From: Sangwan Kwon Date: Wed, 30 Oct 2019 06:53:03 +0000 (+0900) Subject: Rename policyd to vist-policy X-Git-Tag: submit/tizen/20200810.073515~170 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=971281d14f6f7ef889f14a0eee9c545af2e7f4ce;p=platform%2Fcore%2Fsecurity%2Fvist.git Rename policyd to vist-policy Signed-off-by: Sangwan Kwon --- diff --git a/CMake/Macro.cmake b/CMake/Macro.cmake index 580b6f1..4c0d54b 100644 --- a/CMake/Macro.cmake +++ b/CMake/Macro.cmake @@ -29,35 +29,24 @@ MACRO(ADD_OSQUERY_LINK) SET(${TARGET_OSQUERY_LIB}_DEPS ${${TARGET_OSQUERY_LIB}_DEPS} PARENT_SCOPE) ENDMACRO(ADD_OSQUERY_LINK) -## VIST ##################### +## ViST ##################### MACRO(ADD_VIST_LIBRARY TARGET) ADD_LIBRARY(${TARGET} OBJECT ${ARGN}) LIST(APPEND ${TARGET_VIST_LIB}_SRCS $) SET(${TARGET_VIST_LIB}_SRCS ${${TARGET_VIST_LIB}_SRCS} PARENT_SCOPE) ENDMACRO(ADD_VIST_LIBRARY) +MACRO(ADD_VIST_POLICY_LIBRARY TARGET) + ADD_LIBRARY(${TARGET} OBJECT ${ARGN}) + LIST(APPEND ${TARGET_VIST_POLICY_LIB}_SRCS $) + SET(${TARGET_VIST_POLICY_LIB}_SRCS ${${TARGET_VIST_POLICY_LIB}_SRCS} PARENT_SCOPE) +ENDMACRO(ADD_VIST_LIBRARY) + MACRO(ADD_VIST_TEST) LIST(APPEND ${TARGET_VIST_LIB}_TESTS ${ARGN}) SET(${TARGET_VIST_LIB}_TESTS ${${TARGET_VIST_LIB}_TESTS} PARENT_SCOPE) ENDMACRO(ADD_VIST_TEST) -MACRO(ADD_VIST_LINK) - LIST(APPEND ${TARGET_VIST_LIB}_DEPS ${ARGN}) - SET(${TARGET_VIST_LIB}_DEPS ${${TARGET_VIST_LIB}_DEPS} PARENT_SCOPE) -ENDMACRO(ADD_VIST_LINK) - -## policyd ##################### -MACRO(ADD_POLICYD_LIBRARY TARGET) - ADD_LIBRARY(${TARGET} OBJECT ${ARGN}) - LIST(APPEND ${TARGET_POLICYD_LIB}_SRCS $) - SET(${TARGET_POLICYD_LIB}_SRCS ${${TARGET_POLICYD_LIB}_SRCS} PARENT_SCOPE) -ENDMACRO(ADD_POLICYD_LIBRARY) - -MACRO(ADD_POLICYD_TEST) - LIST(APPEND ${TARGET_POLICYD_LIB}_TESTS ${ARGN}) - SET(${TARGET_POLICYD_LIB}_TESTS ${${TARGET_POLICYD_LIB}_TESTS} PARENT_SCOPE) -ENDMACRO(ADD_POLICYD_TEST) - ## common ############################# MACRO(TARGET_LINK_WHOLE TARGET LIBRARY) TARGET_LINK_LIBRARIES(${TARGET} "-Wl,-whole-archive") diff --git a/packaging/vist.spec b/packaging/vist.spec index f88f53c..5e797dd 100644 --- a/packaging/vist.spec +++ b/packaging/vist.spec @@ -110,7 +110,6 @@ Provides internal testcases for ViST implementation. %files test %{_bindir}/osquery-test %{_bindir}/vist-test -%{_bindir}/policyd-test ## ViST Plugins - ########################################################### %package plugins diff --git a/plugins/bluetooth/bluetooth.cpp b/plugins/bluetooth/bluetooth.cpp index eb41e97..aca5c24 100644 --- a/plugins/bluetooth/bluetooth.cpp +++ b/plugins/bluetooth/bluetooth.cpp @@ -18,8 +18,8 @@ #include #include -#include -#include +#include +#include #include @@ -37,7 +37,7 @@ ((int)(enable) ? BLUETOOTH_DPM_BT_ALLOWED : \ BLUETOOTH_DPM_BT_RESTRICTED) -using namespace policyd; +using namespace vist::policy; class ModeChange : public GlobalPolicy { public: diff --git a/plugins/wifi/wifi.cpp b/plugins/wifi/wifi.cpp index e490ac9..3714fa8 100644 --- a/plugins/wifi/wifi.cpp +++ b/plugins/wifi/wifi.cpp @@ -17,8 +17,8 @@ #include #include -#include -#include +#include +#include #include @@ -31,7 +31,7 @@ "/net/netconfig/network", \ "net.netconfig.network" -using namespace policyd; +using namespace vist::policy; class ModeChange : public GlobalPolicy { public: diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index d0646df..08d05f8 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -13,12 +13,11 @@ # limitations under the License SET(TARGET_OSQUERY_LIB osquery) -SET(TARGET_POLICYD_LIB policyd) +SET(TARGET_VIST_POLICY_LIB vist-policy) SET(TARGET_VIST_LIB vist) ADD_SUBDIRECTORY(osquery) IF(DEFINED GBS_BUILD) ADD_SUBDIRECTORY(vist) - ADD_SUBDIRECTORY(policyd) ENDIF(DEFINED GBS_BUILD) diff --git a/src/osquery/CMakeLists.txt b/src/osquery/CMakeLists.txt index 660bf29..7b48c17 100644 --- a/src/osquery/CMakeLists.txt +++ b/src/osquery/CMakeLists.txt @@ -69,7 +69,7 @@ ADD_LIBRARY(${TARGET_OSQUERY_LIB} TARGET_LINK_LIBRARIES(${TARGET_OSQUERY_LIB} ${${TARGET_OSQUERY_LIB}_DEPS}) IF(DEFINED GBS_BUILD) -TARGET_LINK_LIBRARIES(${TARGET_OSQUERY_LIB} ${TARGET_POLICYD_LIB}) +TARGET_LINK_LIBRARIES(${TARGET_OSQUERY_LIB} ${TARGET_VIST_POLICY_LIB}) ENDIF(DEFINED GBS_BUILD) SET_TARGET_PROPERTIES(${TARGET_OSQUERY_LIB} PROPERTIES OUTPUT_NAME ${TARGET_OSQUERY_LIB}) diff --git a/src/osquery/tables/tizen/policy.cpp b/src/osquery/tables/tizen/policy.cpp index a35b62b..5301071 100644 --- a/src/osquery/tables/tizen/policy.cpp +++ b/src/osquery/tables/tizen/policy.cpp @@ -19,20 +19,22 @@ #include #include -#include #include -#include +#include +#include namespace osquery { namespace tables { QueryData genPolicy(QueryContext& context) try { + INFO(VIST, "Select query about policy table."); + QueryData results; if (context.constraints["name"].exists(EQUALS)) { /// where clause auto names = context.constraints["name"].getAll(EQUALS); for (const auto& name : names) { - auto ret = policyd::API::Get(name); + auto ret = vist::policy::API::Get(name); Row r; r["name"] = TEXT(name); @@ -41,7 +43,7 @@ QueryData genPolicy(QueryContext& context) try { results.emplace_back(std::move(r)); } } else { /// select *; - auto policies = policyd::API::GetAll(); + auto policies = vist::policy::API::GetAll(); for (auto& policy : policies) { Row r; r["name"] = TEXT(policy.first); @@ -53,11 +55,13 @@ QueryData genPolicy(QueryContext& context) try { return results; } catch (...) { + ERROR(VIST, "Failed to select query on policy."); Row r; return { r }; } QueryData updatePolicy(QueryContext& context, const PluginRequest& request) try { + INFO(VIST, "Update query about policy table."); if (request.count("json_value_array") == 0) throw std::runtime_error("Wrong request format. Not found json value."); @@ -73,7 +77,7 @@ QueryData updatePolicy(QueryContext& context, const PluginRequest& request) try std::string name = document[0].GetString(); int value = std::stoi(document[1].GetString()); - policyd::API::Admin::Set(name, policyd::PolicyValue(value)); + vist::policy::API::Admin::Set(name, vist::policy::PolicyValue(value)); Row r; r["status"] = "success"; diff --git a/src/osquery/tables/tizen/policy_admin.cpp b/src/osquery/tables/tizen/policy_admin.cpp index 035e86f..e3e47da 100644 --- a/src/osquery/tables/tizen/policy_admin.cpp +++ b/src/osquery/tables/tizen/policy_admin.cpp @@ -21,7 +21,7 @@ #include #include -#include +#include #include namespace { @@ -70,10 +70,10 @@ namespace osquery { namespace tables { QueryData genPolicyAdmin(QueryContext& context) try { - INFO(VIST, "Select query about policy-admin."); + INFO(VIST, "Select query about policy-admin table."); QueryData results; - auto admins = policyd::API::Admin::GetAll(); + auto admins = vist::policy::API::Admin::GetAll(); for (auto& admin : admins) { Row r; @@ -92,13 +92,13 @@ QueryData genPolicyAdmin(QueryContext& context) try { } QueryData insertPolicyAdmin(QueryContext& context, const PluginRequest& request) try { - INFO(VIST, "Insert query about policy-admin."); + INFO(VIST, "Insert query about policy-admin table."); if (request.count("json_value_array") == 0) throw std::runtime_error("Wrong request format. Not found json value."); auto admin = parseAdmin(request.at("json_value_array")); DEBUG(VIST, "Admin info [name]: " << admin.first << ", [uid]: " << admin.second); - policyd::API::Admin::Enroll(admin.first, admin.second); + vist::policy::API::Admin::Enroll(admin.first, admin.second); Row r; r["status"] = "success"; @@ -110,13 +110,13 @@ QueryData insertPolicyAdmin(QueryContext& context, const PluginRequest& request) } QueryData deletePolicyAdmin(QueryContext& context, const PluginRequest& request) try { - INFO(VIST, "Delete query about policy-admin."); + INFO(VIST, "Delete query about policy-admin table."); if (request.count("json_value_array") == 0) throw std::runtime_error("Wrong request format. Not found json value."); auto admin = parseAdmin(request.at("json_value_array"), false); DEBUG(VIST, "Admin info [name]: " << admin.first << ", [uid]: " << admin.second); - policyd::API::Admin::Disenroll(admin.first, admin.second); + vist::policy::API::Admin::Disenroll(admin.first, admin.second); Row r; r["status"] = "success"; diff --git a/src/osquery/tables/tizen/tests/policy_tests.cpp b/src/osquery/tables/tizen/tests/policy_tests.cpp index 4a3a9eb..f31d527 100644 --- a/src/osquery/tables/tizen/tests/policy_tests.cpp +++ b/src/osquery/tables/tizen/tests/policy_tests.cpp @@ -16,33 +16,35 @@ #include -#include +#include + +using namespace vist; class PolicyTests : public testing::Test {}; TEST_F(PolicyTests, get_all) { - auto policies = policyd::API::GetAll(); + auto policies = policy::API::GetAll(); EXPECT_TRUE(policies.size() > 0); } TEST_F(PolicyTests, get_admin_all) { - auto admins = policyd::API::Admin::GetAll(); + auto admins = policy::API::Admin::GetAll(); EXPECT_EQ(admins.size(), 0); - policyd::API::Admin::Enroll("testAdmin", 0); - admins = policyd::API::Admin::GetAll(); + policy::API::Admin::Enroll("testAdmin", 0); + admins = policy::API::Admin::GetAll(); EXPECT_EQ(admins.size(), 1); - policyd::API::Admin::Enroll("testAdmin", 1); - admins = policyd::API::Admin::GetAll(); + policy::API::Admin::Enroll("testAdmin", 1); + admins = policy::API::Admin::GetAll(); EXPECT_EQ(admins.size(), 2); - policyd::API::Admin::Disenroll("testAdmin", 0); - admins = policyd::API::Admin::GetAll(); + policy::API::Admin::Disenroll("testAdmin", 0); + admins = policy::API::Admin::GetAll(); EXPECT_EQ(admins.size(), 1); - policyd::API::Admin::Disenroll("testAdmin", 1); - admins = policyd::API::Admin::GetAll(); + policy::API::Admin::Disenroll("testAdmin", 1); + admins = policy::API::Admin::GetAll(); EXPECT_EQ(admins.size(), 0); } diff --git a/src/policyd/CMakeLists.txt b/src/policyd/CMakeLists.txt deleted file mode 100644 index e148a03..0000000 --- a/src/policyd/CMakeLists.txt +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -SET(TARGET_POLICYD_TEST policyd-test) - -SET(${TARGET_POLICYD_LIB}_SRCS "") -SET(${TARGET_POLICYD_LIB}_TESTS "") - -SET(DEPENDENCY klay) - -PKG_CHECK_MODULES(POLICYD_DEPS REQUIRED ${DEPENDENCY}) - -INCLUDE_DIRECTORIES(SYSTEM . ${POLICYD_DEPS_INCLUDE_DIRS}) - -ADD_DEFINITIONS(-DDB_PATH="${DB_INSTALL_DIR}/.vist.db" - -DPLUGIN_INSTALL_DIR="${PLUGIN_INSTALL_DIR}" - -DSCRIPT_INSTALL_DIR="${SCRIPT_INSTALL_DIR}") - -ADD_SUBDIRECTORY(core) -ADD_SUBDIRECTORY(sdk) - -ADD_LIBRARY(${TARGET_POLICYD_LIB} STATIC ${${TARGET_POLICYD_LIB}_SRCS}) - -TARGET_LINK_LIBRARIES(${TARGET_POLICYD_LIB} ${POLICYD_DEPS_LIBRARIES} pthread dl) - -SET_TARGET_PROPERTIES(${TARGET_POLICYD_LIB} PROPERTIES COMPILE_FLAGS "-fPIE") -SET_TARGET_PROPERTIES(${TARGET_POLICYD_LIB} PROPERTIES LINK_FLAGS "-pie") - -ADD_EXECUTABLE(${TARGET_POLICYD_TEST} ../vist/main/tests.cpp - ${${TARGET_POLICYD_LIB}_TESTS}) - -TARGET_LINK_LIBRARIES(${TARGET_POLICYD_TEST} ${TARGET_POLICYD_LIB} - gtest - pthread) -ADD_TEST(${TARGET_POLICYD_TEST} ${TARGET_POLICYD_TEST}) -INSTALL(TARGETS ${TARGET_POLICYD_TEST} - DESTINATION ${CMAKE_INSTALL_BINDIR} - PERMISSIONS OWNER_READ - OWNER_WRITE - OWNER_EXECUTE - GROUP_READ - GROUP_EXECUTE - WORLD_READ - WORLD_EXECUTE) diff --git a/src/policyd/api.h b/src/policyd/api.h deleted file mode 100644 index 6fdb5bc..0000000 --- a/src/policyd/api.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -#include - -#include -#include -#include - -namespace policyd { - -struct API { - static PolicyValue Get(const std::string& policy); - static std::unordered_map GetAll(); - - struct Admin { - static void Set(const std::string& policy, const PolicyValue& value); - - static void Enroll(const std::string& admin, uid_t uid); - static void Disenroll(const std::string& admin, uid_t uid); - - static std::multimap GetAll(); - }; -}; - -} // namespace policyd diff --git a/src/policyd/core/CMakeLists.txt b/src/policyd/core/CMakeLists.txt deleted file mode 100644 index 4f73300..0000000 --- a/src/policyd/core/CMakeLists.txt +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -ADD_POLICYD_LIBRARY(policyd_core api.cpp - policy-manager.cpp - policy-loader.cpp - policy-storage.cpp) - -FILE(GLOB SDK_TESTS "tests/*.cpp") -ADD_POLICYD_TEST(${SDK_TESTS}) diff --git a/src/policyd/core/api.cpp b/src/policyd/core/api.cpp deleted file mode 100644 index 66d0bfd..0000000 --- a/src/policyd/core/api.cpp +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#include - -#include "policy-manager.h" - -namespace policyd { - -PolicyValue API::Get(const std::string& policy) -{ - return PolicyManager::Instance().get(policy); -} - -std::unordered_map API::GetAll() -{ - return PolicyManager::Instance().getAll(); -} - -void API::Admin::Set(const std::string& policy, const PolicyValue& value) -{ - // TODO(Sangwan): Get admin name from peer PID - PolicyManager::Instance().set(policy, value, "admin"); -} - -void API::Admin::Enroll(const std::string& admin, uid_t uid) -{ - PolicyManager::Instance().enroll(admin, uid); -} - -void API::Admin::Disenroll(const std::string& admin, uid_t uid) -{ - PolicyManager::Instance().disenroll(admin, uid); -} - -std::multimap API::Admin::GetAll() -{ - return PolicyManager::Instance().getAdmins(); -} - -} // namespace policyd diff --git a/src/policyd/core/db-schema.h b/src/policyd/core/db-schema.h deleted file mode 100644 index 98f7a3b..0000000 --- a/src/policyd/core/db-schema.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ -#pragma once - -#include - -namespace policyd { -namespace schema { - -struct Admin { - int id = -1; - std::string pkg; - int uid = -1; - std::string key; - int removable = -1; -}; - -struct ManagedPolicy { - int id = -1; - int aid = -1; - int pid = -1; - int value = -1; -}; - -struct PolicyDefinition { - int id = -1; - int scope = -1; - std::string name; - int ivalue = -1; -}; - -} // namespace schema -} // namespace policyd diff --git a/src/policyd/core/policy-loader.cpp b/src/policyd/core/policy-loader.cpp deleted file mode 100644 index 042e915..0000000 --- a/src/policyd/core/policy-loader.cpp +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#include "policy-loader.h" - -namespace policyd { - -PolicyProvider* PolicyLoader::load(const std::string& path) -{ - PluginLoader loader(path); - PolicyProvider::FactoryType factory = nullptr; - loader.load(PolicyProvider::getFactoryName(), factory); - if (factory == nullptr) - std::runtime_error("Failed to load symbol. " + PolicyProvider::getFactoryName()); - - auto provider = (*factory)(); - if (provider == nullptr) - std::runtime_error("Failed to make provider. " + PolicyProvider::getFactoryName()); - - return provider; -} - -PluginLoader::PluginLoader(const std::string& path, int flag) - : handle(::dlopen(path.c_str(), flag), [](void*)->int{return 0;}) -// Cleaning object after dlclose() makes SEGFAULT. -// TODO: Sync dynamic loading's life-cycle with program.(PluginManager) -// : handle(::dlopen(path.c_str(), flag), ::dlclose) -{ - if (handle == nullptr) - throw std::invalid_argument("Failed to open: " + path); -} - -} // namespace policyd diff --git a/src/policyd/core/policy-loader.h b/src/policyd/core/policy-loader.h deleted file mode 100644 index 14c32a2..0000000 --- a/src/policyd/core/policy-loader.h +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -#include - -#include -#include -#include - -#include - -namespace policyd { - -struct PolicyLoader final { - static PolicyProvider* load(const std::string& path); -}; - -class PluginLoader final { -public: - explicit PluginLoader(const std::string& path, int flag = RTLD_LAZY); - - template - void load(const std::string& name, T& symbol); - -private: - using Handle = std::unique_ptr; - Handle handle; -}; - -template -void PluginLoader::load(const std::string& name, T& symbol) -{ - symbol = reinterpret_cast(::dlsym(handle.get(), name.c_str())); - if (symbol == nullptr) - throw std::runtime_error("Failed to load: " + name); -} - -} // namespace policyd diff --git a/src/policyd/core/policy-manager.cpp b/src/policyd/core/policy-manager.cpp deleted file mode 100644 index 2d59145..0000000 --- a/src/policyd/core/policy-manager.cpp +++ /dev/null @@ -1,156 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#include "policy-manager.h" -#include "policy-loader.h" - -#include - -#include - -namespace policyd { - -PolicyManager::PolicyManager() : storage(DB_PATH) -{ - loadProviders(PLUGIN_INSTALL_DIR); - int cnt = loadPolicies(); - INFO(VIST, std::to_string(cnt) + "-policies loaded"); -} - -std::pair PolicyManager::loadProviders(const std::string& path) -{ - INFO(VIST, "Load policies from :" << path); - klay::File dir(path); - if (!dir.exists() || !dir.isDirectory()) - throw std::invalid_argument("Plugin directory is wrong.: " + path); - - int passed = 0, failed = 0; - klay::DirectoryIterator end; - for (klay::DirectoryIterator iter(path); iter != end; ++iter) { - if (!iter->isFile()) - continue; - - try { - auto provider = PolicyLoader::load(iter->getPath()); - DEBUG(VIST, "Loaded provider: " << provider->getName()); - - bool exist = false; - for (const auto& p : this->providers) { - if (p->getName() == provider->getName()) { - exist = true; - break; - } - } - - if (!exist) - this->providers.emplace_back(std::move(provider)); - } catch (const std::exception& e) { - ++failed; - ERROR(VIST, "Failed to load: " << iter->getPath() << e.what()); - continue; - } - - ++passed; - } - - INFO(VIST, "Loaded result >> passed: " << passed << ", failed: " << failed); - return std::make_pair(passed, failed); -} - -int PolicyManager::loadPolicies() -{ - bool changed = false; - - /// Make policy-provider map for performance - for (const auto& provider : providers) { - for (const auto& pair : provider->global) { - policies[pair.first] = provider->getName(); - - /// Check the policy is defined on policy-storage - if (!storage.exists(pair.first)) { - INFO(VIST, "Define global policy: " << pair.first); - storage.define(0, pair.first, pair.second->getInitial().value); - changed = true; - } - } - - for (const auto& pair : provider->domain) { - policies[pair.first] = provider->getName(); - - if (!storage.exists(pair.first)) { - INFO(VIST, "Define domain policy: " << pair.first); - storage.define(1, pair.first, pair.second->getInitial().value); - changed = true; - } - } - } - - if (changed) - storage.syncPolicyDefinition(); - - return policies.size(); -} - -void PolicyManager::enroll(const std::string& admin, uid_t uid) -{ - this->storage.enroll(admin, uid); -} - -void PolicyManager::disenroll(const std::string& admin, uid_t uid) -{ - this->storage.disenroll(admin, uid); -} - -void PolicyManager::set(const std::string& policy, const PolicyValue& value, - const std::string& admin, uid_t uid) -{ - if (policies.find(policy) == policies.end()) - std::runtime_error("Not exist policy: " + policy); - - storage.update(admin, uid, policy, value); - - for (auto& p : providers) { - if (p->getName() != policies[policy]) - continue; - - if (p->global.find(policy) != p->global.end()) { - p->global[policy]->set(value); - return; - } - - if (p->domain.find(policy) != p->domain.end()) { - p->domain[policy]->set(uid, value); - return; - } - } -} - -PolicyValue PolicyManager::get(const std::string& policy, uid_t uid) -{ - return storage.strictest(policy, uid); -} - -std::unordered_map PolicyManager::getAll(uid_t uid) -{ - return storage.strictest(uid); -} - -std::multimap PolicyManager::getAdmins() -{ - return storage.getAdmins(); -} - -} // namespace policyd diff --git a/src/policyd/core/policy-manager.h b/src/policyd/core/policy-manager.h deleted file mode 100644 index 9ab2b06..0000000 --- a/src/policyd/core/policy-manager.h +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -#include -#include - -#include "policy-storage.h" - -#include -#include -#include -#include -#include -#include - -#include - -namespace policyd { - -class PolicyManager final { -public: - PolicyManager(const PolicyManager&) = delete; - PolicyManager& operator=(const PolicyManager&) = delete; - - PolicyManager(PolicyManager&&) = delete; - PolicyManager& operator=(PolicyManager&&) = delete; - - static PolicyManager& Instance() { - static PolicyManager manager; - return manager; - } - - void enroll(const std::string& admin, uid_t uid); - void disenroll(const std::string& admin, uid_t uid); - - void set(const std::string& policy, const PolicyValue& value, - const std::string& admin, uid_t uid = 0); - PolicyValue get(const std::string& policy, uid_t uid = 0); - std::unordered_map getAll(uid_t uid = 0); - - std::multimap getAdmins(); - -private: - explicit PolicyManager(); - ~PolicyManager() = default; - - std::pair loadProviders(const std::string& path); - int loadPolicies(); - - PolicyStorage storage; - std::vector> providers; - - /// Policy-Provider - std::unordered_map policies; - - FRIEND_TEST(PolicyCoreTests, policy_loader); -}; - -} // namespace policyd diff --git a/src/policyd/core/policy-storage.cpp b/src/policyd/core/policy-storage.cpp deleted file mode 100644 index afd2463..0000000 --- a/src/policyd/core/policy-storage.cpp +++ /dev/null @@ -1,330 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#include "policy-storage.h" - -#include - -#include -#include -#include -#include - -#include - -using namespace query_builder; -using namespace policyd::schema; - -namespace { - -auto adminTable = make_table("admin", - make_column("id", &Admin::id), - make_column("pkg", &Admin::pkg), - make_column("uid", &Admin::uid), - make_column("key", &Admin::key), - make_column("removable", &Admin::removable)); - -auto managedPolTable = make_table("managed_policy", - make_column("id", &ManagedPolicy::id), - make_column("aid", &ManagedPolicy::aid), - make_column("pid", &ManagedPolicy::pid), - make_column("value", &ManagedPolicy::value)); - -auto definitionTable = make_table("policy_definition", - make_column("id", &PolicyDefinition::id), - make_column("scope", &PolicyDefinition::scope), - make_column("name", &PolicyDefinition::name), - make_column("ivalue", &PolicyDefinition::ivalue)); - -const std::string SCRIPT_BASE = SCRIPT_INSTALL_DIR; -const std::string SCRIPT_CREATE_SCHEMA = "create_schema"; - -} // anonymous namespace - -namespace policyd { - -PolicyStorage::PolicyStorage(const std::string& path) : - database(std::make_shared(path, - database::Connection::ReadWrite | - database::Connection::Create)) -{ - database->exec("PRAGMA foreign_keys = ON;"); - database->exec(getScript(SCRIPT_CREATE_SCHEMA)); - - sync(); -} - -void PolicyStorage::sync() -{ - DEBUG(VIST, "Sync policy storage to cache object."); - syncPolicyDefinition(); - syncAdmin(); - syncManagedPolicy(); -} - -void PolicyStorage::syncPolicyDefinition() -{ - this->definitions.clear(); - std::string query = definitionTable.selectAll(); - database::Statement stmt(*database, query); - - while (stmt.step()) { - PolicyDefinition pd; - pd.id = stmt.getColumn(0); - pd.scope = stmt.getColumn(1); - pd.name = std::string(stmt.getColumn(2)); - pd.ivalue = stmt.getColumn(3); - DEBUG(VIST, "Defined policy:" + pd.name); - this->definitions.emplace(pd.name, std::move(pd)); - } -} - -void PolicyStorage::syncAdmin() -{ - this->admins.clear(); - std::string query = adminTable.selectAll(); - database::Statement stmt(*database, query); - - while (stmt.step()) { - Admin admin; - admin.id = stmt.getColumn(0); - admin.pkg = std::string(stmt.getColumn(1)); - admin.uid = stmt.getColumn(2); - admin.key = std::string(stmt.getColumn(3)); - admin.removable = stmt.getColumn(4); - - std::string alias = getAlias(admin.pkg, admin.uid); - this->admins.emplace(alias, std::move(admin)); - } -} - -void PolicyStorage::syncManagedPolicy() -{ - this->managedPolicies.clear(); - std::string query = managedPolTable.selectAll(); - database::Statement stmt(*database, query); - - while (stmt.step()) { - ManagedPolicy mp; - mp.id = stmt.getColumn(0); - mp.aid = stmt.getColumn(1); - mp.pid = stmt.getColumn(2); - mp.value = stmt.getColumn(3); - this->managedPolicies.emplace(mp.pid, std::move(mp)); - } -} - -std::string PolicyStorage::getScript(const std::string& name) -{ - std::string path = SCRIPT_BASE + "/" + name + ".sql"; - std::ifstream is(path); - if (is.fail()) - throw std::invalid_argument("Failed to open script: " + path); - - std::istreambuf_iterator begin(is), end; - auto content = std::string(begin, end); - if (content.empty()) - throw std::runtime_error("Failed to read script: " + path); - - return content; -} - -void PolicyStorage::define(int scope, const std::string& policy, int ivalue) -{ - if (definitions.find(policy) != definitions.end()) { - INFO(VIST, "Policy is already defined: " + policy); - return; - } - - PolicyDefinition pd; - pd.scope = scope; - pd.name = policy; - pd.ivalue = ivalue; - - std::string insertQuery = definitionTable.insert(&PolicyDefinition::scope, - &PolicyDefinition::name, - &PolicyDefinition::ivalue); - database::Statement stmt(*database, insertQuery); - stmt.bind(1, pd.scope); - stmt.bind(2, pd.name); - stmt.bind(3, pd.ivalue); - if (!stmt.exec()) - throw std::runtime_error("Failed to define policy: " + pd.name); -} - -void PolicyStorage::enroll(const std::string& name, uid_t uid) -{ - std::string alias = getAlias(name, uid); - INFO(VIST, "Enroll admin: " + alias); - if (admins.find(alias) != admins.end()) { - ERROR(VIST, "Admin is aleady enrolled.: " + alias); - return; - } - - Admin admin; - admin.pkg = name; - admin.uid = static_cast(uid); - admin.key = "Not supported"; - admin.removable = true; - - std::string insertQuery = adminTable.insert(&Admin::pkg, &Admin::uid, - &Admin::key, &Admin::removable); - database::Statement stmt(*database, insertQuery); - stmt.bind(1, admin.pkg); - stmt.bind(2, admin.uid); - stmt.bind(3, admin.key); - stmt.bind(4, admin.removable); - if (!stmt.exec()) - throw std::runtime_error("Failed to enroll admin: " + admin.pkg); - - /// Sync admin for getting admin ID. - syncAdmin(); - /// ManagedPolicy is triggered by enrolling admin. - syncManagedPolicy(); - - int count = managedPolicies.size() / admins.size(); - INFO(VIST, "Admin[" + alias + "] manages " + std::to_string(count) + "-policies."); -} - -void PolicyStorage::disenroll(const std::string& name, uid_t uid) -{ - std::string alias = getAlias(name, uid); - INFO(VIST, "Disenroll admin: " + alias); - if (admins.find(alias) == admins.end()) { - ERROR(VIST, "Not exist admin: " + alias); - return; - } else { - admins.erase(alias); - } - - int iUid = static_cast(uid); - std::string query = adminTable.remove().where(expr(&Admin::pkg) == name && - expr(&Admin::uid) == iUid); - database::Statement stmt(*database, query); - stmt.bind(1, name); - stmt.bind(2, iUid); - if (!stmt.exec()) - throw std::runtime_error("Failed to disenroll admin: " + name); -} - -void PolicyStorage::update(const std::string& name, uid_t uid, - const std::string& policy, const PolicyValue& value) -{ - std::string alias = getAlias(name, uid); - if (admins.find(alias) == admins.end()) - throw std::runtime_error("Not exist admin: " + alias); - - if (definitions.find(policy) == definitions.end()) - throw std::runtime_error("Not exist policy: " + policy); - - DEBUG(VIST, "Policy-update is called by admin: " + alias + ", about: " + policy + - ", value: " + std::to_string(value)); - - int policyId = definitions[policy].id; - int policyValue = value; - int adminId = admins[alias].id; - std::string query = managedPolTable.update(&ManagedPolicy::value) - .where(expr(&ManagedPolicy::pid) == policyId && - expr(&ManagedPolicy::aid) == adminId); - database::Statement stmt(*database, query); - stmt.bind(1, policyValue); - stmt.bind(2, policyId); - stmt.bind(3, adminId); - if (!stmt.exec()) - throw runtime::Exception("Failed to update policy:" + policy); - - syncManagedPolicy(); -} - -PolicyValue PolicyStorage::strictest(const std::string& policy, uid_t uid) -{ - if (definitions.find(policy) == definitions.end()) - throw std::runtime_error("Not exist policy: " + policy); - - // There is no enrolled admins. - if (managedPolicies.size() == 0) - return PolicyValue(definitions[policy].ivalue); - - std::shared_ptr strictest = nullptr; - int policyId = definitions[policy].id; - auto range = managedPolicies.equal_range(policyId); - for (auto iter = range.first; iter != range.second; iter++) { - if (uid != 0) { - int ret = getUid(iter->second.aid); - if (ret == -1 || ret != static_cast(uid)) - continue; - } - - int value = iter->second.value; - if (strictest == nullptr) - strictest = std::make_shared(value); - else - strictest->value = (*strictest < value) ? strictest->value : value; - - DEBUG(VIST, "The strictest of policy[" + policy + - "] : " + std::to_string(strictest->value)); - } - - if (strictest == nullptr) - throw std::runtime_error("Not exist managed policy: " + policy); - - return std::move(*strictest); -} - -std::unordered_map PolicyStorage::strictest(uid_t uid) -{ - std::unordered_map policies; - for (const auto& pair : definitions) { - std::string name = pair.first; - auto value = this->strictest(name, uid); - - policies.emplace(std::move(name), std::move(value)); - } - - return policies; -} - -std::multimap PolicyStorage::getAdmins() -{ - std::multimap admins; - for (const auto& pair : this->admins) { - std::string alias = pair.first; - int uid = pair.second.uid; - /// Erase uid from alias(name + uid) - std::size_t pos = alias.rfind(std::to_string(uid)); - alias.erase(pos, std::to_string(uid).size()); - - admins.emplace(std::move(alias), uid); - } - - return admins; -} - -std::string PolicyStorage::getAlias(const std::string& name, uid_t uid) const noexcept -{ - return name + std::to_string(uid); -} - -int PolicyStorage::getUid(int adminId) const noexcept -{ - for (const auto& a : admins) - if (a.second.id == adminId) - return a.second.uid; - - return -1; -} - -} // namespace policyd diff --git a/src/policyd/core/policy-storage.h b/src/policyd/core/policy-storage.h deleted file mode 100644 index d2e39e7..0000000 --- a/src/policyd/core/policy-storage.h +++ /dev/null @@ -1,81 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * ttp://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -#include - -#include "db-schema.h" - -#include -#include -#include -#include - -#include - -namespace policyd { - -using namespace schema; - -class PolicyStorage final { -public: - explicit PolicyStorage(const std::string& path); - - /// TODO(Sangwan): Consider to support lazy sync - void sync(); - - void syncPolicyDefinition(); - void syncAdmin(); - void syncManagedPolicy(); - - inline bool exists(const std::string& policy) const noexcept { - return definitions.find(policy) != definitions.end(); - } - - inline bool isActivated() const noexcept { - return admins.size() > 0 && managedPolicies.size() > 0; - } - - void enroll(const std::string& admin, uid_t uid); - void disenroll(const std::string& admin, uid_t uid); - - void define(int scope, const std::string& policy, int ivalue); - void update(const std::string& admin, uid_t uid, - const std::string& policy, const PolicyValue& value); - - PolicyValue strictest(const std::string& policy, uid_t uid = 0); - /// Return all strictest policy values - std::unordered_map strictest(uid_t uid = 0); - - /// Admin name can be duplicated - std::multimap getAdmins(); - -private: - std::string getScript(const std::string& name); - std::string getAlias(const std::string& name, uid_t uid) const noexcept; - int getUid(int adminId) const noexcept; - - std::shared_ptr database; - - /// DB Cache objects - /// TODO(Sangwan): add locking mechanism - std::unordered_map definitions; - std::unordered_map admins; - std::unordered_multimap managedPolicies; -}; - -} // namespace policyd diff --git a/src/policyd/core/tests/core-tests.cpp b/src/policyd/core/tests/core-tests.cpp deleted file mode 100644 index 83e5cb6..0000000 --- a/src/policyd/core/tests/core-tests.cpp +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#include - -#include "../policy-manager.h" - -namespace policyd { - -class PolicyCoreTests : public testing::Test {}; - -TEST_F(PolicyCoreTests, policy_loader) { - auto& manager = PolicyManager::Instance(); - - EXPECT_TRUE(manager.providers.size() > 0); - EXPECT_TRUE(manager.policies.size() > 0); -} - -TEST_F(PolicyCoreTests, policy_set_get) { - auto& manager = PolicyManager::Instance(); - manager.enroll("testAdmin", 0); - manager.set("bluetooth", PolicyValue(5), "testAdmin", 0); - - auto policy = manager.get("bluetooth", 0); - EXPECT_EQ(policy.value, 5); - - manager.enroll("testAdmin1", 0); - manager.set("bluetooth", PolicyValue(10), "testAdmin1", 0); - - /// Manager should return the strongest policy. - policy = manager.get("bluetooth", 0); - EXPECT_EQ(policy.value, 5); - - manager.disenroll("testAdmin", 0); - manager.disenroll("testAdmin1", 0); -} - -} // namespace policyd diff --git a/src/policyd/core/tests/storage-tests.cpp b/src/policyd/core/tests/storage-tests.cpp deleted file mode 100644 index d533c67..0000000 --- a/src/policyd/core/tests/storage-tests.cpp +++ /dev/null @@ -1,162 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#include - -#include - -#include "../policy-storage.h" - -using namespace policyd; - -class PolicyStorageTests : public testing::Test { -public: - void SetUp() override { - /// TODO(Sangwan KWon): Change to test db - this->storage = std::make_shared(DB_PATH); - } - - std::shared_ptr getStorage() { - return this->storage; - } - -private: - std::shared_ptr storage = nullptr; -}; - -TEST_F(PolicyStorageTests, initialize) { - bool isRaised = false; - - try { - // DB is maden at run-time - PolicyStorage storage("/tmp/dummy"); - } catch (const std::exception&) { - isRaised = true; - } - - EXPECT_FALSE(isRaised); -} - -TEST_F(PolicyStorageTests, enrollment) { - auto storage = getStorage(); - EXPECT_FALSE(storage->isActivated()); - - storage->enroll("testAdmin", 0); - storage->enroll("testAdmin", 1); - EXPECT_TRUE(storage->isActivated()); - - storage->disenroll("testAdmin", 0); - EXPECT_TRUE(storage->isActivated()); - - storage->disenroll("testAdmin", 1); - EXPECT_FALSE(storage->isActivated()); -} - -TEST_F(PolicyStorageTests, update) { - auto storage = getStorage(); - storage->enroll("testAdmin", 0); - - bool isRaised = false; - try { - storage->update("testAdmin", 1, "bluetooth", PolicyValue(0)); - } catch (const std::exception&) { - isRaised = true; - } - - isRaised = false; - try { - storage->update("testAdmin", 0, "bluetooth", PolicyValue(0)); - } catch (const std::exception&) { - isRaised = true; - } - EXPECT_FALSE(isRaised); - - isRaised = false; - try { - storage->update("testAdmin", 0, "FakePolicy", PolicyValue(0)); - } catch (const std::exception&) { - isRaised = true; - } - EXPECT_TRUE(isRaised); - - storage->disenroll("testAdmin", 0); -} - -TEST_F(PolicyStorageTests, strictest) { - auto storage = getStorage(); - storage->enroll("testAdmin", 0); - storage->enroll("testAdmin", 1); - - storage->update("testAdmin", 0, "bluetooth", PolicyValue(3)); - storage->update("testAdmin", 1, "bluetooth", PolicyValue(6)); - - bool isRaised = false; - try { - auto value = storage->strictest("FakePolicy", 3); - } catch (const std::exception&) { - isRaised = true; - } - EXPECT_TRUE(isRaised); - - /// as global policy - auto policy = storage->strictest("bluetooth"); - EXPECT_EQ(policy.value, 3); - - /// as domain policy - policy = storage->strictest("bluetooth", 1); - EXPECT_EQ(policy.value, 6); - - storage->disenroll("testAdmin", 0); - storage->disenroll("testAdmin", 1); -} - -TEST_F(PolicyStorageTests, strictest_all) { - auto storage = getStorage(); - storage->enroll("testAdmin", 1); - - /// as global policy - auto policies = storage->strictest(); - EXPECT_TRUE(policies.size() > 0); - - /// as domain policy - policies = storage->strictest(1); - EXPECT_TRUE(policies.size() > 0); - - storage->disenroll("testAdmin", 1); -} - -TEST_F(PolicyStorageTests, admin_list) { - auto storage = getStorage(); - - auto admins = storage->getAdmins(); - EXPECT_EQ(admins.size(), 0); - - storage->enroll("testAdmin", 1); - admins = storage->getAdmins(); - EXPECT_EQ(admins.size(), 1); - - storage->enroll("testAdmin", 2); - admins = storage->getAdmins(); - EXPECT_EQ(admins.size(), 2); - - storage->disenroll("testAdmin", 2); - admins = storage->getAdmins(); - EXPECT_EQ(admins.size(), 1); - - storage->disenroll("testAdmin", 1); - admins = storage->getAdmins(); - EXPECT_EQ(admins.size(), 0); -} diff --git a/src/policyd/sdk/CMakeLists.txt b/src/policyd/sdk/CMakeLists.txt deleted file mode 100644 index fb08801..0000000 --- a/src/policyd/sdk/CMakeLists.txt +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -FILE(GLOB SDK_TESTS "tests/*.cpp") -ADD_POLICYD_TEST(${SDK_TESTS}) diff --git a/src/policyd/sdk/domain-policy.h b/src/policyd/sdk/domain-policy.h deleted file mode 100644 index f27e105..0000000 --- a/src/policyd/sdk/domain-policy.h +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -#include "policy-model.h" - -#include -#include -#include - -#include - -namespace policyd { - -class DomainPolicy : public PolicyModel { -public: - explicit DomainPolicy(std::string name, PolicyValue initial) noexcept : - PolicyModel(std::move(name), std::move(initial)) {} - virtual ~DomainPolicy() = default; - - DomainPolicy(DomainPolicy&&) = default; - DomainPolicy& operator=(DomainPolicy&&) = default; - - inline void set(uid_t domain, const PolicyValue& value) { - current[domain] = value; - - try { - this->onChanged(domain, value); - } catch (const std::exception& e) { - current.erase(domain); - std::rethrow_exception(std::current_exception()); - } - } - - inline const PolicyValue& get(uid_t domain) const { - if (!current.count(domain)) - throw std::runtime_error("Policy value should be set once before use."); - - return current.at(domain); - } - - virtual void onChanged(uid_t domain, const PolicyValue& value) = 0; - -private: - std::unordered_map current; -}; - -} // namespace policyd diff --git a/src/policyd/sdk/global-policy.h b/src/policyd/sdk/global-policy.h deleted file mode 100644 index 0217554..0000000 --- a/src/policyd/sdk/global-policy.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -#include "policy-model.h" - -#include -#include - -namespace policyd { - -class GlobalPolicy : public PolicyModel { -public: - explicit GlobalPolicy(std::string name, PolicyValue initial) noexcept : - PolicyModel(std::move(name), std::move(initial)) {} - virtual ~GlobalPolicy() = default; - - GlobalPolicy(GlobalPolicy&&) = default; - GlobalPolicy& operator=(GlobalPolicy&&) = default; - - inline void set(const PolicyValue& value) { - current = value; - ready = true; - - try { - this->onChanged(value); - } catch (const std::exception& e) { - ready = false; - std::rethrow_exception(std::current_exception()); - } - } - - inline const PolicyValue& get() const { - if (!ready) - throw std::runtime_error("Policy value should be set once before use."); - - return current; - } - - virtual void onChanged(const PolicyValue& value) = 0; - -private: - PolicyValue current; - bool ready = false; -}; - -} // namespace policyd diff --git a/src/policyd/sdk/policy-model.h b/src/policyd/sdk/policy-model.h deleted file mode 100644 index 95b5dfe..0000000 --- a/src/policyd/sdk/policy-model.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -#include"policy-value.h" - -#include - -namespace policyd { - -class PolicyModel { -public: - explicit PolicyModel(std::string name, PolicyValue initial) noexcept : - name(std::move(name)), initial(std::move(initial)) {} - virtual ~PolicyModel() = default; - - PolicyModel(const PolicyModel&) = delete; - PolicyModel& operator=(const PolicyModel&) = delete; - - PolicyModel(PolicyModel&&) = default; - PolicyModel& operator=(PolicyModel&&) = default; - - const std::string& getName() const noexcept { return name; } - const PolicyValue& getInitial() const noexcept { return initial; } - -protected: - std::string name; - PolicyValue initial; -}; - -} // namespace policyd diff --git a/src/policyd/sdk/policy-provider.h b/src/policyd/sdk/policy-provider.h deleted file mode 100644 index 27bb0ae..0000000 --- a/src/policyd/sdk/policy-provider.h +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -#include "domain-policy.h" -#include "global-policy.h" - -#include -#include -#include - -namespace policyd { - -class PolicyProvider { -public: - using FactoryType = PolicyProvider* (*)(); - - explicit PolicyProvider(std::string name) noexcept : name(std::move(name)) {} - virtual ~PolicyProvider() = default; - - inline void add(const std::shared_ptr& policy) { - global[policy->getName()] = policy; - } - - inline void add(const std::shared_ptr& policy) { - domain[policy->getName()] = policy; - } - - inline const std::string& getName() const noexcept { return name; } - static const std::string& getFactoryName() noexcept { - static std::string name = "PolicyFactory"; - return name; - } - - std::size_t gsize() { return global.size(); } - std::size_t dsize() { return domain.size(); } - -private: - std::string name; - std::unordered_map> global; - std::unordered_map> domain; - - friend class PolicyManager; -}; - -} // namespace policyd diff --git a/src/policyd/sdk/policy-value.h b/src/policyd/sdk/policy-value.h deleted file mode 100644 index 31dd582..0000000 --- a/src/policyd/sdk/policy-value.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#pragma once - -namespace policyd { - -// TODO: Support various value type -struct PolicyValue final { - explicit PolicyValue(int value) noexcept : value(value) {} - explicit PolicyValue() noexcept = default; - ~PolicyValue() = default; - - PolicyValue(const PolicyValue&) noexcept = default; - PolicyValue& operator=(const PolicyValue&) noexcept = default; - - PolicyValue(PolicyValue&&) noexcept = default; - PolicyValue& operator=(PolicyValue&&) noexcept = default; - - PolicyValue& operator=(int val) { - value = val; - return *this; - } - - operator int() const { return value; } - bool operator==(const PolicyValue& rhs) const { return value == rhs.value; } - bool operator!=(const PolicyValue& rhs) const { return value != rhs.value; } - bool operator<(const PolicyValue& rhs) const { return value < rhs.value; } - - int value = -1; -}; - -} // namespace policyd diff --git a/src/policyd/sdk/tests/sdk-tests.cpp b/src/policyd/sdk/tests/sdk-tests.cpp deleted file mode 100644 index afc476f..0000000 --- a/src/policyd/sdk/tests/sdk-tests.cpp +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#include - -#include "../domain-policy.h" -#include "../global-policy.h" -#include "../policy-provider.h" - -#include - -namespace { - int g_value = -1; - int d_value = -1; - uid_t d_uid = 0; -} // anonymous namespace - -using namespace policyd; - -class PolicySDKTests : public testing::Test {}; - -class TestGlobalPolicy : public GlobalPolicy { -public: - TestGlobalPolicy() : GlobalPolicy("test_policy", PolicyValue(1)) {} - - virtual void onChanged(const PolicyValue& value) { - g_value = value; - } -}; - -TEST_F(PolicySDKTests, global_policy) { - TestGlobalPolicy policy; - - EXPECT_EQ(policy.getName(), "test_policy"); - EXPECT_EQ(policy.getInitial(), 1); - - // Policy value should be set once before use - bool isRaised = false; - try { - auto value = policy.get(); - } catch (const std::exception&) { - isRaised = true; - } - - EXPECT_TRUE(isRaised); - - policy.set(PolicyValue(3)); - EXPECT_EQ(3, g_value); - EXPECT_EQ(3, policy.get()); -} - -class TestDomainPolicy : public DomainPolicy { -public: - TestDomainPolicy() : DomainPolicy("test_policy", PolicyValue(1)) {} - - virtual void onChanged(uid_t domain, const PolicyValue& value) { - d_uid = domain; - d_value = value; - } -}; - -TEST_F(PolicySDKTests, domain_policy) { - TestDomainPolicy policy; - uid_t domain = 5001; - - EXPECT_EQ(policy.getName(), "test_policy"); - EXPECT_EQ(policy.getInitial(), 1); - - // Policy value should be set once before use - bool isRaised = false; - try { - auto value = policy.get(domain); - } catch (const std::exception&) { - isRaised = true; - } - - EXPECT_TRUE(isRaised); - - policy.set(domain, PolicyValue(3)); - EXPECT_EQ(d_uid, domain); - EXPECT_EQ(3, policy.get(domain)); -} - -TEST_F(PolicySDKTests, policy_provider) { - PolicyProvider provider("testProvider"); - provider.add(std::make_shared()); - provider.add(std::make_shared()); - - EXPECT_EQ(1, provider.gsize()); - EXPECT_EQ(1, provider.dsize()); -} diff --git a/src/vist/CMakeLists.txt b/src/vist/CMakeLists.txt index 52b8725..73f9be1 100644 --- a/src/vist/CMakeLists.txt +++ b/src/vist/CMakeLists.txt @@ -16,23 +16,34 @@ SET(TARGET_VIST_DAEMON vistd) SET(TARGET_VIST_TEST vist-test) SET(${TARGET_VIST_LIB}_SRCS "") -SET(${TARGET_VIST_LIB}_DEPS "") SET(${TARGET_VIST_LIB}_TESTS "") -INCLUDE_DIRECTORIES(. common) +SET(DEPENDENCY klay) + +PKG_CHECK_MODULES(VIST_DEPS REQUIRED ${DEPENDENCY}) + +INCLUDE_DIRECTORIES(SYSTEM . common ${VIST_DEPS_INCLUDE_DIRS}) + +ADD_DEFINITIONS(-DDB_PATH="${DB_INSTALL_DIR}/.vist.db" + -DPLUGIN_INSTALL_DIR="${PLUGIN_INSTALL_DIR}" + -DSCRIPT_INSTALL_DIR="${SCRIPT_INSTALL_DIR}") ADD_SUBDIRECTORY(client) ADD_SUBDIRECTORY(common) ADD_SUBDIRECTORY(notification) +ADD_SUBDIRECTORY(policy) ADD_SUBDIRECTORY(service) ADD_LIBRARY(${TARGET_VIST_LIB} STATIC ${${TARGET_VIST_LIB}_SRCS}) -TARGET_LINK_LIBRARIES(${TARGET_VIST_LIB} ${${TARGET_VIST_LIB}_DEPS} +TARGET_LINK_LIBRARIES(${TARGET_VIST_LIB} ${VSIT_DEPS_LIBRARIES} + ${TARGET_VIST_POLICY_LIB} ${TARGET_OSQUERY_LIB}) ADD_EXECUTABLE(${TARGET_VIST_DAEMON} main/main.cpp) TARGET_LINK_LIBRARIES(${TARGET_VIST_DAEMON} ${TARGET_VIST_LIB}) TARGET_LINK_WHOLE(${TARGET_VIST_DAEMON} ${TARGET_OSQUERY_LIB}) +SET_TARGET_PROPERTIES(${TARGET_VIST_DAEMON} PROPERTIES COMPILE_FLAGS "-fPIE") +SET_TARGET_PROPERTIES(${TARGET_VIST_DAEMON} PROPERTIES LINK_FLAGS "-pie") INSTALL(TARGETS ${TARGET_VIST_DAEMON} DESTINATION ${CMAKE_INSTALL_BINDIR} PERMISSIONS OWNER_READ @@ -46,7 +57,7 @@ INSTALL(TARGETS ${TARGET_VIST_DAEMON} ADD_EXECUTABLE(${TARGET_VIST_TEST} main/tests.cpp ${${TARGET_VIST_LIB}_TESTS}) TARGET_LINK_LIBRARIES(${TARGET_VIST_TEST} ${TARGET_VIST_LIB} - gtest) + gtest) TARGET_LINK_WHOLE(${TARGET_VIST_TEST} ${TARGET_OSQUERY_LIB}) ADD_TEST(${TARGET_VIST_TEST} ${TARGET_VIST_TEST}) INSTALL(TARGETS ${TARGET_VIST_TEST} diff --git a/src/vist/client/tests/client-tests.cpp b/src/vist/client/tests/client-tests.cpp new file mode 100644 index 0000000..d48b003 --- /dev/null +++ b/src/vist/client/tests/client-tests.cpp @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include + +#include "../query.h" + +#include +#include + +using namespace vist; + +class ClientTests : public testing::Test {}; + +TEST_F(ClientTests, query) { + auto rows = Query::Execute("SELECT * FROM policy"); + + EXPECT_TRUE(rows.size() > 0); +} + +TEST_F(ClientTests, admin_enrollment) { + auto rows = Query::Execute("INSERT INTO policy_admin (name, uid) " + "VALUES ('testAdmin', 0)"); + EXPECT_EQ(rows.size(), 0); + + rows = Query::Execute("SELECT * FROM policy_admin"); + EXPECT_EQ(rows.size(), 1); + + Query::Execute("INSERT INTO policy_admin (name, uid) VALUES ('testAdmin', 1)"); + rows = Query::Execute("SELECT * FROM policy_admin"); + EXPECT_EQ(rows.size(), 2); + + rows = Query::Execute("DELETE FROM policy_admin WHERE uid = 0 AND name = 'testAdmin'"); + EXPECT_EQ(rows.size(), 0); + + rows = Query::Execute("SELECT * FROM policy_admin"); + EXPECT_EQ(rows.size(), 1); + + Query::Execute("DELETE FROM policy_admin WHERE name = 'testAdmin' AND uid = 1"); + rows = Query::Execute("SELECT * FROM policy_admin"); + EXPECT_EQ(rows.size(), 0); +} diff --git a/src/vist/client/tests/client_tests.cpp b/src/vist/client/tests/client_tests.cpp deleted file mode 100644 index d48b003..0000000 --- a/src/vist/client/tests/client_tests.cpp +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License - */ - -#include - -#include "../query.h" - -#include -#include - -using namespace vist; - -class ClientTests : public testing::Test {}; - -TEST_F(ClientTests, query) { - auto rows = Query::Execute("SELECT * FROM policy"); - - EXPECT_TRUE(rows.size() > 0); -} - -TEST_F(ClientTests, admin_enrollment) { - auto rows = Query::Execute("INSERT INTO policy_admin (name, uid) " - "VALUES ('testAdmin', 0)"); - EXPECT_EQ(rows.size(), 0); - - rows = Query::Execute("SELECT * FROM policy_admin"); - EXPECT_EQ(rows.size(), 1); - - Query::Execute("INSERT INTO policy_admin (name, uid) VALUES ('testAdmin', 1)"); - rows = Query::Execute("SELECT * FROM policy_admin"); - EXPECT_EQ(rows.size(), 2); - - rows = Query::Execute("DELETE FROM policy_admin WHERE uid = 0 AND name = 'testAdmin'"); - EXPECT_EQ(rows.size(), 0); - - rows = Query::Execute("SELECT * FROM policy_admin"); - EXPECT_EQ(rows.size(), 1); - - Query::Execute("DELETE FROM policy_admin WHERE name = 'testAdmin' AND uid = 1"); - rows = Query::Execute("SELECT * FROM policy_admin"); - EXPECT_EQ(rows.size(), 0); -} diff --git a/src/vist/client/tests/virtual-table-tests.cpp b/src/vist/client/tests/virtual-table-tests.cpp new file mode 100644 index 0000000..c3aaaec --- /dev/null +++ b/src/vist/client/tests/virtual-table-tests.cpp @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2019 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include + +#include "../virtual-table.h" + +#include "../schema/time.h" +#include "../schema/policy.h" +#include "../schema/processes.h" + +#include + +using namespace vist; +using namespace vist::schema; + +class VirtualTableTests : public testing::Test {}; + +TEST_F(VirtualTableTests, time_row_at) { + Time result = { -1, -1, -1 }; + + VirtualRow