From: Sangwan Kwon Date: Wed, 20 Nov 2019 10:47:10 +0000 (+0900) Subject: Fix policy-storage to save stringfied value X-Git-Tag: submit/tizen/20200810.073515~153 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=dbc238f42a53a28711aab6649bdf0728ce349daf;p=platform%2Fcore%2Fsecurity%2Fvist.git Fix policy-storage to save stringfied value If policy type is int, policy storage save the value as 'I/value'. If policy type is string, policy storage save the value as 'S/value'. Signed-off-by: Sangwan Kwon --- diff --git a/data/script/create-schema.sql b/data/script/create-schema.sql index 2f2f6ef..010eaff 100644 --- a/data/script/create-schema.sql +++ b/data/script/create-schema.sql @@ -22,7 +22,7 @@ CREATE TABLE IF NOT EXISTS ADMIN ( CREATE TABLE IF NOT EXISTS POLICY_DEFINITION ( name TEXT NOT NULL, - ivalue INTEGER NOT NULL, + ivalue TEXT NOT NULL, PRIMARY KEY(name) ); @@ -30,7 +30,7 @@ CREATE TABLE IF NOT EXISTS POLICY_DEFINITION ( CREATE TABLE IF NOT EXISTS POLICY_ACTIVATED ( admin TEXT NOT NULL, policy TEXT NOT NULL, - value INTEGER NOT NULL, + value TEXT NOT NULL, PRIMARY KEY(admin, policy), FOREIGN KEY(admin) REFERENCES ADMIN(name), diff --git a/src/vist/policy/db-schema.hpp b/src/vist/policy/db-schema.hpp index 2bdf75b..2ae1eaf 100644 --- a/src/vist/policy/db-schema.hpp +++ b/src/vist/policy/db-schema.hpp @@ -29,12 +29,12 @@ struct Admin { struct PolicyActivated { std::string admin; std::string policy; - int value = -1; + std::string value; }; struct PolicyDefinition { std::string name; - int ivalue = -1; + std::string ivalue; }; } // namespace schema diff --git a/src/vist/policy/policy-manager.cpp b/src/vist/policy/policy-manager.cpp index 5c66701..8743388 100644 --- a/src/vist/policy/policy-manager.cpp +++ b/src/vist/policy/policy-manager.cpp @@ -76,27 +76,20 @@ std::pair PolicyManager::loadProviders(const std::string& path) int PolicyManager::loadPolicies() { - bool changed = false; - /// Make policy-provider map for performance for (const auto& provider : providers) { for (const auto& pair : provider->policies) { - policies[pair.first] = provider->getName(); + std::string policy = pair.first; + this->policies[policy] = provider->getName(); /// Check the policy is defined on policy-storage if (!storage.exists(pair.first)) { - INFO(VIST) << "Define policy: " << pair.first; - int value = pair.second->getInitial(); - storage.define(pair.first, value); - changed = true; + storage.define(pair.first, pair.second->getInitial()); } } } - if (changed) - storage.syncPolicyDefinition(); - - return policies.size(); + return this->policies.size(); } void PolicyManager::enroll(const std::string& admin) @@ -114,14 +107,15 @@ void PolicyManager::set(const std::string& policy, const std::string& admin) { if (this->policies.find(policy) == this->policies.end()) - std::runtime_error("Not exist policy: " + policy); + THROW(ErrCode::RuntimeError) << "Not exist policy: " << policy; - storage.update(admin, policy, value); + this->storage.update(admin, policy, value); for (auto& p : providers) { if (p->getName() != this->policies[policy]) continue; + /// dispatch callback written by provider if (p->policies.find(policy) != p->policies.end()) { p->policies[policy]->set(value); return; @@ -131,6 +125,9 @@ void PolicyManager::set(const std::string& policy, PolicyValue PolicyManager::get(const std::string& policy) { + if (this->policies.find(policy) == this->policies.end()) + THROW(ErrCode::RuntimeError) << "Not exist policy: " << policy; + return storage.strictest(policy); } diff --git a/src/vist/policy/policy-storage.cpp b/src/vist/policy/policy-storage.cpp index 22fb7f3..ad32e5a 100644 --- a/src/vist/policy/policy-storage.cpp +++ b/src/vist/policy/policy-storage.cpp @@ -79,7 +79,7 @@ void PolicyStorage::syncPolicyDefinition() while (stmt.step()) { PolicyDefinition pd; pd.name = std::string(stmt.getColumn(0)); - pd.ivalue = stmt.getColumn(1); + pd.ivalue = std::string(stmt.getColumn(1)); DEBUG(VIST) << "Defined policy:" << pd.name; this->definitions.emplace(pd.name, std::move(pd)); } @@ -109,7 +109,7 @@ void PolicyStorage::syncPolicyActivated() PolicyActivated pa; pa.admin = std::string(stmt.getColumn(0)); pa.policy = std::string(stmt.getColumn(1)); - pa.value = stmt.getColumn(2); + pa.value = std::string(stmt.getColumn(2)); this->activatedPolicies.emplace(pa.policy, std::move(pa)); } @@ -121,26 +121,26 @@ std::string PolicyStorage::getScript(const std::string& name) std::string path = SCRIPT_BASE + "/" + name + ".sql"; std::ifstream is(path); if (is.fail()) - THROW(ErrCode::LogicError) << "Failed to open script: " << path; + THROW(ErrCode::LogicError) << "Failed to open script: " << path; std::istreambuf_iterator begin(is), end; auto content = std::string(begin, end); if (content.empty()) - THROW(ErrCode::LogicError) << "Failed to read script: " << path; + THROW(ErrCode::LogicError) << "Failed to read script: " << path; return content; } -void PolicyStorage::define(const std::string& policy, int ivalue) +void PolicyStorage::define(const std::string& policy, const PolicyValue& ivalue) { - if (definitions.find(policy) != definitions.end()) { + if (this->definitions.find(policy) != this->definitions.end()) { INFO(VIST) << "Policy is already defined: " << policy; return; } PolicyDefinition pd; pd.name = policy; - pd.ivalue = ivalue; + pd.ivalue = ivalue.dump(); std::string query = polDefinitionTable.insert(&PolicyDefinition::name, &PolicyDefinition::ivalue); @@ -149,6 +149,9 @@ void PolicyStorage::define(const std::string& policy, int ivalue) stmt.bind(2, pd.ivalue); if (!stmt.exec()) THROW(ErrCode::RuntimeError) << "Failed to define policy: " << pd.name; + + INFO(VIST) << "Policy defined >> name: " << pd.name << ", ivalue" << pd.ivalue; + this->definitions.emplace(pd.name, std::move(pd)); } void PolicyStorage::enroll(const std::string& name) @@ -199,53 +202,55 @@ void PolicyStorage::update(const std::string& admin, const std::string& policy, const PolicyValue& value) { - int policyValue = value; DEBUG(VIST) << "Policy-update is called by admin: " << admin - << ", about: " << policy << ", value: " << policyValue; + << ", about: " << policy << ", value: " << value.dump(); - if (std::find(admins.begin(), admins.end(), admin) == admins.end()) + if (std::find(this->admins.begin(), this->admins.end(), admin) == this->admins.end()) THROW(ErrCode::LogicError) << "Not exist admin: " << admin; - if (definitions.find(policy) == definitions.end()) + if (this->definitions.find(policy) == this->definitions.end()) THROW(ErrCode::LogicError) << "Not exist policy: " << policy; std::string query = polActivatedTable.update(&PolicyActivated::value) .where(expr(&PolicyActivated::admin) == admin && expr(&PolicyActivated::policy) == policy); - database::Statement stmt(*database, query); - stmt.bind(1, policyValue); + database::Statement stmt(*this->database, query); + stmt.bind(1, value.dump()); stmt.bind(2, admin); stmt.bind(3, policy); if (!stmt.exec()) THROW(ErrCode::RuntimeError) << "Failed to update policy:" << policy; - syncPolicyActivated(); + /// TODO: Fix to sync without db i/o + this->syncPolicyActivated(); } -/// TODO(sangwan.kwon) Re-design strictest logic +/// TODO(sangwan.kwon) Re-design strictest logic +/// PolicyValue PolicyStorage::strictest(const PolicyValue& policy) PolicyValue PolicyStorage::strictest(const std::string& policy) { - if (definitions.find(policy) == definitions.end()) + if (this->definitions.find(policy) == this->definitions.end()) THROW(ErrCode::LogicError) << "Not exist policy: " << policy; - // There is no enrolled admins. - if (activatedPolicies.size() == 0) - return PolicyValue(definitions[policy].ivalue); + /// There is no enrolled admins. + /// Make PolicyValue by dumped string. + if (this->activatedPolicies.size() == 0) + return PolicyValue(definitions[policy].ivalue, true); std::shared_ptr strictestPtr = nullptr; auto range = activatedPolicies.equal_range(policy); for (auto iter = range.first; iter != range.second; iter++) { - int value = iter->second.value; DEBUG(VIST) << "Admin: " << iter->second.admin << ", " << "Policy: " << iter->second.policy << ", " - << "Value: " << value; + << "Value: " << iter->second.value; if (strictestPtr == nullptr) { - strictestPtr = std::make_shared(value); + strictestPtr = std::make_shared(iter->second.value, true); } else { + /// TODO: Support String type int strictestValue = *strictestPtr; - if (strictestValue < value) - strictestPtr.reset(new PolicyValue(value)); + if (strictestValue < PolicyValue(iter->second.value, true)) + strictestPtr.reset(new PolicyValue(iter->second.value, true)); } } diff --git a/src/vist/policy/policy-storage.hpp b/src/vist/policy/policy-storage.hpp index 938b90d..9def0b1 100644 --- a/src/vist/policy/policy-storage.hpp +++ b/src/vist/policy/policy-storage.hpp @@ -55,7 +55,7 @@ public: void enroll(const std::string& admin); void disenroll(const std::string& admin); - void define(const std::string& policy, int ivalue); + void define(const std::string& policy, const PolicyValue& ivalue); void update(const std::string& admin, const std::string& policy, const PolicyValue& value); diff --git a/src/vist/sdk/policy-value.hpp b/src/vist/sdk/policy-value.hpp index a8d2003..98269a0 100644 --- a/src/vist/sdk/policy-value.hpp +++ b/src/vist/sdk/policy-value.hpp @@ -26,7 +26,8 @@ namespace policy { struct PolicyValue final { explicit PolicyValue() noexcept = default; explicit PolicyValue(int value) : stringfied(Stringfy::Dump(value)) {} - explicit PolicyValue(const std::string& value) : stringfied(Stringfy::Dump(value)) {} + explicit PolicyValue(const std::string& value, bool dumped = false) + : stringfied(dumped ? value : Stringfy::Dump(value)) {} ~PolicyValue() = default; PolicyValue(const PolicyValue&) = default;