From: Randeep Singh Date: Wed, 9 Nov 2016 04:19:33 +0000 (+0530) Subject: [IOT-1524] Added check to reject unsecure request for selected SVR resources X-Git-Tag: 1.3.0~1053^2~28 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3e8f2e273d0d27834e9d2ff029f6350a4fc4d31f;p=platform%2Fupstream%2Fiotivity.git [IOT-1524] Added check to reject unsecure request for selected SVR resources ALL SVR resources other than DOXM & PSTAT resource should reject request over coap. Change-Id: Idcf0ff22d7c676bef2480fe9b32a9e7b22c2317a Signed-off-by: Randeep Singh Reviewed-on: https://gerrit.iotivity.org/gerrit/14137 Tested-by: jenkins-iotivity Reviewed-by: Kevin Kane Reviewed-by: Chul Lee (cherry picked from commit c9e82ceebe5ac962ec5ef0a42b1d6e62d9476f5d) Reviewed-on: https://gerrit.iotivity.org/gerrit/14323 --- diff --git a/resource/csdk/security/src/secureresourcemanager.c b/resource/csdk/security/src/secureresourcemanager.c index 373bd09..fd13eff 100644 --- a/resource/csdk/security/src/secureresourcemanager.c +++ b/resource/csdk/security/src/secureresourcemanager.c @@ -186,9 +186,13 @@ void SRMRequestHandler(const CAEndpoint_t *endPoint, const CARequestInfo_t *requ OCResource *resPtr = FindResourceByUri(newUri); if (NULL != resPtr) { - // check whether request is for secure resource or not and it should not be a SVR resource - if (((resPtr->resourceProperties) & OC_SECURE) + // All vertical secure resources and SVR resources other than DOXM & PSTAT should reject request + // over coap. + if ((((resPtr->resourceProperties) & OC_SECURE) && (g_policyEngineContext.resourceType == NOT_A_SVR_RESOURCE)) + || ((g_policyEngineContext.resourceType < OIC_SEC_SVR_TYPE_COUNT) + && (g_policyEngineContext.resourceType != OIC_R_DOXM_TYPE) + && (g_policyEngineContext.resourceType != OIC_R_PSTAT_TYPE))) { // if resource is secure and request is over insecure channel if (!isRequestOverSecureChannel)