClient::AceRequest aceRequest; - aceRequest.sessionId = request->session_id; - aceRequest.widgetHandle = request->widget_handle; - - aceRequest.apiFeatures.count = request->feature_list.count; - aceRequest.apiFeatures.apiFeature = - const_cast(request->feature_list.items); - aceRequest.functionName = NULL; // TODO will be removed - aceRequest.deviceCapabilities.devcapsCount = request->dev_cap_list.count; - aceRequest.deviceCapabilities.paramsCount = request->dev_cap_list.count; - - char** devCapNames = new char*[request->dev_cap_list.count]; - AceClient::AceParamList* paramList = - new AceClient::AceParamList[request->dev_cap_list.count]; - - unsigned int i; - for (i = 0; i < request->dev_cap_list.count; ++i) { - devCapNames[i] = request->dev_cap_list.items[i].name; - paramList[i].count = request->dev_cap_list.items[i].param_list.count; - - paramList[i].param = new AceClient::AceParam[ - request->dev_cap_list.items[i].param_list.count]; - - unsigned int j; - for (j = 0; j < request->dev_cap_list.items[i].param_list.count; ++j) { - paramList[i].param[j].name = - request->dev_cap_list.items[i].param_list.items[j].name; - paramList[i].param[j].value = - request->dev_cap_list.items[i].param_list.items[j].value; - - } - } - - aceRequest.deviceCapabilities.devCapNames = - const_cast(devCapNames); - aceRequest.deviceCapabilities.params = paramList; - - bool ret = false; - - Try { - ret = AceClient::AceThinClientSingleton:: - Instance().checkFunctionCall(aceRequest); - *access = ret ? ACE_TRUE : ACE_FALSE; - } Catch (AceClient::AceThinClient::Exception::AceThinClientException) { - LogError("Ace client exception"); - delete [] devCapNames; - for (i = 0; i < request->dev_cap_list.count; ++i) { - delete [] paramList[i].param; - } - delete [] paramList; - return ACE_INTERNAL_ERROR; - } - - delete [] devCapNames; - for (i = 0; i < request->dev_cap_list.count; ++i) { - delete [] paramList[i].param; - } - delete [] paramList; - return ACE_OK; -} diff --git a/ace_client/src/ace_client.cpp b/ace_client/src/ace_client.cpp deleted file mode 100644 index 3c4d086..0000000 --- a/ace_client/src/ace_client.cpp +++ /dev/null @@ -1,665 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file ace_client.cpp - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This file contains implementation of AceThinClient class - */ - -#include -#include -#include - -#include -#include -#include -#include -#include -#include - -#include - -#include "ace_server_api.h" -#include "popup_response_server_api.h" -#include "ace-client/ace_client.h" -#include "ace-client/ace_client_helper.h" -#include -#include - -// ACE tests need to use mock implementations -#ifdef ACE_CLIENT_TESTS - -#include "AceDAOReadOnly_mock.h" -#include "communication_client_mock.h" -#include "PolicyInformationPoint_mock.h" - -#else - -#include -#include "SecurityCommunicationClient.h" -#include - -#endif // ACE_CLIENT_TESTS - -IMPLEMENT_SAFE_SINGLETON(AceClient::AceThinClient) - -ace_popup_handler_func_t popup_func = NULL; - -namespace AceClient { - -namespace { -// These devcaps actually are not requested in config file, so should be treaded -// as if were requested (access tags/WARP will block request if desired) -const std::string DEVCAP_EXTERNAL_NETWORK_ACCESS = "externalNetworkAccess"; -const std::string DEVCAP_XML_HTTP_REQUEST = "XMLHttpRequest"; -} // anonymous - - -std::string AceFunctionParam::aceFunctionParamToken = "param:function"; - -// popup cache result - -enum class AceCachedPromptResult { - PERMIT, - DENY, - ASK_POPUP -}; - -// AceThinClient implementation singleton -class AceThinClientImpl { - public: - bool checkFunctionCall(const AceRequest& ace_request); - AcePreference getWidgetResourcePreference( - const AceResource& resource, - const AceWidgetHandle& handle) const; - AceResourcesPreferences* getGlobalResourcesPreferences() const; - bool isInitialized() const; - - AceThinClientImpl(); - ~AceThinClientImpl(); - - protected: - bool containsNetworkDevCap(const AceRequest &ace_request); - bool checkFeatureList(const AceRequest& ace_request); - private: - WebRuntimeImpl* m_wrt; - ResourceInformationImpl* m_res; - OperationSystemImpl* m_sys; - WrtSecurity::Communication::Client *m_communicationClient, *m_popupValidationClient; - - AceSubject getSubjectForHandle(AceWidgetHandle handle) const; - AceCachedPromptResult getCachedPromptResult( - WidgetHandle widgetHandle, - int ruleId, - const AceSessionId& sessionId) const; - bool askUser(PolicyEffect popupType, - const AceRequest& ace_request, - const AceBasicRequest& request); - // Prompt validation - bool validatePopupResponse( - const AceRequest& ace_request, - const AceBasicRequest& request, - bool answer = true, - Prompt::Validity validity = Prompt::Validity::ALWAYS); - mutable PolicyInformationPoint m_pip; - DPL::Optional> m_grantedDevCaps; - std::set m_acceptedFeatures; -}; - -AceThinClientImpl::AceThinClientImpl() - : m_communicationClient(NULL), - m_popupValidationClient(NULL), - m_wrt(new WebRuntimeImpl()), - m_res(new ResourceInformationImpl()), - m_sys(new OperationSystemImpl()), - m_pip(m_wrt, m_res, m_sys) -{ - AceDB::AceDAOReadOnly::attachToThreadRO(); - Try { - m_communicationClient = new WrtSecurity::Communication::Client(WrtSecurity::AceServerApi::INTERFACE_NAME()); - m_popupValidationClient = new WrtSecurity::Communication::Client(WrtSecurity::PopupServerApi::INTERFACE_NAME()); - } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { - if(m_communicationClient) delete m_communicationClient; - if(m_popupValidationClient) delete m_popupValidationClient; - delete m_wrt; - delete m_res; - delete m_sys; - ReThrowMsg(AceThinClient::Exception::AceThinClientException, - "Failed to call security daemon"); - } -} - -AceThinClientImpl::~AceThinClientImpl() -{ - Assert(NULL != m_communicationClient); - Assert(NULL != m_popupValidationClient); - delete m_communicationClient; - delete m_popupValidationClient; - delete m_wrt; - delete m_res; - delete m_sys; - m_communicationClient = NULL; - m_popupValidationClient = NULL; - AceDB::AceDAOReadOnly::detachFromThread(); - -} - -bool AceThinClientImpl::isInitialized() const -{ - return NULL != m_communicationClient && NULL != m_popupValidationClient; -} - -bool AceThinClientImpl::containsNetworkDevCap(const AceRequest &ace_request) -{ - AceDeviceCap deviceCap = ace_request.deviceCapabilities; - for (size_t j=0; j(); - m_acceptedFeatures.clear(); - - AceDB::FeatureNameVector fvector; - AceDB::AceDAOReadOnly::getAcceptedFeature(ace_request.widgetHandle, &fvector); - for(size_t i=0; ipolicyResult.getEffect(); - if (effect.IsNull()) { - // PolicyDecision is UNDETERMINED or NOT_APPLICABLE - result = false; - break; - } else if (*effect == PolicyEffect::DENY) { - // Access denied - result = false; - break; - } else if (*effect == PolicyEffect::PERMIT) { - // Access granted - if (m_grantedDevCaps->find( - DPL::FromASCIIString(request.getResourceId())) - != m_grantedDevCaps->end()) - { - continue; - } else - askServer = true; - } else { - // Check for cached popup response - LogInfo("Checking cached popup response"); - AceCachedPromptResult promptCached = - getCachedPromptResult(ace_request.widgetHandle, - exPolicyResult->ruleId, - ace_request.sessionId); - if (promptCached == AceCachedPromptResult::PERMIT) { - // Granted by previous popup - LogDebug("Cache found OK"); - if (m_grantedDevCaps->find( - DPL::FromASCIIString(request.getResourceId())) - != m_grantedDevCaps->end()) - { - LogDebug("SMACK given previously"); - continue; - } else { - if (*effect != PolicyEffect::PROMPT_BLANKET) { - // This should not happen. - LogDebug("This should not happen."); - result = false; - break; - } - if (!validatePopupResponse(ace_request, - request)) { - LogDebug("Daemon has not validated response."); - result = false; - break; - } else { - // Access granted, move on to next request - LogDebug("SMACK granted, all OK"); - m_grantedDevCaps->insert( - DPL::FromASCIIString( - request.getResourceId())); - continue; - } - } - } - if (promptCached == AceCachedPromptResult::DENY) { - // Access denied by earlier popup - result = false; - break; - } - if (promptCached == AceCachedPromptResult::ASK_POPUP) { - askPopup = true; - popupType = *effect; - } - } - } - } - - if (askServer) { - // IPC to security daemon - // here we must check if we have a SMACK permission for - // the device cap requested - LogInfo("Asking security daemon"); - int serializedPolicyResult = 0; - Try { - m_communicationClient->call(WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD(), - ace_request.widgetHandle, - request.getSubjectId(), - request.getResourceId(), - request.getFunctionParam().getKeys(), - request.getFunctionParam().getValues(), - ace_request.sessionId, - &serializedPolicyResult); - } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { - ReThrowMsg(AceThinClient::Exception::AceThinClientException, - "Failed to call security daemon"); - } - PolicyResult policyResult = PolicyResult:: - deserialize(serializedPolicyResult); - OptionalPolicyEffect effect = policyResult.getEffect(); - if (effect.IsNull()) { - // PolicyDecision is UNDETERMINED or NOT_APPLICABLE - result = false; - break; - } - if (*effect == PolicyEffect::DENY) { - // Access denied - result = false; - break; - } - if (*effect == PolicyEffect::PERMIT) { - // Access granted, move on to next request - m_grantedDevCaps->insert( - DPL::FromASCIIString(request.getResourceId())); - - continue; - } - // Policy says: ask user - setup popup kind - popupType = *effect; - askPopup = true; - } - - if (askPopup) { - result = askUser(popupType, ace_request, request); - } - } - LogInfo("Result: " << (result ? "GRANTED" : "DENIED")); - return result; -} - -bool AceThinClientImpl::askUser(PolicyEffect popupType, - const AceRequest& ace_request, - const AceBasicRequest& request) -{ - LogInfo("Asking popup"); - Assert(NULL != popup_func); - - const AceFunctionParam& fParam = request.getFunctionParam(); - AceParamKeys keys = fParam.getKeys(); - AceParamValues values = fParam.getValues(); - - ace_popup_t ace_popup_type; - ace_resource_t resource = const_cast( - request.getResourceId().c_str()); - ace_session_id_t session = const_cast( - ace_request.sessionId.c_str());; - ace_param_list_t parameters; - ace_widget_handle_t handle = ace_request.widgetHandle; - - parameters.count = keys.size(); - parameters.items = new ace_param_t[parameters.count]; - unsigned int i; - for (i = 0; i < parameters.count; ++i) { - parameters.items[i].name = - const_cast(keys[i].c_str()); - parameters.items[i].value = - const_cast(values[i].c_str()); - } - - switch (popupType) { - case PolicyEffect::PROMPT_ONESHOT: { - ace_popup_type = ACE_ONESHOT; - break; } - case PolicyEffect::PROMPT_SESSION: { - ace_popup_type = ACE_SESSION; - break; } - case PolicyEffect::PROMPT_BLANKET: { - ace_popup_type = ACE_BLANKET; - break; } - default: { - LogError("Unknown popup type passed!"); - LogError("Maybe effect isn't a popup?"); - LogError("Effect number is: " << static_cast(popupType)); - Assert(0); } - } - - ace_bool_t answer = ACE_FALSE; - ace_return_t ret = popup_func(ace_popup_type, - resource, - session, - ¶meters, - handle, - &answer); - - delete [] parameters.items; - - if (ACE_OK != ret) { - LogError("Error in popup handler"); - return false; - } - - if (ACE_TRUE == answer) { - m_grantedDevCaps->insert( - DPL::FromASCIIString(request.getResourceId())); - return true; - } - - return false; -} - -bool AceThinClientImpl::validatePopupResponse( - const AceRequest& ace_request, - const AceBasicRequest& request, - bool answer, - Prompt::Validity validity - ) -{ - bool response = false; - Try{ - m_popupValidationClient->call( - WrtSecurity::PopupServerApi::VALIDATION_METHOD(), - answer, - static_cast(validity), - ace_request.widgetHandle, - request.getSubjectId(), - request.getResourceId(), - request.getFunctionParam().getKeys(), - request.getFunctionParam().getValues(), - ace_request.sessionId, - &response); - } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { - ReThrowMsg(AceThinClient::Exception::AceThinClientException, - "Failed to call security daemon"); - } - return response; -} - -AcePreference AceThinClientImpl::getWidgetResourcePreference ( - const AceResource& resource, - const AceWidgetHandle& handle) const -{ - return toAcePreference( - AceDB::AceDAOReadOnly::getWidgetDevCapSetting(resource, handle)); -} - -AceResourcesPreferences* AceThinClientImpl::getGlobalResourcesPreferences() -const -{ - AceDB::PreferenceTypesMap globalSettingsMap; - AceResourcesPreferences* acePreferences = new AceResourcesPreferences(); - AceDB::AceDAOReadOnly::getDevCapSettings(&globalSettingsMap); - FOREACH(it, globalSettingsMap) { - acePreferences->insert( - AceResurcePreference((*it).first, - toAcePreference((*it).second))); - } - return acePreferences; -} - -AceSubject AceThinClientImpl::getSubjectForHandle(AceWidgetHandle handle) const -{ - try - { - return AceDB::AceDAOReadOnly::getGUID(handle); - } - catch (AceDB::AceDAOReadOnly::Exception::DatabaseError& /*ex*/) - { - LogError("Couldn't find GIUD for handle " << handle); - return ""; - } -} - -AceCachedPromptResult AceThinClientImpl::getCachedPromptResult( - WidgetHandle widgetHandle, - int ruleId, - const AceSessionId& sessionId) const -{ - OptionalCachedPromptDecision promptDecision = - AceDB::AceDAOReadOnly::getPromptDecision( - widgetHandle, - ruleId); - if (promptDecision.IsNull()) { - LogDebug("No cache"); - return AceCachedPromptResult::ASK_POPUP; - } else { - // These should not be stored in DB! - Assert(PromptDecision::ALLOW_THIS_TIME - != (*promptDecision).decision); - Assert(PromptDecision::DENY_THIS_TIME - != (*promptDecision).decision); - if ((*promptDecision).decision == - PromptDecision::ALLOW_ALWAYS) { - // Access granted via earlier popup - LogDebug("ALLOW_ALWAYS"); - return AceCachedPromptResult::PERMIT; - } - if ((*promptDecision).decision == - PromptDecision::DENY_ALWAYS) { - LogDebug("DENY_ALWAYS"); - // Access denied via earlier popup - return AceCachedPromptResult::DENY; - } - // Only thing left is per session prompts - if ((*promptDecision).session.IsNull()) { - LogDebug("NO SESSION"); - return AceCachedPromptResult::ASK_POPUP; - } - AceSessionId cachedSessionId = DPL::ToUTF8String(*((*promptDecision).session)); - if ((*promptDecision).decision == - PromptDecision::ALLOW_FOR_SESSION) { - if (cachedSessionId == sessionId) { - // Access granted for this session. - LogDebug("SESSION OK, PERMIT"); - return AceCachedPromptResult::PERMIT; - } else { - LogDebug("SESSION NOT OK, ASKING"); - return AceCachedPromptResult::ASK_POPUP; - } - } - if ((*promptDecision).decision == - PromptDecision::DENY_FOR_SESSION) { - if (cachedSessionId == sessionId) { - // Access denied for this session. - LogDebug("SESSION OK, DENY"); - return AceCachedPromptResult::DENY; - } else { - LogDebug("SESSION NOT OK, ASKING"); - return AceCachedPromptResult::ASK_POPUP; - } - } - } - LogDebug("NO RESULT, ASKING"); - return AceCachedPromptResult::ASK_POPUP; -} - -// AceThinClient - -bool AceThinClient::checkFunctionCall( - const AceRequest& ace_request) const -{ - return m_impl->checkFunctionCall(ace_request); -} - -AcePreference AceThinClient::getWidgetResourcePreference( - const AceResource& resource, - const AceWidgetHandle& handle) const -{ - return m_impl->getWidgetResourcePreference( - resource, handle); -} - -AceResourcesPreferences* AceThinClient::getGlobalResourcesPreferences() -const -{ - return m_impl->getGlobalResourcesPreferences(); -} - -AceThinClient::AceThinClient() -{ - m_impl = new AceThinClientImpl(); -} - -AceThinClient::~AceThinClient() -{ - Assert(NULL != m_impl); - delete m_impl; -} - -bool AceThinClient::isInitialized() const -{ - return NULL != m_impl && m_impl->isInitialized(); -} - - -} // namespace AceClient diff --git a/ace_client/src/example/CMakeLists.txt b/ace_client/src/example/CMakeLists.txt deleted file mode 100644 index b3e9259..0000000 --- a/ace_client/src/example/CMakeLists.txt +++ /dev/null @@ -1,26 +0,0 @@ -cmake_minimum_required(VERSION 2.6) -project(ace-thin-client-example) - -include(FindPkgConfig) - -pkg_check_modules(DEPS - dpl-efl - REQUIRED) - -pkg_search_module(wrt-ace-client REQUIRED wrt-ace-client) - -set(TARGET_NAME "ace-thin-client-example") - -set(SRCS - ace-thin-client-example.cpp) - -include_directories(${DEPS_INCLUDE_DIRS}) -include_directories(${wrt-ace-client_INCLUDE_DIRS}) - -add_definitions("-DDPL_LOGS_ENABLED") - -add_executable(${TARGET_NAME} ${SRCS}) - -target_link_libraries(${TARGET_NAME} - ${DEPS_LDFLAGS} - ${wrt-ace-client_LDFLAGS}) diff --git a/ace_client/src/example/ace-thin-client-example.cpp b/ace_client/src/example/ace-thin-client-example.cpp deleted file mode 100644 index aa4c4a8..0000000 --- a/ace_client/src/example/ace-thin-client-example.cpp +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace-thin-client-example.cpp - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief Example usage of ACE thin client. - */ - -#include - -int main(int argc, char **argv) -{ - AceClient::AceThinClient& client = - AceClient::AceThinClientSingleton::Instance(); - client.initialize(); // this fires echo method - see logs - client.deinitialize(); - return 0; -} - diff --git a/ace_common/CMakeLists.txt b/ace_common/CMakeLists.txt deleted file mode 100644 index 7e7926a..0000000 --- a/ace_common/CMakeLists.txt +++ /dev/null @@ -1,4 +0,0 @@ -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/ace_common/include/ace_api_common.h - DESTINATION include/ace-common - ) diff --git a/ace_common/include/ace_api_common.h b/ace_common/include/ace_api_common.h deleted file mode 100644 index 30fee60..0000000 --- a/ace_common/include/ace_api_common.h +++ /dev/null @@ -1,125 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_api_common.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This is header for basic ACE data types and error codes - */ - -#ifndef ACE_API_COMMON_H -#define ACE_API_COMMON_H - -#ifdef __cplusplus -extern "C" { -#endif - -// --------------- Boolean type and errors ------------------------------------- - -/* - * Order and values of enum constants are part of API - */ -typedef enum -{ - ACE_FALSE, - ACE_TRUE -} ace_bool_t; - -typedef enum -{ - ACE_OK, // Operation succeeded - ACE_INVALID_ARGUMENTS, // Invalid input parameters - ACE_INTERNAL_ERROR, // ACE internal error - ACE_ACE_UNKNOWN_ERROR // Unexpected operation -} ace_return_t; - -// --------------- Basic types ------------------------------------------------- - -typedef size_t ace_size_t; -typedef char* ace_string_t; // NULL-terminated string -typedef int ace_widget_handle_t; -typedef char* ace_resource_t; -typedef char* ace_subject_t; -typedef char* ace_session_id_t; -typedef void* ace_private_data_t; - -// --------------- Access requests --------------------------------------------- - -typedef struct -{ - ace_size_t count; - ace_string_t* items; -} ace_feature_list_t; - -typedef struct -{ - ace_string_t name; - ace_string_t value; -} ace_param_t; - -typedef struct -{ - ace_size_t count; - ace_param_t* items; -} ace_param_list_t; - -typedef struct -{ - ace_string_t name; - ace_param_list_t param_list; -} ace_dev_cap_t; - -typedef struct -{ - ace_size_t count; - ace_dev_cap_t* items; -} ace_dev_cap_list_t; - -typedef struct -{ - ace_session_id_t session_id; // DEPRECATED will be removed - ace_widget_handle_t widget_handle; // DEPRECATED will be removed - ace_feature_list_t feature_list; - ace_dev_cap_list_t dev_cap_list; -} ace_request_t; - -// --------------- Popup data types -------------------------------------------- - -/* - * Popup types that can be requested to be displayed by ACE - */ -typedef enum -{ - ACE_ONESHOT, - ACE_SESSION, - ACE_BLANKET -} ace_popup_t; - -/* - * Validity of answer that can be returned by ACE popup - */ -typedef enum -{ - ACE_ONCE, - ACE_PER_SESSION, - ACE_ALWAYS -} ace_validity_t; - -#ifdef __cplusplus -} -#endif - -#endif // ACE_API_COMMON_H diff --git a/ace_install/CMakeLists.txt b/ace_install/CMakeLists.txt deleted file mode 100644 index 4b7537b..0000000 --- a/ace_install/CMakeLists.txt +++ /dev/null @@ -1 +0,0 @@ -ADD_SUBDIRECTORY(src) diff --git a/ace_install/include/ace_api_install.h b/ace_install/include/ace_api_install.h deleted file mode 100644 index 598b96d..0000000 --- a/ace_install/include/ace_api_install.h +++ /dev/null @@ -1,183 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_api_setup.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This is C api for Access Control Engine (ACE), installer mode - * (RW part). - * - */ - -#ifndef ACE_API_H -#define ACE_API_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * API defined in this header should be used only from one thread. If used - * otherwise, unexpected behaviour may occur, including segmentation faults and - * escalation of global warming. Be warned. - */ - -// --------------- Initialization and policy update ---------------------------- - -/* - * Initializes ACE - connects (RW) to the database. Must be called only once. - * Returns ACE_OK or error - */ -ace_return_t ace_install_initialize(void); - -/* - * Deinitializes ACE - deinitialize internal structures, detach DB, etc. - * Must be called only once. - * Returns ACE_OK or error - */ -ace_return_t ace_install_shutdown(void); - -/* - * Updates policy - parses XML files from known locations (reason for no arguments), - * also clears policy and prompt caches. - * Returns ACE_OK or error - */ -ace_return_t ace_update_policy(void); - -// --------------- Requested device capabilities API for installer ------------- - -typedef struct -{ - ace_string_t device_capability; - ace_bool_t smack_granted; -} ace_requested_dev_cap_t; - -typedef struct -{ - ace_size_t count; - ace_requested_dev_cap_t* items; -} ace_requested_dev_cap_list_t; - -/* - * Deletes data allocated by ace_get_requested_dev_caps - a helper function - */ -ace_return_t ace_free_requested_dev_caps(ace_requested_dev_cap_list_t* caps); - -/* - * Returns ACE_OK or error; 'caps' will hold device capabilities information. - * To free allcated resources in 'caps', use ace_free_requested_dev_caps - */ -ace_return_t ace_get_requested_dev_caps(ace_widget_handle_t handle, - ace_requested_dev_cap_list_t* caps); - -/* - * Returns error or ACE_OK - */ -ace_return_t ace_set_requested_dev_caps(ace_widget_handle_t handle, - const ace_requested_dev_cap_list_t* caps); - -// ---------------- Accepted Api featuresk API for installer ---------------- - - -ace_return_t ace_set_accepted_feature(ace_widget_handle_t handle, - const ace_feature_list_t* flist); - -ace_return_t ace_rem_accepted_feature(ace_widget_handle_t handle); - -// --------------- Widget data setup for installation -------------------------- - -typedef enum -{ - WAC20 = 0, - Tizen -} ace_widget_type_t; - -struct widget_info { - ace_widget_type_t type; - ace_string_t id; - ace_string_t version; - ace_string_t author; - ace_string_t shareHerf; -}; - -typedef enum -{ - AUTHOR, - DISTRIBUTOR, - UNKNOWN -} ace_cert_owner_t; - -typedef enum -{ - ROOT, - ENDENTITY -} ace_cert_type_t; - -typedef struct certificate_data { - ace_cert_owner_t owner; - ace_cert_type_t type; - int chain_id; - ace_string_t md5_fp; - ace_string_t sha1_fp; - ace_string_t common_name; -} ace_certificate_data; - -/* - * Register widget info into database. - * @param cert_data NULL terminated list of widget certificates - */ - -ace_return_t ace_register_widget(ace_widget_handle_t handle, - struct widget_info* info, - ace_certificate_data* cert_data[]); - -ace_return_t ace_unregister_widget(ace_widget_handle_t handle); - -ace_return_t ace_is_widget_installed(ace_widget_handle_t handle, bool *installed); - -/* - * Gets widget type in 'type'. Use in installer to determine which policy will be used - * by ACE for this widget. - * Returns error or ACE_OK - */ -ace_return_t ace_get_widget_type(ace_widget_handle_t handle, - ace_widget_type_t* type); - -// --------------- Installation time policy check ------------------------------ - -typedef enum -{ - ACE_PERMIT, - ACE_DENY, - ACE_PROMPT, - ACE_UNDEFINED -} ace_policy_result_t; - -/* - * Gets current policy evaluation for given device capability and given widget. - * Returns error or ACE_OK - */ -ace_return_t ace_get_policy_result(const ace_resource_t, - ace_widget_handle_t handle, - ace_policy_result_t* result); - -#ifdef __cplusplus -} -#endif - -#endif // ACE_API_H diff --git a/ace_install/src/CMakeLists.txt b/ace_install/src/CMakeLists.txt deleted file mode 100644 index d0757e1..0000000 --- a/ace_install/src/CMakeLists.txt +++ /dev/null @@ -1,62 +0,0 @@ -include(FindPkgConfig) - -PKG_CHECK_MODULES(ACE_INSTALL_DEPS - dpl-efl - dpl-dbus-efl - REQUIRED - ) - -SET(ACE_INSTALL_DIR - ${PROJECT_SOURCE_DIR}/ace_install - ) - -SET(ACE_INSTALL_SRC_DIR - ${ACE_INSTALL_DIR}/src - ) - -SET(ACE_INSTALL_INCLUDE_DIR - ${ACE_INSTALL_DIR}/include - ) - -SET(ACE_INSTALL_SOURCES - ${COMMUNICATION_CLIENT_SOURCES} - ${ACE_INSTALL_SRC_DIR}/ace_api_install.cpp - ) - -SET(ACE_INSTALL_INCLUDES - ${COMMUNICATION_CLIENT_INCLUDES} - ${ACE_INSTALL_DEPS_INCLUDE_DIRS} - ${ACE_INSTALL_INCLUDE_DIR} - ${PROJECT_SOURCE_DIR}/ace_common/include - ${PROJECT_SOURCE_DIR}/ace/include - ${PROJECT_SOURCE_DIR}/src/services/ace - ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api - ${PROJECT_SOURCE_DIR}/src/daemon/dbus - ) - -ADD_DEFINITIONS(${ACE_INSTALL_DEPS_CFLAGS}) -ADD_DEFINITIONS(${ACE_INSTALL_CFLAGS_OTHER}) - -INCLUDE_DIRECTORIES(${ACE_INSTALL_INCLUDES}) - -ADD_LIBRARY(${TARGET_ACE_INSTALL_LIB} SHARED ${ACE_INSTALL_SOURCES}) - -SET_TARGET_PROPERTIES(${TARGET_ACE_INSTALL_LIB} PROPERTIES - SOVERSION ${API_VERSION} - VERSION ${VERSION}) - -SET_TARGET_PROPERTIES(${TARGET_ACE_INSTALL_LIB} PROPERTIES - COMPILE_FLAGS -fPIC) - -TARGET_LINK_LIBRARIES(${TARGET_ACE_INSTALL_LIB} - ${ACE_INSTALL_DEPS_LIBRARIES} - ${TARGET_ACE_DAO_RW_LIB} - ) - -INSTALL(TARGETS ${TARGET_ACE_INSTALL_LIB} - DESTINATION lib) - -INSTALL(FILES - ${ACE_INSTALL_INCLUDE_DIR}/ace_api_install.h - DESTINATION include/ace-install - ) diff --git a/ace_install/src/ace_api_install.cpp b/ace_install/src/ace_api_install.cpp deleted file mode 100644 index eca3305..0000000 --- a/ace_install/src/ace_api_install.cpp +++ /dev/null @@ -1,345 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file ace_api_install.cpp - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This file contains implementation ACE installator API - */ - -#include -#include -#include -#include -#include -#include -#include "SecurityCommunicationClient.h" -#include -#include "ace_server_api.h" - -#include "ace_api_install.h" - -static WrtSecurity::Communication::Client *communicationClient = NULL; - -// helper functions - -static AceDB::AppTypes to_db_app_type(ace_widget_type_t widget_type) -{ - switch (widget_type) { - case WAC20: - return AceDB::AppTypes::WAC20; - case Tizen: - return AceDB::AppTypes::Tizen; - default: - return AceDB::AppTypes::Unknown; - } -} - -static ace_widget_type_t to_ace_widget_type(AceDB::AppTypes app_type) -{ - switch (app_type) { - case AceDB::AppTypes::WAC20: - return WAC20; - case AceDB::AppTypes::Tizen: - return Tizen; - default: - LogError("Invalid app type for widget"); - return WAC20; - } -} - -ace_return_t ace_install_initialize(void) -{ - if (NULL != communicationClient) { - LogError("ace_api_install already initialized"); - return ACE_INTERNAL_ERROR; - } - AceDB::AceDAO::attachToThreadRW(); - Try { - communicationClient = new WrtSecurity::Communication::Client( - WrtSecurity::AceServerApi::INTERFACE_NAME()); - } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { - LogError("Can't connect to daemon"); - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_install_shutdown(void) -{ - if (NULL == communicationClient) { - LogError("ace_api_install not initialized"); - return ACE_INTERNAL_ERROR; - } - delete communicationClient; - communicationClient = NULL; - AceDB::AceDAO::detachFromThread(); - return ACE_OK; -} - -ace_return_t ace_update_policy(void) -{ - Try { - communicationClient->call(WrtSecurity::AceServerApi::UPDATE_POLICY_METHOD()); - } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { - LogError("Problem with connection to daemon"); - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_free_requested_dev_caps(ace_requested_dev_cap_list_t* caps) -{ - if (NULL == caps || NULL == caps->items) { - LogError("Invalid arguments"); - return ACE_INVALID_ARGUMENTS; - } - unsigned int i; - for (i = 0; i < caps->count; ++i) { - delete [] caps->items[i].device_capability; - } - delete [] caps->items; - return ACE_OK; -} - -ace_return_t ace_get_requested_dev_caps(ace_widget_handle_t handle, - ace_requested_dev_cap_list_t* caps) -{ - if (NULL == caps) { - LogError("Invalid arguments"); - return ACE_INVALID_ARGUMENTS; - } - AceDB::RequestedDevCapsMap permissions; - Try { - AceDB::AceDAO::getRequestedDevCaps( - handle, &permissions); - } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - caps->items = new ace_requested_dev_cap_t[permissions.size()]; - caps->count = permissions.size(); - unsigned int i = 0; - FOREACH (it, permissions) { - std::string devCapRequested = DPL::ToUTF8String(it->first); - caps->items[i].device_capability = - new char[strlen(devCapRequested.c_str())+1]; - strcpy(caps->items[i].device_capability, devCapRequested.c_str()); - caps->items[i].smack_granted = it->second ? ACE_TRUE : ACE_FALSE; - ++i; - } - return ACE_OK; -} - -ace_return_t ace_set_requested_dev_caps( - ace_widget_handle_t handle, - const ace_requested_dev_cap_list_t* caps) -{ - if (NULL == caps) { - LogError("Invalid arguments"); - return ACE_INVALID_ARGUMENTS; - } - AceDB::RequestedDevCapsMap db_permissions; - unsigned int i; - for (i = 0; i < caps->count; ++i) { - std::string devCap = std::string(caps->items[i].device_capability); - db_permissions.insert(std::make_pair(DPL::FromUTF8String(devCap), - caps->items[i].smack_granted == ACE_TRUE)); - } - Try { - AceDB::AceDAO::setRequestedDevCaps( - handle, db_permissions); - } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_set_accepted_feature( - ace_widget_handle_t handle, - const ace_feature_list_t *feature) -{ - if (NULL == feature) { - LogError("Invalid argument"); - return ACE_INVALID_ARGUMENTS; - } - AceDB::FeatureNameVector fvector; - ace_size_t i; - for (i = 0; i < feature->count; ++i) { - fvector.push_back( - DPL::FromUTF8String(feature->items[i])); - } - Try { - AceDB::AceDAO::setAcceptedFeature(handle, fvector); - } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_rem_accepted_feature( - ace_widget_handle_t handle) -{ - Try { - AceDB::AceDAO::removeAcceptedFeature(handle); - } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_register_widget(ace_widget_handle_t handle, - struct widget_info *info, - ace_certificate_data* cert_data[]) -{ - LogDebug("enter"); - - if (NULL == info || AceDB::AceDAOReadOnly::isWidgetInstalled(handle)) - return ACE_INVALID_ARGUMENTS; - - AceDB::WidgetRegisterInfo wri; - wri.type = to_db_app_type(info->type); - - if (info->id) - wri.widget_id = DPL::FromUTF8String(info->id); - if (info->version) - wri.version = DPL::FromUTF8String(info->version); - if (info->author) - wri.authorName = DPL::FromUTF8String(info->author); - if (info->shareHerf) - wri.shareHref = DPL::FromUTF8String(info->shareHerf); - - AceDB::WidgetCertificateDataList dataList; - if (NULL != cert_data) { - AceDB::WidgetCertificateData wcd; - ace_certificate_data* cd; - int i = 0; - while (cert_data[i] != NULL) - { - cd = cert_data[i++]; //increment - switch(cd->type) { - case ROOT: - wcd.type = AceDB::WidgetCertificateData::Type::ROOT; - break; - case ENDENTITY: - wcd.type = AceDB::WidgetCertificateData::Type::ENDENTITY; - break; - } - switch(cd->owner) { - case AUTHOR: - wcd.owner = AceDB::WidgetCertificateData::Owner::AUTHOR; - break; - case DISTRIBUTOR: - wcd.owner = AceDB::WidgetCertificateData::Owner::DISTRIBUTOR; - break; - case UNKNOWN: default: - wcd.owner = AceDB::WidgetCertificateData::Owner::UNKNOWN; - break; - } - wcd.chainId = cd->chain_id; - if (cd->md5_fp) - wcd.strMD5Fingerprint = cd->md5_fp; - if (cd->sha1_fp) - wcd.strSHA1Fingerprint = cd->sha1_fp; - if (cd->common_name) - wcd.strCommonName = DPL::FromUTF8String(cd->common_name); - dataList.push_back(wcd); - } - LogDebug("All data set. Inserting into database."); - } - - Try { - AceDB::AceDAO::registerWidgetInfo((WidgetHandle)(handle), wri, dataList); - LogDebug("AceDB entry done"); - } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_unregister_widget(ace_widget_handle_t handle) -{ - Try { - AceDB::AceDAO::unregisterWidgetInfo((WidgetHandle)(handle)); - } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_is_widget_installed(ace_widget_handle_t handle, bool *installed) -{ - Try { - *installed = AceDB::AceDAO::isWidgetInstalled((WidgetHandle)(handle)); - } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_get_widget_type(ace_widget_handle_t handle, - ace_widget_type_t* type) -{ - if (NULL == type) { - LogError("Invalid arguments"); - return ACE_INVALID_ARGUMENTS; - } - Try { - AceDB::AppTypes db_type = AceDB::AceDAO::getWidgetType(handle); - *type = to_ace_widget_type(db_type); - } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_get_policy_result(const ace_resource_t resource, - ace_widget_handle_t handle, - ace_policy_result_t* result) -{ - if (NULL == result) { - LogError("Invalid arguments"); - return ACE_INVALID_ARGUMENTS; - } - int serializedPolicyResult = 0; - Try { - std::string resource_str(resource); - communicationClient->call(WrtSecurity::AceServerApi::CHECK_ACCESS_INSTALL_METHOD(), - handle, - resource_str, - &serializedPolicyResult); - } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { - LogError("Can't connect to daemon"); - return ACE_INTERNAL_ERROR; - } - PolicyResult policyResult = PolicyResult:: - deserialize(serializedPolicyResult); - OptionalPolicyEffect effect = policyResult.getEffect(); - if (effect.IsNull()) { - *result = ACE_UNDEFINED; - } else if (*effect == PolicyEffect::DENY) { - *result = ACE_DENY; - } else if (*effect == PolicyEffect::PERMIT) { - *result = ACE_PERMIT; - } else if (*effect == PolicyEffect::PROMPT_ONESHOT || - *effect == PolicyEffect::PROMPT_BLANKET || - *effect == PolicyEffect::PROMPT_SESSION){ - *result = ACE_PROMPT; - } else { - *result = ACE_UNDEFINED; - } - - return ACE_OK; -} diff --git a/ace_popup_validation/CMakeLists.txt b/ace_popup_validation/CMakeLists.txt deleted file mode 100644 index 4b7537b..0000000 --- a/ace_popup_validation/CMakeLists.txt +++ /dev/null @@ -1 +0,0 @@ -ADD_SUBDIRECTORY(src) diff --git a/ace_popup_validation/include/ace_api_popup_validation.h b/ace_popup_validation/include/ace_api_popup_validation.h deleted file mode 100644 index f06dfcf..0000000 --- a/ace_popup_validation/include/ace_api_popup_validation.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_popup_validation_api.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This is C api for Access Control Engine (ACE), popup - * validation library. - * - */ - -#ifndef ACE_API_H -#define ACE_API_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -// --------------- Initialization and deinitialization ------------------------- - -/* - * Initializes the library. - * - * Returns error or ACE_OK. - */ -ace_return_t ace_popup_validation_initialize(void); - -/* - * Deinitializes the library. - * - * Returns error or ACE_OK. - */ -ace_return_t ace_popup_validation_shutdown(void); - -// --------------- Popup answer validation API --------------------------------- - -/* - * Validation of popup answer. This API must be called by implementation of - * UI handler. The call must be made from safe process, specially labelled by - * SMACK. If returned value is ACE_OK, 'validation_result' holds validation - * result that needs to be passed by UI handler as validation result. Otherwise - * value of 'validation_result' is undefined. - * - * See header ace_api_client.h for more details on where this function needs to - * be called and what arguments need to be passed here. - * - * Returns error or ACE_OK. - */ -ace_return_t ace_validate_answer(ace_bool_t answer, - ace_validity_t validity, - const ace_resource_t resource_name, - const ace_session_id_t session_id, - const ace_param_list_t* param_list, - ace_widget_handle_t handle, - ace_bool_t* validation_result); - -#ifdef __cplusplus -} -#endif - -#endif // ACE_API_H diff --git a/ace_popup_validation/src/CMakeLists.txt b/ace_popup_validation/src/CMakeLists.txt deleted file mode 100644 index 69fe495..0000000 --- a/ace_popup_validation/src/CMakeLists.txt +++ /dev/null @@ -1,62 +0,0 @@ -include(FindPkgConfig) - -PKG_CHECK_MODULES(ACE_POPUP_VALIDATION_DEPS - dpl-efl - dpl-dbus-efl - REQUIRED - ) - -SET(ACE_POPUP_VALIDATION_DIR - ${PROJECT_SOURCE_DIR}/ace_popup_validation - ) - -SET(ACE_POPUP_VALIDATION_SRC_DIR - ${ACE_POPUP_VALIDATION_DIR}/src - ) - -SET(ACE_POPUP_VALIDATION_INCLUDE_DIR - ${ACE_POPUP_VALIDATION_DIR}/include - ) - -SET(ACE_POPUP_VALIDATION_SOURCES - ${COMMUNICATION_CLIENT_SOURCES} - ${ACE_POPUP_VALIDATION_SRC_DIR}/ace_api_popup_validation.cpp - ) - -SET(ACE_POPUP_VALIDATION_INCLUDES - ${COMMUNICATION_CLIENT_INCLUDES} - ${ACE_POPUP_VALIDATION_DEPS_INCLUDE_DIRS} - ${ACE_POPUP_VALIDATION_INCLUDE_DIR} - ${PROJECT_SOURCE_DIR}/ace_common/include - ${PROJECT_SOURCE_DIR}/ace/include - ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api - ${PROJECT_SOURCE_DIR}/src/services/ace - ${PROJECT_SOURCE_DIR}/src/services/popup/ - ${PROJECT_SOURCE_DIR}/src/daemon/dbus - ) - -ADD_DEFINITIONS(${ACE_POPUP_VALIDATION_DEPS_CFLAGS}) -ADD_DEFINITIONS(${ACE_POPUP_VALIDATION_CFLAGS_OTHER}) - -INCLUDE_DIRECTORIES(${ACE_POPUP_VALIDATION_INCLUDES}) - -ADD_LIBRARY(${TARGET_ACE_POPUP_VALIDATION_LIB} SHARED ${ACE_POPUP_VALIDATION_SOURCES}) - -SET_TARGET_PROPERTIES(${TARGET_ACE_POPUP_VALIDATION_LIB} PROPERTIES - SOVERSION ${API_VERSION} - VERSION ${VERSION}) - -SET_TARGET_PROPERTIES(${TARGET_ACE_POPUP_VALIDATION_LIB} PROPERTIES - COMPILE_FLAGS -fPIC) - -TARGET_LINK_LIBRARIES(${TARGET_ACE_POPUP_VALIDATION_LIB} - ${ACE_POPUP_VALIDATION_DEPS_LIBRARIES} ${ACE_POPUP_VALIDATION_DEPS_LDFLAGS} - ) - -INSTALL(TARGETS ${TARGET_ACE_POPUP_VALIDATION_LIB} - DESTINATION lib) - -INSTALL(FILES - ${ACE_POPUP_VALIDATION_INCLUDE_DIR}/ace_api_popup_validation.h - DESTINATION include/ace-popup-validation - ) diff --git a/ace_popup_validation/src/ace_api_popup_validation.cpp b/ace_popup_validation/src/ace_api_popup_validation.cpp deleted file mode 100644 index 8277c2f..0000000 --- a/ace_popup_validation/src/ace_api_popup_validation.cpp +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file ace_api_popup_validation.cpp - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This file contains implementation of ACE popup validation API. - */ - -#include -#include -#include -#include "SecurityCommunicationClient.h" -#include "popup_response_server_api.h" -#include "security_daemon_dbus_config.h" -#include "ace_api_popup_validation.h" - -namespace { -static WrtSecurity::Communication::Client *communicationClient = NULL; -static const int VALIDITY_ONCE_VALUE = 0; -static const int VALIDITY_SESSION_VALUE = 1; -static const int VALIDITY_ALWAYS_VALUE = 1; -} // anonymous - -ace_return_t ace_popup_validation_initialize(void) -{ - if (NULL != communicationClient) { - LogError("ace_api_popup_validation already initialized"); - return ACE_INTERNAL_ERROR; - } - Try { - communicationClient = new WrtSecurity::Communication::Client( - WrtSecurity::PopupServerApi::INTERFACE_NAME()); - } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { - LogError("Can't connect to daemon"); - return ACE_INTERNAL_ERROR; - } - - return ACE_OK; -} - -ace_return_t ace_popup_validation_shutdown(void) -{ - if (NULL == communicationClient) { - LogError("ace_api_popup_validation not initialized"); - return ACE_INTERNAL_ERROR; - } - delete communicationClient; - communicationClient = NULL; - - return ACE_OK; -} - -ace_return_t ace_validate_answer(ace_bool_t answer, - ace_validity_t validity, - const ace_resource_t resource_name, - const ace_session_id_t session_id, - const ace_param_list_t* param_list, - ace_widget_handle_t handle, - ace_bool_t* validation_result) -{ - if (NULL == resource_name || - NULL == session_id || - NULL == param_list || - NULL == validation_result) - { - LogError("NULL argument(s) passed"); - return ACE_INVALID_ARGUMENTS; - } - - bool dbusAnswer = answer == ACE_TRUE; - int dbusValidity = 0; - - switch (validity) { - case ACE_ONCE: { - dbusValidity = VALIDITY_ONCE_VALUE; - //static_cast(Prompt::Validity::ONCE); - break; } - case ACE_SESSION: { - dbusValidity = VALIDITY_SESSION_VALUE; - //static_cast(Prompt::Validity::SESSION); - break; } - case ACE_ALWAYS: { - dbusValidity = VALIDITY_ALWAYS_VALUE; - //static_cast(Prompt::Validity::ALWAYS); - break; } - default: { - LogError("Invalid validity passed"); - return ACE_INVALID_ARGUMENTS; } - } - - std::string subjectId; - std::string resourceId(resource_name); - std::string sessionId(session_id); - std::vector keys, values; - unsigned int i; - for (i = 0; i < param_list->count; ++i) { - keys.push_back(std::string(param_list->items[i].name)); - values.push_back(std::string(param_list->items[i].value)); - } - - bool response = false; - Try{ - communicationClient->call(WrtSecurity::PopupServerApi::VALIDATION_METHOD(), - dbusAnswer, - dbusValidity, - handle, - subjectId, - resourceId, - keys, - values, - sessionId, - &response); - } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { - LogError("Can't call daemon"); - return ACE_INTERNAL_ERROR; - } - - *validation_result = response ? ACE_TRUE : ACE_FALSE; - - return ACE_OK; -} diff --git a/ace_settings/CMakeLists.txt b/ace_settings/CMakeLists.txt deleted file mode 100644 index 4b7537b..0000000 --- a/ace_settings/CMakeLists.txt +++ /dev/null @@ -1 +0,0 @@ -ADD_SUBDIRECTORY(src) diff --git a/ace_settings/include/ace_api_settings.h b/ace_settings/include/ace_api_settings.h deleted file mode 100644 index a3c72ab..0000000 --- a/ace_settings/include/ace_api_settings.h +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_api_settings.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This is header for ACE settings API (RW part). - */ - -#ifndef ACE_API_SETTINGS_H -#define ACE_API_SETTINGS_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * API defined in this header should be used only from one thread. If used - * otherwise, unexpected behaviour may occur, including segmentation faults and - * escalation of global warming. Be warned. - */ - -// --------------- Initialization ---------------------------------------------- - -/* - * Initializes ACE - connects (RW) to the database. Must be called only once. - * Returns ACE_OK or error - */ -ace_return_t ace_settings_initialize(void); - -/* - * Deinitializes ACE - deinitialize internal structures, detach DB, etc. - * Must be called only once. - * Returns ACE_OK or error - */ -ace_return_t ace_settings_shutdown(void); - -// --------------- Resource settings API --------------------------------------- - -/* - * Order and values of enum constants are part of API - */ -typedef enum -{ - ACE_PREFERENCE_PERMIT, - ACE_PREFERENCE_DENY, - ACE_PREFERENCE_DEFAULT, // means: not set - ACE_PREFERENCE_BLANKET_PROMPT, - ACE_PREFERENCE_SESSION_PROMPT, - ACE_PREFERENCE_ONE_SHOT_PROMPT -} ace_preference_t; - -/* - * Returns error or ACE_OK - * If return value is ACE_OK, 'prerefence' value is the queried one, otherwise - * 'preference' value is undefined - */ -ace_return_t ace_get_widget_resource_preference(ace_widget_handle_t handle, - const ace_resource_t resource, - ace_preference_t* preference); - -/* - * Returns error or ACE_OK - * If return value is ACE_OK, 'prerefence' value is the queried one, otherwise - * 'preference' value is undefined - */ -ace_return_t ace_get_global_resource_preference(const ace_resource_t resource, - ace_preference_t* preference); - -/* - * To reset setting, pass ACE_PREFERENCE_DEFAULT - * Returns error or ACE_OK - */ -ace_return_t ace_set_widget_resource_preference(ace_widget_handle_t handle, - const ace_resource_t resource, - ace_preference_t preference); - -/* - * To reset setting, pass ACE_PREFERENCE_DEFAULT - * Returns error or ACE_OK - */ -ace_return_t ace_set_global_resource_preference(const ace_resource_t resource, - ace_preference_t preference); - -/* - * Resets per widget resource settings to ACE_PREFERENCE_DEFAULT - */ -ace_return_t ace_reset_widget_resource_settings(void); - -/* - * Resets global resource settings to ACE_PREFERENCE_DEFAULT - */ -ace_return_t ace_reset_global_resource_settings(void); - -/* - * After execution, is_privacy_api is ACE_TRUE if resource_name is the name - * of Privacy API - */ -ace_return_t ace_is_private_api(const ace_resource_t resource_name, - ace_bool_t* is_private_api); - -#ifdef __cplusplus -} -#endif - -#endif // ACE_API_SETTINGS_H diff --git a/ace_settings/src/CMakeLists.txt b/ace_settings/src/CMakeLists.txt deleted file mode 100644 index 8cd835e..0000000 --- a/ace_settings/src/CMakeLists.txt +++ /dev/null @@ -1,56 +0,0 @@ -include(FindPkgConfig) - -PKG_CHECK_MODULES(ACE_SETTINGS_DEPS - dpl-efl - REQUIRED - ) - -SET(ACE_SETTINGS_DIR - ${PROJECT_SOURCE_DIR}/ace_settings - ) - -SET(ACE_SETTINGS_SRC_DIR - ${ACE_SETTINGS_DIR}/src - ) - -SET(ACE_SETTINGS_INCLUDE_DIR - ${ACE_SETTINGS_DIR}/include - ) - -SET(ACE_SETTINGS_SOURCES - ${ACE_SETTINGS_SRC_DIR}/ace_api_settings.cpp - ) - -SET(ACE_SETTINGS_INCLUDES - ${ACE_SETTINGS_DEPS_INCLUDE_DIRS} - ${ACE_SETTINGS_INCLUDE_DIR} - ${PROJECT_SOURCE_DIR}/ace_common/include - ${PROJECT_SOURCE_DIR}/ace/include - ) - -ADD_DEFINITIONS(${ACE_SETTINGS_DEPS_CFLAGS}) -ADD_DEFINITIONS(${ACE_SETTINGS_CFLAGS_OTHER}) - -INCLUDE_DIRECTORIES(${ACE_SETTINGS_INCLUDES}) - -ADD_LIBRARY(${TARGET_ACE_SETTINGS_LIB} SHARED ${ACE_SETTINGS_SOURCES}) - -SET_TARGET_PROPERTIES(${TARGET_ACE_SETTINGS_LIB} PROPERTIES - SOVERSION ${API_VERSION} - VERSION ${VERSION}) - -SET_TARGET_PROPERTIES(${TARGET_ACE_SETTINGS_LIB} PROPERTIES - COMPILE_FLAGS -fPIC) - -TARGET_LINK_LIBRARIES(${TARGET_ACE_SETTINGS_LIB} - ${ACE_SETTINGS_DEPS_LIBRARIES} - ${TARGET_ACE_DAO_RW_LIB} - ) - -INSTALL(TARGETS ${TARGET_ACE_SETTINGS_LIB} - DESTINATION lib) - -INSTALL(FILES - ${ACE_SETTINGS_INCLUDE_DIR}/ace_api_settings.h - DESTINATION include/ace-settings - ) diff --git a/ace_settings/src/ace_api_settings.cpp b/ace_settings/src/ace_api_settings.cpp deleted file mode 100644 index a1a811d..0000000 --- a/ace_settings/src/ace_api_settings.cpp +++ /dev/null @@ -1,203 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file ace_api_settings.cpp - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This file contains implementation ACE settings API - */ - -#include -#include -#include - -#include "ace_api_settings.h" - -// helper functions -static ace_preference_t to_ace_preference(const AceDB::PreferenceTypes& db_preference) -{ - switch (db_preference) { - case AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT: { - return ACE_PREFERENCE_BLANKET_PROMPT; } - case AceDB::PreferenceTypes::PREFERENCE_DEFAULT: { - return ACE_PREFERENCE_DEFAULT;} - case AceDB::PreferenceTypes::PREFERENCE_DENY: { - return ACE_PREFERENCE_DENY;} - case AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: { - return ACE_PREFERENCE_ONE_SHOT_PROMPT;} - case AceDB::PreferenceTypes::PREFERENCE_PERMIT: { - return ACE_PREFERENCE_PERMIT;} - case AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT: { - return ACE_PREFERENCE_SESSION_PROMPT;} - default: { - return ACE_PREFERENCE_DEFAULT;} - } -} - - -static AceDB::PreferenceTypes to_ace_db_preference(const ace_preference_t& preference) -{ - switch (preference) { - case ACE_PREFERENCE_BLANKET_PROMPT: { - return AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT; } - case ACE_PREFERENCE_DEFAULT: { - return AceDB::PreferenceTypes::PREFERENCE_DEFAULT;} - case ACE_PREFERENCE_DENY: { - return AceDB::PreferenceTypes::PREFERENCE_DENY;} - case ACE_PREFERENCE_ONE_SHOT_PROMPT: { - return AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT;} - case ACE_PREFERENCE_PERMIT: { - return AceDB::PreferenceTypes::PREFERENCE_PERMIT;} - case ACE_PREFERENCE_SESSION_PROMPT: { - return AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT;} - default: { - return AceDB::PreferenceTypes::PREFERENCE_DEFAULT;} - } -} - -ace_return_t ace_settings_initialize(void) -{ - AceDB::AceDAO::attachToThreadRW(); - return ACE_OK; -} - -ace_return_t ace_settings_shutdown(void) -{ - AceDB::AceDAO::detachFromThread(); - return ACE_OK; -} - -ace_return_t ace_get_widget_resource_preference(ace_widget_handle_t handle, - const ace_resource_t resource, - ace_preference_t* preference) -{ - if (NULL == resource || NULL == preference) { - LogError("NULL argument(s) passed"); - return ACE_INVALID_ARGUMENTS; - } - Try { - std::string resource_str(resource); - AceDB::PreferenceTypes db_preference = - AceDB::AceDAO::getWidgetDevCapSetting(resource_str, handle); - *preference = to_ace_preference(db_preference); - } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_get_global_resource_preference(const ace_resource_t resource, - ace_preference_t* preference) -{ - if (NULL == resource || NULL == preference) { - LogError("NULL argument(s) passed"); - return ACE_INVALID_ARGUMENTS; - } - Try { - AceDB::PreferenceTypes db_preference = - AceDB::AceDAO::getDevCapSetting(resource); - *preference = to_ace_preference(db_preference); - } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_set_widget_resource_preference(ace_widget_handle_t handle, - const ace_resource_t resource, - ace_preference_t preference) -{ - if (NULL == resource) { - LogError("NULL argument passed"); - return ACE_INVALID_ARGUMENTS; - } - Try { - AceDB::AceDAO::addResource(resource); - AceDB::PreferenceTypes db_preference = to_ace_db_preference(preference); - AceDB::AceDAO::removeWidgetDevCapSetting(resource, handle); - AceDB::AceDAO::setWidgetDevCapSetting(resource, handle, db_preference); - } Catch(AceDB::AceDAO::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_set_global_resource_preference(const ace_resource_t resource, - ace_preference_t preference) -{ - if (NULL == resource) { - LogError("NULL argument passed"); - return ACE_INVALID_ARGUMENTS; - } - Try { - AceDB::AceDAO::addResource(resource); - AceDB::PreferenceTypes db_preference = to_ace_db_preference(preference); - AceDB::AceDAO::setDevCapSetting(resource, db_preference); - } Catch(AceDB::AceDAO::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_reset_widget_resource_settings() -{ - Try { - AceDB::AceDAO::clearWidgetDevCapSettings(); - } Catch(AceDB::AceDAO::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_reset_global_resource_settings(void) -{ - Try { - AceDB::AceDAO::clearDevCapSettings(); - } Catch(AceDB::AceDAO::Exception::DatabaseError) { - return ACE_INTERNAL_ERROR; - } - return ACE_OK; -} - -ace_return_t ace_is_private_api(const ace_resource_t resource_name, ace_bool_t* is_private_api) -{ - static const char * const private_api[] = { - "bluetooth.admin", - "bluetooth.gap", - "bluetooth.spp", - "calendar.read", - "calendar.write", - "callhistory.read", - "callhistory.write", - "contact.read", - "contact.write", - "nfc.admin", - "nfc.common", - "nfc.cardemulation", - "nfc.p2p", - "nfc.tag", - NULL - }; - - *is_private_api = ACE_TRUE; - for (int i=0; private_api[i]; ++i) - if (!strcmp(resource_name, private_api[i])) - return ACE_OK; - - *is_private_api = ACE_FALSE; - return ACE_OK; -} - diff --git a/build/CMakeLists.txt b/build/CMakeLists.txt index c51d065..ae6fa44 100644 --- a/build/CMakeLists.txt +++ b/build/CMakeLists.txt @@ -15,12 +15,5 @@ # @file CMakeLists.txt # @author Tomasz Swierczek (t.swierczek@samsung.com) # -ADD_SUBDIRECTORY(ace) -ADD_SUBDIRECTORY(ace_client) -ADD_SUBDIRECTORY(ace_settings) -ADD_SUBDIRECTORY(ace_install) -ADD_SUBDIRECTORY(ace_popup_validation) -ADD_SUBDIRECTORY(communication_client) -ADD_SUBDIRECTORY(wrt-security) + ADD_SUBDIRECTORY(security-server) -ADD_SUBDIRECTORY(wrt_ocsp) diff --git a/build/ace/CMakeLists.txt b/build/ace/CMakeLists.txt deleted file mode 100644 index b42ab2e..0000000 --- a/build/ace/CMakeLists.txt +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) -# @author Tomasz Swierczek (t.swierczek@samsung.com) -# @brief -# - -CONFIGURE_FILE(security-dao-ro.pc.in security-dao-ro.pc @ONLY) -CONFIGURE_FILE(security-dao-rw.pc.in security-dao-rw.pc @ONLY) -CONFIGURE_FILE(security.pc.in security.pc @ONLY) -INSTALL(FILES - ${CMAKE_BINARY_DIR}/build/ace/security-dao-ro.pc - ${CMAKE_BINARY_DIR}/build/ace/security-dao-rw.pc - ${CMAKE_BINARY_DIR}/build/ace/security.pc - DESTINATION - lib/pkgconfig - ) - diff --git a/build/ace/security-dao-ro.pc.in b/build/ace/security-dao-ro.pc.in deleted file mode 100644 index 820a4b3..0000000 --- a/build/ace/security-dao-ro.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -exec_prefix=${prefix} -libdir=${prefix}/lib -includedir=${prefix}/include - -Name: ace-dao-ro -Description: ace-dao-ro -Version: @VERSION@ -Requires: dpl-efl openssl -Libs: -lace-dao-ro -L${libdir} -Cflags: -I${includedir} diff --git a/build/ace/security-dao-rw.pc.in b/build/ace/security-dao-rw.pc.in deleted file mode 100644 index 4268970..0000000 --- a/build/ace/security-dao-rw.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -exec_prefix=${prefix} -libdir=${prefix}/lib -includedir=${prefix}/include - -Name: aco-dao-rw -Description: ace-dao-rw -Version: @VERSION@ -Requires: security-dao-ro -Libs: -lace-dao-rw -L${libdir} -Cflags: -I${includedir} diff --git a/build/ace/security.pc.in b/build/ace/security.pc.in deleted file mode 100644 index 9f5bd4a..0000000 --- a/build/ace/security.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -exec_prefix=${prefix} -libdir=${prefix}/lib -includedir=${prefix}/include - -Name: ace -Description: ace -Version: @VERSION@ -Requires: dpl-efl openssl -Libs: -lace -L${libdir} -Cflags: -I${includedir} diff --git a/build/ace_client/CMakeLists.txt b/build/ace_client/CMakeLists.txt deleted file mode 100644 index b7bdaa0..0000000 --- a/build/ace_client/CMakeLists.txt +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Tomasz Swierczek (t.swierczek@samsung.com) -# @brief -# - -CONFIGURE_FILE(security-client.pc.in security-client.pc @ONLY) -INSTALL(FILES - ${CMAKE_BINARY_DIR}/build/ace_client/security-client.pc - DESTINATION - lib/pkgconfig - ) - diff --git a/build/ace_client/security-client.pc.in b/build/ace_client/security-client.pc.in deleted file mode 100644 index ea166b3..0000000 --- a/build/ace_client/security-client.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -exec_prefix=${prefix} -libdir=${prefix}/lib -includedir=${prefix}/include - -Name: ace-client -Description: ACE thin client library -Version: @VERSION@ -Requires: dpl-wrt-dao-ro dpl-efl dpl-event-efl dpl-dbus-efl security-dao-ro -Libs: -lace-client -L${libdir} -Cflags: -I${includedir}/ace-client -I${includedir}/ace-common diff --git a/build/ace_install/CMakeLists.txt b/build/ace_install/CMakeLists.txt deleted file mode 100644 index 8c0a70b..0000000 --- a/build/ace_install/CMakeLists.txt +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Tomasz Swierczek (t.swierczek@samsung.com) -# @brief -# - -CONFIGURE_FILE(security-install.pc.in security-install.pc @ONLY) -INSTALL(FILES - ${CMAKE_BINARY_DIR}/build/ace_install/security-install.pc - DESTINATION - lib/pkgconfig - ) - diff --git a/build/ace_install/security-install.pc.in b/build/ace_install/security-install.pc.in deleted file mode 100644 index 9ddcefa..0000000 --- a/build/ace_install/security-install.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -exec_prefix=${prefix} -libdir=${prefix}/lib -includedir=${prefix}/include - -Name: ace-install -Description: ACE insall library to be used by installer -Version: @VERSION@ -Requires: dpl-efl dpl-dbus-efl security-dao-rw -Libs: -lace-install -L${libdir} -Cflags: -I${includedir}/ace-install -I${includedir}/ace-common diff --git a/build/ace_popup_validation/CMakeLists.txt b/build/ace_popup_validation/CMakeLists.txt deleted file mode 100644 index b79c6f5..0000000 --- a/build/ace_popup_validation/CMakeLists.txt +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Tomasz Swierczek (t.swierczek@samsung.com) -# @brief -# - -CONFIGURE_FILE(security-popup-validation.pc.in security-popup-validation.pc @ONLY) -INSTALL(FILES - ${CMAKE_BINARY_DIR}/build/ace_popup_validation/security-popup-validation.pc - DESTINATION - lib/pkgconfig - ) - diff --git a/build/ace_popup_validation/security-popup-validation.pc.in b/build/ace_popup_validation/security-popup-validation.pc.in deleted file mode 100644 index 385b47b..0000000 --- a/build/ace_popup_validation/security-popup-validation.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -exec_prefix=${prefix} -libdir=${prefix}/lib -includedir=${prefix}/include - -Name: ace-popup-validation -Description: ACE popup validation library -Version: @VERSION@ -Requires: dpl-efl dpl-dbus-efl -Libs: -lace-popup-validation -L${libdir} -Cflags: -I${includedir}/ace-popup-validation -I${includedir}/ace-common diff --git a/build/ace_settings/CMakeLists.txt b/build/ace_settings/CMakeLists.txt deleted file mode 100644 index b768f2f..0000000 --- a/build/ace_settings/CMakeLists.txt +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Tomasz Swierczek (t.swierczek@samsung.com) -# @brief -# - -CONFIGURE_FILE(security-settings.pc.in security-settings.pc @ONLY) -INSTALL(FILES - ${CMAKE_BINARY_DIR}/build/ace_settings/security-settings.pc - DESTINATION - lib/pkgconfig - ) - diff --git a/build/ace_settings/security-settings.pc.in b/build/ace_settings/security-settings.pc.in deleted file mode 100644 index 1abc082..0000000 --- a/build/ace_settings/security-settings.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -exec_prefix=${prefix} -libdir=${prefix}/lib -includedir=${prefix}/include - -Name: ace-settings -Description: ACE settings library -Version: @VERSION@ -Requires: -Libs: -lace-settings -lace-dao-rw -L${libdir} -Cflags: -I${includedir}/ace-settings -I${includedir}/ace-common diff --git a/build/communication_client/CMakeLists.txt b/build/communication_client/CMakeLists.txt deleted file mode 100644 index 4f11913..0000000 --- a/build/communication_client/CMakeLists.txt +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Zofia Abramowska (z.abramowska@samsung.com) -# @brief -# - -CONFIGURE_FILE(security-communication-client.pc.in security-communication-client.pc @ONLY) -INSTALL(FILES - ${CMAKE_BINARY_DIR}/build/communication_client/security-communication-client.pc - DESTINATION - lib/pkgconfig - ) - diff --git a/build/communication_client/security-communication-client.pc.in b/build/communication_client/security-communication-client.pc.in deleted file mode 100644 index 1b01b5f..0000000 --- a/build/communication_client/security-communication-client.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -exec_prefix=${prefix} -libdir=${prefix}/lib -includedir=${prefix}/include - -Name: communication-client -Description: Security communication client library -Version: @VERSION@ -Requires: dpl-efl dpl-dbus-efl -Libs: -lcommunication-client -L${libdir} -Cflags: -I${includedir}/communication-client diff --git a/build/wrt-security/CMakeLists.txt b/build/wrt-security/CMakeLists.txt deleted file mode 100644 index 9995265..0000000 --- a/build/wrt-security/CMakeLists.txt +++ /dev/null @@ -1,19 +0,0 @@ -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Tomasz Swierczek (t.swierczek@samsung.com) -# -CONFIGURE_FILE(security-core.pc.in security-core.pc @ONLY) -INSTALL(FILES ${CMAKE_BINARY_DIR}/build/wrt-security/security-core.pc DESTINATION lib/pkgconfig) diff --git a/build/wrt-security/security-core.pc.in b/build/wrt-security/security-core.pc.in deleted file mode 100644 index 7f63cc5..0000000 --- a/build/wrt-security/security-core.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -exec_prefix=${prefix} -libdir=${prefix}/lib -includedir=${prefix}/include/wrt-security - -Name: wrt-security -Description: wrt-security -Version: @VERSION@ -Requires: dpl-efl dpl-wrt-dao-rw dpl-dbus-efl -Libs: -L${libdir} -ldpl-dbus-efl -Cflags: -I${includedir} diff --git a/build/wrt_ocsp/CMakeLists.txt b/build/wrt_ocsp/CMakeLists.txt deleted file mode 100644 index 7b1bf5f..0000000 --- a/build/wrt_ocsp/CMakeLists.txt +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Zofia Abramowska (z.abramowska@samsung.com) -# @brief -# - -CONFIGURE_FILE(security-wrt-ocsp.pc.in security-wrt-ocsp.pc @ONLY) -INSTALL(FILES - ${CMAKE_BINARY_DIR}/build/wrt_ocsp/security-wrt-ocsp.pc - DESTINATION - lib/pkgconfig - ) - diff --git a/build/wrt_ocsp/security-wrt-ocsp.pc.in b/build/wrt_ocsp/security-wrt-ocsp.pc.in deleted file mode 100644 index 2fb4258..0000000 --- a/build/wrt_ocsp/security-wrt-ocsp.pc.in +++ /dev/null @@ -1,11 +0,0 @@ -prefix=@CMAKE_INSTALL_PREFIX@ -exec_prefix=${prefix} -libdir=${prefix}/lib -includedir=${prefix}/include - -Name: wrt-ocsp -Description: WRT OCSP library to be used by wrt-client -Version: @VERSION@ -Requires: dpl-efl dpl-dbus-efl -Libs: -lwrt-ocsp -L${libdir} -Cflags: -I${includedir}/wrt-ocsp diff --git a/communication_client/include/SecurityCommunicationClient.h b/communication_client/include/SecurityCommunicationClient.h deleted file mode 100644 index 8244c60..0000000 --- a/communication_client/include/SecurityCommunicationClient.h +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file SecurityCommunicationClient.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief This is header of class used by IPC client with implemented templates - * - */ - -/* - * This class hides implementation of specific communication types - * and enables switching between them by #defined macros. - * - * supported types : DBUS_CONNECTION - * - * IMPORTANT : Exactly ONE type MUST be defined. - * - */ - -#ifndef SECURITYCOMMUNICATIONCLIENT_H_ -#define SECURITYCOMMUNICATIONCLIENT_H_ - -#include -#include -#include -#include "SecuritySocketClient.h" -#include -#include - - -namespace WrtSecurity { -namespace Communication { -class Client -{ -public: - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, SecurityCommunicationClientException) - }; - - explicit Client(const std::string &intefaceName); - - - - template - void call(const char* methodName, const Args& ... args) - { - - connect(); - Try{ - #ifdef DBUS_CONNECTION - m_dbusClient->call(methodName, args...); - } Catch (DPL::DBus::Client::Exception::DBusClientException){ - #endif //DBUS_CONNECTION - #ifdef SOCKET_CONNECTION - m_socketClient->call(methodName, args...); - } Catch (SecuritySocketClient::Exception::SecuritySocketClientException){ - #endif //SOCKET_CONNECTION - LogError("Error getting response"); - disconnect(); - ReThrowMsg(Exception::SecurityCommunicationClientException, - "Error getting response"); - } - LogInfo("Call served"); - disconnect(); - } - - template - void call(std::string methodName, const Args&... args) - { - call(methodName.c_str(), args...); - } - - -private: - - void connect(); - void disconnect(); - - std::string m_interfaceName; - #ifdef DBUS_CONNECTION - std::unique_ptr m_dbusClient; - #endif - - #ifdef SOCKET_CONNECTION - std::unique_ptr m_socketClient; - #endif -}; -} // namespace Communication -} // namespace WrtSecurity - -#endif /* SECURITYCOMMUNICATIONCLIENT_H_ */ diff --git a/communication_client/src/SecurityCommunicationClient.cpp b/communication_client/src/SecurityCommunicationClient.cpp deleted file mode 100644 index 13b137e..0000000 --- a/communication_client/src/SecurityCommunicationClient.cpp +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file SecurityCommunicationClient.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief This is implementation of class used IPC client - */ - - -#include "SecurityCommunicationClient.h" - -#ifdef DBUS_CONNECTION -#include "security_daemon_dbus_config.h" -#endif - -namespace WrtSecurity{ -namespace Communication{ - - Client::Client(const std::string& interfaceName){ - #if DBUS_CONNECTION - LogInfo("DBus create"); - Try { - m_dbusClient.reset(new DPL::DBus::Client(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(), - WrtSecurity::SecurityDaemonConfig::SERVICE_NAME(), - interfaceName)); - } Catch (DPL::DBus::Client::Exception::DBusClientException) { - LogError("Error getting connection"); - ReThrowMsg(Exception::SecurityCommunicationClientException, - "Error getting connection"); - } - if(NULL == m_dbusClient.get()){ - LogError("Couldn't get client"); - ThrowMsg(Exception::SecurityCommunicationClientException, - "Error getting client"); - } - #endif //DBUS_CONNECTION - - #ifdef SOCKET_CONNECTION - m_socketClient.reset(new SecuritySocketClient(interfaceName)); - if(NULL == m_socketClient.get()){ - LogError("Couldn't get client"); - ThrowMsg(Exception::SecurityCommunicationClientException, - "Error getting client"); - } - #endif //SOCKET_CONNECTION - LogInfo("Created communication client"); - } - - void Client::connect(){ - #ifdef SOCKET_CONNECTION - Try { - m_socketClient->connect(); - } Catch(SecuritySocketClient::Exception::SecuritySocketClientException){ - LogError("Couldn't connect"); - ReThrowMsg(Exception::SecurityCommunicationClientException, - "Error connecting"); - } - - #endif //SOCKET_CONNECTION - LogInfo("Connected"); - } - - void Client::disconnect(){ - - #ifdef SOCKET_CONNECTION - m_socketClient->disconnect(); - #endif //SOCKET_CONNECTION - LogInfo("Disconnected"); - } - - -} // namespace Communication - -} // namespace WrtSecurity - diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt deleted file mode 100644 index 93fc6b3..0000000 --- a/etc/CMakeLists.txt +++ /dev/null @@ -1,25 +0,0 @@ - -SET(ETC_DIR ${PROJECT_SOURCE_DIR}/etc) - - INSTALL(FILES - ${ETC_DIR}/wrt_security_create_clean_db.sh - ${ETC_DIR}/wrt_security_change_policy.sh - DESTINATION /usr/bin - ) - -INSTALL(FILES - ${ETC_DIR}/schema.xsd - DESTINATION share/wrt-engine - ) - -INSTALL(FILES - ${ETC_DIR}/fingerprint_list.xsd - DESTINATION share/wrt-engine/ - ) - -INSTALL(FILES - ${ETC_DIR}/fingerprint_list.xml - DESTINATION share/wrt-engine/ - ) - -ADD_SUBDIRECTORY(certificates) diff --git a/etc/certificates/CMakeLists.txt b/etc/certificates/CMakeLists.txt deleted file mode 100644 index 27774cd..0000000 --- a/etc/certificates/CMakeLists.txt +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# @file CMakeLists.txt -# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) -# @author Yunchan Cho (yunchan.cho@samsung.com) -# @version 1.0 -# @brief -# - -SET(CERT_DIR ${PROJECT_SOURCE_DIR}/etc/certificates) - -INSTALL(FILES - ${CERT_DIR}/wac.root.preproduction.pem - ${CERT_DIR}/wac.root.production.pem - ${CERT_DIR}/wac.publisherid.pem - ${CERT_DIR}/tizen.root.preproduction.cert.pem - ${CERT_DIR}/tizen-developer-root-ca.pem - ${CERT_DIR}/tizen-distributor-root-ca-partner.pem - ${CERT_DIR}/tizen-distributor-root-ca-public.pem - DESTINATION /opt/share/cert-svc/certs/code-signing/wac/ - ) diff --git a/etc/certificates/orange.production.pem b/etc/certificates/orange.production.pem deleted file mode 100644 index 888967d..0000000 --- a/etc/certificates/orange.production.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICVTCCAb6gAwIBAgIETdzAMDANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJHQjERMA8GA1UE -CBMITm9ybWFuZHkxDTALBgNVBAcTBENBRU4xDzANBgNVBAoTBk9yYW5nZTETMBEGA1UECxMKT3Jh -bmdlTGFiczEYMBYGA1UEAxMPT3JhbmdlTGFicyBDQUVOMB4XDTExMDUyNTA4MzkxMloXDTM2MDUx -ODA4MzkxMlowbzELMAkGA1UEBhMCR0IxETAPBgNVBAgTCE5vcm1hbmR5MQ0wCwYDVQQHEwRDQUVO -MQ8wDQYDVQQKEwZPcmFuZ2UxEzARBgNVBAsTCk9yYW5nZUxhYnMxGDAWBgNVBAMTD09yYW5nZUxh -YnMgQ0FFTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAj9130ZtpXp/679/2pmFldFgjz5tN -CjLT6CEWC9yketyKgyV1c0DBMcy4PNLdOb0VxhfcNXNYoBylCp6mPj3mWRM5VSet03XA8k6/L0T4 -dYicYGaIojowhzBBfaIXnBDvMQD5kanC5CDd6HtFzQbBkN73NIdGrR/aFqNtC/wopFECAwEAATAN -BgkqhkiG9w0BAQUFAAOBgQCIjZYXTdsMCpIYENX6UyD/EM+SZBkVvoB2R8ghRZbKHOcr58ZyGvdH -i/Y0hp5zNN7bUQurEMWtIxF+s3oaYH0x9xwXCd5UEV9Y+dmD1/qlK7lfSlC7mwynHs3bhMEGOJF2 -TlDzZyVYBIT3LQjfq6G18bGHkwU3uTsxZMSgtz5LgQ== ------END CERTIFICATE----- diff --git a/etc/certificates/tizen-developer-root-ca.pem b/etc/certificates/tizen-developer-root-ca.pem deleted file mode 100644 index 76c003c..0000000 --- a/etc/certificates/tizen-developer-root-ca.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICnzCCAggCCQCn+GGT4zh+BjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC -S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6 -ZW4gVGVzdCBDQTElMCMGA1UECwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBD -QTElMCMGA1UEAwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBDQTAeFw0xMjEw -MjYwOTUwMTNaFw0yMjEwMjQwOTUwMTNaMIGTMQswCQYDVQQGEwJLUjEOMAwGA1UE -CAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB -MSUwIwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQD -DBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUA -A4GNADCBiQKBgQDWT6ZH5JyGadTUK1QmNwU8j+py4WtuElJE+4/wPFP8/KBmvvmI -rGVjhUbKXToKIo8N6C/0SLxGEWuRAIoZHhg5JVbw1Ay7smgJJHizDUAqMTmV6LI9 -yTFbBV+OlO2Dir4LVdQ/XDBiqqslr7pqXgsg1V2g7x+tOI/f3dn2kWoVZQIDAQAB -MA0GCSqGSIb3DQEBBQUAA4GBADGJYMtzUBDK+KKLZQ6zYmrKb+OWLlmEr/t/c2af -KjTKUtommcz8VeTPqrDBOwxlVPdxlbhisCYzzvwnWeZk1aeptxxU3kdW9N3/wocN -5nBzgqkkHJnj/ptqjrH2v/m0Z3hBuI4/akHIIfCBF8mUHwqcxYsRdcCIrkgp2Aiv -bSaM ------END CERTIFICATE----- diff --git a/etc/certificates/tizen-distributor-root-ca-partner.pem b/etc/certificates/tizen-distributor-root-ca-partner.pem deleted file mode 100644 index 2be6916..0000000 --- a/etc/certificates/tizen-distributor-root-ca-partner.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC -S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6 -ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq -MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy -MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD -VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg -Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM -IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B -AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp -ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS -rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C -AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n -DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6 -xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL -gS9G4WEAUg== ------END CERTIFICATE----- diff --git a/etc/certificates/tizen-distributor-root-ca-public.pem b/etc/certificates/tizen-distributor-root-ca-public.pem deleted file mode 100644 index 9b16176..0000000 --- a/etc/certificates/tizen-distributor-root-ca-public.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICozCCAgwCCQD9XW6kNg4bbjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC -S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6 -ZW4gVGVzdCBDQTEjMCEGA1UECwwaVFRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0Ex -KTAnBgNVBAMMIFRpemVuIFB1YmxpYyBEaXN0cmlidXRvciBSb290IENBMB4XDTEy -MTAyNjA4MDAyN1oXDTIyMTAyNDA4MDAyN1owgZUxCzAJBgNVBAYTAktSMQ4wDAYD -VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg -Q0ExIzAhBgNVBAsMGlRUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQD -DCBUaXplbiBQdWJsaWMgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B -AQEFAAOBjQAwgYkCgYEA8o0kPY1U9El1BbBUF1k4jCq6mH8a6MmDJdjgsz+hILAY -sPWimRTXUcW8GAUWhZWgm1Fbb49xWcasA8b4bIJabC/6hLb8uWiozzpRXyQJbe7k -//RocskRqDmFOky8ANFsCCww72/Xbq8BFK1sxlGdmOWQiGwDWBDlS2Lw1XOMqb0C -AwEAATANBgkqhkiG9w0BAQUFAAOBgQBUotZqTNFr+SNyqeZqhOToRsg3ojN1VJUa -07qdlVo5I1UObSE+UTJPJ0NtSj7OyTY7fF3E4xzUv/w8aUoabQP1erEmztY/AVD+ -phHaPytkZ/Dx+zDZ1u5e9bKm5zfY4dQs/A53zDQta5a/NkZOEF97Dj3+bzAh2bP7 -KOszlocFYw== ------END CERTIFICATE----- diff --git a/etc/certificates/tizen.root.preproduction.cert.pem b/etc/certificates/tizen.root.preproduction.cert.pem deleted file mode 100644 index bbf523b..0000000 --- a/etc/certificates/tizen.root.preproduction.cert.pem +++ /dev/null @@ -1,60 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - b3:cb:d1:5b:de:6e:66:95 - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com - Validity - Not Before: Dec 8 10:27:32 2011 GMT - Not After : Nov 30 10:27:32 2021 GMT - Subject: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (1024 bit) - Modulus: - 00:cb:46:b8:94:81:b1:83:d7:29:05:2a:33:01:9e: - 66:15:f8:be:bb:95:17:dd:7a:c4:c2:f5:d9:e4:aa: - fd:c8:8d:a9:48:65:fc:3d:dc:47:d7:2a:2f:5e:c7: - 1f:22:ed:e0:98:e6:43:6d:74:82:ca:7d:22:9c:60: - 44:18:cd:ca:d6:6b:16:ca:ed:63:c9:7a:f1:00:df: - e4:6b:33:47:2f:78:75:61:d7:c9:29:3e:a9:ee:76: - dd:2e:fe:9d:e7:3c:0d:02:f4:e9:2d:46:74:49:52: - ef:a0:d6:9d:4d:08:65:ea:6b:35:72:a5:08:d8:46: - 46:03:99:7c:66:8c:60:c4:91 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Subject Key Identifier: - 47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03 - X509v3 Authority Key Identifier: - keyid:47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03 - - X509v3 Basic Constraints: - CA:TRUE - Signature Algorithm: sha1WithRSAEncryption - c2:c4:62:f2:ec:6f:2b:05:9c:09:cc:ae:e9:77:a9:1d:66:6b: - 03:7b:01:3a:e6:29:bb:2a:b8:15:d8:a1:7d:9b:05:b4:8c:cb: - ae:c7:eb:68:c0:e3:29:c7:e7:5a:ca:1a:0c:3a:ab:91:80:4f: - 9b:36:d4:45:b4:7b:2c:ef:f3:fd:cb:84:84:85:42:3d:ec:18: - 3f:5f:9e:b1:1f:8d:0a:57:89:51:e4:eb:7e:da:e9:79:82:61: - 38:ad:ca:94:43:71:00:73:13:b9:e9:ef:bc:68:c5:ff:5e:0a: - f6:b9:2a:3d:1d:21:77:22:d0:4e:e7:ad:da:31:0b:51:fa:44: - cd:fa ------BEGIN CERTIFICATE----- -MIIC9jCCAl+gAwIBAgIJALPL0VvebmaVMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYD -VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xHDAaBgNVBAoME1NhbXN1bmcgRWxlY3Ry -b25pY3MxDDAKBgNVBAsMA1NMUDEgMB4GA1UEAwwXU0xQIFdlYkFwcCBUZW1wb3Jh -cnkgQ0ExJjAkBgkqhkiG9w0BCQEWF3l1bmNoYW4uY2hvQHNhbXN1bmcuY29tMB4X -DTExMTIwODEwMjczMloXDTIxMTEzMDEwMjczMlowgZMxCzAJBgNVBAYTAktSMQ4w -DAYDVQQIDAVTdXdvbjEcMBoGA1UECgwTU2Ftc3VuZyBFbGVjdHJvbmljczEMMAoG -A1UECwwDU0xQMSAwHgYDVQQDDBdTTFAgV2ViQXBwIFRlbXBvcmFyeSBDQTEmMCQG -CSqGSIb3DQEJARYXeXVuY2hhbi5jaG9Ac2Ftc3VuZy5jb20wgZ8wDQYJKoZIhvcN -AQEBBQADgY0AMIGJAoGBAMtGuJSBsYPXKQUqMwGeZhX4vruVF916xML12eSq/ciN -qUhl/D3cR9cqL17HHyLt4JjmQ210gsp9IpxgRBjNytZrFsrtY8l68QDf5GszRy94 -dWHXySk+qe523S7+nec8DQL06S1GdElS76DWnU0IZeprNXKlCNhGRgOZfGaMYMSR -AgMBAAGjUDBOMB0GA1UdDgQWBBRHqI/NHyK6aYUTVSEtwhktX//cAzAfBgNVHSME -GDAWgBRHqI/NHyK6aYUTVSEtwhktX//cAzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3 -DQEBBQUAA4GBAMLEYvLsbysFnAnMrul3qR1mawN7ATrmKbsquBXYoX2bBbSMy67H -62jA4ynH51rKGgw6q5GAT5s21EW0eyzv8/3LhISFQj3sGD9fnrEfjQpXiVHk637a -6XmCYTitypRDcQBzE7np77xoxf9eCva5Kj0dIXci0E7nrdoxC1H6RM36 ------END CERTIFICATE----- diff --git a/etc/certificates/wac.publisherid.pem b/etc/certificates/wac.publisherid.pem deleted file mode 100644 index 758fe66..0000000 --- a/etc/certificates/wac.publisherid.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID9DCCAtygAwIBAgIOZscBAQACO65mNg72468wDQYJKoZIhvcNAQEFBQAwgZQx -CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYD -VQQLEyhQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQw -MgYDVQQDEytQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENB -IElJMB4XDTA2MDYwODE0MTYwMVoXDTI1MTIzMTIyNTk1OVowgZQxCzAJBgNVBAYT -AkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYDVQQLEyhQcmUt -UHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQwMgYDVQQDEytQ -cmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBIElJMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ewnr8E24AqXnf1Lu7w/g79Hht+W -lvWQg7cPC7685oj0htT0SmDy94uQaC3qRzBJktLKCyuniABykhdTr04rGWgzqD8n -EzcFCt5k0gF39l3ND/JL+S2YJK/f/xc884hjcLsHUU7cAd6mDlVkOszFK86DNbu0 -noz0y1y462RIOvPCjkYl/GJ5zL62bdDbgFqrWMPZ54JFG0Rj1v575ygfOd2LwOXe -xjzqfYI4JOx9frKWakPTehW+0UY5UdF0cMvHuLJie9H0vOobR4vtkenbS283b6j7 -0WCoU/BeAr4qskvMs9WwkwDquO4XnzYQDsEVgjBu4H2W0ihNUYJbRo8wtQIDAQAB -o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU -DTX6+fYyziPR1HZxViaGOj66QOYwDQYJKoZIhvcNAQEFBQADggEBALZ0pfjOfePn -D/6QDCt+cjQ5+U4eKcOlJMXrpEAlnC6oAnN1hqbOQaj44aIAbNap36E/Hl9s0Uga -c4nz73o5uPvdDmbWzNnMz6ey5NU0XXNzHxQWFdb0+Z7Cho5txoZjjynYXmyQc3RJ -rrPI+6Uej6sEv15ZGirjABza6pNJ+2NLojLyUb+8et3OCLS+wJ4qrX/5uwgL50Lt -0M2iPdZv+gjZwNmNWYIflYrSXa3ujclH+EAkkk/G1JxPzhVI3cII3y2DUZQAPCcX -XQDXIX2zJo7bYaUYJhlEeiGX17cdXMXDT1tbXKKg2mRIga1K4lknn9U/vzkjMJXL -GA38dUZRZ2Y= ------END CERTIFICATE----- diff --git a/etc/certificates/wac.root.preproduction.pem b/etc/certificates/wac.root.preproduction.pem deleted file mode 100644 index 7c46a6a..0000000 --- a/etc/certificates/wac.root.preproduction.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDijCCAnKgAwIBAgIOMwoBAQAuBBKsIqIni7QwDQYJKoZIhvcNAQELBQAwYDEL -MAkGA1UEBhMCR0IxJTAjBgNVBAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBM -dGQxKjAoBgNVBAMMIVdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQgVEVTVDAe -Fw0xMTAzMDMxNTA3MTlaFw0zNjAzMDMxNTA3MTlaMGAxCzAJBgNVBAYTAkdCMSUw -IwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMSowKAYDVQQDDCFX -QUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkIFRFU1QwggEiMA0GCSqGSIb3DQEB -AQUAA4IBDwAwggEKAoIBAQC1PB3UrpAQgLSVqHRPhHqdDJsjKQe/CT9oS4lA+mI/ -vkhAvam/EvcNrNHcLVvSph+Mj0d2Y2J9wkcNW7fS3qZJXtpMNU36r7XdBk9kiYhc -PwJbckCo9Pp8YFxkuR6xV6Cc4o54mO2mumxDQ1hbwCsc5CT7yQz0FVVhCE01X6JJ -D61DvqmAzCUpehmEXthNV/s/o8fL+I2mD75p8vNDyIZHSJX59czO3PriT3tH2h+0 -tQx7NEWG70fQEU2CzcH9UngPYU7xXqNOhT9GmI/yL3HTeYGNH3i5VHrBjxeTF11t -IWSUDWQX1W0Y7TbN06XcGcuqPgjZ9xMcV7S4OiCBJz5nAgMBAAGjQjBAMA8GA1Ud -EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQp5dzy2tJEArpT -qcQWNXG6J7y5WTANBgkqhkiG9w0BAQsFAAOCAQEAoXuyi8AjMx2yKVpss7xpVi5v -aUjcHU3AlptjNCFrXI6Bw+KJGNo8ydYlEASRd5dL/pJ6/V+UuUt9EngjUSdYOZGB -OgCeB2sJI8EZSay2LLhOCmkAxltC94Y/KRzkKqsYvNc6yvF85d+d4gbokf4APjmR -1TSlZLZsVhwfR0k0mer2rHQGE5Ljezdk7ZGeEMLdn6WFScwjo980EI0OqEoJU3on -+1TTBYudZ4o3qMgHiFwJafUJ6i3zuYbi9x86zMqeI4dJTbsTKLM0QV8vIdzI9fkV -t1tO/uBBAsNFUv8PAYwP4AFyGvyJbR4uxwxuQZKrltgjSTkPGYR14JtrGk7Y9g== ------END CERTIFICATE----- - diff --git a/etc/certificates/wac.root.production.pem b/etc/certificates/wac.root.production.pem deleted file mode 100644 index efccefd..0000000 --- a/etc/certificates/wac.root.production.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDgTCCAmmgAwIBAgIPAKTxAAEALtiV8/+rhB6+MA0GCSqGSIb3DQEBCwUAMFsx -CzAJBgNVBAYTAkdCMSUwIwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMg -THRkMSUwIwYDVQQDDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMB4XDTEx -MDMxNDE0MDEwNFoXDTM2MDMxNDE0MDEwNFowWzELMAkGA1UEBhMCR0IxJTAjBgNV -BAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQxJTAjBgNVBAMMHFdBQyBB -cHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw -ggEKAoIBAQDCf6RHUPVBUY4YXYMdrmt5yO95eRCOG6vJtI9w0UM2w/2fihD5SMYa -3cCVam4j6F8FSspMIx+4CTCwdDSUixBGENwGEhD4qxqqV3KTObmxmYbELa97S1IP -qwoFelzUX6e+qHmYHi+eu/hONeiZaPBLtUtCd6ppCd5ACrD/kf/Ug/tfUtngozjG -sJ1UB10Ezi3fKs3OkkZMuecJvjWmDpRAyvIeeV8xfzeyn+DMpvhnI9RrSY0j4huE -ud6Lzzg0jV8+m54v0j7hv9klyNcGiZ+bmHr0LIyAtT+uktcms/4p3V9j01SI9Tmw -HcHKDXnM6kuThWpr6DR9KFSZ8zD2Nx5nAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB -Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBT5bKdU2+CGE17R+o/rMCZHHMn+ -WzANBgkqhkiG9w0BAQsFAAOCAQEAXmO+J5suIGuzbfYBoTdr8gahFfWEbhm1y6mJ -eZAc+Mf5L+In20p+Oj5uy6LsTmJsE9VE/+gi1eALKl9EhgYhET2ZlAzRFCN5dTWv -NTAFxJfGMkn2U5iW+luJ+lejyYBqEEFRpzwhXZbVDZQLim4CU75H75KzFkUgTulG -5M6U/Plt6S1rKgMkeYiR27W4C2NZMFXYqctt0m+eKEa3ueZE9pYUxqVcvQKSI017 -Nbc1kSkcuSKFV2Bk2T5dh5jQvywykdWLubAe6XiiC5CIT31kcSX6AlVhgNxWRRKP -QFO7lWqxnQMR2Or38ve7oSg1oL5Sx80fcbp3ovaYSKt5jnVWfg== ------END CERTIFICATE----- - diff --git a/etc/fingerprint_list.xml b/etc/fingerprint_list.xml deleted file mode 100644 index 640c75a..0000000 --- a/etc/fingerprint_list.xml +++ /dev/null @@ -1,29 +0,0 @@ - - - AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE - A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2 - C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12 - 2B:A0:20:7D:40:90:1D:00:04:89:60:00:3B:DE:34:89:21:BE:D4:4F - - - AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE - C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12 - A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1 - 8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A - 84:A8:85:67:1C:D9:A9:C9:8C:7C:C3:BC:7F:EB:A6:7D:44:94:D9:8F - - - 4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38 - - - - - 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85 - 04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE - AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E - FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD - - - FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD - - diff --git a/etc/fingerprint_list.xsd b/etc/fingerprint_list.xsd deleted file mode 100644 index b0fab23..0000000 --- a/etc/fingerprint_list.xsd +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - diff --git a/etc/schema.xsd b/etc/schema.xsd deleted file mode 100644 index 8028f3e..0000000 --- a/etc/schema.xsd +++ /dev/null @@ -1,415 +0,0 @@ - - - - - - ]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/etc/wrt_security_change_policy.sh b/etc/wrt_security_change_policy.sh deleted file mode 100644 index dce9880..0000000 --- a/etc/wrt_security_change_policy.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -#Uncomment this when IPC is set to DBus -#dbus-send --system --print-reply --dest=org.tizen.SecurityDaemon /org/tizen/SecurityDaemon org.tizen.AceCheckAccessInterface.update_policy - -#Uncomment this when IPC is set to sockets -echo "delete from AcePolicyResult where 1==1;" | sqlite3 /opt/dbspace/.ace.db -echo "delete from AceAttribute where 1==1;" | sqlite3 /opt/dbspace/.ace.db -echo "delete from AcePromptDecision where 1==1;" | sqlite3 /opt/dbspace/.ace.db -pkill -9 security-ser -sleep 3 - diff --git a/etc/wrt_security_create_clean_db.sh b/etc/wrt_security_create_clean_db.sh deleted file mode 100644 index ead4467..0000000 --- a/etc/wrt_security_create_clean_db.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -for name in ace -do - rm -f /opt/dbspace/.$name.db - rm -f /opt/dbspace/.$name.db-journal - SQL="PRAGMA journal_mode = PERSIST;" - sqlite3 /opt/dbspace/.$name.db "$SQL" - SQL=".read /usr/share/wrt-engine/"$name"_db.sql" - sqlite3 /opt/dbspace/.$name.db "$SQL" - touch /opt/dbspace/.$name.db-journal - chown 0:6026 /opt/dbspace/.$name.db - chown 0:6026 /opt/dbspace/.$name.db-journal - chmod 660 /opt/dbspace/.$name.db - chmod 660 /opt/dbspace/.$name.db-journal -done - - diff --git a/packaging/security-server.service b/packaging/security-server.service new file mode 100644 index 0000000..b2a79c2 --- /dev/null +++ b/packaging/security-server.service @@ -0,0 +1,9 @@ + +[Unit] +Description=Start the security server + +[Service] +ExecStart=/usr/bin/security-server + +[Install] +WantedBy=multi-user.target diff --git a/packaging/security-server.spec b/packaging/security-server.spec index 8fe40a0..ff92816 100644 --- a/packaging/security-server.spec +++ b/packaging/security-server.spec @@ -1,7 +1,7 @@ #sbs-git:slp/pkgs/s/security-server security-server 0.0.37 Name: security-server Summary: Security server and utilities -Version: 0.0.61 +Version: 0.0.67 Release: 1 Group: TO_BE/FILLED_IN License: Apache License, Version 2.0 @@ -9,6 +9,7 @@ URL: N/A Source0: %{name}-%{version}.tar.gz Source1: security-server.manifest Source2: libsecurity-server-client.manifest +Source3: security-server.service BuildRequires: cmake BuildRequires: zip BuildRequires: pkgconfig(dlog) @@ -23,6 +24,9 @@ BuildRequires: pkgconfig(libpcrecpp) BuildRequires: pkgconfig(icu-i18n) BuildRequires: pkgconfig(libsoup-2.4) BuildRequires: pkgconfig(xmlsec1) +Requires(preun): systemd +Requires(post): systemd +Requires(postun): systemd %description Security server and utilities @@ -37,6 +41,22 @@ Requires(postun): /sbin/ldconfig %description -n libsecurity-server-client Security server package (client) +#%package -n wrt-security +#Summary: wrt-security-daemon and client libraries. +#Group: Development/Libraries +#Requires(post): /sbin/ldconfig +#Requires(postun): /sbin/ldconfig +# +#%description -n wrt-security +#Wrt-security-daemon and client libraries. +# +#%package -n wrt-security-devel +#Summary: Header files for client libraries. +#Group: Development/Libraries +#Requires: wrt-security = %{version}-%{release} +# +#%description -n wrt-security-devel +#Developer files for client libraries. %package -n libsecurity-server-client-devel Summary: Security server (client-devel) @@ -78,91 +98,57 @@ make %{?jobs:-j%jobs} %install rm -rf %{buildroot} mkdir -p %{buildroot}/usr/share/license -cp LICENSE.APLv2.0 %{buildroot}/usr/share/license/%{name} -cp LICENSE.APLv2.0 %{buildroot}/usr/share/license/libsecurity-server-client +cp LICENSE %{buildroot}/usr/share/license/%{name} +cp LICENSE %{buildroot}/usr/share/license/libsecurity-server-client %make_install install -D %{SOURCE1} %{buildroot}%{_datadir}/security-server.manifest install -D %{SOURCE2} %{buildroot}%{_datadir}/libsecurity-server-client.manifest -%clean -rm -rf %{buildroot} +mkdir -p %{buildroot}%{_libdir}/systemd/system/multi-user.target.wants +install -m 0644 %{SOURCE3} %{buildroot}%{_libdir}/systemd/system/security-server.service +ln -s ../security-server.service %{buildroot}%{_libdir}/systemd/system/multi-user.target.wants/security-server.service + +%preun +if [ $1 == 0 ]; then + systemctl stop security-server.service +fi %post +systemctl daemon-reload +if [ $1 == 1 ]; then + systemctl restart security-server.service +fi mkdir -p /etc/rc.d/rc3.d mkdir -p /etc/rc.d/rc5.d -ln -s /etc/rc.d/init.d/security-serverd /etc/rc.d/rc3.d/S10security-server -ln -s /etc/rc.d/init.d/security-serverd /etc/rc.d/rc5.d/S10security-server - -if [ -z ${2} ]; then - echo "This is new install of wrt-security" - echo "Calling /usr/bin/wrt_security_create_clean_db.sh" - /usr/bin/wrt_security_create_clean_db.sh -else - # Find out old and new version of databases - ACE_OLD_DB_VERSION=`sqlite3 /opt/dbspace/.ace.db ".tables" | grep "DB_VERSION_"` - ACE_NEW_DB_VERSION=`cat /usr/share/wrt-engine/ace_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_` - echo "OLD ace database version ${ACE_OLD_DB_VERSION}" - echo "NEW ace database version ${ACE_NEW_DB_VERSION}" - - if [ ${ACE_OLD_DB_VERSION} -a ${ACE_NEW_DB_VERSION} ] - then - if [ ${ACE_NEW_DB_VERSION} = ${ACE_OLD_DB_VERSION} ] - then - echo "Equal database detected so db installation ignored" - else - echo "Calling /usr/bin/wrt_security_create_clean_db.sh" - /usr/bin/wrt_security_create_clean_db.sh - fi - else - echo "Calling /usr/bin/wrt_security_create_clean_db.sh" - /usr/bin/wrt_security_create_clean_db.sh - fi -fi - -echo "[WRT] wrt-security postinst done ..." +ln -sf /etc/rc.d/init.d/security-serverd /etc/rc.d/rc3.d/S10security-server +ln -sf /etc/rc.d/init.d/security-serverd /etc/rc.d/rc5.d/S10security-server %postun -rm -f /etc/rc.d/rc3.d/S10security-server -rm -f /etc/rc.d/rc5.d/S10security-server +systemctl daemon-reload +if [ "$1" = 0 ]; then + rm -f /etc/rc.d/rc3.d/S10security-server + rm -f /etc/rc.d/rc5.d/S10security-server +fi %post -n libsecurity-server-client -p /sbin/ldconfig %postun -n libsecurity-server-client -p /sbin/ldconfig - %files -n security-server %manifest %{_datadir}/security-server.manifest %defattr(-,root,root,-) +%{_libdir}/systemd/system/multi-user.target.wants/security-server.service +%{_libdir}/systemd/system/security-server.service /usr/share/security-server/mw-list %attr(755,root,root) /etc/rc.d/init.d/security-serverd #/etc/rc.d/rc3.d/S10security-server #/etc/rc.d/rc5.d/S10security-server %attr(755,root,root) /usr/bin/security-server -#/usr/bin/sec-svr-util -%{_libdir}/libace*.so -%{_libdir}/libace*.so.* -%{_libdir}/libwrt-ocsp.so -%{_libdir}/libwrt-ocsp.so.* -/usr/share/wrt-engine/* -%attr(755,root,root) %{_bindir}/wrt_security_create_clean_db.sh -%attr(755,root,root) %{_bindir}/wrt_security_change_policy.sh -%attr(664,root,root) %{_datadir}/dbus-1/services/* -%attr(664,root,root) /usr/etc/ace/bondixml* -%attr(664,root,root) /usr/etc/ace/UnrestrictedPolicy.xml -%attr(664,root,root) /usr/etc/ace/WAC2.0Policy.xml -%attr(664,root,root) /usr/etc/ace/TizenPolicy.xml +%attr(755,root,root) /etc/rc.d/init.d/security-serverd +/usr/share/security-server/mw-list %{_datadir}/license/%{name} -#%files -n security-server-certs -%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.publisherid.pem -%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen.root.preproduction.cert.pem -%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.root.production.pem -%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.root.preproduction.pem -%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen-developer-root-ca.pem -%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen-distributor-root-ca-partner.pem -%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/tizen-distributor-root-ca-public.pem - %files -n libsecurity-server-client %manifest %{_datadir}/libsecurity-server-client.manifest %defattr(-,root,root,-) @@ -173,13 +159,4 @@ rm -f /etc/rc.d/rc5.d/S10security-server %defattr(-,root,root,-) /usr/lib/libsecurity-server-client.so /usr/include/security-server/security-server.h -/usr/lib/pkgconfig/security-server.pc -%{_includedir}/wrt-security/* -%{_includedir}/ace/* -%{_includedir}/ace-client/* -%{_includedir}/ace-settings/* -%{_includedir}/ace-install/* -%{_includedir}/ace-common/* -%{_includedir}/ace-popup-validation/* -%{_includedir}/wrt-ocsp/* %{_libdir}/pkgconfig/*.pc diff --git a/socket_connection/client/SecuritySocketClient.cpp b/socket_connection/client/SecuritySocketClient.cpp deleted file mode 100644 index 4c33102..0000000 --- a/socket_connection/client/SecuritySocketClient.cpp +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file SecuritySocketClient.cpp - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Implemtation of socket client class. - */ - -#include -#include -#include -#include -#include -#include - -#include "SecuritySocketClient.h" -#include "security_daemon_socket_config.h" - -void SecuritySocketClient::throwWithErrnoMessage(const std::string& specificInfo){ - LogError(specificInfo << " : " << strerror(errno)); - ThrowMsg(Exception::SecuritySocketClientException, specificInfo << " : " << strerror(errno)); -} - -SecuritySocketClient::SecuritySocketClient(const std::string& interfaceName) { - m_interfaceName = interfaceName; - m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS(); - LogInfo("Client created"); -} - -void SecuritySocketClient::connect(){ - struct sockaddr_un remote; - if(-1 == (m_socketFd = socket(AF_UNIX, SOCK_STREAM,0))){ - throwWithErrnoMessage("socket()"); - } - - //socket needs to be nonblocking, because read can block after select - int flags; - if (-1 == (flags = fcntl(m_socketFd, F_GETFL, 0))) - flags = 0; - if(-1 == (fcntl(m_socketFd, F_SETFL, flags | O_NONBLOCK))){ - throwWithErrnoMessage("fcntl"); - } - - bzero(&remote, sizeof(remote)); - remote.sun_family = AF_UNIX; - strcpy(remote.sun_path, m_serverAddress.c_str()); - if(-1 == ::connect(m_socketFd, (struct sockaddr *)&remote, SUN_LEN(&remote))){ - throwWithErrnoMessage("connect()"); - } - - m_socketConnector.reset(new SocketConnection(m_socketFd)); - - LogInfo("Client connected"); -} - -void SecuritySocketClient::disconnect(){ - //Socket should be already closed by server side, - //even though we should close it in case of any errors - close(m_socketFd); - LogInfo("Client disconnected"); -} diff --git a/socket_connection/client/SecuritySocketClient.h b/socket_connection/client/SecuritySocketClient.h deleted file mode 100644 index 7d4bc95..0000000 --- a/socket_connection/client/SecuritySocketClient.h +++ /dev/null @@ -1,142 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file SecuritySocketClient.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Header of socket client class. - */ - -#ifndef SECURITYSOCKETCLIENT_H_ -#define SECURITYSOCKETCLIENT_H_ - -#include -#include -#include -#include "SocketConnection.h" - -/* IMPORTANT: - * Methods connect(), call() and disconnected() should be called one by one. - * Between connect() and disconnect() you can use call() only once. - * It is because of timeout on call, e.g. to avoid waiting for corrupted data. - */ - -/* USAGE: - * Class should be used according to this scheme: - * SecuritySocketClient client("Interface Name"); - * (...) - * client.connect(); - * client.call("Method name", in_arg1, in_arg2, ..., in_argN, - * out_arg1, out_arg2, ..., out_argM); - * client.disconnect(); - * (...) - * - * input parameters of the call are passed with reference, - * output ones are passed as pointers - parameters MUST be passed this way. - * - * Currently client supports serialization and deserialization of simple types - * (int, char, float, unsigned), strings (std::string and char*) and - * some STL containers (std::vector, std::list, std::map, std::pair). - * Structures and classes are not (yet) supported. - */ - -class SecuritySocketClient { -public: - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, SecuritySocketClientException) - }; - - SecuritySocketClient(const std::string &interfaceName); - void connect(); - void disconnect(); - - void call(std::string methodName){ - make_call(m_interfaceName); - make_call(methodName); - } - - template - void call(std::string methodName, const Args&... args){ - make_call(m_interfaceName); - make_call(methodName); - make_call(args...); - } - -private: - template - void make_call(const T& invalue, const Args&... args){ - make_call(invalue); - make_call(args...); - } - - template - void make_call(const T& invalue){ - Try { - m_socketConnector->write(invalue); - } - Catch (SocketConnection::Exception::SocketConnectionException){ - LogError("Socket connection write error"); - ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error"); - } - } - - template - void make_call(const T* invalue, const Args&... args){ - make_call(invalue); - make_call(args...); - } - - template - void make_call(const T* invalue){ - Try { - m_socketConnector->write(invalue); - } - Catch (SocketConnection::Exception::SocketConnectionException){ - LogError("Socket connection write error"); - ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error"); - } - } - - template - void make_call(T * outvalue, const Args&... args){ - make_call(outvalue); - make_call(args...); - } - - template - void make_call(T* outvalue){ - Try { - m_socketConnector->read(outvalue); - } - Catch (SocketConnection::Exception::SocketConnectionException){ - LogError("Socket connection read error"); - ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection read error"); - } - } - - -private: - void throwWithErrnoMessage(const std::string& specificInfo); - std::string m_serverAddress; - std::string m_interfaceName; - std::unique_ptr m_socketConnector; - int m_socketFd; -}; - -#endif /* SECURITYSOCKETCLIENT_H_ */ diff --git a/socket_connection/connection/SocketConnection.cpp b/socket_connection/connection/SocketConnection.cpp deleted file mode 100644 index f504bae..0000000 --- a/socket_connection/connection/SocketConnection.cpp +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file SocketConnection.cpp - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - */ - -#include "SocketConnection.h" - -// -// Note: -// -// The file here is left blank to enable precompilation -// of templates in corresponding header file. -// Do not remove this file. -// diff --git a/socket_connection/connection/SocketConnection.h b/socket_connection/connection/SocketConnection.h deleted file mode 100644 index a11b588..0000000 --- a/socket_connection/connection/SocketConnection.h +++ /dev/null @@ -1,116 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file SocketConnection.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief This file is a header of Socket Connection class with implemented templates - */ - -#ifndef SOCKETCONNECTION_H_ -#define SOCKETCONNECTION_H_ - -#include -#include -#include -#include "SocketStream.h" - -/* - * This class implements interface for generic read and write from given socket. - * It does not maintain socket descriptor, so any connecting and disconnecting should be - * done above calls to this class. - */ - -/* - * Throws SocketConnectionException when read/write will not succeed or if any bad allocation - * exception occurs during read. - */ - -class SocketConnection { - -public: - - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, SocketConnectionException) - }; - - explicit SocketConnection(int socket_fd) : m_socketStream(socket_fd){ - LogInfo("Created"); - } - - template - void read(T* out, const Args&... args ){ - read(out); - read(args...); - } - - template - void read(T* out){ - Try { - DPL::Deserialization::Deserialize(m_socketStream, *out); - } - - Catch (std::bad_alloc){ - LogError("Bad allocation error"); - ThrowMsg(Exception::SocketConnectionException, "Bad allocation error"); - } - - Catch (SocketStream::Exception::SocketStreamException) { - LogError("Socket stream error"); - ReThrowMsg(Exception::SocketConnectionException, "Socket stream error"); - } - } - - template - void write(const T& in, const Args&... args){ - write(in); - write(args...); - } - - template - void write(const T& in){ - Try { - DPL::Serialization::Serialize(m_socketStream, in); - } Catch (SocketStream::Exception::SocketStreamException) { - LogError("Socket stream error"); - ReThrowMsg(Exception::SocketConnectionException, "Socket stream error"); - } - } - - template - void write(const T* in, const Args&... args){ - write(in); - write(args...); - } - - template - void write(const T* in){ - Try { - DPL::Serialization::Serialize(m_socketStream, in); - } Catch (SocketStream::Exception::SocketStreamException) { - LogError("Socket stream error"); - ReThrowMsg(Exception::SocketConnectionException, "Socket stream error"); - } - } - -private: - SocketStream m_socketStream; -}; - -#endif /* SOCKETCONNECTION_H_ */ diff --git a/socket_connection/connection/SocketStream.cpp b/socket_connection/connection/SocketStream.cpp deleted file mode 100644 index 4ef8bca..0000000 --- a/socket_connection/connection/SocketStream.cpp +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file SocketStream.cpp - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Implementation of socket stream class - */ - - -#include -#include -#include -#include -#include -#include "SocketStream.h" - -#define READ_TIEMOUT_SEC 60 -#define READ_TIMEUOT_NSEC 0 -#define WRITE_TIMEOUT_SEC 60 -#define WRITE_TIMEOUT_NSEC 0 -#define MAX_BUFFER 10240 - -void SocketStream::throwWithErrnoMessage(std::string function_name){ - LogError(function_name << " : " << strerror(errno)); - ThrowMsg(Exception::SocketStreamException, function_name << " : " << strerror(errno)); -} - -void SocketStream::Read(size_t num, void * bytes){ - - if(NULL == bytes){ - LogError("Null pointer to buffer"); - ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer"); - } - - m_bytesRead += num; - - if(m_bytesRead > MAX_BUFFER){ - LogError("Too big buffer requested!"); - ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!"); - } - - char part_buffer[MAX_BUFFER]; - std::string whole_buffer; - - fd_set rset, allset; - int max_fd; - ssize_t bytes_read = 0, bytes_to_read = (ssize_t) num; - - timespec timeout; - - max_fd = m_socketFd; - ++max_fd; - - FD_ZERO(&allset); - FD_SET(m_socketFd, &allset); - - int returned_value; - - while(bytes_to_read != 0){ - timeout.tv_sec = READ_TIEMOUT_SEC; - timeout.tv_nsec = READ_TIMEUOT_NSEC; - rset = allset; - - if(-1 == (returned_value = pselect(max_fd, &rset, NULL, NULL, &timeout, NULL))){ - if(errno == EINTR) continue; - throwWithErrnoMessage("pselect()"); - } - if(0 == returned_value){ - //This means pselect got timedout - //This is not a proper behavior in reading data from UDS - //And could mean we got corrupted connection - LogError("Couldn't read whole data"); - ThrowMsg(Exception::SocketStreamException, "Couldn't read whole data"); - } - if(FD_ISSET(m_socketFd, &rset)){ - bytes_read = read(m_socketFd, part_buffer, num); - if(bytes_read <= 0){ - if(errno == ECONNRESET || errno == ENOTCONN || errno == ETIMEDOUT){ - LogInfo("Connection closed : " << strerror(errno)); - ThrowMsg(Exception::SocketStreamException, - "Connection closed : " << strerror(errno) << ". Couldn't read whole data"); - }else if (errno != EAGAIN && errno != EWOULDBLOCK){ - throwWithErrnoMessage("read()"); - } - } - - whole_buffer.append(part_buffer, bytes_read); - bytes_to_read-=bytes_read; - bytes_read = 0; - continue; - } - - } - memcpy(bytes, whole_buffer.c_str(), num); -} - -void SocketStream::Write(size_t num, const void * bytes){ - - if(NULL == bytes){ - LogError("Null pointer to buffer"); - ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer"); - } - - m_bytesWrote += num; - - if(m_bytesWrote > MAX_BUFFER){ - LogError("Too big buffer requested!"); - ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!"); - } - - fd_set wset, allset; - int max_fd; - - timespec timeout; - - max_fd = m_socketFd; - ++max_fd; - - FD_ZERO(&allset); - FD_SET(m_socketFd, &allset); - - int returned_value; - - int write_res, bytes_to_write = num; - unsigned int current_offset = 0; - - while(current_offset != num){ - timeout.tv_sec = WRITE_TIMEOUT_SEC; - timeout.tv_nsec = WRITE_TIMEOUT_NSEC; - wset = allset; - - if(-1 == (returned_value = pselect(max_fd, NULL, &wset, NULL, &timeout, NULL))){ - if(errno == EINTR) continue; - throwWithErrnoMessage("pselect()"); - } - - if(FD_ISSET(m_socketFd, &wset)){ - if(-1 == (write_res = write(m_socketFd, reinterpret_cast(bytes) + current_offset, bytes_to_write))){ - if(errno == ECONNRESET || errno == EPIPE){ - LogInfo("Connection closed : " << strerror(errno)); - ThrowMsg(Exception::SocketStreamException, - "Connection closed : " << strerror(errno) << ". Couldn't write whole data"); - - }else if(errno != EAGAIN && errno != EWOULDBLOCK){ - throwWithErrnoMessage("write()"); - } - } - current_offset += write_res; - bytes_to_write -= write_res; - } - } -} diff --git a/socket_connection/connection/SocketStream.h b/socket_connection/connection/SocketStream.h deleted file mode 100644 index dc1db61..0000000 --- a/socket_connection/connection/SocketStream.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file SocketStream.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Header of socket stream class. - */ - -#ifndef SOCKETSTREAM_H_ -#define SOCKETSTREAM_H_ - -#include -#include -#include -#include -#include - -/* - * This class implements binary read/write from socket used for DPL serialization and deserialization - * It can read or write buffers of max *total* size 10kB. - * I does not maintain socket descriptor. - */ - -/* - * Throws SocketStreamException when buffer is null or its size exceeds max size or when - * there is an error during read or write. - */ - - - -class SocketStream : public DPL::IStream { -public: - class Exception - { - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, SocketStreamException) - }; - - explicit SocketStream(int socket_fd) : m_socketFd(socket_fd), - m_bytesRead(0), - m_bytesWrote(0) - { - LogInfo("Created"); - } - void Read(size_t num, void * bytes); - void Write(size_t num, const void * bytes); -private: - void throwWithErrnoMessage(std::string specificInfo); - int m_socketFd; - int m_bytesRead; - int m_bytesWrote; -}; - -#endif /* SOCKETSTREAM_H_ */ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 17d1d28..b2b1569 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,190 +1,85 @@ -# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -# @file CMakeLists.txt -# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) -# - -SET(DAEMON_BASIC_DEP - dpl-efl - dpl-dbus-efl - dpl-utils-efl - libsoup-2.4 +PKG_CHECK_MODULES(SECURITY_SERVER_DEP dlog openssl libsmack - ) - -IF(SMACK_ENABLE) - LIST(APPEND DAEMON_BASIC_DEP libprivilege-control) -ENDIF(SMACK_ENABLE) - -PKG_CHECK_MODULES(DAEMON_DEP - ${DAEMON_BASIC_DEP} - REQUIRED) - -SET(DAEMON_SOURCES_PATH ${PROJECT_SOURCE_DIR}/src) - -SET(DAEMON_SOURCES - #socket connection - ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp - ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp - #caller - ${DAEMON_SOURCES_PATH}/services/caller/security_caller.cpp - #daemon - ${DAEMON_SOURCES_PATH}/daemon/dbus/security_dbus_service.cpp - ${DAEMON_SOURCES_PATH}/daemon/sockets/security_socket_service.cpp - ${DAEMON_SOURCES_PATH}/daemon/security_daemon.cpp - ${DAEMON_SOURCES_PATH}/main.cpp - #ocsp - ${DAEMON_SOURCES_PATH}/services/ocsp/dbus/ocsp_server_dbus_interface.cpp - ${DAEMON_SOURCES_PATH}/services/ocsp/socket/ocsp_service_callbacks.cpp - ${DAEMON_SOURCES_PATH}/services/ocsp/ocsp_service.cpp - #ace - ${DAEMON_SOURCES_PATH}/services/ace/dbus/ace_server_dbus_interface.cpp - ${DAEMON_SOURCES_PATH}/services/ace/socket/ace_service_callbacks.cpp - ${DAEMON_SOURCES_PATH}/services/ace/ace_service.cpp - ${DAEMON_SOURCES_PATH}/services/ace/logic/security_controller.cpp - ${DAEMON_SOURCES_PATH}/services/ace/logic/attribute_facade.cpp - ${DAEMON_SOURCES_PATH}/services/ace/logic/security_logic.cpp - ${DAEMON_SOURCES_PATH}/services/ace/logic/simple_roaming_agent.cpp - #popup - ${DAEMON_SOURCES_PATH}/services/popup/dbus/popup_response_dbus_interface.cpp - ${DAEMON_SOURCES_PATH}/services/popup/socket/popup_service_callbacks.cpp - ) - -SET_SOURCE_FILES_PROPERTIES(${DAEMON_SOURCES} PROPERTIES COMPILE_FLAGS "-std=c++0x") - -SET(LEGACY_DAEMON_SOURCES - #security-server - ${DAEMON_SOURCES_PATH}/security-srv/communication/security-server-comm.c - ${DAEMON_SOURCES_PATH}/security-srv/server/security-server-cookie.c - ${DAEMON_SOURCES_PATH}/security-srv/server/security-server-main.c - ${DAEMON_SOURCES_PATH}/security-srv/server/security-server-password.c - ${DAEMON_SOURCES_PATH}/security-srv/util/security-server-util-common.c) - -SET_SOURCE_FILES_PROPERTIES(${LEGACY_DAEMON_SOURCES} - PROPERTIES COMPILE_FLAGS "-DSECURITY_SERVER_DEBUG_DLOG") - -SET(DAEMON_SOURCES - ${DAEMON_SOURCES} - #security-server - ${LEGACY_DAEMON_SOURCES}) + REQUIRED + ) + +SET(SECURITY_SERVER_PATH ${PROJECT_SOURCE_DIR}/src) + +SET(SECURITY_SERVER_SOURCES + ${SECURITY_SERVER_PATH}/communication/security-server-comm.c + ${SECURITY_SERVER_PATH}/server/security-server-cookie.c + ${SECURITY_SERVER_PATH}/server/security-server-main.c + ${SECURITY_SERVER_PATH}/server/security-server-password.c + ${SECURITY_SERVER_PATH}/util/security-server-util-common.c + ) SET_SOURCE_FILES_PROPERTIES( - ${DAEMON_SOURCES_PATH}/security-srv/communication/security-server-comm.c - PROPERTIES COMPILE_FLAGS "-D_GNU_SOURCE") - - -############################# Lets start compilation process ################## -#ace library -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include) -#socket connection library -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/socket_connection/connection) -#daemon -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/dbus) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets/api) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets) -#caller -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/caller) -#ace -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/dbus) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket/api) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/logic) -#ocsp -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket/api) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/logic) -#popup -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/dbus) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket/api) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/logic) -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include) -INCLUDE_DIRECTORIES(${DAEMON_DEP_INCLUDE_DIRS}) -#security-server -INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/security-srv/include) - - - -ADD_EXECUTABLE(${TARGET_DAEMON} - ${DAEMON_SOURCES}) - -TARGET_LINK_LIBRARIES(${TARGET_DAEMON} - ${DAEMON_DEP_LIBRARIES} - ${TARGET_ACE_LIB} - ${TARGET_ACE_DAO_RW_LIB}) - - - -################################################################################################### -## for libsecurity-server-client.so (library) -pkg_check_modules(pkgs REQUIRED dlog openssl libsmack) - -SET(VERSION_MAJOR 1) -SET(VERSION ${VERSION_MAJOR}.0.1) - -SET(libsecurity-server-client_SOURCES - ${DAEMON_SOURCES_PATH}/security-srv/client/security-server-client.c - ${DAEMON_SOURCES_PATH}/security-srv/communication/security-server-comm.c) -SET(libsecurity-server-client_LDFLAGS " -module -avoid-version") -SET(libsecurity-server-client_CFLAGS " ${CFLAGS} -fPIC -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ") -#SET(libsecurity-server-client_LIBADD "") - -ADD_LIBRARY(security-server-client SHARED ${libsecurity-server-client_SOURCES}) -TARGET_LINK_LIBRARIES(security-server-client ${pkgs_LDFLAGS}) -SET_TARGET_PROPERTIES(security-server-client PROPERTIES SOVERSION ${VERSION_MAJOR}) -SET_TARGET_PROPERTIES(security-server-client PROPERTIES VERSION ${VERSION}) -SET_TARGET_PROPERTIES(security-server-client PROPERTIES COMPILE_FLAGS "${libsecurity-server-client_CFLAGS}") -################################################################################################### - -INSTALL(TARGETS ${TARGET_DAEMON} - DESTINATION bin) + ${SECURITY_SERVER_SOURCES} + PROPERTIES + COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG") -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/daemon/dbus/org.tizen.SecurityDaemon.service - DESTINATION /usr/share/dbus-1/services +INCLUDE_DIRECTORIES( + ${SECURITY_SERVER_PATH}/include + ${SECURITY_SERVER_DEP_INCLUDE_DIRS} ) -INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/services/ace/ace_server_api.h - ${PROJECT_SOURCE_DIR}/src/services/ocsp/ocsp_server_api.h - ${PROJECT_SOURCE_DIR}/src/services/popup/popup_response_server_api.h - ${PROJECT_SOURCE_DIR}/src/services/popup/popup_ace_data_types.h - ${PROJECT_SOURCE_DIR}/src/daemon/dbus/security_daemon_dbus_config.h - DESTINATION /usr/include/wrt-security +ADD_EXECUTABLE(${TARGET_SECURITY_SERVER} ${SECURITY_SERVER_SOURCES}) + +TARGET_LINK_LIBRARIES(${TARGET_SECURITY_SERVER} + ${SECURITY_SERVER_DEP_LIBRARIES} + ) + +################################################################################ + +SET(SECURITY_CLIENT_VERSION_MAJOR 1) +SET(SECURITY_CLIENT_VERSION ${SECURITY_CLIENT_VERSION_MAJOR}.0.1) + +SET(SECURITY_CLIENT_SOURCES + ${SECURITY_SERVER_PATH}/client/security-server-client.c + ${SECURITY_SERVER_PATH}/communication/security-server-comm.c ) +ADD_LIBRARY(${TARGET_SECURITY_CLIENT} SHARED ${SECURITY_CLIENT_SOURCES}) + +SET_TARGET_PROPERTIES( + ${TARGET_SECURITY_CLIENT} + PROPERTIES + LINK_FLAGS "-module -avoid-version" + COMPILE_FLAGS "-D_GNU_SOURCE -DSECURITY_SERVER_DEBUG_DLOG -fPIC" + SOVERSION ${SECURITY_CLIENT_VERSION_MAJOR} + VERSION ${SECURITY_CLIENT_VERSION} + ) + +TARGET_LINK_LIBRARIES(${TARGET_SECURITY_CLIENT} + ${SECURITY_SERVER_DEP_LIBRARIES} + ) + +################################################################################ + +INSTALL(TARGETS ${TARGET_SECURITY_CLIENT} DESTINATION lib) + +INSTALL(TARGETS ${TARGET_SECURITY_SERVER} DESTINATION bin) + INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/security-srv/include/security-server.h + ${SECURITY_SERVER_PATH}/include/security-server.h DESTINATION /usr/include/security-server ) INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/security-srv/mw-list - DESTINATION /usr/share/security-server/) + ${SECURITY_SERVER_PATH}/mw-list + DESTINATION /usr/share/security-server + ) INSTALL(FILES - ${PROJECT_SOURCE_DIR}/src/security-srv/security-serverd - DESTINATION /etc/rc.d/init.d) + ${SECURITY_SERVER_PATH}/security-serverd + DESTINATION /etc/rc.d/init.d + ) + +################################################################################ + +#CONFIGURE_FILE(security-server.pc.in security-server.pc @ONLY) +#INSTALL -INSTALL(TARGETS security-server-client DESTINATION lib) +################################################################################ diff --git a/src/security-srv/client/security-server-client.c b/src/client/security-server-client.c similarity index 91% rename from src/security-srv/client/security-server-client.c rename to src/client/security-server-client.c index e934df1..68e83a0 100644 --- a/src/security-srv/client/security-server-client.c +++ b/src/client/security-server-client.c @@ -27,6 +27,7 @@ #include #include #include +#include #include "security-server.h" #include "security-server-common.h" @@ -1018,3 +1019,93 @@ error: retval = convert_to_public_error_code(retval); return retval; } + +SECURITY_SERVER_API +char * security_server_get_smacklabel_cookie(const char * cookie) +{ + char * label = NULL; + int sockfd = -1, retval, pid = -1; + response_header hdr; + + if(cookie == NULL) + { + retval = SECURITY_SERVER_ERROR_INPUT_PARAM; + goto error; + } + + retval = connect_to_server(&sockfd); + if(retval != SECURITY_SERVER_SUCCESS) + { + /* Error on socket */ + goto error; + } + + /* make request packet */ + retval = send_smack_request(sockfd, cookie); + if(retval != SECURITY_SERVER_SUCCESS) + { + /* Error on socket */ + SEC_SVR_DBG("Client: Send failed: %d", retval); + goto error; + } + + //allocating buffer for storing SMACK label received from server + label = calloc(SMACK_LABEL_LEN + 1, 1); + if(NULL == label) + { + SEC_SVR_DBG("Client ERROR: Memory allocation error"); + goto error; + } + + retval = recv_smack_response(sockfd, &hdr, label); + + retval = return_code_to_error_code(hdr.return_code); + if(hdr.basic_hdr.msg_id != SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE) /* Wrong response */ + { + if(hdr.basic_hdr.msg_id == SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE) + { + /* There must be some error */ + SEC_SVR_DBG("Client: Error has been received. return code:%d", hdr.return_code); + } + else + { + /* Something wrong with response */ + SEC_SVR_DBG("Client ERROR: Unexpected error occurred:%d", retval); + retval = SECURITY_SERVER_ERROR_BAD_RESPONSE; + } + goto error; + } + if(hdr.return_code == SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE) + { + SEC_SVR_DBG("%s"," Client: There is no such cookie exist"); + } + +error: + if(sockfd > 0) + close(sockfd); + + retval = convert_to_public_error_code(retval); + if(retval == 0) + return label; + + if(NULL != label) + free(label); + + return NULL; +} + + SECURITY_SERVER_API +char * security_server_get_smacklabel_sockfd(int fd) +{ + char * label = NULL; + + if(smack_new_label_from_socket(fd, &label) != 0) + { + SEC_SVR_DBG("Client ERROR: Unable to get socket SMACK label"); + return NULL; + } + + return label; +} + + diff --git a/src/security-srv/communication/security-server-comm.c b/src/communication/security-server-comm.c similarity index 89% rename from src/security-srv/communication/security-server-comm.c rename to src/communication/security-server-comm.c index 7b3b1aa..e83a14a 100644 --- a/src/security-srv/communication/security-server-comm.c +++ b/src/communication/security-server-comm.c @@ -26,10 +26,12 @@ #include #include #include +#include #include #include #include #include +#include #include "security-server-common.h" #include "security-server-comm.h" @@ -730,6 +732,64 @@ int send_pid(int sockfd, int pid) return SECURITY_SERVER_SUCCESS; } +/* Send SMACK label to client with lenght N + * 0 1 2 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * |---------------------------------------------------------------| + * | version=0x01 |MessageID=0x1e | Message Length = SMACK_LABEL_LEN + 1 + * |---------------------------------------------------------------| + * | return code | SMACK label byte 0 | + * |---------------------------------------------------------------| + * | .................. | + * |---------------------------------------------------------------| + * | SMACK label byte N | + * |---------------------------------------------------------------| +*/ +int send_smack(int sockfd, char * label) +{ + response_header hdr; + //added 1 to the size is for NULL terminating label + int LABEL_SIZE = SMACK_LABEL_LEN + 1; + int PACKET_SIZE = sizeof(hdr) + LABEL_SIZE; + unsigned char msg[PACKET_SIZE]; + int ret; + + /* Assemble header */ + hdr.basic_hdr.version = SECURITY_SERVER_MSG_VERSION; + hdr.basic_hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE; + hdr.basic_hdr.msg_len = LABEL_SIZE; + hdr.return_code = SECURITY_SERVER_RETURN_CODE_SUCCESS; + + /* Perpare packet */ + memcpy(msg, &hdr, sizeof(hdr)); + memcpy(msg + sizeof(hdr), label, LABEL_SIZE); + memset(msg + sizeof(hdr) + SMACK_LABEL_LEN, 0x00, 1); //adding NULL ad the label end + + /* Check poll */ + ret = check_socket_poll(sockfd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND); + if(ret == SECURITY_SERVER_ERROR_POLL) + { + SEC_SVR_DBG("%s", "poll() error"); + return SECURITY_SERVER_ERROR_SEND_FAILED; + } + if(ret == SECURITY_SERVER_ERROR_TIMEOUT) + { + SEC_SVR_DBG("%s", "poll() timeout"); + return SECURITY_SERVER_ERROR_SEND_FAILED; + } + + /* Send it */ + ret = write(sockfd, msg, PACKET_SIZE); + if(ret < PACKET_SIZE) + { + /* Error on writing */ + SEC_SVR_DBG("Error on write(): %d", ret); + ret = SECURITY_SERVER_ERROR_SEND_FAILED; + return ret; + } + return SECURITY_SERVER_SUCCESS; +} + /* Send Check password response to client * * Check password response packet format @@ -1078,6 +1138,58 @@ int send_privilege_check_new_request(int sock_fd, return SECURITY_SERVER_SUCCESS; } +/* Send SMACK request message to security server * + * + * Message format + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * |---------------------------------------------------------------| + * | version=0x01 |MessageID=0x1d | Message Length = 20 | + * |---------------------------------------------------------------| + * | | + * | | + * | Cookie (20bytes) | + * | | + * | | + * |---------------------------------------------------------------| + */ +int send_smack_request(int sock_fd, const char * cookie) +{ + basic_header hdr; + int retval; + unsigned char buf[sizeof(hdr) + SECURITY_SERVER_COOKIE_LEN]; + + /* Assemble header */ + hdr.version = SECURITY_SERVER_MSG_VERSION; + hdr.msg_id = SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST; + hdr.msg_len = SECURITY_SERVER_COOKIE_LEN; + + memcpy(buf, &hdr, sizeof(hdr)); + memcpy(buf + sizeof(hdr), cookie, SECURITY_SERVER_COOKIE_LEN); + + /* Check poll */ + retval = check_socket_poll(sock_fd, POLLOUT, SECURITY_SERVER_SOCKET_TIMEOUT_MILISECOND); + if(retval == SECURITY_SERVER_ERROR_POLL) + { + SEC_SVR_DBG("%s", "poll() error"); + return SECURITY_SERVER_ERROR_SEND_FAILED; + } + if(retval == SECURITY_SERVER_ERROR_TIMEOUT) + { + SEC_SVR_DBG("%s", "poll() timeout"); + return SECURITY_SERVER_ERROR_SEND_FAILED; + } + + /* Send to server */ + retval = write(sock_fd, buf, sizeof(buf)); + if(retval < sizeof(buf)) + { + /* Write error */ + SEC_SVR_DBG("Error on write(): %d", retval); + return SECURITY_SERVER_ERROR_SEND_FAILED; + } + return SECURITY_SERVER_SUCCESS; +} + /* Send PID check request message to security server * * * Message format @@ -1824,7 +1936,7 @@ int recv_check_privilege_new_request(int sockfd, } retval = read(sockfd, &alen, sizeof(int)); - if(retval < sizeof(int) || alen < 0 || olen > MAX_MODE_STR_LEN) + if(retval < sizeof(int) || alen < 0 || alen > MAX_MODE_STR_LEN) { SEC_SVR_DBG("error reading access_rights len: %d", retval); return SECURITY_SERVER_ERROR_RECV_FAILED; @@ -1862,6 +1974,19 @@ int recv_pid_request(int sockfd, unsigned char *requested_cookie) return SECURITY_SERVER_SUCCESS; } +/* receiving cookie from package */ +int recv_smack_request(int sockfd, unsigned char *requested_cookie) +{ + int retval; + retval = read(sockfd, requested_cookie, SECURITY_SERVER_COOKIE_LEN); + if(retval < SECURITY_SERVER_COOKIE_LEN) + { + SEC_SVR_DBG("Received cookie size is too small: %d", retval); + return SECURITY_SERVER_ERROR_RECV_FAILED; + } + return SECURITY_SERVER_SUCCESS; +} + /* Receive pid request packet body */ int recv_launch_tool_request(int sockfd, int argc, char *argv[]) { @@ -1880,6 +2005,13 @@ int recv_launch_tool_request(int sockfd, int argc, char *argv[]) return SECURITY_SERVER_ERROR_RECV_FAILED; } + if(argv_len <= 0 || argv_len >= INT_MAX) + { + SEC_SVR_DBG("Error: argv length out of boundaries"); + free_argv(argv, argc); + return SECURITY_SERVER_ERROR_RECV_FAILED; + } + argv[i] = malloc(argv_len + 1); if(argv[i] == NULL) { @@ -2071,6 +2203,24 @@ int recv_privilege_check_new_response(int sockfd, response_header *hdr) return SECURITY_SERVER_SUCCESS; } +int recv_smack_response(int sockfd, response_header *hdr, char * label) +{ + int retval; + + retval = recv_generic_response(sockfd, hdr); + if(retval != SECURITY_SERVER_SUCCESS) + return return_code_to_error_code(hdr->return_code); + + retval = read(sockfd, label, SMACK_LABEL_LEN + 1); + if(retval < sizeof(int)) + { + /* Error on socket */ + SEC_SVR_DBG("Client: Receive failed %d", retval); + return SECURITY_SERVER_ERROR_RECV_FAILED; + } + return SECURITY_SERVER_SUCCESS; +} + int recv_pid_response(int sockfd, response_header *hdr, int *pid) { int retval; @@ -2207,13 +2357,18 @@ int search_middleware_cmdline(char *cmdline) } /* Authenticate the application is middleware daemon - * The middleware must run as root and the cmd line must be pre listed */ + * The middleware must run as root (or middleware user) and the cmd line must be + * pre listed for authentication to succeed */ int authenticate_client_middleware(int sockfd, int *pid) { int retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED; struct ucred cr; unsigned int cl = sizeof(cr); char *cmdline = NULL; + struct passwd pw, *ppw; + size_t buf_size; + char *buf; + static uid_t middleware_uid = 0; *pid = 0; @@ -2225,8 +2380,25 @@ int authenticate_client_middleware(int sockfd, int *pid) goto error; } - /* All middlewares will run as root */ - if(cr.uid != 0) + if (!middleware_uid) + { + buf_size = sysconf(_SC_GETPW_R_SIZE_MAX); + if (buf_size == -1) + buf_size = 1024; + + buf = malloc(buf_size); + + /* This test isn't essential, skip it in case of error */ + if (buf) { + if (getpwnam_r(SECURITY_SERVER_MIDDLEWARE_USER, &pw, buf, buf_size, &ppw) == 0 && ppw) + middleware_uid = pw.pw_uid; + + free(buf); + } + } + + /* Middleware services need to run as root or middleware/app user */ + if(cr.uid != 0 && cr.uid != middleware_uid) { retval = SECURITY_SERVER_ERROR_AUTHENTICATION_FAILED; SEC_SVR_DBG("Non root process has called API: %d", cr.uid); @@ -2254,6 +2426,115 @@ error: return retval; } +/* Get app PID from socked and read its privilege (GID) list + * from /proc//status. + * + * param 1: socket descriptor + * param 2: pointer for hold returned array + * + * ret: size of array or -1 in case of error + * + * Notice that user must free space allocated in this function and + * returned by second parameter (int * privileges) + * */ +int get_client_gid_list(int sockfd, int ** privileges) +{ + int ret; + //for read socket options + struct ucred socopt; + unsigned int socoptSize = sizeof(socopt); + //privileges to be returned + int privilegesSize; + //buffer for store /proc//status filepath + const int PATHSIZE = 24; + char path[PATHSIZE]; + //file pointer + FILE * fp = NULL; + //buffer for filelines + const int LINESIZE = 128; + char fileLine[LINESIZE]; + //for parsing file + char delim[] = ": "; + char * token = NULL; + + + //clear pointer + *privileges = NULL; + + //read socket options + ret = getsockopt(sockfd, SOL_SOCKET, SO_PEERCRED, &socopt, &socoptSize); + if(ret != 0) + { + SEC_SVR_DBG("%s", "Error on getsockopt"); + return -1; + } + + //now we have PID in sockopt.pid + bzero(path, PATHSIZE); + snprintf(path, PATHSIZE, "/proc/%d/status", socopt.pid); + + fp = fopen(path, "r"); + if(fp == NULL) + { + SEC_SVR_DBG("%s", "Error on fopen"); + return -1; + } + + bzero(fileLine, LINESIZE); + + //search for line beginning with "Groups:" + while(strncmp(fileLine, "Groups:", 7) != 0) + { + ret = fgets(fileLine, LINESIZE, fp); + if(ret == NULL) + { + SEC_SVR_DBG("%s", "Error on fgets"); + fclose(fp); + return -1; + } + } + + fclose(fp); + + //now we have "Groups:" line in fileLine[] + ret = 0; + token = strtok(fileLine, delim); + while(token = strtok(NULL, delim)) + { + //add found GID + if(*privileges == NULL) + { + //first GID on list + *privileges = (int *)malloc(sizeof(int) * 1); + if(*privileges == NULL) + { + SEC_SVR_DBG("%s", "Error on malloc"); + return -1; + } + (*privileges)[0] = atoi(token); + } + else + { + *privileges = realloc(*privileges, sizeof(int) * (ret + 1)); + (*privileges)[ret] = atoi(token); + } + + ret++; + } + + //check if we found any GIDs for process + if(*privileges == NULL) + { + SEC_SVR_DBG("%s %d", "No GIDs found for PID:", socopt.pid); + } + else + { + SEC_SVR_DBG("%s %d", "Number of GIDs found:", ret); + } + + return ret; +} + /* Authenticate the application is middleware daemon * The middleware must run as root and the cmd line must be pre listed */ int authenticate_developer_shell(int sockfd) diff --git a/src/daemon/dbus/org.tizen.SecurityDaemon.service b/src/daemon/dbus/org.tizen.SecurityDaemon.service deleted file mode 100644 index 891bde6..0000000 --- a/src/daemon/dbus/org.tizen.SecurityDaemon.service +++ /dev/null @@ -1,3 +0,0 @@ -[D-BUS Service] -Name=org.tizen.SecurityDaemon -Exec=/usr/bin/security-server diff --git a/src/daemon/dbus/security_daemon_dbus_config.h b/src/daemon/dbus/security_daemon_dbus_config.h deleted file mode 100644 index 30b8d90..0000000 --- a/src/daemon/dbus/security_daemon_dbus_config.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file security_daemon_dbus_config.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This file contains security daemon DBus configuration. - */ -#ifndef WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_ -#define WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_ - -#include - -namespace WrtSecurity { - -struct SecurityDaemonConfig { - static const std::string OBJECT_PATH() - { - return "/org/tizen/SecurityDaemon"; - } - - static const std::string SERVICE_NAME() - { - return "org.tizen.SecurityDaemon"; - } -}; - -} // namespace WrtSecurity - -#endif // WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_ diff --git a/src/daemon/dbus/security_dbus_service.cpp b/src/daemon/dbus/security_dbus_service.cpp deleted file mode 100644 index 7beba55..0000000 --- a/src/daemon/dbus/security_dbus_service.cpp +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file security_dbus_service.cpp - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com) - * @version 1.0 - * @brief This file contains implementation of security DBus service. - */ -#include -#include -#include -#include -#include -#include -#include "security_dbus_service.h" -#include "security_daemon_dbus_config.h" -#include -#include -#include - - -void SecurityDBusService::start() -{ - LogDebug("SecurityDBusService starting"); - m_connection = DPL::DBus::Connection::systemBus(); - std::for_each(m_objects.begin(), - m_objects.end(), - [&m_connection] (const DPL::DBus::ObjectPtr& object) - { - m_connection->registerObject(object); - }); - m_connection->registerService( - WrtSecurity::SecurityDaemonConfig::SERVICE_NAME()); -} - -void SecurityDBusService::stop() -{ - LogDebug("SecurityDBusService stopping"); - m_connection.reset(); -} - -void SecurityDBusService::initialize() -{ - LogDebug("SecurityDBusService initializing"); - g_type_init(); - - addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(), - std::make_shared()); - addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(), - std::make_shared()); - addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(), - std::make_shared()); -} - -void SecurityDBusService::addInterface(const std::string& objectPath, - const InterfaceDispatcherPtr& dispatcher) -{ - auto ifaces = - DPL::DBus::Interface::fromXMLString(dispatcher->getXmlSignature()); - if (ifaces.empty()) - { - ThrowMsg(DPL::Exception, "No interface description."); - } - - auto iface = ifaces.at(0); - iface->setDispatcher(dispatcher.get()); - - m_dispatchers.push_back(dispatcher); - m_objects.push_back(DPL::DBus::Object::create(objectPath, iface)); -} - -void SecurityDBusService::deinitialize() -{ - LogDebug("SecurityDBusService deinitializing"); - m_objects.clear(); - m_dispatchers.clear(); -} - -#ifdef DBUS_CONNECTION -DAEMON_REGISTER_SERVICE_MODULE(SecurityDBusService) -#endif //DBUS_CONNECTION diff --git a/src/daemon/dbus/security_dbus_service.h b/src/daemon/dbus/security_dbus_service.h deleted file mode 100644 index 82fd627..0000000 --- a/src/daemon/dbus/security_dbus_service.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file security_dbus_service.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com) - * @version 1.0 - * @brief This file contains definitions of security DBus service. - */ -#ifndef WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_ -#define WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_ - -#include -#include -#include -#include -#include -#include -#include - -class SecurityDBusService : public SecurityDaemon::DaemonService { -private: - virtual void initialize(); - virtual void start(); - virtual void stop(); - virtual void deinitialize(); - -private: - typedef std::shared_ptr InterfaceDispatcherPtr; - typedef std::shared_ptr DispatcherPtr; - - void addInterface(const std::string& objectPath, - const InterfaceDispatcherPtr& dispatcher); - - DPL::DBus::ConnectionPtr m_connection; - std::vector m_objects; - std::vector m_dispatchers; -}; - -#endif // WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_ diff --git a/src/daemon/security_daemon.cpp b/src/daemon/security_daemon.cpp deleted file mode 100644 index 7f93e4f..0000000 --- a/src/daemon/security_daemon.cpp +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file security_daemon.cpp - * @author Lukasz Wrzosek (l.wrzosek@samsung.com) - * @version 1.0 - * @brief This is implementation file of Security Daemon - */ - -#include "security_daemon.h" - -#include -#include -#include - -#include - -#include -IMPLEMENT_SINGLETON(SecurityDaemon::SecurityDaemon) - -#include - -namespace SecurityDaemon { - -//This is declared not in SecurityDaemon class, so no Ecore.h is needed there. -static Ecore_Event_Handler *g_exitHandler; -static Eina_Bool exitHandler(void */*data*/, int /*type*/, void */*event*/) -{ - auto& daemon = SecurityDaemonSingleton::Instance(); - daemon.terminate(0); - - return ECORE_CALLBACK_CANCEL; -} - -SecurityDaemon::SecurityDaemon() : - m_initialized(false), - m_terminating(false), - m_returnValue(0) -{ -} - -void SecurityDaemon::initialize(int& /*argc*/, char** /*argv*/) -{ - DPL::Log::LogSystemSingleton::Instance().SetTag("SECURITY_DAEMON"); - LogDebug("Initializing"); - Assert(!m_initialized && "Already Initialized"); - - g_exitHandler = ecore_event_handler_add(ECORE_EVENT_SIGNAL_EXIT, - &exitHandler, - NULL); - - DatabaseService::initialize(); - FOREACH (service, m_servicesList) { - (*service)->initialize(); - } - m_initialized = true; - LogDebug("Initialized"); -} - -int SecurityDaemon::execute() -{ - Assert(m_initialized && "Not Initialized"); - LogDebug("Starting execute"); - FOREACH (service, m_servicesList) { - (*service)->start(); - } - ecore_main_loop_begin(); - return m_returnValue; -} - -void SecurityDaemon::terminate(int returnValue) -{ - Assert(m_initialized && "Not Initialized"); - Assert(!m_terminating && "Already terminating"); - LogDebug("Terminating"); - - ecore_event_handler_del(g_exitHandler); - - m_returnValue = returnValue; - m_terminating = true; - - FOREACH (service, m_servicesList) { - (*service)->stop(); - } - - ecore_main_loop_quit(); -} - -void SecurityDaemon::shutdown() -{ - LogDebug("Shutdown"); - Assert(m_initialized && "Not Initialized"); - Assert(m_terminating && "Not terminated"); - - DatabaseService::deinitialize(); - FOREACH (service, m_servicesList) { - (*service)->deinitialize(); - } - - m_initialized = false; -} - -namespace DatabaseService { - -void initialize(void) -{ - LogDebug("Ace/Wrt database services initializing..."); - AceDB::AceDAO::attachToThreadRW(); -} - -void deinitialize(void) -{ - LogDebug("Ace/Wrt database services deinitializing..."); - AceDB::AceDAO::detachFromThread(); -} - -} //namespace DatabaseService - -} //namespace SecurityDaemon diff --git a/src/daemon/security_daemon.h b/src/daemon/security_daemon.h deleted file mode 100644 index a98f309..0000000 --- a/src/daemon/security_daemon.h +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file security_daemon.h - * @author Lukasz Wrzosek (l.wrzosek@samsung.com) - * @version 1.0 - * @brief This is header file of Security Daemon - */ - -#ifndef WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H -#define WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H - -#include -#include -#include -#include -#include -#include - - -namespace SecurityDaemon { - -class DaemonService : DPL::Noncopyable { - public: - virtual void initialize() = 0; - virtual void start() = 0; - virtual void stop() = 0; - virtual void deinitialize() = 0; -}; - -class SecurityDaemon : DPL::Noncopyable -{ - public: - SecurityDaemon(); - - void initialize(int& argc, char** argv); - int execute(); - void terminate(int returnValue = 0); - - template - void registerService(Args&&... args) - { - Assert(!m_initialized && "Too late for registration"); - - m_servicesList.push_back( - std::make_shared(std::forward(args)...)); - } - - void shutdown(); - - private: - bool m_initialized; - bool m_terminating; - int m_returnValue; - typedef std::list> DaemonServiceList; - DaemonServiceList m_servicesList; -}; - -namespace DatabaseService { - void initialize(); - void deinitialize(); -}; - -} //namespace SecurityDaemon - -typedef DPL::Singleton SecurityDaemonSingleton; - -#define DAEMON_REGISTER_SERVICE_MODULE(Type) \ - namespace { \ - static int initializeModule(); \ - static int initializeModuleHelper = initializeModule(); \ - int initializeModule() \ - { \ - (void)initializeModuleHelper; \ - SecurityDaemonSingleton::Instance().registerService(); \ - return 0; \ - } \ - } - - -#endif /* WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H */ diff --git a/src/daemon/sockets/api/callback_api.h b/src/daemon/sockets/api/callback_api.h deleted file mode 100644 index ddda4d4..0000000 --- a/src/daemon/sockets/api/callback_api.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file callback_api.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief This header provides types and exceptions required for security service callbacks - */ - -#ifndef CALLBACK_API_H_ -#define CALLBACK_API_H_ - -#include - -typedef void (*socketServerCallback) (SocketConnection * connector); - -typedef bool (*securityCheck) (int socketfd); - -namespace ServiceCallbackApi{ - - class Exception{ - public: - DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) - DECLARE_EXCEPTION_TYPE(Base, ServiceCallbackException) - }; - -} - -#endif /* CALLBACK_API_H_ */ diff --git a/src/daemon/sockets/security_daemon_socket_config.h b/src/daemon/sockets/security_daemon_socket_config.h deleted file mode 100644 index 3d8b6f8..0000000 --- a/src/daemon/sockets/security_daemon_socket_config.h +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file security_daemon_socket_config.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief - */ - -#ifndef SECURITY_DAEMON_SOCKET_CONFIG_H_ -#define SECURITY_DAEMON_SOCKET_CONFIG_H_ - -#include -#include - -namespace WrtSecurity { - -struct SecurityDaemonSocketConfig { - static const std::string SERVER_ADDRESS() - { - return "/tmp/server"; - } -}; - -} // namespace WrtSecurity -#endif /* SECURITY_DAEMON_SOCKET_CONFIG_H_ */ diff --git a/src/daemon/sockets/security_socket_service.cpp b/src/daemon/sockets/security_socket_service.cpp deleted file mode 100644 index 689de1c..0000000 --- a/src/daemon/sockets/security_socket_service.cpp +++ /dev/null @@ -1,384 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file security_socket_service.cpp - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Implementation of socket server - */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "ace_service_callbacks_api.h" -#include "ocsp_service_callbacks_api.h" -#include "popup_service_callbacks_api.h" -#include "security_daemon_socket_config.h" -#include "security_socket_service.h" - -#define TIMEOUT_SEC 0 -#define TIMEOUT_NSEC 100000000 -#define MAX_LISTEN 5 -#define SIGNAL_TO_CLOSE SIGUSR1 - -void SecuritySocketService::throwWithErrnoMessage(const std::string& specificInfo){ - LogError(specificInfo << " : " << strerror(errno)); - ThrowMsg(DPL::Exception, specificInfo << " : " << strerror(errno)); -} - -void SecuritySocketService::registerServiceCallback(const std::string &interfaceName, - const std::string &methodName, - socketServerCallback callbackMethod, - securityCheck securityMethod){ - if(NULL == callbackMethod){ - LogError("Null callback"); - ThrowMsg(DPL::Exception, "Null callback"); - } - if(interfaceName.empty() || methodName.empty()){ - LogError("Interface and method name cannot be empty"); - ThrowMsg(DPL::Exception, "Empty interface or method name"); - } - - auto serviceCallbackPtr = std::make_shared(ServiceCallback(callbackMethod, securityMethod)); - m_callbackMap[interfaceName][methodName] = serviceCallbackPtr; -} - -void SecuritySocketService::addClientSocket(int clientSocket){ - std::lock_guard guard(m_clientSocketListMutex); - m_clientSocketList.push_back(clientSocket); -} - -void SecuritySocketService::removeClientSocket(int clientSocket){ - std::lock_guard guard(m_clientSocketListMutex); - m_clientSocketList.remove(clientSocket); -} - -bool SecuritySocketService::popClientSocket(int * clientSocket){ - std::lock_guard guard(m_clientSocketListMutex); - if(m_clientSocketList.empty()) - return false; - *clientSocket = m_clientSocketList.front(); - m_clientSocketList.pop_front(); - return true; -} - -void SecuritySocketService::initialize(){ - - LogInfo("Initializing..."); - m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS(); - m_signalToClose = SIGNAL_TO_CLOSE; - - //registering Ace callbacks - registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(), - WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first, - WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second); - - registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(), - WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().first, - WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().second); - - registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(), - WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().first, - WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().second); - LogInfo("Registered Ace callbacks"); - - //registering Ocsp callbacks - registerServiceCallback(WrtSecurity::OcspServerApi::INTERFACE_NAME(), - WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first, - WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second); - LogInfo("Registered Ocsp callbacks"); - - //registering Popup callbacks - registerServiceCallback(WrtSecurity::PopupServerApi::INTERFACE_NAME(), - WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().first, - WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().second); - LogInfo("Registered Popup callbacks"); - - if(-1 == (m_listenFd = socket(AF_UNIX, SOCK_STREAM, 0))){ - throwWithErrnoMessage("socket()"); - } - LogInfo("Server socket created"); - - //socket needs to be nonblocking, because read can block after select - int flags; - if (-1 == (flags = fcntl(m_listenFd, F_GETFL, 0))) - flags = 0; - if(-1 == (fcntl(m_listenFd, F_SETFL, flags | O_NONBLOCK))){ - throwWithErrnoMessage("fcntl"); - } - - sockaddr_un server_address; - bzero(&server_address, sizeof(server_address)); - server_address.sun_family = AF_UNIX; - strcpy(server_address.sun_path, m_serverAddress.c_str()); - unlink(server_address.sun_path); - - mode_t socket_umask, original_umask; - socket_umask = 0; - original_umask = umask(socket_umask); - - if(-1 == bind(m_listenFd, (struct sockaddr *)&server_address, SUN_LEN(&server_address))){ - throwWithErrnoMessage("bind()"); - } - - umask(original_umask); - - LogInfo("Initialized"); -} - -void SecuritySocketService::start(){ - - LogInfo("Starting..."); - if(m_serverAddress.empty()){ - LogError("Server not initialized"); - ThrowMsg(DPL::Exception, "Server not initialized"); - } - - sigset_t sigset; - sigemptyset(&sigset); - if(-1 == sigaddset(&sigset, m_signalToClose)){ - throwWithErrnoMessage("sigaddset()"); - } - int returned_value; - if ((returned_value = pthread_sigmask(SIG_BLOCK, &sigset, NULL)) < 0) { - errno = returned_value; - throwWithErrnoMessage("pthread_sigmask()"); - } - - pthread_t mainThread; - - if((returned_value = pthread_create(&mainThread, NULL, &serverThread, this)) < 0){ - errno = returned_value; - throwWithErrnoMessage("pthread_create()"); - } - m_mainThread = mainThread; - - LogInfo("Started"); -} - -void * SecuritySocketService::serverThread(void * data){ - pthread_detach(pthread_self()); - SecuritySocketService &t = *static_cast(data); - LogInfo("Running server main thread"); - Try { - t.mainLoop(); - } Catch (DPL::Exception) { - LogError("Socket server error. Exiting..."); - return (void *)1; - } - - return (void *)0; -} - - -void SecuritySocketService::mainLoop(){ - - if(listen(m_listenFd, MAX_LISTEN) == -1){ - throwWithErrnoMessage("listen()"); - } - - //Settings to catch closing signal in select - int signal_fd; - sigset_t sigset; - if(-1 == (sigemptyset(&sigset))){ - throwWithErrnoMessage("sigemptyset()"); - } - if(-1 == (sigaddset(&sigset, m_signalToClose))) { - throwWithErrnoMessage("sigaddset()"); - } - if((signal_fd = signalfd(-1, &sigset, 0)) < 0){ - throwWithErrnoMessage("signalfd()"); - } - - //Setting descriptors for pselect - fd_set allset, rset; - int maxfd; - FD_ZERO(&allset); - FD_SET(m_listenFd, &allset); - FD_SET(signal_fd, &allset); - timespec timeout; - maxfd = (m_listenFd > signal_fd) ? (m_listenFd) : (signal_fd); - ++maxfd; - //this will block SIGPIPE for this thread and every thread created in it - //reason : from here on we don't won't to receive SIGPIPE on writing to closed socket - //instead of signal we want to receive error from write - hence blocking SIGPIPE - sigset_t set; - sigemptyset(&set); - sigaddset(&set, SIGPIPE); - pthread_sigmask(SIG_BLOCK, &set, NULL); - - while(1){ - timeout.tv_sec = TIMEOUT_SEC; - timeout.tv_nsec = TIMEOUT_NSEC; - rset = allset; - if(-1 == pselect(maxfd, &rset, NULL, NULL, &timeout, NULL)){ - closeConnections(); - throwWithErrnoMessage("pselect()"); - } - - if(FD_ISSET(signal_fd, &rset)){ - LogInfo("Got signal to close"); - signalfd_siginfo siginfo; - ssize_t res; - res = read(signal_fd, &siginfo, sizeof(siginfo)); - if(res <= 0){ - closeConnections(); - throwWithErrnoMessage("read()"); - } - if((size_t)res != sizeof(siginfo)){ - closeConnections(); - LogError("couldn't read whole siginfo"); - ThrowMsg(DPL::Exception, "couldn't read whole siginfo"); - } - if((int)siginfo.ssi_signo == m_signalToClose){ - LogInfo("Server thread got signal to close"); - closeConnections(); - return; - } else { - LogInfo("Got not handled signal"); - } - } - if(FD_ISSET(m_listenFd, &rset)){ - int client_fd; - if(-1 == (client_fd = accept(m_listenFd, NULL, NULL))){ - closeConnections(); - throwWithErrnoMessage("accept()"); - } - LogInfo("Got incoming connection"); - Connection_Info * connection = new Connection_Info(client_fd, (void *)this); - int res; - pthread_t client_thread; - if((res = pthread_create(&client_thread, NULL, &connectionThread, connection)) < 0){ - delete connection; - errno = res; - closeConnections(); - throwWithErrnoMessage("pthread_create()"); - } - addClientSocket(client_fd); - } - } -} - -void * SecuritySocketService::connectionThread(void * data){ - pthread_detach(pthread_self()); - std::auto_ptr c (static_cast(data)); - SecuritySocketService &t = *static_cast(c->data); - LogInfo("Starting connection thread"); - Try { - t.connectionService(c->connfd); - } Catch (DPL::Exception){ - LogError("Connection thread error : " << _rethrown_exception.DumpToString()); - t.removeClientSocket(c->connfd); - close(c->connfd); - return (void*)1; - } - LogInfo("Client serviced"); - return (void*)0; -} - -void SecuritySocketService::connectionService(int fd){ - - SocketConnection connector = SocketConnection(fd); - std::string interfaceName, methodName; - - Try { - connector.read(&interfaceName, &methodName); - } Catch (SocketConnection::Exception::SocketConnectionException){ - LogError("Socket Connection read error"); - ReThrowMsg(DPL::Exception, "Socket Connection read error"); - } - - LogDebug("Got interface : " << interfaceName); - LogDebug("Got method : " << methodName); - - if( m_callbackMap.find(interfaceName) == m_callbackMap.end()){ - LogError("Unknown interface : " << interfaceName); - ThrowMsg(DPL::Exception, "Unknown interface : " << interfaceName); - } - - if(m_callbackMap[interfaceName].find(methodName) == m_callbackMap[interfaceName].end()){ - LogError("Unknown method : " << methodName); - ThrowMsg(DPL::Exception, "Unknown method"); - } - - if(m_callbackMap[interfaceName][methodName]->securityCallback != NULL){ - if(!m_callbackMap[interfaceName][methodName]->securityCallback(fd)){ - LogError("Security check returned false"); - ThrowMsg(DPL::Exception, "Security check returned false"); - } - } - - LogInfo("Calling service"); - Try{ - m_callbackMap[interfaceName][methodName]->serviceCallback(&connector); - } Catch (ServiceCallbackApi::Exception::ServiceCallbackException){ - LogError("Service callback error"); - ReThrowMsg(DPL::Exception, "Service callback error"); - } - - LogInfo("Removing client"); - removeClientSocket(fd); - close(fd); - - LogInfo("Call served"); - -} - -void SecuritySocketService::stop(){ - LogInfo("Stopping"); - if(-1 == close(m_listenFd)) - if(errno != ENOTCONN) - throwWithErrnoMessage("close()"); - int returned_value; - if((returned_value = pthread_kill(m_mainThread, m_signalToClose)) < 0){ - errno = returned_value; - throwWithErrnoMessage("pthread_kill()"); - } - pthread_join(m_mainThread, NULL); - - LogInfo("Stopped"); -} - -void SecuritySocketService::closeConnections(){ - - int clientSocket; - LogInfo("Closing client sockets"); - while(popClientSocket(&clientSocket)){ - if(-1 == close(clientSocket)){ - LogError("close() : " << strerror(errno)); - } - } - - LogInfo("Connections closed"); -} - -void SecuritySocketService::deinitialize(){ - m_serverAddress.clear(); - - LogInfo("Deinitialized"); - -} - -#ifdef SOCKET_CONNECTION -DAEMON_REGISTER_SERVICE_MODULE(SecuritySocketService) -#endif diff --git a/src/daemon/sockets/security_socket_service.h b/src/daemon/sockets/security_socket_service.h deleted file mode 100644 index 882d0e5..0000000 --- a/src/daemon/sockets/security_socket_service.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file security_socket_service.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Header of socket server class - */ - -#ifndef SECURITY_SOCKET_SERVICE_H_ -#define SECURITY_SOCKET_SERVICE_H_ - -#include -#include -#include -#include -#include -#include -#include -#include - -class SecuritySocketService : public SecurityDaemon::DaemonService { - -private: - - virtual void initialize(); - virtual void start(); - virtual void stop(); - virtual void deinitialize(); - - -private: - - //Function for registering callback with given interface and method name and possibly security check callback - void registerServiceCallback(const std::string& interfaceName, - const std::string& methodName, - socketServerCallback serviceCallback, - securityCheck securityCallback = NULL); - //Thread function for server - static void * serverThread(void *); - //Main function for server - void mainLoop(); - //Thread function for connection serving - static void * connectionThread(void *); - //Main function for connection serving - void connectionService(int fd); - //closing all connections - void closeConnections(); - //logs an error and throws an exception with message containing errno message - void throwWithErrnoMessage(const std::string &specificInfo); - - //concurrency safe methods for client socket list - add, remove and pop (with returned value) - void addClientSocket(int clientThread); - void removeClientSocket(int clientThread); - bool popClientSocket(int* clientThread); - - //Address of socket server - std::string m_serverAddress; - //Signal used for informing threads to stop - int m_signalToClose; - //Socket for listening - int m_listenFd; - //Number of main thread - pthread_t m_mainThread; - //Numbers of all created threads for connections - std::list m_clientSocketList; - - //Thread list mutex - std::mutex m_clientSocketListMutex; - - //Structure for callback maps - class ServiceCallback - { - public: - ServiceCallback(socketServerCallback ser, securityCheck sec) : serviceCallback(ser), securityCallback(sec){} - socketServerCallback serviceCallback; - securityCheck securityCallback; - }; - - typedef std::shared_ptr ServiceCallbackPtr; - //Map for callback methods, key is a method name and value is a callback to method - typedef std::map ServiceMethodCallbackMap; - //Map for interface methods, key is an interface name and value is a map of available methods with callbacks - std::map m_callbackMap; - - //Structure passed to connection thread - struct Connection_Info{ - Connection_Info(int fd, void * data) : connfd(fd), data(data) - {} - int connfd; - void * data; - }; - -}; - -#endif /* SECURITY_SOCKET_SERVICE_H_ */ diff --git a/src/security-srv/include/SLP_security-model_PG.h b/src/include/SLP_security-model_PG.h similarity index 100% rename from src/security-srv/include/SLP_security-model_PG.h rename to src/include/SLP_security-model_PG.h diff --git a/src/security-srv/include/SLP_security-server_PG.h b/src/include/SLP_security-server_PG.h similarity index 100% rename from src/security-srv/include/SLP_security-server_PG.h rename to src/include/SLP_security-server_PG.h diff --git a/src/security-srv/include/security-server-comm.h b/src/include/security-server-comm.h similarity index 93% rename from src/security-srv/include/security-server-comm.h rename to src/include/security-server-comm.h index 3a3de6f..cc2dd8f 100644 --- a/src/security-srv/include/security-server-comm.h +++ b/src/include/security-server-comm.h @@ -36,6 +36,8 @@ typedef struct unsigned char return_code; } response_header; +#define SECURITY_SERVER_MIDDLEWARE_USER "app" + /* Message Types */ #define SECURITY_SERVER_MSG_TYPE_COOKIE_REQUEST 0x01 #define SECURITY_SERVER_MSG_TYPE_COOKIE_RESPONSE 0x02 @@ -65,6 +67,8 @@ typedef struct #define SECURITY_SERVER_MSG_TYPE_SET_PWD_MAX_CHALLENGE_RESPONSE 0x1a #define SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_REQUEST 0x1b #define SECURITY_SERVER_MSG_TYPE_SET_PWD_VALIDITY_RESPONSE 0x1c +#define SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST 0x1d +#define SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE 0x1e #define SECURITY_SERVER_MSG_TYPE_GENERIC_RESPONSE 0xff /* Return code */ @@ -91,6 +95,7 @@ int connect_to_server(int *fd); int accept_client(int server_sockfd); int authenticate_client_application(int sockfd, int *pid, int *uid); int authenticate_client_middleware(int sockfd, int *pid); +int get_client_gid_list(int sockfd, int ** privileges); int authenticate_developer_shell(int sockfd); char *read_cmdline_from_proc(pid_t pid); int send_generic_response (int sockfd, unsigned char msgid, unsigned char return_code); @@ -120,6 +125,10 @@ int send_pid_request(int sock_fd, const char*cookie); int recv_pid_response(int sockfd, response_header *hdr, int *pid); int recv_pid_request(int sockfd, unsigned char *requested_cookie); int send_pid(int sockfd, int pid); +int send_smack_request(int sockfd, const char * cookie); +int recv_smack_response(int sockfd, response_header *hdr, char * label); +int recv_smack_request(int sockfd, unsigned char *requested_cookie); +int send_smack(int sockfd, char * label); int send_launch_tool_request(int sock_fd, int argc, const char **argv); int recv_generic_response(int sockfd, response_header *hdr); int recv_launch_tool_request(int sockfd, int argc, char *argv[]); diff --git a/src/security-srv/include/security-server-common.h b/src/include/security-server-common.h similarity index 96% rename from src/security-srv/include/security-server-common.h rename to src/include/security-server-common.h index 355892d..03893d2 100644 --- a/src/security-srv/include/security-server-common.h +++ b/src/include/security-server-common.h @@ -95,7 +95,8 @@ typedef struct _cookie_list pid_t pid; /* Client process's PID */ char *path; /* Client process's cmd line string */ int *permissions; /* Array of GID that the client process has */ - char *smack_label; /* SMACK label of the client process */ + char *smack_label; /* SMACK label of the client process */ + char is_roots_process; /* Is cookie belongs to roots process */ struct _cookie_list *prev; /* Next cookie list */ struct _cookie_list *next; /* Previous cookie list */ } cookie_list; diff --git a/src/security-srv/include/security-server-cookie.h b/src/include/security-server-cookie.h similarity index 96% rename from src/security-srv/include/security-server-cookie.h rename to src/include/security-server-cookie.h index 3acc720..c24fcda 100644 --- a/src/security-srv/include/security-server-cookie.h +++ b/src/include/security-server-cookie.h @@ -27,7 +27,7 @@ int free_cookie_item(cookie_list *cookie); cookie_list *delete_cookie_item(cookie_list *cookie); cookie_list *search_existing_cookie(int pid, const cookie_list *c_list); -cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int privilege); +cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int * privileges, int privilegesSize); cookie_list *search_cookie_new(const cookie_list *c_list, const unsigned char *cookie, const char *object, diff --git a/src/security-srv/include/security-server-password.h b/src/include/security-server-password.h similarity index 97% rename from src/security-srv/include/security-server-password.h rename to src/include/security-server-password.h index 7fa9377..924153f 100644 --- a/src/security-srv/include/security-server-password.h +++ b/src/include/security-server-password.h @@ -32,6 +32,6 @@ int process_reset_pwd_request(int sockfd); int process_chk_pwd_request(int sockfd); int process_set_pwd_max_challenge_request(int sockfd); int process_set_pwd_validity_request(int sockfd); -int init_try(void); +void initiate_try(void); #endif diff --git a/src/security-srv/include/security-server-util.h b/src/include/security-server-util.h similarity index 100% rename from src/security-srv/include/security-server-util.h rename to src/include/security-server-util.h diff --git a/src/security-srv/include/security-server.h b/src/include/security-server.h similarity index 97% rename from src/security-srv/include/security-server.h rename to src/include/security-server.h index bf2201b..b927c89 100644 --- a/src/security-srv/include/security-server.h +++ b/src/include/security-server.h @@ -984,6 +984,34 @@ int security_server_set_pwd_history(int number_of_history); */ int security_server_launch_debug_tool(int argc, const char **argv); +/* + * This function allows to get process SMACK label by passing cookie assigned + * to process. Function returns pointer to allocated buffer with label. + * User has to free the buffer after using. + * + * \param[in] Pointer to cookie + * + * \return Pointer to SMACK label or NULL + * + * \par For free label use free(), label allocated by calloc() + * User responsibility is to free resource. + */ +char * security_server_get_smacklabel_cookie(const char *cookie); + +/* + * This function allows to get process SMACK label by passing socket descriptor. + * Function returns pointer to allocated buffer with label. + * User has to free the buffer after using. + * + * \param[in] Socket descriptor + * + * \return Pointer to SMACK label or NULL + * + * \par For free label use free(), label allocated by calloc(). + * User responsibility is to free resource. + */ +char * security_server_get_smacklabel_sockfd(int fd); + #ifdef __cplusplus } #endif diff --git a/src/main.cpp b/src/main.cpp deleted file mode 100644 index 4b16270..0000000 --- a/src/main.cpp +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file main.cpp - * @author Lukasz Wrzosek (l.wrzosek@samsung.com) - * @version 1.0 - * @brief This is main routing for Security Daemon - */ - -#include -#include - -#include "security_daemon.h" - -#include - -static const std::string DAEMON_INSTANCE_UUID = - "5ebf3f24-dad6-4a27-88b4-df7970efe7a9"; - -extern "C" void *security_server_main_thread(void *data); - -int main(int argc, char* argv[]) -{ - - pthread_t main_thread; - - if (0 != pthread_create(&main_thread, NULL, security_server_main_thread, NULL)) { - LogError("Cannot create security server thread"); - return -1; - } - - DPL::SingleInstance instance; - try { - if (!instance.TryLock(DAEMON_INSTANCE_UUID)) { - LogError("Security Daemon is already running"); - return -1; - } - } catch (const DPL::SingleInstance::Exception::LockError &e) { - LogError(e.DumpToString()); - return -1; - } - - auto& daemon = SecurityDaemonSingleton::Instance(); - - daemon.initialize(argc, argv); - - //Run daemon - auto retVal = daemon.execute(); - - daemon.shutdown(); - try { - instance.Release(); - } catch (const DPL::SingleInstance::Exception::LockError &e) { - LogError(e.DumpToString()); - } - - return retVal; -} diff --git a/src/security-srv/mw-list b/src/mw-list similarity index 62% rename from src/security-srv/mw-list rename to src/mw-list index 9bfa0b0..14a8890 100644 --- a/src/security-srv/mw-list +++ b/src/mw-list @@ -1,13 +1,12 @@ /usr/bin/telephony-server /usr/bin/ss-server -/usr/bin/dnet /usr/bin/msg-server /usr/bin/alarm-server -/usr/bin/dnet -/usr/bin/audio-session-mgr-server /usr/bin/lbs_server /usr/bin/power_manager /usr/bin/system_server -/opt/home/root/security_server_tc_server /usr/bin/sec-svr-util - +/usr/bin/mdm-server +/usr/bin/smartcard-daemon +/usr/bin/sound_server +/usr/bin/nfc-manager-daemon diff --git a/src/security-srv/security-serverd b/src/security-serverd similarity index 70% rename from src/security-srv/security-serverd rename to src/security-serverd index 48fbefc..36344cc 100644 --- a/src/security-srv/security-serverd +++ b/src/security-serverd @@ -2,3 +2,4 @@ # start secure-storage server /usr/bin/security-server & +set_pmon -p security-server diff --git a/src/security-srv/CMakeLists.txt--original b/src/security-srv/CMakeLists.txt--original deleted file mode 100644 index 4b8d9e0..0000000 --- a/src/security-srv/CMakeLists.txt--original +++ /dev/null @@ -1,78 +0,0 @@ -SET(PREFIX ${CMAKE_INSTALL_PREFIX}) -SET(EXEC_PREFIX "\${prefix}") -SET(LIBDIR "\${prefix}/lib") -SET(INCLUDEDIR "\${prefix}/include") -SET(VERSION_MAJOR 1) -SET(VERSION ${VERSION_MAJOR}.0.1) - -#Verbose -#SET(CMAKE_VERBOSE_MAKEFILE ON) - -INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include) - -INCLUDE(FindPkgConfig) -pkg_check_modules(pkgs REQUIRED dlog openssl libsmack) - -FOREACH(flag ${pkgs_CFLAGS}) - SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}") -ENDFOREACH(flag) - -SET(sec_svr_dir "./") -SET(sec_svr_include_dir "./include") -SET(sec_svr_src_dir "./src") -SET(sec_svr_test_dir "./testcases") - -## Additional flag -#SET(debug_type "-DSECURITY_SERVER_DEBUG_TO_CONSOLE") -SET(debug_type "-DSECURITY_SERVER_DEBUG_DLOG") -#SET(debug_type "") - -SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} -fvisibility=hidden") -SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${EXTRA_CFLAGS}") - -################################################################################################### -## for libsecurity-server-client.so (library) -SET(libsecurity-server-client_SOURCES ${sec_svr_src_dir}/client/security-server-client.c ${sec_svr_src_dir}/communication/security-server-comm.c) -SET(libsecurity-server-client_LDFLAGS " -module -avoid-version") -SET(libsecurity-server-client_CFLAGS " ${CFLAGS} -fPIC -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ") -#SET(libsecurity-server-client_LIBADD "") - -ADD_LIBRARY(security-server-client SHARED ${libsecurity-server-client_SOURCES}) -TARGET_LINK_LIBRARIES(security-server-client ${pkgs_LDFLAGS}) -SET_TARGET_PROPERTIES(security-server-client PROPERTIES SOVERSION ${VERSION_MAJOR}) -SET_TARGET_PROPERTIES(security-server-client PROPERTIES VERSION ${VERSION}) -SET_TARGET_PROPERTIES(security-server-client PROPERTIES COMPILE_FLAGS "${libsecurity-server-client_CFLAGS}") -################################################################################################### - -################################################################################################### -## for security-server (binary) -SET(security-server_SOURCES ${sec_svr_src_dir}/server/security-server-main.c ${sec_svr_src_dir}/communication/security-server-comm.c ${sec_svr_src_dir}/server/security-server-cookie.c ${sec_svr_src_dir}/server/security-server-password.c ${sec_svr_src_dir}/util/security-server-util-common.c ) -SET(security-server_CFLAGS " -I/usr/include -I. -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ") -SET(security-server_LDFLAGS ${pkgs_LDFLAGS} -lpthread) - -ADD_EXECUTABLE(security-server ${security-server_SOURCES}) -TARGET_LINK_LIBRARIES(security-server ${pkgs_LDFLAGS}) -SET_TARGET_PROPERTIES(security-server PROPERTIES COMPILE_FLAGS "${security-server_CFLAGS}") -#################################################################################################### - -##FOR TEST METHOD ONLY. MUST BE DELETED ON RELEASE ############################################################ -## for security-server util (binary) -SET(sec-svr-util_SOURCES ${sec_svr_src_dir}/util/security-server-util.c ${sec_svr_src_dir}/communication/security-server-comm.c ${sec_svr_src_dir}/util/security-server-util-common.c ${sec_svr_src_dir}/server/security-server-cookie.c) -SET(sec-svr-util_CFLAGS " -I/usr/include -I. -I${sec_svr_include_dir} ${debug_type} -D_GNU_SOURCE ") -SET(sec-svr-util_LDFLAGS ${pkgs_LDFLAGS}) - -ADD_EXECUTABLE(sec-svr-util ${sec-svr-util_SOURCES}) -TARGET_LINK_LIBRARIES(sec-svr-util ${pkgs_LDFLAGS}) -SET_TARGET_PROPERTIES(sec-svr-util PROPERTIES COMPILE_FLAGS "${sec-svr-util_CFLAGS}") -#################################################################################################### - -CONFIGURE_FILE(security-server.pc.in security-server.pc @ONLY) - -INSTALL(TARGETS security-server-client DESTINATION lib) - -INSTALL(PROGRAMS ${CMAKE_BINARY_DIR}/security-server DESTINATION bin) -INSTALL(PROGRAMS ${CMAKE_BINARY_DIR}/sec-svr-util DESTINATION bin) -INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/security-server.pc DESTINATION lib/pkgconfig) -INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/include/security-server.h DESTINATION include/security-server) -INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/mw-list DESTINATION share/security-server) -INSTALL(PROGRAMS ${CMAKE_CURRENT_SOURCE_DIR}/security-serverd DESTINATION /etc/rc.d/init.d) diff --git a/src/security-srv/server/security-server-cookie.c b/src/server/security-server-cookie.c similarity index 89% rename from src/security-srv/server/security-server-cookie.c rename to src/server/security-server-cookie.c index 518134b..b5571c0 100644 --- a/src/security-srv/server/security-server-cookie.c +++ b/src/server/security-server-cookie.c @@ -219,10 +219,10 @@ finish: /* Search existing cookie from the cookie list for matching cookie and privilege */ /* If privilege is 0, just search cookie exists or not */ -cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int privilege) +cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cookie, int * privileges, int privilegesSize) { cookie_list *current = (cookie_list *)c_list, *retval = NULL; - int i; + int i, j; /* Search from the list */ while(current != NULL) @@ -233,28 +233,47 @@ cookie_list *search_cookie(const cookie_list *c_list, const unsigned char *cooki if(current == NULL) break; + //searching for cookie if(memcmp(current->cookie, cookie, SECURITY_SERVER_COOKIE_LEN) == 0) { - SEC_SVR_DBG("%s", "cookie has been found"); - - /* default cookie is for root process which is pid is set to 0 */ - if(current->pid == 0 || privilege == 0) - { - retval = current; - goto finish; - } - else - { - for(i=0 ; i < current->permission_len ; i++) - { - if(privilege == current->permissions[i]) - { - SEC_SVR_DBG("Found privilege %d", privilege); - retval = current; - goto finish; - } - } - } + SEC_SVR_DBG("%s", "Cookie has been found"); + + //check if this cookie belongs to root process (root process created it) + if(current->is_roots_process == 1) + { + SEC_SVR_DBG("%s", "Root process cookie, special privileges"); + //we can skip privilege checking + retval = current; + goto finish; + } + + if((privileges == NULL) || (privilegesSize == 0)) + { + SEC_SVR_DBG("%s", "No privileges to search in cookie!"); + } + else if(current->permissions == NULL) + { + SEC_SVR_DBG("%s", "Cookie has no privileges inside!"); + } + else + { + SEC_SVR_DBG("%s", "Searching for privileges"); + SEC_SVR_DBG("%s %d", "Privileges in cookie:", current->permission_len); + SEC_SVR_DBG("%s %d", "Privileges to search:", privilegesSize); + + for(j = 0; j < privilegesSize; j++) + { + for(i = 0; i < current->permission_len; i++) + { + if(privileges[j] == current->permissions[i]) + { + SEC_SVR_DBG("Found privilege %d", privileges[j]); + retval = current; + goto finish; + } + } + } + } } current = current->next; } @@ -324,7 +343,6 @@ int generate_random_cookie(unsigned char *cookie, int size) ret = SECURITY_SERVER_ERROR_FILE_OPERATION; goto error; } - close(fd); ret = SECURITY_SERVER_SUCCESS; error: if(fd >= 0) diff --git a/src/security-srv/server/security-server-main.c b/src/server/security-server-main.c similarity index 87% rename from src/security-srv/server/security-server-main.c rename to src/server/security-server-main.c index 1cd5cfb..34d4f2a 100644 --- a/src/security-srv/server/security-server-main.c +++ b/src/server/security-server-main.c @@ -29,6 +29,8 @@ #include #include #include +#include +#include #include "security-server-cookie.h" #include "security-server-common.h" @@ -336,6 +338,7 @@ int process_cookie_request(int sockfd) goto error; } /* If client application is root process, just respond default cookie */ + /* if( client_uid == 0) { SEC_SVR_DBG("%s", "Requested application is a root process"); @@ -348,6 +351,9 @@ int process_cookie_request(int sockfd) } else { + */ + //TODO: Remove above code if there will be no crashes without it + //All process should be treaded the same /* Create a new cookie. or find existing one */ pthread_mutex_lock(&cookie_mutex); created_cookie = create_cookie_item(client_pid, sockfd, c_list); @@ -357,7 +363,14 @@ int process_cookie_request(int sockfd) SEC_SVR_DBG("%s","Cannot create a cookie"); goto error; } - } + + //let others know if this cookie belongs to root process + if(client_uid == 0) + created_cookie->is_roots_process = 1; + else + created_cookie->is_roots_process = 0; + + //} /* send cookie as response */ retval = send_cookie(sockfd, created_cookie->cookie); if(retval != SECURITY_SERVER_SUCCESS) @@ -378,6 +391,7 @@ int process_check_privilege_request(int sockfd) { /* Authenticate client */ int retval, client_pid, requested_privilege; + int privileges[1]; unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN]; cookie_list *search_result = NULL; @@ -425,7 +439,8 @@ int process_check_privilege_request(int sockfd) /* Search cookie list */ pthread_mutex_lock(&cookie_mutex); - search_result = search_cookie(c_list, requested_cookie, requested_privilege); + privileges[0] = requested_privilege; + search_result = search_cookie(c_list, requested_cookie, privileges, 1); pthread_mutex_unlock(&cookie_mutex); if(search_result != NULL) { @@ -701,6 +716,7 @@ int process_pid_request(int sockfd) { int retval, client_pid; unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN]; + int * privileges; cookie_list *search_result = NULL; /* Authenticate client */ @@ -734,7 +750,17 @@ int process_pid_request(int sockfd) /* Search cookie list */ pthread_mutex_lock(&cookie_mutex); - search_result = search_cookie(c_list, requested_cookie, 0); + + retval = get_client_gid_list(sockfd, &privileges); + if(retval < 0) + { + SEC_SVR_DBG("ERROR: Cannot get GID list"); + goto error; + } + + search_result = search_cookie(c_list, requested_cookie, privileges, retval); + free(privileges); + pthread_mutex_unlock(&cookie_mutex); if(search_result != NULL) { @@ -764,6 +790,131 @@ error: return retval; } +int process_smack_request(int sockfd) +{ + int retval, client_pid; + int privileges[1]; + unsigned char requested_cookie[SECURITY_SERVER_COOKIE_LEN]; + cookie_list *search_result = NULL; + //handler for SMACK label + char * label = NULL; + //buffer for storing file path + const int BUFFSIZE = 30; + char path[BUFFSIZE]; + int fd; + + /* Authenticate client */ + retval = authenticate_client_middleware(sockfd, &client_pid); + if(retval != SECURITY_SERVER_SUCCESS) + { + SEC_SVR_DBG("%s", "Client Authentication Failed"); + retval = send_generic_response(sockfd, + SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE, + SECURITY_SERVER_RETURN_CODE_AUTHENTICATION_FAILED); + if(retval != SECURITY_SERVER_SUCCESS) + { + SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval); + } + goto error; + } + + retval = recv_smack_request(sockfd, requested_cookie); + if(retval == SECURITY_SERVER_ERROR_RECV_FAILED) + { + SEC_SVR_DBG("%s", "Receiving request failed"); + retval = send_generic_response(sockfd, + SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE, + SECURITY_SERVER_RETURN_CODE_BAD_REQUEST); + if(retval != SECURITY_SERVER_SUCCESS) + { + SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval); + } + goto error; + } + + /* Search cookie list */ + pthread_mutex_lock(&cookie_mutex); + + retval = get_client_gid_list(sockfd, &privileges); + if(retval < 0) + { + SEC_SVR_DBG("ERROR: Cannot get GID list"); + goto error; + } + + search_result = search_cookie(c_list, requested_cookie, privileges, retval); + free(privileges); + + pthread_mutex_unlock(&cookie_mutex); + if(search_result != NULL) + { + /* We found */ + SEC_SVR_DBG("We found the cookie and pid:%d", search_result->pid); + SEC_SVR_DBG("%s", "Cookie comparison succeeded. Access granted."); + + //clearing buffer + memset(path, 0x00, BUFFSIZE); + + //preparing file path + snprintf(path, BUFFSIZE, "/proc/%d/attr/current", search_result->pid); + SEC_SVR_DBG("Path to file: %s\n", path); + + //allocation place for label + label = calloc(SMACK_LABEL_LEN, 1); + if(NULL == label) + { + SEC_SVR_DBG("Client ERROR: Memory allocation error"); + goto error; + } + + //clearing buffer for label + memset(label, 0x00, SMACK_LABEL_LEN); + + //opening file /proc//attr/curent with SMACK label + fd = open(path, O_RDONLY); + if(fd < 0) + { + SEC_SVR_DBG("Client ERROR: Unable to open file in /proc"); + goto error; + } + + //reading label from file, it is NOT NULL TERMINATED + retval = read(fd, label, SMACK_LABEL_LEN); + close(fd); + if(retval < 0) + { + SEC_SVR_DBG("Client ERROR: Unable to read from file"); + goto error; + } + + SEC_SVR_DBG("Readed label is: %s\n", label); + + retval = send_smack(sockfd, label); + + if(retval != SECURITY_SERVER_SUCCESS) + { + SEC_SVR_DBG("ERROR: Cannot send generic response: %d", retval); + } + } + else + { + /* It's not exist */ + SEC_SVR_DBG("%s", "Could not find the cookie"); + retval = send_generic_response(sockfd, + SECURITY_SERVER_MSG_TYPE_SMACK_RESPONSE, + SECURITY_SERVER_RETURN_CODE_NO_SUCH_COOKIE); + if(retval != SECURITY_SERVER_SUCCESS) + { + SEC_SVR_DBG("ERROR: Cannot send SMACK label response: %d", retval); + } + } +error: + if(NULL != label) + free(label); + + return retval; +} + int process_tool_request(int client_sockfd, int server_sockfd) { int retval, argcnum; @@ -816,7 +967,7 @@ int process_tool_request(int client_sockfd, int server_sockfd) memset(recved_argv, 0, sizeof(char *) * argcnum); retval = recv_launch_tool_request(client_sockfd, argcnum -1, recved_argv); - if(retval == SECURITY_SERVER_ERROR_RECV_FAILED) + if(retval == SECURITY_SERVER_ERROR_RECV_FAILED || retval == SECURITY_SERVER_ERROR_OUT_OF_MEMORY) { SEC_SVR_DBG("%s", "Receiving request failed"); recved_argv = NULL; @@ -948,6 +1099,11 @@ void *security_server_thread(void *param) process_pid_request(client_sockfd); break; + case SECURITY_SERVER_MSG_TYPE_SMACK_REQUEST: + SEC_SVR_DBG("%s", "SMACK label request received"); + process_smack_request(client_sockfd); + break; + case SECURITY_SERVER_MSG_TYPE_TOOL_REQUEST: SEC_SVR_DBG("%s", "launch tool request received"); process_tool_request(client_sockfd, server_sockfd); @@ -1093,7 +1249,6 @@ void *security_server_main_thread(void *data) for(retval = 0 ; retval < SECURITY_SERVER_NUM_THREADS; retval++) thread_status[retval] = 0; - initiate_try(); /* Create and bind a Unix domain socket */ @@ -1174,7 +1329,6 @@ error: pthread_exit(NULL); } -/* int main(int argc, char* argv[]) { int res; @@ -1193,4 +1347,4 @@ int main(int argc, char* argv[]) pthread_exit(NULL); return 0; } -*/ + diff --git a/src/security-srv/server/security-server-password.c b/src/server/security-server-password.c similarity index 99% rename from src/security-srv/server/security-server-password.c rename to src/server/security-server-password.c index a86c219..367b5d6 100644 --- a/src/security-srv/server/security-server-password.c +++ b/src/server/security-server-password.c @@ -33,7 +33,7 @@ struct timeval prev_try; -int initiate_try() +void initiate_try() { gettimeofday(&prev_try, NULL); } @@ -762,7 +762,7 @@ int process_set_pwd_request(int sockfd) goto error; } retval = read(sockfd, &new_pwd_len, sizeof(char)); - if(retval < sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN) + if(retval < sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN || new_pwd_len < 0) { SEC_SVR_DBG("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len); retval = send_generic_response(sockfd, @@ -1042,7 +1042,7 @@ int process_reset_pwd_request(int sockfd) /* Receive size of pwd */ retval = read(sockfd, &new_pwd_len, sizeof(char)); - if(retval < sizeof(char) || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN) + if(retval < sizeof(char) || new_pwd_len < 0 || new_pwd_len > SECURITY_SERVER_MAX_PASSWORD_LEN) { SEC_SVR_DBG("Server Error: new password length recieve failed: %d, %d", retval, new_pwd_len); retval = send_generic_response(sockfd, diff --git a/src/services/ace/ace_server_api.h b/src/services/ace/ace_server_api.h deleted file mode 100644 index e327e31..0000000 --- a/src/services/ace/ace_server_api.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_server_api.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief This file contains definitions of ACE server interface name & methods. - */ - -#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_ -#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_ - -#include - - -namespace WrtSecurity{ -namespace AceServerApi{ - - // DBus interface names - inline const std::string INTERFACE_NAME() - { - return "org.tizen.AceCheckAccessInterface"; - } - - // IN string subject - // IN string resource - // IN vector function param names - // IN vector function param values - // OUT int allow, deny, popup type - inline const std::string CHECK_ACCESS_METHOD() - { - return "check_access"; - } - - // IN string subject - // IN string resource - // OUT int allow, deny, popup type - inline const std::string CHECK_ACCESS_INSTALL_METHOD() - { - return "check_access_install"; - } - - // Policy update trigger - inline const std::string UPDATE_POLICY_METHOD() - { - return "update_policy"; - } -}; -}; - - -#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_ diff --git a/src/services/ace/ace_service.cpp b/src/services/ace/ace_service.cpp deleted file mode 100644 index 15227f4..0000000 --- a/src/services/ace/ace_service.cpp +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_service.cpp - * @author Lukasz Wrzosek (l.wrzosek@samsung.com) - * @version 1.0 - * @brief This is implementation file of AceService service - */ - -#include -#include - -#include "security_daemon.h" - -namespace AceService -{ - -class AceService : public SecurityDaemon::DaemonService -{ - private: - virtual void initialize() - { - LogDebug("AceService initializing"); - - SecurityControllerSingleton::Instance().Touch(); - SecurityControllerSingleton::Instance().SwitchToThread(NULL); - - CONTROLLER_POST_SYNC_EVENT( - SecurityController, - SecurityControllerEvents::InitializeSyncEvent()); - } - - virtual void start() - { - LogDebug("Starting AceService"); - } - - virtual void stop() - { - LogDebug("Stopping AceService"); - } - - virtual void deinitialize() - { - LogDebug("AceService deinitializing"); - SecurityControllerSingleton::Instance().SwitchToThread(NULL); - //this is direct call inside - CONTROLLER_POST_SYNC_EVENT( - SecurityController, - SecurityControllerEvents::TerminateSyncEvent()); - } - -}; - -DAEMON_REGISTER_SERVICE_MODULE(AceService) - -}//namespace AceService diff --git a/src/services/ace/dbus/ace_server_dbus_interface.cpp b/src/services/ace/dbus/ace_server_dbus_interface.cpp deleted file mode 100644 index e77b9f9..0000000 --- a/src/services/ace/dbus/ace_server_dbus_interface.cpp +++ /dev/null @@ -1,144 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_service_dbus_interface.cpp - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief Implementation of ACE server API. - */ -#include -#include -#include -#include "ace_server_dbus_interface.h" -#include -#include - -#include -#include -#include -#include - - -namespace RPC { - -void AceServerDBusInterface::onMethodCall(const gchar* methodName, - GVariant* parameters, - GDBusMethodInvocation* invocation) -{ - using namespace WrtSecurity; - - if (0 == g_strcmp0(methodName, AceServerApi::ECHO_METHOD().c_str())) - { - std::string str; - DPL::DBus::ServerDeserialization::deserialize(parameters, &str); - g_dbus_method_invocation_return_value(invocation, - DPL::DBus::ServerSerialization::serialize(str)); - } else if (0 == g_strcmp0(methodName, - AceServerApi::CHECK_ACCESS_METHOD().c_str())) - { - int widgetHandle; - std::string subject, resource, sessionId; - std::vector paramNames, paramValues; - if (!DPL::DBus::ServerDeserialization::deserialize(parameters, - &widgetHandle, - &subject, - &resource, - ¶mNames, - ¶mValues, - &sessionId)) { - g_dbus_method_invocation_return_dbus_error( - invocation, - "org.tizen.AceCheckAccessInterface.UnknownError", - "Error in deserializing input parameters"); - return; - } - if (paramNames.size() != paramValues.size()) { - g_dbus_method_invocation_return_dbus_error( - invocation, - "org.tizen.AceCheckAccessInterface.UnknownError", - "Varying sizes of parameter names and parameter values"); - return; - } - LogDebug("We got subject: " << subject); - LogDebug("We got resource: " << resource); - - FunctionParamImpl params; - for (size_t i = 0; i < paramNames.size(); ++i) { - params.addAttribute(paramNames[i], paramValues[i]); - } - - Request request(widgetHandle, - WidgetExecutionPhase_Invoke, - ¶ms); - request.addDeviceCapability(resource); - - PolicyResult result(PolicyEffect::DENY); - CONTROLLER_POST_SYNC_EVENT( - SecurityController, - SecurityControllerEvents::CheckRuntimeCallSyncEvent( - &result, - &request, - sessionId)); - - int response = PolicyResult::serialize(result); - g_dbus_method_invocation_return_value(invocation, - DPL::DBus::ServerSerialization::serialize(response)); - } else if (0 == g_strcmp0(methodName, - AceServerApi::CHECK_ACCESS_INSTALL_METHOD().c_str())) - { - int widgetHandle; - std::string resource; - if (!DPL::DBus::ServerDeserialization::deserialize(parameters, - &widgetHandle, - &resource)) { - g_dbus_method_invocation_return_dbus_error( - invocation, - "org.tizen.AceCheckAccessInterface.UnknownError", - "Error in deserializing input parameters"); - return; - } - LogDebug("We got handle: " << widgetHandle); - LogDebug("We got resource: " << resource); - - Request request(widgetHandle, - WidgetExecutionPhase_WidgetInstall); - request.addDeviceCapability(resource); - - PolicyResult result(PolicyEffect::DENY); - CONTROLLER_POST_SYNC_EVENT( - SecurityController, - SecurityControllerEvents::CheckFunctionCallSyncEvent( - &result, - &request)); - - int response = PolicyResult::serialize(result); - g_dbus_method_invocation_return_value(invocation, - DPL::DBus::ServerSerialization::serialize(response)); - } else if (0 == g_strcmp0(methodName, - AceServerApi::UPDATE_POLICY_METHOD().c_str())) - { - LogDebug("Policy update DBus message received"); - CONTROLLER_POST_SYNC_EVENT( - SecurityController, - SecurityControllerEvents::UpdatePolicySyncEvent()); - g_dbus_method_invocation_return_value(invocation, NULL); - } else { - // invalid method name - g_dbus_method_invocation_return_value(invocation, NULL); - } -} - -} // namespace RPC diff --git a/src/services/ace/dbus/ace_server_dbus_interface.h b/src/services/ace/dbus/ace_server_dbus_interface.h deleted file mode 100644 index d5957cb..0000000 --- a/src/services/ace/dbus/ace_server_dbus_interface.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_service_dbus_interface.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief Class that handles ACE server API. - */ -#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_ -#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_ - -#include -#include "api/ace_server_dbus_api.h" - -namespace RPC { - -class AceServerDBusInterface : public DPL::DBus::InterfaceDispatcher { - public: - AceServerDBusInterface(): - DPL::DBus::InterfaceDispatcher(WrtSecurity::AceServerApi::INTERFACE_NAME()) - { - using namespace WrtSecurity; - - setXmlSignature("" - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - ""); - } - - virtual ~AceServerDBusInterface() - {} - - virtual void onMethodCall(const gchar* methodName, - GVariant* parameters, - GDBusMethodInvocation* invocation); -}; - -} // namespace RPC - -#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_ diff --git a/src/services/ace/dbus/api/ace_server_dbus_api.h b/src/services/ace/dbus/api/ace_server_dbus_api.h deleted file mode 100644 index 9db4f05..0000000 --- a/src/services/ace/dbus/api/ace_server_dbus_api.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_server_api.h - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief This file contains definitions ACE server interface & methods specifically needed by DBUS. - */ -#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_ -#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_ - -#include "ace_server_api.h" -#include - -namespace WrtSecurity{ -namespace AceServerApi{ - - // RPC test function - // IN std::string - // OUT std::string - inline const std::string ECHO_METHOD() - { - return "echo"; - } -}; -}; - - -#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_ diff --git a/src/services/ace/logic/acf_consts.h b/src/services/ace/logic/acf_consts.h deleted file mode 100644 index 93ecfae..0000000 --- a/src/services/ace/logic/acf_consts.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * This file contain consts for Signing Template and Policy Manager - * This values will be used to specified and identified algorithms in xml policy documents. - * Its consistent with BONDI 1.0 released requirements - * - * NOTE: This values should be verified when ACF will be updated to the latest version of BONDI requirements - * This values comes from widget digital signature 1.0 - required version of this doc is very important - * - **/ - -#ifndef ACF_CONSTS_TYPES_H -#define ACF_CONSTS_TYPES_H - -//Digest Algorithms -extern const char* DIGEST_ALG_SHA256; - -//Canonicalization Algorithms -extern const char* CANONICAL_ALG_C14N; - -//Signature Algorithms -extern const char* SIGNATURE_ALG_RSA_with_SHA256; -extern const char* SIGNATURE_ALG_DSA_with_SHA1; -extern const char* SIGNATURE_ALG_ECDSA_with_SHA256; - -#endif - diff --git a/src/services/ace/logic/attribute_facade.cpp b/src/services/ace/logic/attribute_facade.cpp deleted file mode 100644 index 2a988a7..0000000 --- a/src/services/ace/logic/attribute_facade.cpp +++ /dev/null @@ -1,716 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * - * This file contains classes that implement WRT_INTERFACE.h interfaces, - * so that ACE could access WRT specific and other information during - * the decision making. - * - * @file attribute_.cpp - * @author Jaroslaw Osmanski (j.osmanski@samsung.com) - * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) - * @author Ming Jin(ming79.jin@samsung.com) - * @version 1.0 - * @brief Implementation file for attributes obtaining. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace // anonymous -{ -typedef std::list AttributeHandlerResponse; - -typedef AttributeHandlerResponse (*AttributeHandler)( - const WidgetExecutionPhase &phase, - const WidgetHandle &widgetHandle); -typedef AttributeHandlerResponse (*ResourceAttributeHandler)( - const WidgetExecutionPhase &phase, - const WidgetHandle &widgetHandle, - const Request &request); - -AttributeHandlerResponse AttributeClassHandler(const WidgetExecutionPhase & /*phase*/, - const WidgetHandle & /*widgetHandle*/) -{ - AttributeHandlerResponse response; - response.push_back("widget"); - return response; -} - -AttributeHandlerResponse AttributeInstallUriHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - std::string value = AceDB::AceDAOReadOnly::getShareHref(widgetHandle); - if(!value.empty()) - response.push_back(value); - return response; -} - -AttributeHandlerResponse AttributeVersionHandler(const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - - std::string value = AceDB::AceDAOReadOnly::getVersion(widgetHandle); - - if (!value.empty()) { - response.push_back(value); - } - - return response; -} - -AttributeHandlerResponse AttributeDistributorKeyCnHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle, - AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY); - return response; -} - -AttributeHandlerResponse AttributeDistributorKeyFingerprintHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle, - AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY); - return response; -} - -AttributeHandlerResponse AttributeDistributorKeyRootCnHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle, - AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT); - return response; -} - -AttributeHandlerResponse AttributeDistributorKeyRootFingerprintHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle, - AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT); - return response; -} - -AttributeHandlerResponse AttributeAuthorKeyCnHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle, - AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY); - return response; -} - -AttributeHandlerResponse AttributeAuthorKeyFingerprintHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle, - AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY); - return response; -} - -AttributeHandlerResponse AttributeAuthorKeyRootCnHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle, - AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT); - return response; -} - -AttributeHandlerResponse AttributeAuthorKeyRootFingerprintHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle, - AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT); - return response; -} - -AttributeHandlerResponse AttributeNetworkAccessUriHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle & /*widgetHandle*/) -{ - AttributeHandlerResponse response; - return response; -} - -AttributeHandlerResponse AttributeIdHandler(const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - - std::string wGUID = AceDB::AceDAOReadOnly::getGUID(widgetHandle); - - if (!wGUID.empty()) { - response.push_back(wGUID); - } - return response; -} - -AttributeHandlerResponse AttributeAuthorNameHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle &widgetHandle) -{ - AttributeHandlerResponse response; - - std::string value = AceDB::AceDAOReadOnly::getAuthorName(widgetHandle); - - if (!value.empty()) { - response.push_back(value); - } - - return response; -} - -AttributeHandlerResponse AttributeRoamingHandler( - const WidgetExecutionPhase &phase, - const WidgetHandle & /*widgetHandle*/) -{ - AttributeHandlerResponse response; - - if (WidgetExecutionPhase_WidgetInstall == phase) { - // TODO undetermind value - response.push_back(std::string("")); - } else if (SimpleRoamingAgentSingleton::Instance().IsRoamingOn()) { - response.push_back(std::string("true")); - } else { - response.push_back(std::string("false")); - } - - return response; -} - -AttributeHandlerResponse AttributeBearerTypeHandler( - const WidgetExecutionPhase & /*phase*/, - const WidgetHandle & /*widgetHandle*/) -{ - AttributeHandlerResponse response; - - std::string bearerName = "undefined-bearer-name"; - - if (bearerName.empty()) { - LogWarning("Bearer-type is NOT SET or empty"); - } else { - response.push_back(bearerName); - } - - return response; -} - -struct AttributeHandlerContext -{ - std::string name; - WidgetExecutionPhase allowedPhaseMask; - AttributeHandler handler; -}; - -// Private masks -const WidgetExecutionPhase WidgetExecutionPhase_All = - static_cast( - WidgetExecutionPhase_WidgetInstall | - WidgetExecutionPhase_WidgetInstantiate | - WidgetExecutionPhase_WebkitBind | - WidgetExecutionPhase_Invoke); -const WidgetExecutionPhase WidgetExecutionPhase_NoWidgetInstall = - static_cast( - WidgetExecutionPhase_WidgetInstantiate | - WidgetExecutionPhase_WebkitBind | - WidgetExecutionPhase_Invoke); - -#define ALL_PHASE(name, handler) \ - { # name, WidgetExecutionPhase_All, handler }, - -#define NO_INSTALL(name, handler) \ - { # name, WidgetExecutionPhase_NoWidgetInstall, handler }, - -AttributeHandlerContext HANDLED_ATTRIBUTES_LIST[] = { - ALL_PHASE(Class, &AttributeClassHandler) - ALL_PHASE(install-uri, &AttributeInstallUriHandler) - ALL_PHASE(version, &AttributeVersionHandler) - ALL_PHASE(distributor-key-cn, &AttributeDistributorKeyCnHandler) - ALL_PHASE(distributor-key-fingerprint, - &AttributeDistributorKeyFingerprintHandler) - ALL_PHASE(distributor-key-root-cn, - &AttributeDistributorKeyRootCnHandler) - ALL_PHASE(distributor-key-root-fingerprint, - &AttributeDistributorKeyRootFingerprintHandler) - ALL_PHASE(author-key-cn, &AttributeAuthorKeyCnHandler) - ALL_PHASE(author-key-fingerprint, &AttributeAuthorKeyFingerprintHandler) - ALL_PHASE(author-key-root-cn, &AttributeAuthorKeyRootCnHandler) - ALL_PHASE(author-key-root-fingerprint, - &AttributeAuthorKeyRootFingerprintHandler) - ALL_PHASE(network-access-uri, &AttributeNetworkAccessUriHandler) - ALL_PHASE(id, &AttributeIdHandler) -// ALL_PHASE(name, &AttributeNameHandler) -// ALL_PHASE(widget-attr:name, &AttributeWidgetAttrNameHandler) - ALL_PHASE(author-name, &AttributeAuthorNameHandler) - /* Enviroment attributes*/ - NO_INSTALL(roaming, &AttributeRoamingHandler) - NO_INSTALL(bearer-type, &AttributeBearerTypeHandler) -}; - -#undef ALL_PHASE -#undef NO_INSTALL - -const size_t HANDLED_ATTRIBUTES_LIST_COUNT = - sizeof(HANDLED_ATTRIBUTES_LIST) / sizeof(HANDLED_ATTRIBUTES_LIST[0]); - -template -class lambdaCollectionPusher -{ - public: - std::list& m_collection; - lambdaCollectionPusher(std::list& collection) : m_collection(collection) - { - } - void operator()(const T& element) const - { - m_collection.push_back(element); - } -}; - -AttributeHandlerResponse AttributeDeviceCapHandler(const WidgetExecutionPhase & /*phase*/, - const WidgetHandle & /*widgetHandle*/, - const Request &request) -{ - AttributeHandlerResponse response; - - Request::DeviceCapabilitySet capSet = request.getDeviceCapabilitySet(); - LogDebug("device caps set contains"); - FOREACH(dc, capSet) - { - LogDebug("-> " << *dc); - } - - std::for_each( - capSet.begin(), - capSet.end(), - lambdaCollectionPusher(response)); - - return response; -} - -//class lambdaFeatureEquality : -// public std::binary_function -//{ -// public: -// bool operator()(const FeatureHandle& wFeature, -// const int& resurceId) const -// { -// return wFeature == resurceId; -// } -//}; -// -//class lambdaPushFeatureName : -// public std::binary_function -//{ -// void operator()(const WidgetFeature& wFeature, -// AttributeHandlerResponse& response) const -// { -// response.push_back(DPL::ToUTF8String(wFeature.name)); -// } -//}; - -AttributeHandlerResponse AttributeApiFeatureHandler( - const WidgetExecutionPhase & /* phase */, - const WidgetHandle & /* widgetHandle */, - const Request & /* request */) -{ - LogDebug("WAC 2.0 does not support api-feature and resource-id in policy."); - AttributeHandlerResponse response; - return response; -} - -AttributeHandlerResponse AttributeFeatureInstallUriHandler( - const WidgetExecutionPhase & /* phase */, - const WidgetHandle & /* widgetHandle */, - const Request & /* request */) -{ - LogDebug("WAC 2.0 does not support feature-install-uri is policy!"); - AttributeHandlerResponse response; - return response; -} - -AttributeHandlerResponse AttributeFeatureFeatureKeyCnHandler( - const WidgetExecutionPhase & /* phase */, - const WidgetHandle & /* widgetHandle */, - const Request & /* request */) -{ - LogDebug("WAC 2.0 does not support feature-key-cn is policy!"); - AttributeHandlerResponse response; - return response; -} - -AttributeHandlerResponse AttributeFeatureKeyRootCnHandler( - const WidgetExecutionPhase & /* phase */, - const WidgetHandle & /* widgetHandle */, - const Request & /* request */) -{ - LogDebug("WAC 2.0 does not support feature-key-root-cn is policy!"); - AttributeHandlerResponse response; - return response; -} - -AttributeHandlerResponse AttributeFeatureKeyRootFingerprintHandler( - const WidgetExecutionPhase & /* phase */, - const WidgetHandle & /* widgetHandle */, - const Request & /* request */) -{ - LogDebug("WAC 2.0 does not support" - " feature-key-root-fingerprint is policy!"); - AttributeHandlerResponse response; - return response; -} - -struct ResourceAttributeHandlerContext -{ - std::string name; - WidgetExecutionPhase allowedPhaseMask; - ResourceAttributeHandler handler; -}; - -#define ALL_PHASE(name, handler) \ - { # name, WidgetExecutionPhase_All, handler }, - -ResourceAttributeHandlerContext HANDLED_RESOURCE_ATTRIBUTES_LIST[] = { - ALL_PHASE(device-cap, &AttributeDeviceCapHandler) - ALL_PHASE(api-feature, &AttributeApiFeatureHandler) - // For compatiblity with older policies we tread resource-id - // identically as api-feature - ALL_PHASE(resource-id, &AttributeApiFeatureHandler) - - ALL_PHASE(feature-install-uri, &AttributeFeatureInstallUriHandler) - ALL_PHASE(feature-key-cn, &AttributeFeatureFeatureKeyCnHandler) - ALL_PHASE(feature-key-root-cn, &AttributeFeatureKeyRootCnHandler) - ALL_PHASE(feature-key-root-fingerprint, - &AttributeFeatureKeyRootFingerprintHandler) -}; - -#undef ALL_PHASE - -const size_t HANDLED_RESOURCE_ATTRIBUTES_LIST_COUNT = - sizeof(HANDLED_RESOURCE_ATTRIBUTES_LIST) / - sizeof(HANDLED_RESOURCE_ATTRIBUTES_LIST[0]); -} // namespace anonymous - -/* - * class WebRuntimeImpl - */ -int WebRuntimeImpl::getAttributesValuesLoop(const Request &request, - std::list* attributes, - WidgetExecutionPhase executionPhase) -{ - UNHANDLED_EXCEPTION_HANDLER_BEGIN - { - WidgetHandle widgetHandle = request.getWidgetHandle(); - - FOREACH(itr, *attributes) - { - // Get attribute name - std::string attribute = *itr->first; - - // Search for attribute handler - bool attributeFound = false; - - for (size_t i = 0; i < HANDLED_ATTRIBUTES_LIST_COUNT; ++i) { - if (HANDLED_ATTRIBUTES_LIST[i].name == attribute) { - // Check if execution phase is valid - if ((executionPhase & - HANDLED_ATTRIBUTES_LIST[i].allowedPhaseMask) == 0) { - // Attribute found, but execution state - // forbids to execute handler - LogWarning( - "Request for attribute: '" << - attribute << "' which is supported " << - "but forbidden at widget execution phase: " - << - executionPhase); - } else { - // Execution phase allows handler - AttributeHandlerResponse attributeResponse = - (*HANDLED_ATTRIBUTES_LIST[i].handler)( - executionPhase, - widgetHandle); - std::copy(attributeResponse.begin(), - attributeResponse.end(), - std::back_inserter(*itr->second)); - } - - attributeFound = true; - break; - } - } - - if (!attributeFound) { - LogWarning("Request for attribute: '" << - attribute << "' which is not supported"); - } - } - - return 0; - } - UNHANDLED_EXCEPTION_HANDLER_END -} - -int WebRuntimeImpl::getAttributesValues(const Request &request, - std::list* attributes) -{ - UNHANDLED_EXCEPTION_HANDLER_BEGIN - { - // Get current execution state - WidgetExecutionPhase executionPhase = - request.getExecutionPhase(); - - return getAttributesValuesLoop(request, attributes, executionPhase); - } - UNHANDLED_EXCEPTION_HANDLER_END -} - -std::string WebRuntimeImpl::getSessionId(const Request & /* request */) -{ - std::string result; - LogError("Not implemented!"); - return result; -} - -WebRuntimeImpl::WebRuntimeImpl() -{ -} - -/* - * class ResourceInformationImpl - */ - -int ResourceInformationImpl::getAttributesValuesLoop(const Request &request, - std::list* attributes, - WidgetExecutionPhase executionPhase) -{ - // Currently, we assume widgets have internal representation of integer IDs - WidgetHandle widgetHandle = request.getWidgetHandle(); - //TODO add resource id string analyzys - FOREACH(itr, *attributes) - { - // Get attribute name - std::string attribute = *itr->first; - LogDebug("getting attribute value for: " << attribute); - FOREACH(aaa, *itr->second) - { - LogDebug("its value is: " << *aaa); - } - - // Search for attribute handler - bool attributeFound = false; - - for (size_t i = 0; i < HANDLED_RESOURCE_ATTRIBUTES_LIST_COUNT; ++i) { - if (HANDLED_RESOURCE_ATTRIBUTES_LIST[i].name == attribute) { - // Check if execution phase is valid - if ((executionPhase & - HANDLED_RESOURCE_ATTRIBUTES_LIST[i].allowedPhaseMask) == - 0) { - // Attribute found, but execution state - // forbids to execute handler - LogDebug( - "Request for attribute: '" << - attribute << - "' which is supported but forbidden " << - "at widget execution phase: " << executionPhase); - itr->second = NULL; - } else { - // Execution phase allows handler - AttributeHandlerResponse attributeResponse = - (*HANDLED_RESOURCE_ATTRIBUTES_LIST[i].handler)( - executionPhase, - widgetHandle, - request); - std::copy(attributeResponse.begin(), - attributeResponse.end(), - std::back_inserter(*itr->second)); - - std::ostringstream attributeResponseFull; - - for (AttributeHandlerResponse::const_iterator - it = attributeResponse.begin(); - it != attributeResponse.end(); ++it) { - attributeResponseFull << - (it == attributeResponse.begin() ? "" : ", ") << - *it; - } - - LogDebug("Attribute(" << attribute << ") = " << - attributeResponseFull.str()); - } - - attributeFound = true; - break; - } - } - - if (!attributeFound) { - LogWarning("Request for attribute: '" << attribute << - "' which is not supported"); - } - } - return 0; -} - -int ResourceInformationImpl::getAttributesValues(const Request &request, - std::list* attributes) -{ - UNHANDLED_EXCEPTION_HANDLER_BEGIN - { - // Get current execution state - WidgetExecutionPhase executionPhase = - request.getExecutionPhase(); - return getAttributesValuesLoop(request, attributes, executionPhase); - } - UNHANDLED_EXCEPTION_HANDLER_END -} - -ResourceInformationImpl::ResourceInformationImpl() -{ -} - -/* - * class OperationSystemImpl - */ - -int OperationSystemImpl::getAttributesValues(const Request &request, - std::list* attributes) -{ - UNHANDLED_EXCEPTION_HANDLER_BEGIN - { - //FIXME: - //GetExecution name without widget name - WidgetExecutionPhase executionPhase = - request.getExecutionPhase(); - - FOREACH(itr, *attributes) - { - // Get attribute name - std::string attribute = *itr->first; - - // Search for attribute handler - bool attributeFound = false; - - for (size_t i = 0; i < HANDLED_ATTRIBUTES_LIST_COUNT; ++i) { - if (HANDLED_ATTRIBUTES_LIST[i].name == attribute) { - // Check if execution phase is valid - if ((executionPhase & - HANDLED_ATTRIBUTES_LIST[i].allowedPhaseMask) == 0) { - // Attribute found, but execution state forbids - // to execute handler - LogDebug("Request for attribute: '" << attribute << - "' which is supported but forbidden at " << - "widget execution phase: " << executionPhase); - itr->second = NULL; - } else { - // Execution phase allows handler - AttributeHandlerResponse attributeResponse = - (*HANDLED_ATTRIBUTES_LIST[i].handler)( - executionPhase, - 0); - std::copy(attributeResponse.begin(), - attributeResponse.end(), - std::back_inserter(*itr->second)); - - std::ostringstream attributeResponseFull; - - typedef AttributeHandlerResponse::const_iterator Iter; - FOREACH(it, attributeResponse) - { - attributeResponseFull << - (it == attributeResponse.begin() - ? "" : ", ") << *it; - } - - LogDebug("Attribute(" << attribute << - ") = " << attributeResponseFull.str()); - } - - attributeFound = true; - break; - } - } - - if (!attributeFound) { - LogWarning("Request for attribute: '" << attribute << - "' which is not supported"); - } - } - - return 0; - } - UNHANDLED_EXCEPTION_HANDLER_END -} - -OperationSystemImpl::OperationSystemImpl() -{ -} - -/* - * end of class OperationSystemImpl - */ - -int FunctionParamImpl::getAttributesValues(const Request & /*request*/, - std::list *attributes) -{ - FOREACH(iter, *attributes) - { - std::string attributeName = *(iter->first); - - ParamMap::const_iterator i; - std::pair jj = - paramMap.equal_range(attributeName); - - for (i = jj.first; i != jj.second; ++i) { - iter->second->push_back(i->second); - LogDebug("Attribute: " << attributeName << " Value: " << - i->second); - } - } - return 0; -} diff --git a/src/services/ace/logic/attribute_facade.h b/src/services/ace/logic/attribute_facade.h deleted file mode 100644 index 7b6898c..0000000 --- a/src/services/ace/logic/attribute_facade.h +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file attribute_facade.h - * @author Jaroslaw Osmanski (j.osmanski@samsung.com) - * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) - * @version 1.0 - * @brief This file contains the declaration of WebRuntimeImpl, - * ResourceInformationImpl, OperationSystemImpl - */ - -#ifndef ATTRIBUTE_FACADE_H -#define ATTRIBUTE_FACADE_H - -#include -#include -#include - -#include - -class Request; - -class WebRuntimeImpl : public IWebRuntime -{ - public: - // Return current sessionId - int getAttributesValuesLoop(const Request &request, - std::list* attributes, - WidgetExecutionPhase executionPhase); - - int getAttributesValues(const Request &request, - std::list* attributes); - virtual std::string getSessionId(const Request &request); - WebRuntimeImpl(); -}; - -class ResourceInformationImpl : public IResourceInformation -{ - public: - int getAttributesValuesLoop(const Request &request, - std::list* attributes, - WidgetExecutionPhase executionPhase); - int getAttributesValues(const Request &request, - std::list* attributes); - ResourceInformationImpl(); -}; - -class OperationSystemImpl : public IOperationSystem -{ - public: - /** - * gather and set attributes values for specified attribute name - * @param attributes is a list of pairs( - * first: pointer to attribute name - * second: list of values for attribute (std::string) - - * its a list of string (BONDI requirement), but usually there - * will be only one string - */ - int getAttributesValues(const Request &request, - std::list* attributes); - OperationSystemImpl(); -}; - -class FunctionParamImpl : public IFunctionParam -{ - public: - virtual int getAttributesValues(const Request & /*request*/, - std::list *attributes); - void addAttribute(const std::string &key, - const std::string &value) - { - paramMap.insert(make_pair(key, value)); - } - virtual ~FunctionParamImpl() - { - } - - private: - typedef std::multimap ParamMap; - ParamMap paramMap; -}; - -typedef std::vector FunctionParams; - -#endif //ATTRIBUTE_FACADE_H diff --git a/src/services/ace/logic/security_controller.cpp b/src/services/ace/logic/security_controller.cpp deleted file mode 100644 index 32d9b4b..0000000 --- a/src/services/ace/logic/security_controller.cpp +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * This class simply redirects the access requests to access control engine. - * The aim is to hide access control engine specific details from WRT modules. - * It also implements WRT_INTERFACE.h interfaces, so that ACE could access - * WRT specific and other information during the decision making. - * - * @file security_controller.cpp - * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) - * @author Ming Jin(ming79.jin@samsung.com) - * @version 1.0 - * @brief Implementation file for security controller - */ -#include -#include -#include -//#include -//#include -#include -#include -#include -#include - -IMPLEMENT_SINGLETON(SecurityController) - -struct SecurityController::Impl -{ - SecurityLogic logic; -}; - -SecurityController::SecurityController() -{ - m_impl.Reset(new Impl); -} - -SecurityController::~SecurityController() -{ -} - -void SecurityController::OnEventReceived( - const SecurityControllerEvents::InitializeSyncEvent & /* event */) -{ - SecurityCallerSingleton::Instance().Run(); - m_impl->logic.initialize(); -} - -void SecurityController::OnEventReceived( - const SecurityControllerEvents::UpdatePolicySyncEvent& /* event */) -{ - m_impl->logic.updatePolicy(); -} - -void SecurityController::OnEventReceived( - const SecurityControllerEvents::TerminateSyncEvent & /*event*/) -{ - SecurityCallerSingleton::Instance().Quit(); - m_impl->logic.terminate(); -} - -void SecurityController::OnEventReceived( - const SecurityControllerEvents::CheckFunctionCallSyncEvent &ev) -{ - *ev.GetArg0() = m_impl->logic.checkFunctionCall(ev.GetArg1()); -} - -void SecurityController::OnEventReceived( - const SecurityControllerEvents::CheckRuntimeCallSyncEvent &ev) -{ - *ev.GetArg0() = m_impl->logic.checkFunctionCall(ev.GetArg1(), ev.GetArg2()); -} - -void SecurityController::OnEventReceived( - const SecurityControllerEvents::ValidatePopupResponseEvent &ev) -{ - m_impl->logic.validatePopupResponse(ev.GetArg0(), - ev.GetArg1(), - ev.GetArg2(), - ev.GetArg3(), - ev.GetArg4()); -} diff --git a/src/services/ace/logic/security_controller.h b/src/services/ace/logic/security_controller.h deleted file mode 100644 index 68df770..0000000 --- a/src/services/ace/logic/security_controller.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * This class simply redirects the access requests to access control engine. - * The aim is to hide access control engine specific details from WRT modules. - * It also implements WRT_INTERFACE.h interfaces, so that ACE could access - * WRT specific and other information during the decision making. - * - * @file security_controller.h - * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) - * @author Ming Jin(ming79.jin@samsung.com) - * @version 1.0 - * @brief Header file for security controller - */ -#ifndef SECURITY_CONTROLLER_H -#define SECURITY_CONTROLLER_H - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -namespace Jobs { -class Job; -} - -namespace SecurityControllerEvents { -DECLARE_GENERIC_EVENT_0(InitializeSyncEvent) -DECLARE_GENERIC_EVENT_0(TerminateSyncEvent) -DECLARE_GENERIC_EVENT_0(UpdatePolicySyncEvent) - -DECLARE_GENERIC_EVENT_2(CheckFunctionCallSyncEvent, - PolicyResult *, - Request * - ) - -DECLARE_GENERIC_EVENT_3(CheckRuntimeCallSyncEvent, - PolicyResult *, - Request *, - std::string //sessionId - ) - -DECLARE_GENERIC_EVENT_5(ValidatePopupResponseEvent, - Request *, - bool, //is allowed - Prompt::Validity, - std::string, //sessionId - bool* //check return value - ) - -} // namespace SecurityControllerEvents - -typedef DPL::TypeListDecl< - SecurityControllerEvents::InitializeSyncEvent, - SecurityControllerEvents::TerminateSyncEvent, - SecurityControllerEvents::UpdatePolicySyncEvent, - SecurityControllerEvents::ValidatePopupResponseEvent, - SecurityControllerEvents::CheckRuntimeCallSyncEvent, - SecurityControllerEvents::CheckFunctionCallSyncEvent>::Type -SecurityControllerEventsTypeList; - -class SecurityController : - public DPL::Event::Controller -{ - protected: - virtual void OnEventReceived( - const SecurityControllerEvents::InitializeSyncEvent &event); - virtual void OnEventReceived( - const SecurityControllerEvents::UpdatePolicySyncEvent &event); - virtual void OnEventReceived( - const SecurityControllerEvents::ValidatePopupResponseEvent &e); - virtual void OnEventReceived( - const SecurityControllerEvents::TerminateSyncEvent &event); - virtual void OnEventReceived( - const SecurityControllerEvents::CheckFunctionCallSyncEvent &e); - virtual void OnEventReceived( - const SecurityControllerEvents::CheckRuntimeCallSyncEvent &e); - - private: - class Impl; - DPL::ScopedPtr m_impl; - - SecurityController(); - //This desctructor must be in implementation file (cannot be autogenerated) - ~SecurityController(); - - friend class DPL::Singleton; -}; - -typedef DPL::Singleton SecurityControllerSingleton; - -#endif // SECURITY_CONTROLLER_H diff --git a/src/services/ace/logic/security_logic.cpp b/src/services/ace/logic/security_logic.cpp deleted file mode 100644 index 48d7f8e..0000000 --- a/src/services/ace/logic/security_logic.cpp +++ /dev/null @@ -1,386 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * This class simply redirects the access requests to access control engine. - * The aim is to hide access control engine specific details from WRT modules. - * It also implements WRT_INTERFACE.h interfaces, so that ACE could access - * WRT specific and other information during the decision making. - * - * @file security_controller.h - # @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) - * @author Ming Jin(ming79.jin@samsung.com) - * @author Piotr Kozbial (p.kozbial@samsung.com) - * @version 1.0 - * @brief Header file for security logic - */ - -#include -#include -#ifdef WRT_SMACK_ENABLED -#include -#endif -#include -#include -#include -#include -#include - -namespace { - -Request::ApplicationType getAppType(const Request *request) { - AceDB::AppTypes appType = - AceDB::AceDAOReadOnly::getWidgetType(request->getWidgetHandle()); - switch (appType) { - case AceDB::AppTypes::Tizen: - LogDebug("==== Found Tizen application. ===="); - return Request::APP_TYPE_TIZEN; - case AceDB::AppTypes::WAC20: - LogDebug("==== Found Wac20 application. ===="); - return Request::APP_TYPE_WAC20; - default: - LogDebug("==== Unknown application type. ===="); - } - return Request::APP_TYPE_UNKNOWN; -} - -} // anonymous namespace - -void SecurityLogic::initialize() { - AceDB::AceDAO::attachToThreadRW(); - m_policyEnforcementPoint.initialize(new WebRuntimeImpl(), - new ResourceInformationImpl(), - new OperationSystemImpl()); -} - -void SecurityLogic::terminate() { - m_policyEnforcementPoint.terminate(); - AceDB::AceDAO::detachFromThread(); -} - - -void SecurityLogic::grantPlatformAccess(const Request& request) -{ - (void)request; -#ifdef WRT_SMACK_ENABLED - try { - unsigned long long id = - static_cast(request.getWidgetHandle()); - Request::DeviceCapabilitySet dc = request.getDeviceCapabilitySet(); - - size_t i,size = dc.size(); - std::unique_ptr array(new const char*[size+1]); - - array[size] = NULL; - auto it = dc.begin(); - - for(i=0; (ic_str(); - } - int ret = wrt_permissions_add(id, array.get()); - if (PC_OPERATION_SUCCESS != ret) { - LogError("smack rules couldn't be granted"); - } - } catch (std::bad_alloc&) { - LogError("smack rules couldn't be granted: memory allocation failed"); - } -#endif -} - -PolicyResult SecurityLogic::checkFunctionCall(Request* request) -{ - Assert(NULL != request); - - LogDebug("=== Check widget existance ==="); - Try { - request->setAppType(getAppType(request)); - } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) { - LogError("==== Couldn't find widget for handle: " << - request->getWidgetHandle() << ". Access denied. ===="); - return PolicyEffect::DENY; - } - - PolicyResult aceResult = m_policyEnforcementPoint.check(*request).policyResult; - - if (aceResult == PolicyEffect::PERMIT) { - grantPlatformAccess(*request); - return PolicyEffect::PERMIT; - } else if (aceResult == PolicyEffect::PROMPT_ONESHOT || - aceResult == PolicyEffect::PROMPT_SESSION || - aceResult == PolicyEffect::PROMPT_BLANKET || - aceResult == PolicyDecision::NOT_APPLICABLE || - aceResult == PolicyResult::UNDETERMINED) - { - // TODO: check stored user answers!!! - // if necessary, grant SMACK rules - // return appropriately - the following is a dummy: - return aceResult; - } else { - return PolicyEffect::DENY; - } -} - -PolicyResult SecurityLogic::checkFunctionCall(Request* request, const std::string &sessionId) -{ - Assert(NULL != request); - LogDebug("=== Check existance of widget === "); - Try { - request->setAppType(getAppType(request)); - } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) { - LogError("==== Couldn't find widget for handle: " << - request->getWidgetHandle() << ". Access denied. ===="); - return PolicyEffect::DENY; - } - - ExtendedPolicyResult exAceResult = m_policyEnforcementPoint.check(*request); - PolicyResult aceResult = exAceResult.policyResult; - - LogDebug("Result returned by policy " << aceResult << ". RuleID: " << exAceResult.ruleId); - - if (aceResult == PolicyEffect::PERMIT) { - LogDebug("Grant access."); - grantPlatformAccess(*request); - return PolicyEffect::PERMIT; - } - - if (aceResult == PolicyEffect::PROMPT_ONESHOT || - aceResult == PolicyEffect::DENY) - { - return aceResult; - } - - OptionalCachedPromptDecision decision = AceDB::AceDAOReadOnly::getPromptDecision( - request->getWidgetHandle(), - exAceResult.ruleId); - - if (decision.IsNull()) { - LogDebug("No CachedPromptDecision found."); - return aceResult; - } - - if (aceResult == PolicyEffect::PROMPT_BLANKET) { - if (decision->decision == PromptDecision::ALLOW_ALWAYS) { - LogDebug("Found user decision. Result changed to PERMIT. Access granted"); - grantPlatformAccess(*request); - return PolicyEffect::PERMIT; - } - if (decision->decision == PromptDecision::DENY_ALWAYS) { - LogDebug("Found user decision. Result changed to DENY."); - return PolicyEffect::DENY; - } - if (decision->decision == PromptDecision::ALLOW_FOR_SESSION - && !(decision->session.IsNull()) - && sessionId == DPL::ToUTF8String(*(decision->session))) - { - LogDebug("Result changed to PERMIT. Access granted."); - grantPlatformAccess(*request); - return PolicyEffect::PERMIT; - } - if (decision->decision == PromptDecision::DENY_FOR_SESSION - && !(decision->session.IsNull()) - && sessionId == DPL::ToUTF8String(*(decision->session))) - { - LogDebug("Found user decision. Result changed to DENY."); - return PolicyEffect::DENY; - } - return aceResult; - } - - if (aceResult == PolicyEffect::PROMPT_SESSION) { - if (decision->decision == PromptDecision::ALLOW_FOR_SESSION - && !(decision->session.IsNull()) - && sessionId == DPL::ToUTF8String(*(decision->session))) - { - LogDebug("Found user decision. Result changed to PERMIT. Access granted."); - grantPlatformAccess(*request); - return PolicyEffect::PERMIT; - } - if (decision->decision == PromptDecision::DENY_FOR_SESSION - && !(decision->session.IsNull()) - && sessionId == DPL::ToUTF8String(*(decision->session))) - { - LogDebug("Found user decision. Result changed to DENY."); - return PolicyEffect::DENY; - } - return aceResult; - } - - // This should not happend - all PolicyEffect values were supported before. - // This mean that someone has modyfied PolicyEffect enum. SPANK SPANK SPANK - LogError("Unsupported PolicyEffect!"); - return PolicyEffect::DENY; -} - -void SecurityLogic::validatePopupResponse(Request* request, - bool allowed, - Prompt::Validity validity, - const std::string& sessionId, - bool* retValue) -{ - Assert(NULL != retValue); - Assert(NULL != request); - - LogDebug("Start"); - LogDebug("User answered: " << allowed << " with validity: " << validity); - LogDebug("Check widget existance"); - Try { - request->setAppType(getAppType(request)); - } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) { - LogError("==== Couldn't find widget for handle: " << - request->getWidgetHandle() << ". Access denied. ===="); - retValue = false; - return; - } - - *retValue = false; - OptionalExtendedPolicyResult extendedAceResult = - m_policyEnforcementPoint.checkFromCache(*request); - if (extendedAceResult.IsNull()) { - LogDebug("No cached policy result - but it should be here"); - LogDebug("returning " << *retValue); - return; - } - - PolicyResult aceResult = extendedAceResult->policyResult; - if (aceResult == PolicyEffect::DENY) { - LogDebug("returning " << *retValue); - return; - } - if (aceResult == PolicyEffect::PERMIT) { - // TODO we were asked for prompt validation - // but we got that no prompt should be opened - is this OK? - // (this is on the diagram in wiki) - *retValue = true; - } else if (aceResult == PolicyEffect::PROMPT_ONESHOT || - aceResult == PolicyEffect::PROMPT_SESSION || - aceResult == PolicyEffect::PROMPT_BLANKET) - { - Request::DeviceCapabilitySet devCaps = - request->getDeviceCapabilitySet(); - - FOREACH (it, devCaps) { - Request::DeviceCapability resourceId = *it; - LogDebug("Recheck: " << *it); - // 1) check if per-widget settings permit - AceDB::PreferenceTypes wgtPref = - AceDB::AceDAOReadOnly::getWidgetDevCapSetting( - resourceId, - request->getWidgetHandle()); - if (AceDB::PreferenceTypes::PREFERENCE_DENY == wgtPref) { - LogDebug("returning " << *retValue); - return; - } - // 2) check if per-dev-cap settings permit - AceDB::PreferenceTypes resPerf = - AceDB::AceDAOReadOnly::getDevCapSetting(resourceId); - if (AceDB::PreferenceTypes::PREFERENCE_DENY == resPerf) { - LogDebug("returning " << *retValue); - return; - } - - // 3) check for stored propmt answer - should not be there - // TODO - is this check necessary? - AceDB::BaseAttributeSet attributes; - AceDB::AceDAOReadOnly::getAttributes(&attributes); - Request req(request->getWidgetHandle(), - request->getExecutionPhase()); - req.addDeviceCapability(resourceId); - PolicyInformationPoint *pip = - m_policyEnforcementPoint.getPip(); - - Assert(NULL != pip); - - pip->getAttributesValues(&req, &attributes); - auto attrHash = AceDB::AceDaoConversions::convertToHash(attributes); - - // 4) validate consistency of answer with policy result - Prompt::Validity clampedValidity = - clampPromptValidity(validity, *(aceResult.getEffect())); - - // 5) store answer in database if appropriate - // TODO how about userParam? sessionId? - DPL::String userParam = DPL::FromUTF8String(sessionId); - DPL::OptionalString sessionOptional = - DPL::FromUTF8String(sessionId); - - switch (clampedValidity) { - case Prompt::Validity::ALWAYS: { - AceDB::AceDAO::setPromptDecision( - request->getWidgetHandle(), - extendedAceResult->ruleId, - sessionOptional, - allowed ? - PromptDecision::ALLOW_ALWAYS : - PromptDecision::DENY_ALWAYS); - break; } - case Prompt::Validity::SESSION: { - AceDB::AceDAO::setPromptDecision( - request->getWidgetHandle(), - extendedAceResult->ruleId, - sessionOptional, - allowed ? - PromptDecision::ALLOW_FOR_SESSION : - PromptDecision::DENY_FOR_SESSION); - break; } - - case Prompt::Validity::ONCE: { - LogInfo("Validity ONCE, not saving prompt decision to cache"); - break; } - } - - } - // access granted! - *retValue = allowed; - } - if (*retValue) { - // 6) grant smack label if not granted yet - grantPlatformAccess(*request); - } - LogDebug("Finish"); - LogDebug("returning " << *retValue); -} - -void SecurityLogic::updatePolicy() -{ - LogDebug("SecurityLogic::updatePolicy"); - m_policyEnforcementPoint.updatePolicy(); -} - -Prompt::Validity SecurityLogic::clampPromptValidity( - Prompt::Validity validity, - PolicyEffect effect) -{ - switch (effect) { - case PolicyEffect::PROMPT_BLANKET: { - return validity; } - case PolicyEffect::PROMPT_SESSION: { - if (Prompt::Validity::ALWAYS == validity) { - LogInfo("ALWAYS returned from prompt in PROMPT_SESSION"); - return Prompt::Validity::SESSION; - } - return validity; } - case PolicyEffect::PROMPT_ONESHOT: { - if (Prompt::Validity::ONCE != validity) { - LogInfo("Not ONCE returned from prompt in PROMPT_ONESHOT"); - } - return Prompt::Validity::ONCE; } - case PolicyEffect::DENY: - case PolicyEffect::PERMIT: - default: {// other options - should not happen - LogError("This kind of policy effect does not deal with prompts"); - return Prompt::Validity::ONCE; } - } -} - diff --git a/src/services/ace/logic/security_logic.h b/src/services/ace/logic/security_logic.h deleted file mode 100644 index 71f8bae..0000000 --- a/src/services/ace/logic/security_logic.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * This class simply redirects the access requests to access control engine. - * The aim is to hide access control engine specific details from WRT modules. - * It also implements WRT_INTERFACE.h interfaces, so that ACE could access - * WRT specific and other information during the decision making. - * - * @file security_controller.h - * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) - * @author Ming Jin(ming79.jin@samsung.com) - * @author Piotr Kozbial (p.kozbial@samsung.com) - * @version 1.0 - * @brief Header file for security logic - */ -#ifndef SECURITY_LOGIC_H -#define SECURITY_LOGIC_H - -#include -#include -#include -#include -#include -#include - -/* SecurityLogic - * May only be created and used by SecurityController. - * There may be only one instance. - */ -class SecurityLogic { - public: - SecurityLogic() {} - ~SecurityLogic() {} - // initialize/terminate - /** */ - void initialize(); - /** */ - void terminate(); - - /** */ - PolicyResult checkFunctionCall(Request*); - PolicyResult checkFunctionCall(Request*, const std::string &session); - - void validatePopupResponse(Request* request, - bool allowed, - Prompt::Validity validity, - const std::string& sessionId, - bool* retValue); - - /** - * Updates policy and clears policy cache - */ - void updatePolicy(); - - private: - PolicyEnforcementPoint m_policyEnforcementPoint; - - Prompt::Validity clampPromptValidity(Prompt::Validity validity, - PolicyEffect effect); - void grantPlatformAccess(const Request& request); -}; - -#endif // SECURITY_CONTROLLER_H diff --git a/src/services/ace/logic/simple_roaming_agent.cpp b/src/services/ace/logic/simple_roaming_agent.cpp deleted file mode 100644 index 19e2b39..0000000 --- a/src/services/ace/logic/simple_roaming_agent.cpp +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file simple_roaming_agent.cpp - * @author Pawel Sikorski (p.sikorski@samsung.com) - * @author Lukasz Marek (l.marek@samsung.com) - * @author Lukasz Wrzosek (l.wrzosek@samsung.com) - * @version 1.0 - * @brief roaming agent - */ - -#include "simple_roaming_agent.h" -#include -#include -#include -#include -IMPLEMENT_SINGLETON(SimpleRoamingAgent) - -SimpleRoamingAgent::SimpleRoamingAgent() -{ - if (vconf_notify_key_changed( - VCONFKEY_TELEPHONY_SVC_ROAM, - vConfChagedCallback, this) < 0) - { - LogError("Cannot add vconf callback [" << - VCONFKEY_TELEPHONY_SVC_ROAM << "]"); - Assert(false && "Cannot add vconf callback"); - } - - int result = 0; - if (vconf_get_int(VCONFKEY_TELEPHONY_SVC_ROAM, &result) != 0) { - LogError("Cannot get current roaming status"); - Assert(false && "Cannot get current roaming status"); - } else { - bool type = (result == VCONFKEY_TELEPHONY_SVC_ROAM_ON); - m_networkType = type ? ROAMING : HOME; - LogInfo("Network type is " << (type ? "ROAMING" : "HOME")); - } - -} - -SimpleRoamingAgent::~SimpleRoamingAgent() -{ - if (vconf_ignore_key_changed( - VCONFKEY_TELEPHONY_SVC_ROAM, - vConfChagedCallback) < 0) - { - LogError("Cannot rm vconf callback [" << - VCONFKEY_TELEPHONY_SVC_ROAM << "]"); - Assert(false && "Cannot remove vconf callback"); - } - -} - -void SimpleRoamingAgent::vConfChagedCallback(keynode_t *keyNode, void *data) -{ - LogInfo("SimpleRoamingAgent::vConfChagedCallback "); - char *key = vconf_keynode_get_name(keyNode); - - if (NULL == key) { - LogWarning("vconf key is null."); - return; - } - std::string keyString = key; - if (VCONFKEY_TELEPHONY_SVC_ROAM != keyString) { - LogError("Wrong key found"); - Assert(false && "Wrong key found in vconf callback"); - return; - } - SimpleRoamingAgent *agent = static_cast(data); - if (NULL == agent) { - LogError("Bad user arg from vconf lib"); - Assert(false && "Bad user arg from vconf lib"); - return; - } - int result = 0; - if (vconf_get_int(VCONFKEY_TELEPHONY_SVC_ROAM, &result) != 0) { - LogError("Cannot get current roaming status"); - Assert(false && "Cannot get current roaming status"); - } else { - bool type = (result == VCONFKEY_TELEPHONY_SVC_ROAM_ON); - agent->m_networkType = type ? ROAMING : HOME; - LogInfo("Network type is " << (type ? "ROAMING" : "HOME")); - } -} diff --git a/src/services/ace/logic/simple_roaming_agent.h b/src/services/ace/logic/simple_roaming_agent.h deleted file mode 100644 index 65b0bbe..0000000 --- a/src/services/ace/logic/simple_roaming_agent.h +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file simple_roaming_agent.h - * @author Pawel Sikorski (p.sikorski@samsung.com) - * @author Lukasz Wrzosek (l.wrzosek@samsung.com) - * @version 1.0 - * @brief simple roaming agent - */ - -#ifndef WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_ -#define WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_ - -#include -#include -#include -#include - -class SimpleRoamingAgent : DPL::Noncopyable -{ - public: - bool IsRoamingOn() const - { - return ROAMING == m_networkType; - } - - private: - enum NetworkType {ROAMING, HOME}; - - NetworkType m_networkType; - - SimpleRoamingAgent(); - virtual ~SimpleRoamingAgent(); - - static void vConfChagedCallback(keynode_t *keyNode, void *userParam); - - friend class DPL::Singleton; -}; - -typedef DPL::Singleton SimpleRoamingAgentSingleton; - -#endif//WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_ diff --git a/src/services/ace/socket/ace_service_callbacks.cpp b/src/services/ace/socket/ace_service_callbacks.cpp deleted file mode 100644 index ac3f6cf..0000000 --- a/src/services/ace/socket/ace_service_callbacks.cpp +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_service_callbacks.cpp - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Implementation of Ace Service callbacks - */ -#include -#include -#include -#include "ace_service_callbacks.h" -#include -#include -#include -#include -#include -#include - -namespace RPC { - -void AceServiceCallbacks::checkAccess(SocketConnection * connector){ - - int widgetHandle = 0; - std::string subject, resource, sessionId; - std::vector paramNames, paramValues; - Try { - connector->read(&widgetHandle, - &subject, - &resource, - ¶mNames, - ¶mValues, - &sessionId); - } Catch (SocketConnection::Exception::SocketConnectionException){ - LogError("Socket Connection read error"); - ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, - "Socket Connection read error"); - } - - if (paramNames.size() != paramValues.size()) { - ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, "Varying sizes of parameter names and parameter values"); - } - LogDebug("We got subject: " << subject); - LogDebug("We got resource: " << resource); - - FunctionParamImpl params; - for (size_t i = 0; i < paramNames.size(); ++i) { - params.addAttribute(paramNames[i], paramValues[i]); - } - - Request request(widgetHandle, - WidgetExecutionPhase_Invoke, - ¶ms); - request.addDeviceCapability(resource); - - PolicyResult result(PolicyEffect::DENY); - SecurityCallerSingleton::Instance().SendSyncEvent( - SecurityControllerEvents::CheckRuntimeCallSyncEvent( - &result, - &request, - sessionId)); - - int response = PolicyResult::serialize(result); - - Try{ - connector->write(response); - } Catch (SocketConnection::Exception::SocketConnectionException){ - LogError("Socket Connection write error"); - ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, - "Socket Connection write error"); - } -} - -void AceServiceCallbacks::checkAccessInstall(SocketConnection * connector){ - - int widgetHandle; - std::string resource; - - Try { - connector->read(&widgetHandle, - &resource); - } Catch (SocketConnection::Exception::SocketConnectionException){ - LogError("Socket Connection read error"); - ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, - "Socket Connection read error"); - } - - LogDebug("We got handle: " << widgetHandle); - LogDebug("We got resource: " << resource); - - Request request(widgetHandle, - WidgetExecutionPhase_WidgetInstall); - request.addDeviceCapability(resource); - - PolicyResult result(PolicyEffect::DENY); - SecurityCallerSingleton::Instance().SendSyncEvent( - SecurityControllerEvents::CheckFunctionCallSyncEvent( - &result, - &request)); - - int response = PolicyResult::serialize(result); - - Try{ - connector->write(response); - } Catch (SocketConnection::Exception::SocketConnectionException){ - LogError("Socket Connection write error"); - ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, - "Socket Connection write error"); - } -} - -void AceServiceCallbacks::updatePolicy(SocketConnection * /*connector*/){ - - - LogDebug("Policy update socket message received"); - SecurityCallerSingleton::Instance().SendSyncEvent( - SecurityControllerEvents::UpdatePolicySyncEvent()); -} - -} //namespace RPC diff --git a/src/services/ace/socket/ace_service_callbacks.h b/src/services/ace/socket/ace_service_callbacks.h deleted file mode 100644 index e5ebc18..0000000 --- a/src/services/ace/socket/ace_service_callbacks.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_service_callbacks.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Header of Ace Service callbacks - */ - -#ifndef ACE_SERVICE_CALLBACKS_H_ -#define ACE_SERVICE_CALLBACKS_H_ - -#include -#include -#include - -namespace RPC { - -namespace AceServiceCallbacks { - - // IN string subject - // IN string resource - // IN vector function param names - // IN vector function param values - // OUT int allow, deny, popup type - void checkAccess(SocketConnection * connector); - - // IN string subject - // IN string resource - // OUT int allow, deny, popup type - void checkAccessInstall(SocketConnection * connector); - - // Policy update trigger - void updatePolicy(SocketConnection * connector); - -}; - -} //namespace RPC - -#endif /* ACE_SERVICE_CALLBACKS_H_ */ diff --git a/src/services/ace/socket/api/ace_service_callbacks_api.h b/src/services/ace/socket/api/ace_service_callbacks_api.h deleted file mode 100644 index dfd136b..0000000 --- a/src/services/ace/socket/api/ace_service_callbacks_api.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ace_service_callbacks_api.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Header with api of implemented Ace Service callbacks - */ -#ifndef ACE_SERVICE_CALLBACKS_API_H_ -#define ACE_SERVICE_CALLBACKS_API_H_ - -#include -#include -#include "ace_server_api.h" -#include "ace_service_callbacks.h" -#include "callback_api.h" - -namespace WrtSecurity{ -namespace AceServiceCallbacksApi{ - -inline const std::pair CHECK_ACCESS_METHOD_CALLBACK() { - return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD(), - RPC::AceServiceCallbacks::checkAccess); -} - -inline const std::pair CHECK_ACCESS_INSTALL_METHOD_CALLBACK() { - return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_INSTALL_METHOD(), - RPC::AceServiceCallbacks::checkAccessInstall); -} - -inline const std::pair UPDATE_POLICY_METHOD_CALLBACK() { - return std::make_pair(WrtSecurity::AceServerApi::UPDATE_POLICY_METHOD(), - RPC::AceServiceCallbacks::updatePolicy); -} - -} // namespace AceServiceCallbacksApi -} // namespace WrtSecurity - - -#endif // ACE_SERVICE_CALLBACKS_API_H_ diff --git a/src/services/caller/security_caller.cpp b/src/services/caller/security_caller.cpp deleted file mode 100644 index 8fab788..0000000 --- a/src/services/caller/security_caller.cpp +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file popup_service_callbacks.cpp - * @author Lukasz Wrzosek (l.wrzosek@samsung.com) - * @version 1.0 - * @brief Implementation of Security Caller Thread singleton - */ - -#include -#include - -IMPLEMENT_SINGLETON(SecurityCallerThread) diff --git a/src/services/caller/security_caller.h b/src/services/caller/security_caller.h deleted file mode 100644 index e1b68d0..0000000 --- a/src/services/caller/security_caller.h +++ /dev/null @@ -1,189 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file popup_service_callbacks.cpp - * @author Lukasz Wrzosek (l.wrzosek@samsung.com) - * @version 1.0 - * @brief Header of Security Caller class used by services socket callbacks - */ - -#ifndef SECURITY_CALLER_H__ -#define SECURITY_CALLER_H__ - -#include -#include -#include - -#include - -#include - -class IEventHolder -{ - public: - virtual void FinalizeSending() = 0; - virtual ~IEventHolder() {}; -}; - -template -class EventHolderImpl : public IEventHolder -{ - EventType event; - - public: - EventHolderImpl(const EventType& e) : event(e) {} - virtual void FinalizeSending() - { - LogDebug("sending real sync event"); - CONTROLLER_POST_SYNC_EVENT(SecurityController, event); - } -}; - -/* - * Because Security Controller is a DPL::Controler class, its events - * can be send only from a DPL managed thread. SecurityCallerTread class - * has been implemented as a workaround of that constraint. - * This class is a DPL managed thread that waits for requests - * from non DPL managed threads and when receives one it posts event - * to the Security Controler in charge of the calling thread. - */ - - -class SecurityCallerThread : public DPL::Thread -{ - private: - pthread_mutex_t m_mutex2; - pthread_mutex_t m_mutex; - pthread_cond_t m_cond; - pthread_cond_t m_cond2; - bool m_continue; - bool m_finished; - IEventHolder* m_eventHolder; - pthread_mutex_t m_syncMutex; - - - SecurityCallerThread() : - Thread(), - m_mutex2(PTHREAD_MUTEX_INITIALIZER), - m_mutex(PTHREAD_MUTEX_INITIALIZER), - m_cond(PTHREAD_COND_INITIALIZER), - m_cond2(PTHREAD_COND_INITIALIZER), - m_continue(true), - m_finished(false), - m_eventHolder(NULL), - m_syncMutex(PTHREAD_MUTEX_INITIALIZER) - { - LogDebug("constructor"); - } - - virtual ~SecurityCallerThread() - { - pthread_mutex_unlock(&m_syncMutex); - pthread_cond_destroy(&m_cond); - pthread_cond_destroy(&m_cond2); - pthread_mutex_destroy(&m_mutex2); - pthread_mutex_destroy(&m_mutex); - pthread_mutex_destroy(&m_syncMutex); - } - - protected: - /* main routine of the SecurityCallerThread */ - virtual int ThreadEntry() - { - LogDebug("SecurityCallerThread start"); - pthread_mutex_lock(&m_mutex); // lock shared data - - while (m_continue) // main loop - { - if (m_eventHolder) // if m_eventHolder is set, the request has been received - { - m_eventHolder->FinalizeSending(); // send actual event in charge of calling thread - delete m_eventHolder; - m_eventHolder = NULL; - LogDebug("setting finished state"); - pthread_mutex_lock(&m_syncMutex); // lock m_finished - m_finished = true; - pthread_mutex_unlock(&m_syncMutex); // unlock m_finished - LogDebug("finished"); - pthread_cond_signal(&m_cond2); // signal a calling thread that event has been posted. - } - LogDebug("waiting for event"); - // atomically: - // unlock m_mutex, wait on m_cond until signal received, lock m_mutex - pthread_cond_wait(&m_cond, &m_mutex); - LogDebug("found an event"); - } - - pthread_mutex_unlock(&m_mutex); - - return 0; - } - - public: - void Quit() - { - LogDebug("Quit called"); - pthread_mutex_lock(&m_mutex); // lock shared data - m_continue = false; // main loop condition set to false - pthread_mutex_unlock(&m_mutex); // unlock shard data - pthread_cond_signal(&m_cond); - } - - template - void SendSyncEvent(const EventType& event) - { - // prevent SendSyncEvent being called by multiple threads at the same time. - pthread_mutex_lock(&m_mutex2); - LogDebug("sending sync event"); - bool correct_thread = false; - Try { - LogDebug("Checking if this is unmanaged thread"); - DPL::Thread::GetCurrentThread(); - } Catch (DPL::Thread::Exception::UnmanagedThread) { - correct_thread = true; - } - Assert(correct_thread && - "This method may not be called from DPL managed thread or main thread"); - LogDebug("putting an event to be posted"); - pthread_mutex_lock(&m_mutex); // lock shared data - Assert(m_eventHolder == NULL && "Whooops"); - m_eventHolder = new EventHolderImpl(event); // put an event to be posted - pthread_mutex_unlock(&m_mutex); // unlock shared data - LogDebug("Signal caller thread that new event has been created"); - pthread_cond_signal(&m_cond); // signal SecurityCallerThread to wake up because new - // event is waiting to be posted - - LogDebug("waiting untill send completes"); - pthread_mutex_lock(&m_syncMutex); /* wait until send completes */ - while (!m_finished) - { - pthread_cond_wait(&m_cond2, &m_syncMutex); // wait until event is posted - } - LogDebug("done"); - m_finished = false; - pthread_mutex_unlock(&m_syncMutex); - pthread_mutex_unlock(&m_mutex2); - } - - private: - friend class DPL::Singleton; -}; - -typedef DPL::Singleton SecurityCallerSingleton; - - - -#endif //SECURITY_CALLER_H__ diff --git a/src/services/ocsp/dbus/api/ocsp_server_dbus_api.h b/src/services/ocsp/dbus/api/ocsp_server_dbus_api.h deleted file mode 100644 index df9817b..0000000 --- a/src/services/ocsp/dbus/api/ocsp_server_dbus_api.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ocsp_server_api.h - * @author - * @version 1.0 - * @brief This file contains definitions OCSP server interface & methods specifically needed by DBus. - */ -#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_ -#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_ - -#include "ocsp_server_api.h" -#include - -namespace WrtSecurity{ -namespace OcspServerApi{ - - -// RPC test function -// IN std::string -// OUT std::string -inline const std::string ECHO_METHOD() -{ - return "echo"; -} - - - -} -}; - -#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_ diff --git a/src/services/ocsp/dbus/ocsp_server_dbus_interface.cpp b/src/services/ocsp/dbus/ocsp_server_dbus_interface.cpp deleted file mode 100644 index 2acc5d8..0000000 --- a/src/services/ocsp/dbus/ocsp_server_dbus_interface.cpp +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ocsp_service_dbus_interface.cpp - * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) - * @version 1.0 - * @brief Implementation of OCSP server API. - */ -#include "ocsp_server_dbus_interface.h" - -namespace RPC { - -using namespace WrtSecurity; - -OcspServerDBusInterface::OcspServerDBusInterface(): - DPL::DBus::InterfaceDispatcher(OcspServerApi::INTERFACE_NAME()) -{ - setXmlSignature("" - " " - " " - " " - " " - " " - " " - " " - " " - " " - " " - ""); -} - - -void OcspServerDBusInterface::onMethodCall( - const gchar* argMethodName, - GVariant* argParameters, - GDBusMethodInvocation* argInvocation) -{ - if (OcspServerApi::ECHO_METHOD() == argMethodName){ - // TODO: Deserialization should use - // DBus::SErverDeserialization::deserialize() - const gchar* arg = NULL; - g_variant_get(argParameters, "(&s)", &arg); - // TODO: Serialization should use - // DBus::SErverDeserialization::serialize() - gchar* response = g_strdup_printf(arg); - g_dbus_method_invocation_return_value(argInvocation, - g_variant_new ("(s)", response)); - g_free (response); - } else if (OcspServerApi::CHECK_ACCESS_METHOD() == argMethodName) { - gint32 value; - g_variant_get(argParameters, "(i)", &value); - - // TODO: this is making OCSP service a stub! this HAS to be moved - // with proper implementation to cert-svc daemon - gint32 response = 0; // Certificates are valid for now - - GVariant* varResponse = g_variant_new ("(i)", response); - //This function will unref invocation and it will be freed - LogDebug("OCSP dbus interface tries to send result"); - g_dbus_method_invocation_return_value(argInvocation, varResponse); - } -} - -} // namespace RPC diff --git a/src/services/ocsp/dbus/ocsp_server_dbus_interface.h b/src/services/ocsp/dbus/ocsp_server_dbus_interface.h deleted file mode 100644 index 748c0bd..0000000 --- a/src/services/ocsp/dbus/ocsp_server_dbus_interface.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ocsp_service_dbus_interface.h - * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) - * @version 1.0 - * @brief Class that handles OCSP server API. - */ -#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_ -#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_ - -#include -#include -#include "api/ocsp_server_dbus_api.h" - -namespace RPC { - -class OcspServerDBusInterface : - public DPL::DBus::InterfaceDispatcher -{ - public: - OcspServerDBusInterface(); - - virtual ~OcspServerDBusInterface() - {} - - virtual void onMethodCall(const gchar* method_name, - GVariant* parameters, - GDBusMethodInvocation* invocation); -}; - -} // namespace RPC - -#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_ diff --git a/src/services/ocsp/ocsp_server_api.h b/src/services/ocsp/ocsp_server_api.h deleted file mode 100644 index 61be515..0000000 --- a/src/services/ocsp/ocsp_server_api.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ocsp_server_api.h - * @author - * @version 1.0 - * @brief This file contains definitions OCSP server interface & methods. - */ -#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_ -#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_ - -#include "ocsp_server_api.h" -#include - -namespace WrtSecurity{ -namespace OcspServerApi{ - -// DBus interface name -inline const std::string INTERFACE_NAME() -{ - return "org.tizen.OcspCheck"; -} - -// Function checks WidgetStatus for installed widget. -// https://106.116.37.24/wiki/WebRuntime/Security/Widget_Signatures -// IN WidgetHandle Widget ID in Database -// OUT WidgetStatus GOOD/REVOKED -inline const std::string CHECK_ACCESS_METHOD() -{ - return "OcspCheck"; -} - -} -}; - -#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_ diff --git a/src/services/ocsp/ocsp_service.cpp b/src/services/ocsp/ocsp_service.cpp deleted file mode 100644 index 34d3499..0000000 --- a/src/services/ocsp/ocsp_service.cpp +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file ocsp_service.cpp - * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) - * @version 1.0 - * @brief This is implementation file of Ocsp service - */ - -#include "security_daemon.h" - -namespace OcspService { - -class OcspService : public SecurityDaemon::DaemonService -{ - private: - virtual void initialize() - { - } - - virtual void start() - { - } - - virtual void stop() - { - } - - virtual void deinitialize() - { - } - -}; - -DAEMON_REGISTER_SERVICE_MODULE(OcspService) - -}//namespace OcspService - diff --git a/src/services/ocsp/socket/api/ocsp_service_callbacks_api.h b/src/services/ocsp/socket/api/ocsp_service_callbacks_api.h deleted file mode 100644 index fd9bf3e..0000000 --- a/src/services/ocsp/socket/api/ocsp_service_callbacks_api.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ocsp_service_callbacks_api.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Header with api of implemented Ocsp Service callbacks - */ - -#ifndef OCSP_SERVICE_CALLBACKS_API_H_ -#define OCSP_SERVICE_CALLBACKS_API_H_ - -#include -#include -#include "SocketConnection.h" -#include "ocsp_server_api.h" -#include "ocsp_service_callbacks.h" -#include "callback_api.h" - -namespace WrtSecurity{ -namespace OcspServiceCallbacksApi{ - -inline const std::pair CHECK_ACCESS_METHOD_CALLBACK(){ - return std::make_pair(WrtSecurity::OcspServerApi::CHECK_ACCESS_METHOD(), - RPC::OcspServiceCallbacks::checkAccess); -} - -} // namespace OcspServiceCallbacksApi -} // namespace WrtSecurity - -#endif // OCSP_SERVICE_CALLBACKS_API_H_ diff --git a/src/services/ocsp/socket/ocsp_service_callbacks.cpp b/src/services/ocsp/socket/ocsp_service_callbacks.cpp deleted file mode 100644 index 8ff588a..0000000 --- a/src/services/ocsp/socket/ocsp_service_callbacks.cpp +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ocsp_service_callbacks.cpp - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Implementation of Ocsp Service callbacks - */ - -#include "ocsp_service_callbacks.h" -#include - -namespace RPC { - -void OcspServiceCallbacks::checkAccess(SocketConnection * connector){ - int response = 0; - Try { - connector->write(response); - } Catch (SocketConnection::Exception::SocketConnectionException){ - LogError("Socket Connection write error"); - ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, - "Socket Connection write error"); - } -} - -} // namespace RPC diff --git a/src/services/ocsp/socket/ocsp_service_callbacks.h b/src/services/ocsp/socket/ocsp_service_callbacks.h deleted file mode 100644 index df77a80..0000000 --- a/src/services/ocsp/socket/ocsp_service_callbacks.h +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file ocsp_service_callbacks.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Header of Ocsp Service callbacks class - */ - -#ifndef OCSP_SERVICE_CALLBACKS_H_ -#define OCSP_SERVICE_CALLBACKS_H_ - -#include - -namespace RPC { - -namespace OcspServiceCallbacks { - void checkAccess(SocketConnection * connector); -}; - -} // namespace RPC -#endif /* OCSP_SERVICE_CALLBACKS_H_ */ diff --git a/src/services/popup/dbus/popup_response_dbus_interface.cpp b/src/services/popup/dbus/popup_response_dbus_interface.cpp deleted file mode 100644 index f897eeb..0000000 --- a/src/services/popup/dbus/popup_response_dbus_interface.cpp +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file popup_response_dispatcher.cpp - * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com) - * @version 1.0 - * @brief - */ - -#include "popup_response_dbus_interface.h" -#include -#include -#include -#include -#include -#include -#include "popup_ace_data_types.h" -//#include "access-control/engine/PromptModel.h" -#include "attribute_facade.h" -//#include "Request.h" -#include "security_controller.h" - -namespace RPC -{ - -void PopupResponseDBusInterface::onMethodCall(const gchar* methodName, - GVariant* parameters, - GDBusMethodInvocation* invocation) -{ - using namespace WrtSecurity; -#if 1 - if (0 == g_strcmp0(methodName, - PopupServerApi::VALIDATION_METHOD().c_str())) - { - // popup answer data - bool allowed = false; - int serializedValidity = 0; - - // ACE data - AceUserdata acedata; - - if (!DPL::DBus::ServerDeserialization::deserialize( - parameters, - &allowed, - &serializedValidity, - &(acedata.handle), - &(acedata.subject), - &(acedata.resource), - &(acedata.paramKeys), - &(acedata.paramValues), - &(acedata.sessionId))) - { - g_dbus_method_invocation_return_dbus_error( - invocation, - "org.tizen.PopupResponse.UnknownError", - "Error in deserializing input parameters"); - return; - } - - if (acedata.paramKeys.size() != acedata.paramValues.size()) { - g_dbus_method_invocation_return_dbus_error( - invocation, - "org.tizen.PopupResponse.UnknownError", - "Varying sizes of parameter names and parameter values"); - return; - } - - FunctionParamImpl params; - for (size_t i = 0; i < acedata.paramKeys.size(); ++i) { - params.addAttribute(acedata.paramKeys[i], acedata.paramValues[i]); - } - Request request(acedata.handle, - WidgetExecutionPhase_Invoke, - ¶ms); - request.addDeviceCapability(acedata.resource); - - Prompt::Validity validity = static_cast(serializedValidity); - - bool response = false; - SecurityControllerEvents::ValidatePopupResponseEvent ev( - &request, - allowed, - validity, - acedata.sessionId, - &response); - CONTROLLER_POST_SYNC_EVENT(SecurityController, ev); - - g_dbus_method_invocation_return_value( - invocation, - DPL::DBus::ServerSerialization::serialize(response)); - } -#endif -} - -} diff --git a/src/services/popup/dbus/popup_response_dbus_interface.h b/src/services/popup/dbus/popup_response_dbus_interface.h deleted file mode 100644 index 19e9494..0000000 --- a/src/services/popup/dbus/popup_response_dbus_interface.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file popup_response_dbus_interface.h - * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com) - * @author Tomasz Swierczek (t.swierczek@samsung.com) - * @version 1.0 - * @brief - */ - -#ifndef WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H -#define WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H - -#include -#include "popup_response_server_api.h" - -namespace RPC { - -class PopupResponseDBusInterface : public DPL::DBus::InterfaceDispatcher -{ -public: - PopupResponseDBusInterface(): - DPL::DBus::InterfaceDispatcher( - WrtSecurity::PopupServerApi::INTERFACE_NAME()) - { - using namespace WrtSecurity; - - setXmlSignature("" - " " - " " - // popup answer data - " " - " " - // this is copied from ace_server_dbus_interface - " " - " " - " " - " " - " " - " " - " " - " " - " " - ""); - - } - - virtual ~PopupResponseDBusInterface() - {} - - virtual void onMethodCall(const gchar* methodName, - GVariant* parameters, - GDBusMethodInvocation* invocation); -}; - -} - -#endif // WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H diff --git a/src/services/popup/popup_ace_data_types.h b/src/services/popup/popup_ace_data_types.h deleted file mode 100644 index 1b5f734..0000000 --- a/src/services/popup/popup_ace_data_types.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file popup_ace_data_types.h - * @author Pawel Sikorski (p.sikorski@samsung.com) - * @version 1.0 - * @brief - */ - -#ifndef POPUP_ACE_DATA_TYPES_H_ -#define POPUP_ACE_DATA_TYPES_H_ - -#include -#include - -// additional data needed by PolicyEvaluaor to recognize Popup Response -struct AceUserdata -{ - //TODO INVALID_WIDGET_HANDLE is defined in wrt_plugin_export.h. - // I do not want to include that file here... - AceUserdata(): handle(-1) {} - - int handle; - std::string subject; - std::string resource; - std::vector paramKeys; - std::vector paramValues; - std::string sessionId; -}; - -typedef bool SecurityStatus; - -#endif /* POPUP_ACE_DATA_TYPES_H_ */ diff --git a/src/services/popup/popup_response_server_api.h b/src/services/popup/popup_response_server_api.h deleted file mode 100644 index 47dd4d3..0000000 --- a/src/services/popup/popup_response_server_api.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file popup_response_server_api.h - * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com) - * @version 1.0 - * @brief - */ - -#ifndef WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H -#define WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H - -#include - -namespace WrtSecurity{ -namespace PopupServerApi{ - -inline const std::string INTERFACE_NAME() -{ - return "org.tizen.PopupResponse"; -} - -inline const std::string VALIDATION_METHOD() -{ - return "validate"; -} - -} -} - -#endif // WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H - diff --git a/src/services/popup/socket/api/popup_service_callbacks_api.h b/src/services/popup/socket/api/popup_service_callbacks_api.h deleted file mode 100644 index d22b9c7..0000000 --- a/src/services/popup/socket/api/popup_service_callbacks_api.h +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file popup_service_callbacks_api.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Header with api of Popup Service callbacks - */ - -#ifndef POPUP_SERVICE_CALLBACKS_API_H_ -#define POPUP_SERVICE_CALLBACKS_API_H_ - -#include -#include -#include "SocketConnection.h" -#include "popup_response_server_api.h" -#include "popup_service_callbacks.h" -#include - -namespace WrtSecurity{ -namespace PopupServiceCallbacksApi{ - -inline std::pair VALIDATION_METHOD_CALLBACK(){ - return std::make_pair(WrtSecurity::PopupServerApi::VALIDATION_METHOD(), RPC::PopupServiceCallbacks::validate); -} - -} // namespace PopupServiceCallbacksApi -} // namespace WrtSecurity - -#endif /* POPUP_SERVICE_CALLBACKS_API_H_ */ diff --git a/src/services/popup/socket/popup_service_callbacks.cpp b/src/services/popup/socket/popup_service_callbacks.cpp deleted file mode 100644 index d3e88e0..0000000 --- a/src/services/popup/socket/popup_service_callbacks.cpp +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file popup_service_callbacks.cpp - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Implementation of Popup Service callbacks - */ - -#include "popup_service_callbacks.h" -#include -#include -#include -#include -#include "attribute_facade.h" -#include "popup_ace_data_types.h" -#include "security_controller.h" -#include - -namespace RPC { - -void PopupServiceCallbacks::validate(SocketConnection * connector){ - - bool allowed = false; - int serializedValidity = 0; - - AceUserdata acedata; - - Try { - connector->read(&allowed, - &serializedValidity, - &(acedata.handle), - &(acedata.subject), - &(acedata.resource), - &(acedata.paramKeys), - &(acedata.paramValues), - &(acedata.sessionId)); - } Catch (SocketConnection::Exception::SocketConnectionException){ - LogError("Socket connection read error"); - ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, - "Socket connection read error"); - } - - if (acedata.paramKeys.size() != acedata.paramValues.size()) { - ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, - "Varying sizes of parameter names vector and parameter values vector"); - } - FunctionParamImpl params; - for (size_t i = 0; i < acedata.paramKeys.size(); ++i) { - params.addAttribute(acedata.paramKeys[i], acedata.paramValues[i]); - } - Request request(acedata.handle, - WidgetExecutionPhase_Invoke, - ¶ms); - request.addDeviceCapability(acedata.resource); - - Prompt::Validity validity = static_cast(serializedValidity); - - bool response = false; - SecurityControllerEvents::ValidatePopupResponseEvent ev( - &request, - allowed, - validity, - acedata.sessionId, - &response); - SecurityCallerSingleton::Instance().SendSyncEvent(ev); - - Try { - connector->write(response); - } Catch (SocketConnection::Exception::SocketConnectionException){ - LogError("Socket connection write error"); - ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, - "Socket connection write error"); - } -} - -} // namespace RPC diff --git a/src/services/popup/socket/popup_service_callbacks.h b/src/services/popup/socket/popup_service_callbacks.h deleted file mode 100644 index e7d30f2..0000000 --- a/src/services/popup/socket/popup_service_callbacks.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file popup_service_callbacks.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief Header of Popup Service callbacks - */ - -#ifndef POPUP_SERVICE_CALLBACKS_H_ -#define POPUP_SERVICE_CALLBACKS_H_ - -#include -#include - -namespace RPC { - -namespace PopupServiceCallbacks { - void validate(SocketConnection * connector); -}; - -} // namespace RPC -#endif /* POPUP_SERVICE_CALLBACKS_H_ */ diff --git a/src/security-srv/util/security-server-util-common.c b/src/util/security-server-util-common.c similarity index 99% rename from src/security-srv/util/security-server-util-common.c rename to src/util/security-server-util-common.c index e28786a..675c729 100644 --- a/src/security-srv/util/security-server-util-common.c +++ b/src/util/security-server-util-common.c @@ -336,6 +336,7 @@ int util_process_cookie_from_cookie(int sockfd, cookie_list* list) { unsigned char cookie[SECURITY_SERVER_COOKIE_LEN]; int ret; + int privileges[] = { 0 }; //only one privilege to check - root cookie_list *result = NULL; ret = read(sockfd, cookie, SECURITY_SERVER_COOKIE_LEN); @@ -344,7 +345,7 @@ int util_process_cookie_from_cookie(int sockfd, cookie_list* list) SEC_SVR_DBG("Received cookie size is too small: %d", ret); return SECURITY_SERVER_ERROR_RECV_FAILED; } - result = search_cookie(list, cookie, 0); + result = search_cookie(list, cookie, privileges, 1); if(result == NULL) { ret = send_generic_response(sockfd, SECURITY_SERVER_MSG_TYPE_GET_COOKIEINFO_RESPONSE, diff --git a/src/security-srv/util/security-server-util.c b/src/util/security-server-util.c similarity index 100% rename from src/security-srv/util/security-server-util.c rename to src/util/security-server-util.c diff --git a/wrt_ocsp/CMakeLists.txt b/wrt_ocsp/CMakeLists.txt deleted file mode 100644 index e03d379..0000000 --- a/wrt_ocsp/CMakeLists.txt +++ /dev/null @@ -1 +0,0 @@ -ADD_SUBDIRECTORY(src) \ No newline at end of file diff --git a/wrt_ocsp/include/wrt_ocsp_api.h b/wrt_ocsp/include/wrt_ocsp_api.h deleted file mode 100644 index 856d97b..0000000 --- a/wrt_ocsp/include/wrt_ocsp_api.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * @file wrt_oscp_api.h - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief This is C api for WRT OCSP - */ -#ifndef WRT_OCSP_API_H -#define WRT_OCSP_API_H - -#ifdef __cplusplus -extern "C" { -#endif - -typedef enum{ - WRT_OCSP_OK, - WRT_OCSP_INVALID_ARGUMENTS, - WRT_OCSP_INTERNAL_ERROR -}wrt_ocsp_return_t; - -typedef int wrt_ocsp_widget_handle_t; -typedef enum { - //The certificate has not been revoked. - WRT_OCSP_WIDGET_VERIFICATION_STATUS_GOOD, - - //The certificate has been revoked. - WRT_OCSP_WIDGET_VERIFICATION_STATUS_REVOKED - - -}wrt_ocsp_widget_verification_status_t; - -//-------------Initialization and shutdown------------------- -/* - * Establishes connection to security server. Must be called only once. - * Returns WRT_OCSP_OK or error - */ -wrt_ocsp_return_t wrt_ocsp_initialize(void); - -/* - * Deinitializes internal structures. Must be called only once. - * Returns WRT_OCSP_OK or error - */ - -wrt_ocsp_return_t wrt_ocsp_shutdown(void); - -//-------------Widget verification------------------------------ -/* - * Requests verification for widget identified with 'handle'. - * 'status holds server response. - * Returns WRT_OCSP_OK or error - */ - -wrt_ocsp_return_t wrt_ocsp_verify_widget(wrt_ocsp_widget_handle_t handle, - wrt_ocsp_widget_verification_status_t* status); - - -#ifdef __cplusplus -} -#endif -#endif //WRT_OCSP_API_H diff --git a/wrt_ocsp/src/CMakeLists.txt b/wrt_ocsp/src/CMakeLists.txt deleted file mode 100644 index 01c746a..0000000 --- a/wrt_ocsp/src/CMakeLists.txt +++ /dev/null @@ -1,60 +0,0 @@ -include(FindPkgConfig) - -PKG_CHECK_MODULES(WRT_OCSP_DEPS - dpl-efl - dpl-dbus-efl - REQUIRED - ) - -SET(WRT_OCSP_DIR - ${PROJECT_SOURCE_DIR}/wrt_ocsp - ) - -SET(WRT_OCSP_SRC_DIR - ${WRT_OCSP_DIR}/src - ) - -SET(WRT_OCSP_INCLUDE_DIR - ${WRT_OCSP_DIR}/include - ) - -SET(WRT_OCSP_SOURCES - ${COMMUNICATION_CLIENT_SOURCES} - ${WRT_OCSP_SRC_DIR}/wrt_ocsp_api.cpp - ) - -SET(WRT_OCSP_INCLUDES - ${WRT_OCSP_DEPS_INCLUDE_DIRS} - ${WRT_OCSP_INCLUDE_DIR} - ${COMMUNICATION_CLIENT_INCLUDES} - ${PROJECT_SOURCE_DIR}/src/services/ocsp - ${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus/api - ${PROJECT_SOURCE_DIR}/src/daemon/dbus - ) - -ADD_DEFINITIONS(${WRT_OCSP_DEPS_CFLAGS}) -ADD_DEFINITIONS(${WRT__CFLAGS_OTHER}) - -INCLUDE_DIRECTORIES(${WRT_OCSP_INCLUDES}) - -ADD_LIBRARY(${TARGET_WRT_OCSP_LIB} SHARED ${WRT_OCSP_SOURCES}) - -SET_TARGET_PROPERTIES(${TARGET_WRT_OCSP_LIB} PROPERTIES - SOVERSION ${API_VERSION} - VERSION ${VERSION}) - -SET_TARGET_PROPERTIES(${TARGET_WRT_OCSP_LIB} PROPERTIES - COMPILE_FLAGS -fPIC) - -TARGET_LINK_LIBRARIES(${TARGET_WRT_OCSP_LIB} - ${WRT_OCSP_DEPS_LIBRARIES} - ${WRT_OCSP_DEPS_LDFLAGS} - ) - -INSTALL(TARGETS ${TARGET_WRT_OCSP_LIB} - DESTINATION lib) - -INSTALL(FILES - ${WRT_OCSP_INCLUDE_DIR}/wrt_ocsp_api.h - DESTINATION include/wrt-ocsp - ) diff --git a/wrt_ocsp/src/wrt_ocsp_api.cpp b/wrt_ocsp/src/wrt_ocsp_api.cpp deleted file mode 100644 index 5ab9f85..0000000 --- a/wrt_ocsp/src/wrt_ocsp_api.cpp +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file wrt_ocsp_api.cpp - * @author Zofia Abramowska (z.abramowska@samsung.com) - * @version 1.0 - * @brief This file contains implementation of WRT OCSP api - */ - -#include -#include -#include "ocsp_server_api.h" -#include "SecurityCommunicationClient.h" - -#include "wrt_ocsp_api.h" - -static WrtSecurity::Communication::Client *communicationClient = NULL; - -wrt_ocsp_return_t wrt_ocsp_initialize(void){ - if (NULL != communicationClient) { - LogError("wrt_ocsp_api already initialized"); - return WRT_OCSP_INTERNAL_ERROR; - } - - Try { - communicationClient = new WrtSecurity::Communication::Client(WrtSecurity::OcspServerApi::INTERFACE_NAME()); - } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { - LogError("Can't connect to daemon"); - return WRT_OCSP_INTERNAL_ERROR; - } - LogInfo("Initialized"); - return WRT_OCSP_OK; -} - -wrt_ocsp_return_t wrt_ocsp_shutdown(void){ - if (NULL == communicationClient) { - LogError("wrt_ocsp_api not initialized"); - return WRT_OCSP_INTERNAL_ERROR; - } - delete communicationClient; - communicationClient = NULL; - LogInfo("Shutdown"); - return WRT_OCSP_OK; -} - -wrt_ocsp_return_t wrt_ocsp_verify_widget(wrt_ocsp_widget_handle_t handle, - wrt_ocsp_widget_verification_status_t* status){ - - LogInfo("Verifying"); - if (NULL == status) { - LogError("Invalid arguments"); - return WRT_OCSP_INVALID_ARGUMENTS; - } - int intResponse; - - Try { - communicationClient->call(WrtSecurity::OcspServerApi::CHECK_ACCESS_METHOD(), - handle, - &intResponse); - } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { - LogError("Problem with connection to daemon"); - return WRT_OCSP_INTERNAL_ERROR; - } - (*status) = static_cast(intResponse); - LogInfo("Widget verified with response " << intResponse); - return WRT_OCSP_OK; -}