From: Jinkun Jang Date: Fri, 15 Mar 2013 16:22:00 +0000 (+0900) Subject: merge with master X-Git-Tag: 2.1b_release~16 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e288e6ecebe40bed05c299c8f60b8c9231968c5d;p=platform%2Fframework%2Fweb%2Fwrt-security.git merge with master --- diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..a62936f --- /dev/null +++ b/AUTHORS @@ -0,0 +1 @@ +Bumjin Im diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..e4e75b3 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,144 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author +# @brief +# + +############################# Check minimum CMake version ##################### + +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT("security-server") + +############################# cmake packages ################################## + +INCLUDE(FindPkgConfig) + +############################# compilation defines ############################# + +# EMPTY + +############################# compiler flags ################################## + +SET(CMAKE_C_FLAGS_PROFILING "-O0 -g -pg") +SET(CMAKE_CXX_FLAGS_PROFILING "-O0 -std=c++0x -g -pg") +SET(CMAKE_C_FLAGS_DEBUG "-O0 -g") +SET(CMAKE_CXX_FLAGS_DEBUG "-O0 -std=c++0x -g") +SET(CMAKE_C_FLAGS_RELEASE "-O2 -g") +SET(CMAKE_CXX_FLAGS_RELEASE "-O2 -std=c++0x -g") +SET(CMAKE_C_FLAGS_CCOV "-O2 -g --coverage") +SET(CMAKE_CXX_FLAGS_CCOV "-O2 -std=c++0x -g --coverage") + +#SET(SMACK_ENABLE ON) + +OPTION(DPL_LOG "DPL logs status" ON) +IF(DPL_LOG) + MESSAGE(STATUS "Logging enabled for DPL") + ADD_DEFINITIONS("-DDPL_LOGS_ENABLED") +ELSE(DPL_LOG) + MESSAGE(STATUS "Logging disabled for DPL") +ENDIF(DPL_LOG) + +# If supported for the target machine, emit position-independent code,suitable +# for dynamic linking and avoiding any limit on the size of the global offset +# table. This option makes a difference on the m68k, PowerPC and SPARC. +# (BJ: our ARM too?) +ADD_DEFINITIONS("-fPIC") + +# Set the default ELF image symbol visibility to hidden - all symbols will be +# marked with this unless overridden within the code. +#ADD_DEFINITIONS("-fvisibility=hidden") + +# Set compiler warning flags +#ADD_DEFINITIONS("-Werror") # Make all warnings into errors. +ADD_DEFINITIONS("-Wall") # Generate all warnings +ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings +ADD_DEFINITIONS("-Wno-variadic-macros") # Inhibit variadic macros warnings (needed for ORM) +ADD_DEFINITIONS("-Wno-deprecated") # No warnings about deprecated features +ADD_DEFINITIONS("-std=c++0x") # No warnings about deprecated features + +ADD_DEFINITIONS("-DSOCKET_CONNECTION") #defines sockets as used IPC +#ADD_DEFINITIONS("-DDBUS_CONNECTION") #defines DBus as used IPC + +STRING(REGEX MATCH "([^.]*)" API_VERSION "${VERSION}") +ADD_DEFINITIONS("-DAPI_VERSION=\"$(API_VERSION)\"") + +IF(SMACK_ENABLE) + ADD_DEFINITIONS("-DWRT_SMACK_ENABLED") +ENDIF(SMACK_ENABLE) + +############################# Targets names ################################### + +SET(TARGET_DAEMON "wrt-security-daemon") +SET(TARGET_ACE_DAO_RO_LIB "ace-dao-ro") +SET(TARGET_ACE_DAO_RW_LIB "ace-dao-rw") +SET(TARGET_ACE_LIB "ace") +SET(TARGET_ACE_CLIENT_LIB "ace-client") +SET(TARGET_ACE_SETTINGS_LIB "ace-settings") +SET(TARGET_ACE_INSTALL_LIB "ace-install") +SET(TARGET_ACE_POPUP_VALIDATION_LIB "ace-popup-validation") +SET(TARGET_COMMUNICATION_CLIENT_LIB "communication-client") +SET(TARGET_WRT_OCSP_LIB "wrt-ocsp") +SET(TARGET_SEC_SRV_LIB "sec-srv") + +######################## Legacy targets names ################################# + +SET(TARGET_SECURITY_SERVER "security-server") +SET(TARGET_SECURITY_CLIENT "security-server-client") + +############################# Communicatin Client ############################# + +SET(COMMUNICATION_CLIENT_DIR + ${PROJECT_SOURCE_DIR}/communication_client + ) + +SET(COMMUNICATION_CLIENT_SRC_DIR + ${COMMUNICATION_CLIENT_DIR}/src + ) + +SET(COMMUNICATION_CLIENT_INCLUDE_DIR + ${COMMUNICATION_CLIENT_DIR}/include + ) + +SET(COMMUNICATION_CLIENT_SOURCES + ${COMMUNICATION_CLIENT_SRC_DIR}/SecurityCommunicationClient.cpp + ${PROJECT_SOURCE_DIR}/socket_connection/client/SecuritySocketClient.cpp + ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp + ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp + ) + +SET(COMMUNICATION_CLIENT_INCLUDES + ${COMMUNICATION_CLIENT_DEPS_INCLUDE_DIRS} + ${COMMUNICATION_CLIENT_INCLUDE_DIR} + ${PROJECT_SOURCE_DIR}/src/daemon/sockets + ${PROJECT_SOURCE_DIR}/src/daemon/dbus + ${PROJECT_SOURCE_DIR}/src/daemon/socket + ${PROJECT_SOURCE_DIR}/src/daemon/socket/api + ${PROJECT_SOURCE_DIR}/socket_connection/client + ${PROJECT_SOURCE_DIR}/socket_connection/connection + ) + +############################# subdirectories ################################## + +ADD_SUBDIRECTORY(ace) +ADD_SUBDIRECTORY(ace_client) +ADD_SUBDIRECTORY(ace_common) +ADD_SUBDIRECTORY(ace_install) +ADD_SUBDIRECTORY(ace_settings) +ADD_SUBDIRECTORY(ace_popup_validation) +ADD_SUBDIRECTORY(wrt_ocsp) +ADD_SUBDIRECTORY(src) +ADD_SUBDIRECTORY(build) +ADD_SUBDIRECTORY(etc) diff --git a/LICENSE b/LICENSE index 181359e..247c97d 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2000 - 2012 Samsung Electronics Co., Ltd. All rights reserved. +Copyright (c) 2000 - 2011 Samsung Electronics Co., Ltd. All rights reserved. Apache License Version 2.0, January 2004 diff --git a/ace/CMakeLists.txt b/ace/CMakeLists.txt new file mode 100644 index 0000000..d432a69 --- /dev/null +++ b/ace/CMakeLists.txt @@ -0,0 +1,141 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +###################################################################### + +#DB vcore +PKG_CHECK_MODULES(ACE_DB_DEP + dpl-efl + REQUIRED) + +#DB ace +ADD_CUSTOM_COMMAND( + OUTPUT ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h + COMMAND ${CMAKE_SOURCE_DIR}/ace/orm/gen_db_md5.sh + ARGS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h + ${CMAKE_SOURCE_DIR}/ace/orm/ace_db + DEPENDS ${CMAKE_SOURCE_DIR}/ace/orm/ace_db + ${CMAKE_SOURCE_DIR}/ace/orm/gen_db_md5.sh + COMMENT "Generating ACE database checksum" + ) +ADD_CUSTOM_TARGET(ACE_DB_CHECKSUM_HEADER DEPENDS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h) + +STRING(REPLACE ";" ":" DEPENDENCIES "${ACE_DB_DEP_INCLUDE_DIRS}") + +ADD_CUSTOM_COMMAND( OUTPUT .ace.db + COMMAND rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db + COMMAND CPATH=${DEPENDENCIES} gcc -Wall -include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h -I${PROJECT_SOURCE_DIR}/ace/orm -E ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h | grep --invert-match "^#" > ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql + COMMAND sqlite3 ${CMAKE_CURRENT_BINARY_DIR}/.ace.db ".read ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql" || rm -f ${CMAKE_CURRENT_BINARY_DIR}/.ace.db + DEPENDS ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db_sql_generator.h ${PROJECT_SOURCE_DIR}/ace/orm/ace_db + ) + +ADD_CUSTOM_COMMAND( OUTPUT .ace.db-journal + COMMAND touch + ARGS ${CMAKE_CURRENT_BINARY_DIR}/.ace.db-journal + ) + +ADD_CUSTOM_TARGET(Sqlite3DbACE ALL DEPENDS .ace.db .ace.db-journal) + +INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/ace_db.sql + DESTINATION share/wrt-engine/ + ) + +########################################################### + +INCLUDE(FindPkgConfig) + +SET(ACE_TEST_PATH "/usr/apps/org.tizen.policy") + +INSTALL(FILES + ${CMAKE_CURRENT_SOURCE_DIR}/configuration/bondixml.xsd + ${CMAKE_CURRENT_SOURCE_DIR}/configuration/UnrestrictedPolicy.xml + ${CMAKE_CURRENT_SOURCE_DIR}/configuration/WAC2.0Policy.xml + ${CMAKE_CURRENT_SOURCE_DIR}/configuration/TizenPolicy.xml + DESTINATION /usr/etc/ace + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ GROUP_WRITE) + +SET(ACE_LIB_DEPS_BASIC + dpl-efl + dpl-db-efl + dpl-event-efl + ecore + appcore-efl + openssl + sqlite3 + dlog + vconf + db-util + libpcrecpp + icu-uc + libxml-2.0 + ) + +IF(SMACK_ENABLED) + LIST(APPEND ACE_LIB_DEPS_BASIC libprivilege-control) +ENDIF(SMACK_ENABLED) + +PKG_CHECK_MODULES(ACE_LIB_DEPS ${ACE_LIB_DEPS_BASIC} REQUIRED) + +SET(WRT_ACE_DIR ${PROJECT_SOURCE_DIR}/ace) + +SET(ACE_SOURCES + ${WRT_ACE_DIR}/engine/PolicyEvaluator.cpp + ${WRT_ACE_DIR}/engine/PolicyInformationPoint.cpp + ${WRT_ACE_DIR}/engine/CombinerImpl.cpp + ${WRT_ACE_DIR}/engine/parser.cpp + ${WRT_ACE_DIR}/engine/PolicyEnforcementPoint.cpp + ${WRT_ACE_DIR}/engine/SettingsLogic.cpp + ${WRT_ACE_DIR}/engine/Attribute.cpp + ${WRT_ACE_DIR}/engine/Condition.cpp + ${WRT_ACE_DIR}/engine/Policy.cpp + ${WRT_ACE_DIR}/engine/Rule.cpp + ${WRT_ACE_DIR}/engine/Subject.cpp + ${WRT_ACE_DIR}/engine/TreeNode.cpp + ${WRT_ACE_DIR}/engine/ConfigurationManager.cpp +) + +INCLUDE_DIRECTORIES(${ACE_LIB_DEPS_INCLUDE_DIRS}) +INCLUDE_DIRECTORIES(${WRT_ACE_DIR}/include) + +SET(WITH_ACE_SETTINGS_SERVER_SOURCES + ${WITH_ACE_SETTINGS_SERVER_NONE_SOURCES} + ) + +ADD_LIBRARY(${TARGET_ACE_LIB} SHARED + ${ACE_SOURCES} + ${WITH_ACE_SETTINGS_SERVER_SOURCES} +) + +SET_TARGET_PROPERTIES(${TARGET_ACE_LIB} PROPERTIES + SOVERSION ${API_VERSION} + VERSION ${VERSION}) + +SET_TARGET_PROPERTIES(${TARGET_ACE_LIB} PROPERTIES + COMPILE_FLAGS -fPIC) + +TARGET_LINK_LIBRARIES(${TARGET_ACE_LIB} + ${TARGET_ACE_DAO_RW_LIB} + ${ACE_LIB_DEPS_LIBRARIES} +) + +INSTALL(TARGETS ${TARGET_ACE_LIB} + DESTINATION lib) + +INSTALL(FILES + include/ace/WRT_INTERFACE.h + DESTINATION + include/ace + ) + +add_subdirectory(dao) diff --git a/ace/DESCRIPTION b/ace/DESCRIPTION new file mode 100644 index 0000000..aac5ef6 --- /dev/null +++ b/ace/DESCRIPTION @@ -0,0 +1,2 @@ +!!!options!!! stop +ACE - Access Control Engine - security module for Device APIs diff --git a/ace/configuration/TizenPolicy.xml b/ace/configuration/TizenPolicy.xml new file mode 100644 index 0000000..45eb07d --- /dev/null +++ b/ace/configuration/TizenPolicy.xml @@ -0,0 +1,612 @@ + + + + + + + sha-1 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + sha-1 AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/ace/configuration/UnrestrictedPolicy.xml b/ace/configuration/UnrestrictedPolicy.xml new file mode 100644 index 0000000..558f2dc --- /dev/null +++ b/ace/configuration/UnrestrictedPolicy.xml @@ -0,0 +1,5 @@ + + + + + diff --git a/ace/configuration/WAC2.0Policy.xml b/ace/configuration/WAC2.0Policy.xml new file mode 100644 index 0000000..1a6e0ed --- /dev/null +++ b/ace/configuration/WAC2.0Policy.xml @@ -0,0 +1,169 @@ + + + + + + + sha-1 4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38 + + + + + + sha-1 A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2 + + + + + + sha-1 A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1 + + + + + + sha-1 8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + wgt-private + wgt-private-tmp + wgt-package + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/ace/configuration/bondixml.xsd b/ace/configuration/bondixml.xsd new file mode 100644 index 0000000..d16a14d --- /dev/null +++ b/ace/configuration/bondixml.xsd @@ -0,0 +1,184 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/ace/dao/AceDAO.cpp b/ace/dao/AceDAO.cpp new file mode 100644 index 0000000..4d4ce06 --- /dev/null +++ b/ace/dao/AceDAO.cpp @@ -0,0 +1,461 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file AceDAO.cpp + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + * @version 0.1 + * @brief + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace DPL::DB::ORM; +using namespace DPL::DB::ORM::ace; +using namespace AceDB::AceDaoUtilities; +using namespace AceDB::AceDaoConversions; + +namespace { +char const * const EMPTY_SESSION = ""; +} // namespace + +namespace AceDB{ + +void AceDAO::setPromptDecision( + WidgetHandle widgetHandle, + int ruleId, + const DPL::OptionalString &session, + PromptDecision decision) +{ + Try { + ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); + + ACE_DB_DELETE(del, AcePromptDecision, &AceDaoUtilities::m_databaseInterface); + del->Where( + And( + Equals(widgetHandle), + Equals(ruleId))); + del->Execute(); + + AcePromptDecision::Row row; + row.Set_rule_id(ruleId); + row.Set_decision(promptDecisionToInt(decision)); + row.Set_app_id(widgetHandle); + row.Set_session(session); + ACE_DB_INSERT(insert, AcePromptDecision, &AceDaoUtilities::m_databaseInterface); + insert->Values(row); + insert->Execute(); + + transaction.Commit(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to setUserSetting"); + } +} + +void AceDAO::removePolicyResult( + const BaseAttributeSet &attributes) +{ + Try { + ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); + + auto attrHash = convertToHash(attributes); + + ACE_DB_DELETE(del, + AcePolicyResult, + &AceDaoUtilities::m_databaseInterface); + del->Where(Equals(attrHash)); + del->Execute(); + transaction.Commit(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to removeVerdict"); + } +} + +void AceDAO::clearAllSettings(void) +{ + clearWidgetDevCapSettings(); + clearDevCapSettings(); +} + +void AceDAO::setDevCapSetting(const std::string &resource, + PreferenceTypes preference) +{ + Try { + ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface); + AceDevCap::Row row; + row.Set_general_setting(preferenceToInt(preference)); + update->Values(row); + update->Where( + Equals(DPL::FromUTF8String(resource))); + update->Execute(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to SetResourceSetting"); + } +} + +void AceDAO::removeDevCapSetting(const std::string &resource) +{ + Try { + ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface); + AceDevCap::Row row; + row.Set_general_setting(preferenceToInt(PreferenceTypes::PREFERENCE_DEFAULT)); + update->Values(row); + update->Where( + Equals(DPL::FromUTF8String(resource))); + update->Execute(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to removeResourceSetting"); + } +} + + +void AceDAO::setWidgetDevCapSetting(const std::string &resource, + WidgetHandle handler, + PreferenceTypes preference) +{ + Try { + ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); + // TODO JOIN + AceDevCap::Row rrow; + if (!getResourceByUri(resource, rrow)) { + ThrowMsg(Exception::DatabaseError, "Resource not found"); + } + + ACE_DB_INSERT(insert, + AceWidgetDevCapSetting, + &AceDaoUtilities::m_databaseInterface); + + AceWidgetDevCapSetting::Row row; + row.Set_app_id(handler); + int rid = rrow.Get_resource_id(); + row.Set_resource_id(rid); + row.Set_access_value(preferenceToInt(preference)); + insert->Values(row); + insert->Execute(); + + transaction.Commit(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to setUserSetting"); + } +} + +void AceDAO::removeWidgetDevCapSetting(const std::string &resource, + WidgetHandle handler) +{ + Try { + ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); + AceDevCap::Row rrow; + if (!getResourceByUri(resource, rrow)) { + ThrowMsg(Exception::DatabaseError, "resource not found"); + } + + ACE_DB_DELETE(del, + AceWidgetDevCapSetting, + &AceDaoUtilities::m_databaseInterface); + + Equals e1(handler); + Equals e2(rrow.Get_resource_id()); + del->Where(And(e1, e2)); + del->Execute(); + transaction.Commit(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings"); + } +} + + +void AceDAO::setPolicyResult(const BaseAttributeSet &attributes, + const ExtendedPolicyResult &exResult) +{ + Try { + ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); + + // TODO: this call is connected with logic. + // It should be moved to PolicyEvaluator + addAttributes(attributes); + + auto attrHash = convertToHash(attributes); + + ACE_DB_DELETE(del, AcePolicyResult, &AceDaoUtilities::m_databaseInterface) + del->Where(Equals(attrHash)); + del->Execute(); + + ACE_DB_INSERT(insert, AcePolicyResult, &AceDaoUtilities::m_databaseInterface); + AcePolicyResult::Row row; + row.Set_decision(PolicyResult::serialize(exResult.policyResult)); + row.Set_hash(attrHash); + row.Set_rule_id(exResult.ruleId); + insert->Values(row); + insert->Execute(); + + transaction.Commit(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to addVerdict"); + } +} + +void AceDAO::resetDatabase(void) +{ + Try { + ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); + ACE_DB_DELETE(del1, AcePolicyResult, &AceDaoUtilities::m_databaseInterface); + del1->Execute(); + ACE_DB_DELETE(del2, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface); + del2->Execute(); + ACE_DB_DELETE(del3, AceDevCap, &AceDaoUtilities::m_databaseInterface); + del3->Execute(); + ACE_DB_DELETE(del4, AceSubject, &AceDaoUtilities::m_databaseInterface); + del4->Execute(); + ACE_DB_DELETE(del5, AceAttribute, &AceDaoUtilities::m_databaseInterface); + del5->Execute(); + ACE_DB_DELETE(del6, AcePromptDecision, &AceDaoUtilities::m_databaseInterface); + del6->Execute(); + + transaction.Commit(); + + // TODO there is no such query yet in ORM. + // GlobalConnection::DataCommandAutoPtr command = + // GlobalConnectionSingleton::Instance().PrepareDataCommand( + // "VACUUM"); + // command->Step(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to resetDatabase"); + } +} + +void AceDAO::clearPolicyCache(void) +{ + Try { + ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); + ACE_DB_DELETE(del1, AcePolicyResult, &AceDaoUtilities::m_databaseInterface); + del1->Execute(); + ACE_DB_DELETE(del2, AceAttribute, &AceDaoUtilities::m_databaseInterface); + del2->Execute(); + ACE_DB_DELETE(del3, AcePromptDecision, &AceDaoUtilities::m_databaseInterface); + del3->Execute(); + + transaction.Commit(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to clearPolicyCache"); + } +} + +void AceDAO::clearDevCapSettings() +{ + Try { + ACE_DB_UPDATE(update, AceDevCap, &AceDaoUtilities::m_databaseInterface); + AceDevCap::Row row; + row.Set_general_setting(-1); + update->Values(row); + update->Execute(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to clearResourceSettings"); + } +} + +void AceDAO::clearWidgetDevCapSettings() +{ + Try { + ACE_DB_DELETE(del, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface); + del->Execute(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to clearUserSettings"); + } +} + +int AceDAO::addResource(const std::string &request) +{ + LogDebug("addResource: " << request); + Try { + ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); + AceDevCap::Row rrow; + if (getResourceByUri(request, rrow)) { + transaction.Commit(); + return rrow.Get_resource_id(); + } + + ACE_DB_INSERT(insert, AceDevCap, &AceDaoUtilities::m_databaseInterface); + AceDevCap::Row row; + row.Set_id_uri(DPL::FromUTF8String(request)); + row.Set_general_setting(-1); + insert->Values(row); + int id = insert->Execute(); + transaction.Commit(); + return id; + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed in addResource"); + } +} + +void AceDAO::addAttributes(const BaseAttributeSet &attributes) +{ + Try { + BaseAttributeSet::const_iterator iter; + + for (iter = attributes.begin(); iter != attributes.end(); ++iter) { + ACE_DB_SELECT(select, AceAttribute, &AceDaoUtilities::m_databaseInterface); + select->Where(Equals(DPL::FromUTF8String( + *(*iter)->getName()))); + std::list rows = select->GetRowList(); + if (!rows.empty()) { + continue; + } + + ACE_DB_INSERT(insert, AceAttribute, &AceDaoUtilities::m_databaseInterface); + AceAttribute::Row row; + row.Set_name(DPL::FromUTF8String(*(*iter)->getName())); + row.Set_type(attributeTypeToInt((*iter)->getType())); + insert->Values(row); + insert->Execute(); + } + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed in addAttributes"); + } +} + +void AceDAO::setRequestedDevCaps( + WidgetHandle widgetHandle, + const RequestedDevCapsMap &permissions) +{ + Try { + FOREACH(it, permissions) { + ACE_DB_INSERT(insert, AceRequestedDevCaps, + &AceDaoUtilities::m_databaseInterface); + AceRequestedDevCaps::Row row; + row.Set_app_id(widgetHandle); + row.Set_dev_cap(it->first); + row.Set_grant_smack(it->second ? 1 : 0); + insert->Values(row); + insert->Execute(); + } + } Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed in setStaticDevCapPermissions"); + } +} + +void AceDAO::setAcceptedFeature( + WidgetHandle widgetHandle, + const FeatureNameVector &vector) +{ + Try { + ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); + FOREACH(it, vector) { + ACE_DB_INSERT(insert, AceAcceptedFeature, + &AceDaoUtilities::m_databaseInterface); + AceAcceptedFeature::Row row; + row.Set_app_id(widgetHandle); + row.Set_feature(*it); + insert->Values(row); + insert->Execute(); + } + transaction.Commit(); + } Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed in setAcceptedFeature"); + } +} + +void AceDAO::removeAcceptedFeature( + WidgetHandle widgetHandle) +{ + Try + { + ACE_DB_DELETE(del, AceAcceptedFeature, + &AceDaoUtilities::m_databaseInterface); + del->Where(Equals(widgetHandle)); + del->Execute(); + } Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed in removeAcceptedFeature"); + } +} + +void AceDAO::registerWidgetInfo(WidgetHandle handle, + const WidgetRegisterInfo& info, + const WidgetCertificateDataList& dataList) +{ + Try + { + ScopedTransaction transaction(&AceDaoUtilities::m_databaseInterface); + + ACE_DB_INSERT(insert, WidgetInfo, &AceDaoUtilities::m_databaseInterface); + WidgetInfo::Row wi; + wi.Set_app_id(handle); + wi.Set_widget_type(static_cast(info.type)); + wi.Set_widget_id(info.widget_id); + wi.Set_widget_version(info.version); + wi.Set_author_name(info.authorName); + wi.Set_share_href(info.shareHref); + insert->Values(wi); + insert->Execute(); + + WidgetCertificateDataList::const_iterator it; + for (it = dataList.begin(); it != dataList.end(); ++it) + { + WidgetCertificateFingerprint::Row wcf; + wcf.Set_app_id(handle); + wcf.Set_owner(it->owner); + wcf.Set_chainid(it->chainId); + wcf.Set_type(it->type); + wcf.Set_md5_fingerprint(DPL::FromUTF8String(it->strMD5Fingerprint)); + wcf.Set_sha1_fingerprint(DPL::FromUTF8String(it->strSHA1Fingerprint)); + wcf.Set_common_name(it->strCommonName); + ACE_DB_INSERT(insert, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface); + insert->Values(wcf); + insert->Execute(); + } + transaction.Commit(); + } Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed in registerWidgetInfo"); + } +} + +void AceDAO::unregisterWidgetInfo(WidgetHandle handle) +{ + if(AceDAO::isWidgetInstalled(handle)) { + Try + { + ACE_DB_DELETE(del, WidgetInfo, &AceDaoUtilities::m_databaseInterface); + del->Where(Equals(handle)); + del->Execute(); + } Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed in unregisterWidgetInfo"); + } + } +} + +} diff --git a/ace/dao/AceDAOConversions.cpp b/ace/dao/AceDAOConversions.cpp new file mode 100644 index 0000000..61e5a86 --- /dev/null +++ b/ace/dao/AceDAOConversions.cpp @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file AceDaoConversions.h + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#include +#include + +#include + +namespace AceDB { + +DPL::String AceDaoConversions::convertToHash(const BaseAttributeSet &attributes) +{ + unsigned char attrHash[MD5_DIGEST_LENGTH]; + std::string attrString; + FOREACH(it, attributes) { + // [CR] implementation of it->toString() is not secure, 24.03.2010 + attrString.append((*it)->toString()); + } + + MD5((unsigned char *) attrString.c_str(), attrString.length(), attrHash); + + char attrHashCoded[MD5_DIGEST_LENGTH*2 + 1]; + for (int i = 0; i < MD5_DIGEST_LENGTH; ++i) { + sprintf(&attrHashCoded[i << 1], + "%02X", + static_cast(attrHash[i])); + } + return DPL::FromASCIIString(attrHashCoded); +} + + +} diff --git a/ace/dao/AceDAOReadOnly.cpp b/ace/dao/AceDAOReadOnly.cpp new file mode 100644 index 0000000..48e2c2b --- /dev/null +++ b/ace/dao/AceDAOReadOnly.cpp @@ -0,0 +1,570 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file AceDAOReadOnlyReadOnly.cpp + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#include +#include + +#include +#include +#include +#include +#include + +using namespace DPL::DB::ORM; +using namespace DPL::DB::ORM::ace; +using namespace AceDB::AceDaoUtilities; +using namespace AceDB::AceDaoConversions; + +namespace AceDB { + +static const int DB_ALLOW_ALWAYS = 0; +static const int DB_ALLOW_FOR_SESSION = 1; +static const int DB_ALLOW_THIS_TIME = 2; +static const int DB_DENY_ALWAYS = 3; +static const int DB_DENY_FOR_SESSION = 4; +static const int DB_DENY_THIS_TIME = 5; + +static const int DB_APP_UNKNOWN = 0; +static const int DB_APP_WAC20 = 1; +static const int DB_APP_TIZEN = 2; + +int AceDAOReadOnly::promptDecisionToInt(PromptDecision decision) +{ + if (PromptDecision::ALLOW_ALWAYS == decision) { + return DB_ALLOW_ALWAYS; + } else if (PromptDecision::DENY_ALWAYS == decision) { + return DB_DENY_ALWAYS; + } else if (PromptDecision::ALLOW_THIS_TIME == decision) { + return DB_ALLOW_THIS_TIME; + } else if (PromptDecision::DENY_THIS_TIME == decision) { + return DB_DENY_THIS_TIME; + } else if (PromptDecision::ALLOW_FOR_SESSION == decision) { + return DB_ALLOW_FOR_SESSION; + } + // DENY_FOR_SESSION + return DB_DENY_FOR_SESSION; +} + +PromptDecision AceDAOReadOnly::intToPromptDecision(int dec) { + if (dec == DB_ALLOW_ALWAYS) { + return PromptDecision::ALLOW_ALWAYS; + } else if (dec == DB_DENY_ALWAYS) { + return PromptDecision::DENY_ALWAYS; + } else if (dec == DB_ALLOW_THIS_TIME) { + return PromptDecision::ALLOW_THIS_TIME; + } else if (dec == DB_DENY_THIS_TIME) { + return PromptDecision::DENY_THIS_TIME; + } else if (dec == DB_ALLOW_FOR_SESSION) { + return PromptDecision::ALLOW_FOR_SESSION; + } + // DB_DENY_FOR_SESSION + return PromptDecision::DENY_FOR_SESSION; +} + +int AceDAOReadOnly::appTypeToInt(AppTypes app_type) +{ + switch (app_type) { + case AppTypes::Unknown: + return DB_APP_UNKNOWN; + case AppTypes::WAC20: + return DB_APP_WAC20; + case AppTypes::Tizen: + return DB_APP_TIZEN; + default: + return DB_APP_UNKNOWN; + } + +} + +AppTypes AceDAOReadOnly::intToAppType(int app_type) +{ + switch (app_type) { + case DB_APP_UNKNOWN: + return AppTypes::Unknown; + case DB_APP_WAC20: + return AppTypes::WAC20; + case DB_APP_TIZEN: + return AppTypes::Tizen; + default: + return AppTypes::Unknown; + } +} + +void AceDAOReadOnly::attachToThreadRO() +{ + AceDaoUtilities::m_databaseInterface.AttachToThread( + DPL::DB::SqlConnection::Flag::RO); +} + +void AceDAOReadOnly::attachToThreadRW() +{ + AceDaoUtilities::m_databaseInterface.AttachToThread( + DPL::DB::SqlConnection::Flag::RW); +} + +void AceDAOReadOnly::detachFromThread() +{ + AceDaoUtilities::m_databaseInterface.DetachFromThread(); +} + +OptionalCachedPromptDecision AceDAOReadOnly::getPromptDecision( + WidgetHandle widgetHandle, + int ruleId) +{ + Try { + // get matching subject verdict + ACE_DB_SELECT(select, AcePromptDecision, &AceDaoUtilities::m_databaseInterface); + + select->Where( + And( + Equals(ruleId), + Equals(widgetHandle))); + + std::list rows = select->GetRowList(); + if (rows.empty()) { + return OptionalCachedPromptDecision(); + } + + AcePromptDecision::Row row = rows.front(); + CachedPromptDecision decision; + decision.decision = intToPromptDecision(row.Get_decision()); + decision.session = row.Get_session(); + + return OptionalCachedPromptDecision(decision); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getPromptDecision"); + } +} + +void AceDAOReadOnly::getAttributes(BaseAttributeSet *attributes) +{ + if (NULL == attributes) { + LogError("NULL pointer"); + return; + } + attributes->clear(); + std::string aname; + int type; + Try { + ACE_DB_SELECT(select, AceAttribute, &AceDaoUtilities::m_databaseInterface); + typedef std::list RowList; + RowList list = select->GetRowList(); + + FOREACH(i, list) { + BaseAttributePtr attribute(new BaseAttribute()); + DPL::String name = i->Get_name(); + aname = DPL::ToUTF8String(name); + type = i->Get_type(); + + attribute->setName(&aname); + attribute->setType(intToAttributeType(type)); + attributes->insert(attribute); + } + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getAttributes"); + } +} + +OptionalExtendedPolicyResult AceDAOReadOnly::getPolicyResult( + const BaseAttributeSet &attributes) +{ + + auto attrHash = convertToHash(attributes); + return getPolicyResult(attrHash); +} + +OptionalExtendedPolicyResult AceDAOReadOnly::getPolicyResult( + const DPL::String &attrHash) +{ + Try { + // get matching subject verdict + ACE_DB_SELECT(select, AcePolicyResult, &AceDaoUtilities::m_databaseInterface); + Equals e1(attrHash); + select->Where(e1); + + std::list rows = select->GetRowList(); + if (rows.empty()) { + return OptionalExtendedPolicyResult(); + } + + AcePolicyResult::Row row = rows.front(); + int decision = row.Get_decision(); + ExtendedPolicyResult res; + res.policyResult = PolicyResult::deserialize(decision); + res.ruleId = row.Get_rule_id(); + return OptionalExtendedPolicyResult(res); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getVerdict"); + } +} + +PreferenceTypes AceDAOReadOnly::getDevCapSetting(const std::string &resource) +{ + Try { + AceDevCap::Row row; + if (!getResourceByUri(resource, row)) { + return PreferenceTypes::PREFERENCE_DEFAULT; + } + return intToPreference(row.Get_general_setting()); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getResourceSetting"); + } +} + +void AceDAOReadOnly::getDevCapSettings(PreferenceTypesMap *globalSettingsMap) +{ + if (NULL == globalSettingsMap) { + LogError("Null pointer"); + return; + } + globalSettingsMap->clear(); + Try { + ACE_DB_SELECT(select, AceDevCap, &AceDaoUtilities::m_databaseInterface); + typedef std::list RowList; + RowList list = select->GetRowList(); + + FOREACH(i, list) { + PreferenceTypes p = intToPreference(i->Get_general_setting()); + globalSettingsMap->insert(make_pair(DPL::ToUTF8String( + i->Get_id_uri()), p)); + } + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getResourceSettings"); + } +} + +void AceDAOReadOnly::getWidgetDevCapSettings(BasePermissionList *outputList) +{ + if (NULL == outputList) { + LogError("NULL pointer"); + return; + } + outputList->clear(); + Try { + std::string resourceName; + PreferenceTypes allowAccess; + + ACE_DB_SELECT(select, + AceWidgetDevCapSetting, + &AceDaoUtilities::m_databaseInterface); + + typedef std::list RowList; + RowList list = select->GetRowList(); + + // TODO JOIN + FOREACH(i, list) { + int app_id = i->Get_app_id(); + int res_id = i->Get_resource_id(); + + ACE_DB_SELECT(resourceSelect, AceDevCap, &AceDaoUtilities::m_databaseInterface); + resourceSelect->Where(Equals(res_id)); + AceDevCap::Row rrow = resourceSelect->GetSingleRow(); + + resourceName = DPL::ToUTF8String(rrow.Get_id_uri()); + + if (!resourceName.empty()) { + allowAccess = intToPreference(i->Get_access_value()); + outputList->push_back( + BasePermission(app_id, + resourceName, + allowAccess)); + } + } + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to findUserSettings"); + } +} + +PreferenceTypes AceDAOReadOnly::getWidgetDevCapSetting( + const std::string &resource, + WidgetHandle handler) +{ + Try { + AceDevCap::Row rrow; + if (!getResourceByUri(resource, rrow)) { + return PreferenceTypes::PREFERENCE_DEFAULT; + } + int resourceId = rrow.Get_resource_id(); + + // get matching user setting + ACE_DB_SELECT(select, AceWidgetDevCapSetting, &AceDaoUtilities::m_databaseInterface); + + select->Where(And(Equals(resourceId), + Equals(handler))); + + std::list values = + select->GetValueList(); + if (values.empty()) { + return PreferenceTypes::PREFERENCE_DEFAULT; + } + return intToPreference(values.front()); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed in getUserSetting"); + } +} + +void AceDAOReadOnly::getRequestedDevCaps( + WidgetHandle widgetHandle, + RequestedDevCapsMap *permissions) +{ + if (NULL == permissions) { + LogError("NULL pointer"); + return; + } + permissions->clear(); + Try { + ACE_DB_SELECT(select, AceRequestedDevCaps, + &AceDaoUtilities::m_databaseInterface); + select->Where( + Equals(widgetHandle)); + std::list list = select->GetRowList(); + + FOREACH(i, list) { + permissions->insert(std::make_pair(i->Get_dev_cap(), + i->Get_grant_smack() == 1)); + } + } Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getRequestedDevCaps"); + } +} + +void AceDAOReadOnly::getAcceptedFeature( + WidgetHandle widgetHandle, + FeatureNameVector *fvector) +{ + if (NULL == fvector) { + LogError("NULL pointer"); + return; + } + + fvector->clear(); + Try { + ACE_DB_SELECT(select, AceAcceptedFeature, + &AceDaoUtilities::m_databaseInterface); + select->Where( + Equals(widgetHandle)); + std::list list = select->GetRowList(); + + FOREACH(i, list) { + fvector->push_back(i->Get_feature()); + } + } Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getRequestedDevCaps"); + } +} + +AppTypes AceDAOReadOnly::getWidgetType(WidgetHandle handle) +{ + Try { + ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); + select->Where(Equals(handle)); + WidgetInfo::Select::RowList rows = select->GetRowList(); + DPL::OptionalInt res; + if (!rows.empty()) { + res = rows.front().Get_widget_type(); + AppTypes retType = (res.IsNull() ? AppTypes::Unknown : static_cast(*res)); + return retType; + } else { + LogDebug("Can not find widget type"); + return AppTypes::Unknown; + } + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getWidgetType"); + } +} + +std::string AceDAOReadOnly::getVersion(WidgetHandle widgetHandle) +{ + Try + { + ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); + select->Where(Equals(widgetHandle)); + WidgetInfo::Select::RowList rows = select->GetRowList(); + DPL::OptionalString res; + if(!rows.empty()) { + res = rows.front().Get_widget_version(); + return (res.IsNull() ? "" : DPL::ToUTF8String(*res)); + } else { + LogDebug("Widget not installed"); + return ""; + } + } Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getVersion"); + } +} + +std::string AceDAOReadOnly::getAuthorName(WidgetHandle widgetHandle) +{ + Try + { + ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); + select->Where(Equals(widgetHandle)); + WidgetInfo::Select::RowList rows = select->GetRowList(); + DPL::OptionalString res; + if(!rows.empty()) { + res = rows.front().Get_author_name(); + return (res.IsNull() ? "" : DPL::ToUTF8String(*res)); + } else { + LogDebug("Widget not installed"); + return ""; + } + } Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getAuthorName"); + } +} + +std::string AceDAOReadOnly::getGUID(WidgetHandle widgetHandle) +{ + Try + { + ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); + select->Where(Equals(widgetHandle)); + WidgetInfo::Select::RowList rows = select->GetRowList(); + DPL::OptionalString res; + if(!rows.empty()) { + res = rows.front().Get_widget_id(); + return (res.IsNull() ? "" : DPL::ToUTF8String(*res)); + } else { + LogDebug("Widget not installed"); + return ""; + } + } Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getGUID"); + } +} + +WidgetCertificateCNList AceDAOReadOnly::getKeyCommonNameList( + WidgetHandle widgetHandle, + WidgetCertificateData::Owner owner, + WidgetCertificateData::Type type) +{ + Try { + ACE_DB_SELECT(select, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface); + select->Where(And(And( + Equals(widgetHandle), + Equals(owner)), + Equals(type))); + WidgetCertificateFingerprint::Select::RowList rows = select->GetRowList(); + + WidgetCertificateCNList out; + FOREACH(it, rows) + { + DPL::Optional cn = it->Get_common_name(); + out.push_back(cn.IsNull() ? "" : DPL::ToUTF8String(*cn)); + } + return out; + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getKeyCommonNameList"); + } +} + +FingerPrintList AceDAOReadOnly::getKeyFingerprints( + WidgetHandle widgetHandle, + WidgetCertificateData::Owner owner, + WidgetCertificateData::Type type) +{ + Try + { + ACE_DB_SELECT(select, WidgetCertificateFingerprint, &AceDaoUtilities::m_databaseInterface); + select->Where(And(And( + Equals(widgetHandle), + Equals(owner)), + Equals(type))); + WidgetCertificateFingerprint::Select::RowList rows = select->GetRowList(); + + FingerPrintList keys; + FOREACH(it, rows) + { + DPL::Optional sha1 = it->Get_sha1_fingerprint(); + if (!sha1.IsNull()) + keys.push_back(DPL::ToUTF8String(*sha1)); + DPL::Optional md5 = it->Get_md5_fingerprint(); + if (!md5.IsNull()) + keys.push_back(DPL::ToUTF8String(*md5)); + } + return keys; + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getKeyFingerprints"); + } +} + +std::string AceDAOReadOnly::getShareHref(WidgetHandle widgetHandle) +{ + Try + { + ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); + select->Where(Equals(widgetHandle)); + WidgetInfo::Select::RowList rows = select->GetRowList(); + + if(rows.empty()) + ThrowMsg(Exception::DatabaseError, "Cannot find widget. Handle: " << widgetHandle); + + DPL::Optional value = rows.front().Get_share_href(); + std::string ret = ""; + if(!value.IsNull()) + ret = DPL::ToUTF8String(*value); + return ret; + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to getShareHref"); + } +} + +WidgetHandleList AceDAOReadOnly::getHandleList() +{ + LogDebug("Getting DbWidgetHandle List"); + Try + { + ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); + return select->GetValueList(); + } + Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed to list of widget handles"); + } +} + +bool AceDAOReadOnly::isWidgetInstalled(WidgetHandle handle) +{ + Try { + ACE_DB_SELECT(select, WidgetInfo, &AceDaoUtilities::m_databaseInterface); + select->Where(Equals(handle)); + WidgetInfo::Select::RowList rows = select->GetRowList(); + return !rows.empty() ? true : false; + } Catch(DPL::DB::SqlConnection::Exception::Base) { + ReThrowMsg(Exception::DatabaseError, "Failed in isWidgetInstalled"); + } +} + +} diff --git a/ace/dao/AceDAOUtilities.cpp b/ace/dao/AceDAOUtilities.cpp new file mode 100644 index 0000000..4d5292e --- /dev/null +++ b/ace/dao/AceDAOUtilities.cpp @@ -0,0 +1,193 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file AceDaoReadOnly.h + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#include +#include +#include + +#include +#include +#include + +namespace AceDB { + +namespace { +const char* ACE_DB_DATABASE = "/opt/dbspace/.ace.db"; +DPL::DB::SqlConnection::Flag::Type ACE_DB_FLAGS = + DPL::DB::SqlConnection::Flag::UseLucene; +} + +DPL::DB::ThreadDatabaseSupport AceDaoUtilities::m_databaseInterface( + ACE_DB_DATABASE, ACE_DB_FLAGS); + +BaseAttribute::Type AceDaoUtilities::intToAttributeType(int val) +{ + switch (val) { + case 0: + return BaseAttribute::Type::Subject; + case 1: + return BaseAttribute::Type::Environment; + case 2: + return BaseAttribute::Type::Resource; + case 3: + return BaseAttribute::Type::FunctionParam; + case 4: + return BaseAttribute::Type::WidgetParam; + + default: + Assert(0 && "Unknown Attribute type value"); + return BaseAttribute::Type::Subject; //remove compilation warrning + } +} + +int AceDaoUtilities::attributeTypeToInt(BaseAttribute::Type type) +{ + // we cannot cast enum -> int because this cast will be removed from next c++ standard + switch (type) { + case BaseAttribute::Type::Subject: + return 0; + case BaseAttribute::Type::Environment: + return 1; + case BaseAttribute::Type::Resource: + return 2; + case BaseAttribute::Type::FunctionParam: + return 3; + case BaseAttribute::Type::WidgetParam: + return 4; + + default: + Assert(0 && "Unknown Attribute type!"); + return 0; //remove compilation warrning + } +} + +int AceDaoUtilities::preferenceToInt(PreferenceTypes p) +{ + switch (p) { + case PreferenceTypes::PREFERENCE_PERMIT: + return 1; + case PreferenceTypes::PREFERENCE_DENY: + return 0; + case PreferenceTypes::PREFERENCE_BLANKET_PROMPT: + return 2; + case PreferenceTypes::PREFERENCE_SESSION_PROMPT: + return 3; + case PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: + return 4; + + default: + return -1; + } +} + +PreferenceTypes AceDaoUtilities::intToPreference(int p) +{ + switch (p) { + case 1: + return PreferenceTypes::PREFERENCE_PERMIT; + case 0: + return PreferenceTypes::PREFERENCE_DENY; + case 2: + return PreferenceTypes::PREFERENCE_BLANKET_PROMPT; + case 3: + return PreferenceTypes::PREFERENCE_SESSION_PROMPT; + case 4: + return PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT; + + default: + return PreferenceTypes::PREFERENCE_DEFAULT; + } +} + +VerdictTypes AceDaoUtilities::intToVerdict(int v) +{ + switch (v) { + case -1: + return VerdictTypes::VERDICT_UNKNOWN; + case 0: + return VerdictTypes::VERDICT_DENY; + case 1: + return VerdictTypes::VERDICT_PERMIT; + case 2: + return VerdictTypes::VERDICT_INAPPLICABLE; + + default: + Assert(0 && "Cannot convert int to verdict"); + return VerdictTypes::VERDICT_UNKNOWN; // remove compile warrning + } +} + +int AceDaoUtilities::verdictToInt(VerdictTypes v) +{ + switch (v) { + case VerdictTypes::VERDICT_UNKNOWN: + return -1; + case VerdictTypes::VERDICT_DENY: + return 0; + case VerdictTypes::VERDICT_PERMIT: + return 1; + case VerdictTypes::VERDICT_INAPPLICABLE: + return 2; + + default: + Assert(0 && "Unknown Verdict value"); + return -1; // remove compile warrning + } +} + +bool AceDaoUtilities::getSubjectByUri(const std::string &uri, + DPL::DB::ORM::ace::AceSubject::Row &row) +{ + using namespace DPL::DB::ORM; + using namespace DPL::DB::ORM::ace; + ACE_DB_SELECT(select, AceSubject, &m_databaseInterface); + select->Where(Equals(DPL::FromUTF8String(uri))); + std::list rows = select->GetRowList(); + if (rows.empty()) { + return false; + } + + row = rows.front(); + return true; +} + +bool AceDaoUtilities::getResourceByUri(const std::string &uri, + DPL::DB::ORM::ace::AceDevCap::Row &row) +{ + using namespace DPL::DB::ORM; + using namespace DPL::DB::ORM::ace; + ACE_DB_SELECT(select, AceDevCap, &m_databaseInterface); + select->Where(Equals(DPL::FromUTF8String(uri))); + std::list rows = select->GetRowList(); + if (rows.empty()) { + return false; + } + + row = rows.front(); + return true; +} + + +} diff --git a/ace/dao/AceDatabase.cpp b/ace/dao/AceDatabase.cpp new file mode 100644 index 0000000..6c91951 --- /dev/null +++ b/ace/dao/AceDatabase.cpp @@ -0,0 +1,25 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file AceDatabase.cpp + * @author Lukasz Marek (l.marek@samsung.com) + * @version 1.0 + * @brief This file contains the declaration of ace database + */ + +#include + +DPL::Mutex g_aceDbQueriesMutex; diff --git a/ace/dao/BaseAttribute.cpp b/ace/dao/BaseAttribute.cpp new file mode 100644 index 0000000..e15785c --- /dev/null +++ b/ace/dao/BaseAttribute.cpp @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file BaseAttribute.cpp + * @author Lukasz Marek (l.marek@samsung.com) + * @version 0.1 + * @brief + */ + +#include +#include + +#include + +namespace AceDB { + +const char* BaseAttribute::typeToString(Type type) +{ + const char * ret = NULL; + switch (type) { + case Type::Resource: + ret = "resource"; + break; + case Type::Subject: + ret = "subject"; + break; + case Type::Environment: + ret = "environment"; + break; + default: + ret = "unknown type"; + break; + } + + return ret; +} + +std::string BaseAttribute::toString() const +{ + std::string ret; + const char * SEPARATOR = ";"; + + ret.append(m_name); + ret.append(SEPARATOR); + ret.append(typeToString(m_typeId)); + ret.append(SEPARATOR); + if (m_undetermindState) { + ret.append("true"); + } else { + ret.append("false"); + } + ret.append(SEPARATOR); + for (std::list::const_iterator it = value.begin(); + it != value.end(); + ++it) { + std::stringstream num; + num << it->size(); + ret.append(num.str()); + ret.append(SEPARATOR); + ret.append(*it); + ret.append(SEPARATOR); + } + + return ret; +} + +} diff --git a/ace/dao/CMakeLists.txt b/ace/dao/CMakeLists.txt new file mode 100644 index 0000000..e40cf11 --- /dev/null +++ b/ace/dao/CMakeLists.txt @@ -0,0 +1,84 @@ + +SET(ACE_DAO_DEPS_LIST + dpl-efl + dpl-db-efl + ecore + appcore-efl + openssl + vconf + db-util + libpcrecpp + icu-uc + libxml-2.0 + ) + +PKG_CHECK_MODULES(ACE_DAO_DEPS ${ACE_DAO_DEPS_LIST} REQUIRED) + +set(ACE_SRC_DIR ${PROJECT_SOURCE_DIR}/ace/dao) + +set(ACE_DAO_RO_SOURCES + ${ACE_SRC_DIR}/AceDAOReadOnly.cpp + ${ACE_SRC_DIR}/AceDAOUtilities.cpp + ${ACE_SRC_DIR}/AceDAOConversions.cpp + ${ACE_SRC_DIR}/BaseAttribute.cpp + ${ACE_SRC_DIR}/AceDatabase.cpp + ${ACE_SRC_DIR}/PromptModel.cpp +) + +set(ACE_DAO_RW_SOURCES + ${ACE_SRC_DIR}/AceDAO.cpp +) + +INCLUDE_DIRECTORIES(${ACE_SRC_DIR}) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/orm) +INCLUDE_DIRECTORIES(${ACE_DAO_DEPS_INCLUDE_DIRS}) + +ADD_LIBRARY(${TARGET_ACE_DAO_RO_LIB} SHARED + ${ACE_DAO_RO_SOURCES} +) + +SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES + SOVERSION ${API_VERSION} + VERSION ${VERSION}) + +SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES + COMPILE_FLAGS -fPIC) + +SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RO_LIB} PROPERTIES + COMPILE_FLAGS "-include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h") + +target_link_libraries(${TARGET_ACE_DAO_RO_LIB} + ${TARGET_DPL_EFL} + ${TARGET_DPL_DB_EFL} + ${ACE_DAO_DEPS_LIBRARY} + ${ACE_DAO_DEPS_LDFLAGS} +) + +ADD_LIBRARY(${TARGET_ACE_DAO_RW_LIB} SHARED + ${ACE_DAO_RW_SOURCES} +) +SET_SOURCE_FILES_PROPERTIES(${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h PROPERTIES GENERATED 1) +ADD_DEPENDENCIES(${TARGET_ACE_DAO_RO_LIB} ACE_DB_CHECKSUM_HEADER) + +SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES + SOVERSION ${API_VERSION} + VERSION ${VERSION}) + +SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES + COMPILE_FLAGS -fPIC) + +SET_TARGET_PROPERTIES(${TARGET_ACE_DAO_RW_LIB} PROPERTIES + COMPILE_FLAGS "-include ${CMAKE_BINARY_DIR}/ace/database_checksum_ace.h") + +target_link_libraries(${TARGET_ACE_DAO_RW_LIB} + ${ACE_DAO_DEPS_LIST_LIBRARIES} + ${TARGET_ACE_DAO_RO_LIB} +) + +INSTALL(TARGETS ${TARGET_ACE_DAO_RO_LIB} + DESTINATION lib) + +INSTALL(TARGETS ${TARGET_ACE_DAO_RW_LIB} + DESTINATION lib) + diff --git a/ace/dao/PromptModel.cpp b/ace/dao/PromptModel.cpp new file mode 100644 index 0000000..ece84c6 --- /dev/null +++ b/ace/dao/PromptModel.cpp @@ -0,0 +1,178 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* @file PromptModel.cpp + * @author Justyna Mejzner (j.kwiatkowsk@samsung.com) + * @author Jaroslaw Osmanski (j.osmanski@samsung.com) + * @version 1.0 + * + */ + +#include + +#include +#include +#include + +namespace { + +const char INFO[] = "Widget requires access to:"; +const char DENY[] = "Deny"; +const char ALLOW[] = "Permit"; + +const char BLANKET_CHECKBOX_LABEL[] = "Keep setting as permanent"; +const char SESSION_CHECKBOX_LABEL[] = "Remember for one run"; + +Prompt::ButtonLabels aceQuestionLabel = {DENY, ALLOW}; + +static Prompt::PromptLabels* getModel( + Prompt::PromptModel::PromptType promptType, + const std::string& resourceId) +{ + std::string strLabel; + strLabel = INFO; + strLabel += "
"; + strLabel += resourceId; + + return new Prompt::PromptLabels(promptType, aceQuestionLabel, strLabel); +} + +Prompt::Validity fromPromptTypeToValidity(int aPromptType, bool checkClicked) +{ + using namespace Prompt; + PromptModel::PromptType promptTypeEnum = + static_cast(aPromptType); + switch (promptTypeEnum) { + case PromptModel::PROMPT_ONESHOT: + return Validity::ONCE; + case PromptModel::PROMPT_SESSION: + if (checkClicked) + { + return Validity::SESSION; + } + else + { + return Validity::ONCE; + } + case PromptModel::PROMPT_BLANKET: + if (checkClicked) + { + return Validity::ALWAYS; + } + else + { + return Validity::ONCE; + } + default: + Assert(0); + return Validity::ONCE; + } +} +} // namespace anonymous + +namespace Prompt { + + +PromptLabels::PromptLabels(int promptType, + const Prompt::ButtonLabels& questionLabel, + const std::string& mainLabel) : + m_promptType(promptType), + m_buttonLabels(questionLabel), + m_mainLabel(mainLabel) +{ + +} + +int PromptLabels::getPromptType() const +{ + return m_promptType; +} +const ButtonLabels& PromptLabels::getButtonLabels() const +{ + return m_buttonLabels; +} +const std::string& PromptLabels::getMainLabel() const +{ + return m_mainLabel; +} + +DPL::OptionalString PromptLabels::getCheckLabel() const +{ + if (PromptModel::PROMPT_BLANKET == m_promptType) + { + return DPL::OptionalString( + DPL::FromUTF8String(BLANKET_CHECKBOX_LABEL)); + } + else if (PromptModel::PROMPT_SESSION == m_promptType) + { + return DPL::OptionalString( + DPL::FromUTF8String(SESSION_CHECKBOX_LABEL)); + } + + return DPL::OptionalString::Null; +} + +bool PromptLabels::isAllowed(const size_t buttonClicked) const +{ + Assert(buttonClicked < aceQuestionLabel.size() && + "Button Clicked number is not in range of questionLabel"); + + return aceQuestionLabel[buttonClicked] == ALLOW; +} + +PromptAnswer::PromptAnswer(bool isAccessAllowed, Validity validity) : + m_isAccessAllowed(isAccessAllowed), + m_validity(validity) +{ + +} + +PromptAnswer::PromptAnswer( + int aPromptType, unsigned int buttonAns, bool checkAns) +{ + Assert(buttonAns < aceQuestionLabel.size() && + "Button Clicked number is not in range of questionLabel"); + + m_isAccessAllowed = aceQuestionLabel[buttonAns] == ALLOW; + m_validity = fromPromptTypeToValidity(aPromptType, checkAns); +} + +bool PromptAnswer::isAccessAllowed() const +{ + return m_isAccessAllowed; +} + +Validity PromptAnswer::getValidity() const +{ + return m_validity; +} + +PromptLabels* PromptModel::getOneShotModel(const std::string& resourceId) +{ + return getModel(PROMPT_ONESHOT, resourceId); +} + +PromptLabels* PromptModel::getSessionModel(const std::string& resourceId) +{ + return getModel(PROMPT_SESSION, resourceId); +} + +PromptLabels* PromptModel::getBlanketModel(const std::string& resourceId) +{ + return getModel(PROMPT_BLANKET, resourceId); +} + + +} // Prompt diff --git a/ace/engine/Attribute.cpp b/ace/engine/Attribute.cpp new file mode 100644 index 0000000..56cfc44 --- /dev/null +++ b/ace/engine/Attribute.cpp @@ -0,0 +1,886 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include +#include + +const bool Attribute::alpha[256] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, + 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0 +}; +const bool Attribute::digit[256] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0, 0 +}; + +const bool Attribute::mark[256] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1, 0, 0, 0, 0, 0, 1, 1, 1, 1, 0, 0, 1, 1, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0 +}; + +bool Attribute::searchAndCut(const char *str) +{ + //TODO + size_t pos = m_name.rfind(str); + if (pos == std::string::npos) { + return false; + } + if ((strlen(str) + pos) == m_name.size()) { + m_name.erase(pos, std::string::npos); + return true; + } + return false; +} + +Attribute::Attribute(const std::string *name, + const Match matchFunc, + const Type type_) : + matchFunction(matchFunc) +{ + m_name = *name; + m_typeId = type_; + m_undetermindState = false; + if (matchFunction != Match::Equal + && matchFunction != Match::Glob + && matchFunction != Match::Regexp) + { + //LogDebug("MID: " << matchFunction); + Assert(0 && "Match function problem"); + } + + if (searchAndCut(".scheme")) { + modifierFunction = Modifier::Scheme; + } else if (searchAndCut(".authority")) { + modifierFunction = Modifier::Authority; + } else if (searchAndCut(".scheme-authority")) { + modifierFunction = Modifier::SchemeAuthority; + } else if (searchAndCut(".host")) { + modifierFunction = Modifier::Host; + } else if (searchAndCut(".path")) { + modifierFunction = Modifier::Path; + } else { + modifierFunction = Modifier::Non; + } +} + +static Attribute::MatchResult equal_comparator(const std::string *first, + const std::string *second) +{ + if((*first) == (*second)) { + return Attribute::MatchResult::MRTrue; + } + return Attribute::MatchResult::MRFalse; +} + +static Attribute::MatchResult glob_comparator(const std::string *first, + const std::string *second) +{ + // order is important + if (!fnmatch(first->c_str(), second->c_str(), 0)) { + return Attribute::MatchResult::MRTrue; + } + return Attribute::MatchResult::MRFalse; +} + +static Attribute::MatchResult regexp_comparator(const std::string *first, + const std::string *second) +{ + // order is important + pcrecpp::RE re(first->c_str()); + if (re.FullMatch(second->c_str())) { + return Attribute::MatchResult::MRTrue; + } + return Attribute::MatchResult::MRFalse; +} + +Attribute::MatchResult Attribute::lists_comparator( + const std::list *first, + const std::list *second, + Attribute::MatchResult (*comparator)(const std::string *, + const std::string *)) const +{ + //NOTE: BONDI defines all availabe matching function as: if some string from first input bag + //matches some input string from second input bag, so it's required to find only one matching string + MatchResult result = MatchResult::MRFalse; + + for (std::list::const_iterator second_iter = second->begin(); + (second_iter != second->end()) && (result != MatchResult::MRTrue); + ++second_iter) + { + std::string *modified_value = applyModifierFunction(&(*second_iter)); + //Value was not an URI, it will be removed from the string bag (ignored) + if (modified_value == NULL) { + continue; + } + + for (std::list::const_iterator first_iter = first->begin(); + first_iter != first->end(); + ++first_iter) { + //Compare attributes + if ((*comparator)(&(*first_iter), modified_value) == MatchResult::MRTrue) { + result = MatchResult::MRTrue; + break; //Only one match is enough + } + } + if (modified_value) { + delete modified_value; + modified_value = NULL; + } + } + + if (result == MatchResult::MRTrue) { + LogDebug("Returning TRUE"); + } else if (result == MatchResult::MRFalse) { + LogDebug("Returning FALSE"); + } else if (result == MatchResult::MRUndetermined) { + LogDebug("Returning UNDETERMINED"); + } + return result; +} + +std::string * Attribute::applyModifierFunction(const std::string * val) const +{ + std::string * result = NULL; + switch (modifierFunction) { + case Modifier::Scheme: + result = uriScheme(val); + break; + case Modifier::Authority: + result = uriAuthority(val); + break; + case Modifier::SchemeAuthority: + result = uriSchemeAuthority(val); + break; + case Modifier::Host: + result = uriHost(val); + break; + case Modifier::Path: + result = uriPath(val); + break; + default: + result = new std::string(*val); + } + + return result; +} + +/** + * this - attribute obtained from xmlPolicy tree + * attribute - attribute obtained from PIP + */ +Attribute::MatchResult Attribute::matchAttributes( + const BaseAttribute *attribute) const +{ + std::string tempNam = *(attribute->getName()); + std::string tempVal; + std::string myVal; + + if (!(attribute->getValue()->empty())) { + tempVal = attribute->getValue()->front(); + } + + if (!(this->value.empty())) { + myVal = this->value.front(); + } + + LogDebug("Comparing attribute: " << this->m_name << "(" << + myVal << ") with: " << tempNam << + "(" << tempVal << ")"); + + Assert( + (this->m_name == *(attribute->getName())) && + "Two completely different attributes are being compared!"); + Assert( + (this->m_typeId == attribute->getType()) && + "Two completely different attributes are being compared!"); + + if (attribute->isUndetermind()) { + LogDebug("Attribute match undetermined"); + return MatchResult::MRUndetermined; + } + + //Regardles the algorithm used, if we have empty + //bag the result is always false + if (this->isValueEmpty() || attribute->isValueEmpty()) { + if (this->isValueEmpty()) { + LogDebug("empty bag in condition comparing"); + } + if (attribute->isValueEmpty()) { + LogDebug("empty bag in attribute comparing"); + } + return MatchResult::MRFalse; + } + + if (this->matchFunction == Match::Equal) { + return lists_comparator(&(this->value), + attribute->getValue(), + equal_comparator); + } else if (this->matchFunction == Match::Glob) { + return lists_comparator(&(this->value), + attribute->getValue(), + glob_comparator); + } else if (this->matchFunction == Match::Regexp) { + return lists_comparator(&(this->value), + attribute->getValue(), + regexp_comparator); + } //[CR] Change to Assert + Assert(false && " ** Critical :: no match function selected!"); + return MatchResult::MRFalse; // to remove compilator warning +} + +void Attribute::addValue(const std::string *val) +{ + this->getValue()->push_back(*val); +} + +std::ostream & operator<<(std::ostream & out, + const Attribute & attr) +{ + out << "attr: m_name: " << *(attr.getName()) + << " type: " << Attribute::typeToString(attr.getType()) + << " value: "; + if (attr.m_undetermindState) { + out << "Undetermined"; + } else if (attr.getValue()->empty()) { + out << "Empty string bag"; + } else { + FOREACH (it, *attr.getValue()) { + out << *it; + } + } + return out; +} + +bool +Attribute::parse(const std::string *input, + std::string *val) const +{ + static const char *pattern = + "^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"; + pcrecpp::RE re(pattern); + re.FullMatch(input->c_str(), &val[0], &val[1], + &val[2], &val[3], &val[4], + &val[5], &val[6], &val[7], &val[8]); + +#ifdef ALL_LOGS + for (int i = 0; i < 9; i++) { + LogDebug("val " << i << " :" << val[i]); + } +#endif + + if (find_error(val)) { + LogDebug("Input is not an URI " << *input); + for (int i = 0; i < 9; ++i) { + val[i].clear(); + } + return false; + } + + return true; +} + +Attribute::~Attribute() +{ +} + +std::string * Attribute::uriScheme(const std::string *input) const +{ + std::string part[9]; + if (!parse(input, part)) { + return NULL; + } + return new string(part[1]); +} + +std::string * +Attribute::uriAuthority(const std::string *input) const +{ + std::string part[9]; + if (!parse(input, part)) { + return NULL; + } + return new string(part[3]); +} + +std::string * +Attribute::uriSchemeAuthority(const std::string *input) const +{ + std::string part[9]; + if (!parse(input, part)) { + return NULL; + } + + if (part[0].size() == 0 || part[2].size() == 0) { + return new std::string(); + } + return new string(part[0] + part[2]); +} + +std::string * +Attribute::uriHost(const std::string *input) const +{ + std::string part[9]; + if (!parse(input, part)) { + return NULL; + } + return getHost(&(part[3])); +} + +std::string * +Attribute::uriPath(const std::string *input) const +{ + //TODO right now uriPath leaves leading '/' in uri, this slash is removed from the string + //it's not clear if leading '/' is a part of path component or only the separator + std::string part[9]; + if (!parse(input, part)) { + return NULL; + } + + std::string * temp = NULL; + + if (part[4].at(0) == '/') { + temp = new string(part[4].substr(1, part[4].length() - 1)); + } else { + temp = new string(part[4]); + } + + return temp; +} + +bool Attribute::find_error(const std::string *tab) const +{ + //We are checking tab[1] which contains scheme without ':' at the end + if (!checkScheme(&(tab[1]))) { + LogDebug("Check scheme failed, URI is invalid"); + return true; //error found + } + if (!checkAuthority(&(tab[3]))) { + LogDebug("Check authority failed, URI is invalid"); + return true; //error found + } + + if (!checkPath(&(tab[4]))) { + LogDebug("Check path failed, URI is invalid"); + return true; //error found + } + + return false; +} + +bool Attribute::checkScheme(const std::string *part) const +{ + Assert(part != NULL && "Checking NULLable string. This should never happen"); + + bool result = true; + + //TODO change part->at to data=part->c_str() + //TODO can scheme be empty? In absolute URI no, in relative URI yes + if (part->empty()) { + //Empty string is a correct schema + result = true; + } else if (alpha[(int) (part->at(0))] == 0) { + result = false; // First scheme character must be alpha + } else { + // rest must be alpha or digit or '+' or '-' or '.' + for (unsigned int i = 1; i < part->size(); ++i) { + int c = static_cast(part->at(i)); + if (!isSchemeAllowedCharacter(c)) { + result = false; + break; + } + } + } + return result; +} + +bool Attribute::checkAuthority(const std::string *part) const +{ + Assert(part != NULL && "Checking NULLable string. This should never happen"); + + //Server is a subset of reg_m_names so here we only check if authority matches reg_m_name + //Additional check if authority is a valid 'server' component is done in getHost + if (part->empty()) { + return true; //empty authority is valid uri + } + bool result = true; + + const char * data = part->c_str(); + for (size_t i = 0; i < part->length(); ++i) { + int c = (int) data[i]; + if (isUnreserved(c)) { + continue; + } + if (c == '$') { + continue; + } + if (c == ',') { + continue; + } + if (c == ';') { + continue; + } + if (c == ':') { + continue; + } + if (c == '@') { + continue; + } + if (c == '&') { + continue; + } + if (c == '=') { + continue; + } + if (c == '+') { + continue; + } + if (c == '%') { + if (isEscaped(data + i)) { + i += 2; //rewind the two escaped characters + continue; + } + } + result = false; + break; + } + + return result; +} + +std::string * Attribute::getHost(const std::string *part) const +{ + if (part->empty()) { + return new std::string(""); + } + + //Check userinfo + size_t userInfoPos = part->find("@"); + if (userInfoPos != std::string::npos) { + std::string data = part->substr(0, userInfoPos); + if (!isUserInfoAllowedString(&data)) { + return new string(""); //the authority is not composed of 'server' part + } + } + + std::string host; + //If we use host modifier then authority is composed of 'server' part so + //the port must contain only digits + size_t portPos = part->find(":"); + if (portPos != std::string::npos) { + for (unsigned int i = portPos + 1; i < part->size(); ++i) { + if (!digit[(int) part->at(i)]) { + return new string(""); //the authority is not composed of 'server' part + } + } + host = part->substr(userInfoPos + 1, portPos - (userInfoPos + 1)); + } else { + host = part->substr(userInfoPos + 1, part->length() - (userInfoPos + 1)); + } + + if (!isHostAllowedString(&host)) { + //Even if the string is not allowed for host this can still be a valid uri + return new string(""); + } + + return new std::string(host); +} + +bool Attribute::checkPath(const std::string *part) const +{ + bool result = true; + + const char * data = part->c_str(); + + for (unsigned int i = 0; i < part->size(); ++i) { + int c = data[i]; + if (c == '/') { + //If we found slash then the next character must be a part of segment + //It cannot be '/' so we have to check it immediately + i++; + c = data[i]; + if (!isSegmentAllowedCharacter(c)) { + result = false; + break; + } + } else if (c == ';') { + //Start param part of segment + i++; //Param can be empty so we don't have to check what's right after semicolon + continue; + } else if (c == '%') { + //We have to handle escaped characters differently than other segment allowed characters + //because we need an array + if (isEscaped(data + i)) { + i += 2; + } else { + result = false; + break; + } + } else { + if (!isSegmentAllowedCharacter(c)) { + result = false; + break; + } + } + } + + return result; +} + +bool Attribute::isSchemeAllowedCharacter(int c) const +{ + bool result = false; + if (isAlphanum(c)) { + result = true; + } else if (c == '+') { + result = true; + } else if (c == '-') { + result = true; + } else if (c == '.') { + result = true; + } + + return result; +} + +bool Attribute::isSegmentAllowedCharacter(int c) const +{ + bool result = true; + + // LogDebug("Checking is segment allowed for char "<<(char)c); + + if (isUnreserved(c)) { //do nothing, result = true + } else if (c == ':') { //do nothing, result = true + } else if (c == '@') { //do nothing, result = true + } else if (c == '&') { //do nothing, result = true + } else if (c == '=') { //do nothing, result = true + } else if (c == '+') { //do nothing, result = true + } else if (c == '$') { //do nothing, result = true + } else if (c == ',') { //do nothing, result = true + } else { + result = false; + } + + return result; +} + +bool Attribute::isUserInfoAllowedString(const std::string * str) const +{ + bool result = false; + + const char * data = str->c_str(); + + for (unsigned int i = 0; i < str->length(); ++i) { + int c = data[i]; + if (isUnreserved(c)) { + result = true; + } else if (c == '%') { + //isEsacped method checks if we don't cross array bounds, so we can + //safely give data[i] here + result = isEscaped((data + i)); + if (result == false) { + break; + } + i += 2; //rewind the next two characters sEsacped method checks if we don't cross array bounds, so we can safely rewind + } else if (c == ',') { + result = true; + } else if (c == '$') { + result = true; + } else if (c == '+') { + result = true; + } else if (c == '=') { + result = true; + } else if (c == '&') { + result = true; + } else if (c == '@') { + result = true; + } else if (c == ':') { + result = true; + } + } + return result; +} + +bool Attribute::isUnreserved(int c) const +{ + return isAlphanum(c) || mark[c]; +} + +bool Attribute::isAlphanum(int c) const +{ + return alpha[c] || digit[c]; +} + +bool Attribute::isHex(int c) const +{ + bool result = false; + + if (digit[c]) { + result = true; + } else if (c == 'A') { + result = true; + } else if (c == 'B') { + result = true; + } else if (c == 'C') { + result = true; + } else if (c == 'D') { + result = true; + } else if (c == 'E') { + result = true; + } else if (c == 'F') { + result = true; + } else if (c == 'a') { + result = true; + } else if (c == 'b') { + result = true; + } else if (c == 'c') { + result = true; + } else if (c == 'd') { + result = true; + } else if (c == 'e') { + result = true; + } else if (c == 'f') { + result = true; + } + + return result; +} + +bool Attribute::isEscaped(const char esc[3]) const +{ + if (esc == NULL) { + return false; + } + + if ((esc[0] == 0) || (esc[1] == 0) || (esc[2] == 0)) { + //We get an array that seems to be out of bounds. + //To be on the safe side return here + LogDebug("HEX NULLS"); + return false; + } + + if (esc[0] != '%') { + LogDebug( + "Error: first character of escaped value must be a precent but is " + << + esc[0]); + return false; + } + +#ifdef ALL_LOGS + for (int i = 0; i < 3; i++) { + LogDebug("HEX " << esc[i]); + } +#endif + return isHex((int) esc[1]) && isHex((int) esc[2]); +} + +bool Attribute::isHostAllowedString(const std::string * str) const +{ + bool result = true; + + if (digit[(int) str->at(0)]) { + //IPv4 address + result = isIPv4AllowedString(str); + } else { + //Hostname + result = isHostNameAllowedString(str); + } + + return result; +} + +bool Attribute::isIPv4AllowedString(const std::string * str) const +{ + LogDebug("Is hostIPv4 allowed String for " << *str); + + const char * data = str->c_str(); + bool result = true; + int digitCounter = 0; + int dotCounter = 0; + + for (unsigned int i = 0; i < str->length(); ++i) { + if (data[i] == '.') { + dotCounter++; + digitCounter = 0; + } else if (digit[(int) data[i]]) { + digitCounter++; + if ((digitCounter > 3) || !digitCounter) { + result = false; + break; + } + } else { + result = false; + break; + } + } + if (dotCounter != 3) { + result = false; + } + return result; +} + +bool Attribute::isHostNameAllowedString(const std::string * str) const +{ + LogDebug("Is hostname allowed String for " << *str); + + int lastPosition = 0; //the position of last dot + 1 + const char * data = str->c_str(); + bool finalDot = false; + size_t end = str->length(); + bool result = false; + + for (size_t i = 0; i < end; ++i) { + if (data[i] == '.') { + if (i == str->length() - 1) { //ending dot + //There can be a leading '.' int the hostm_name + finalDot = true; + break; + } else { + //we found domain label + if (!isDomainLabelAllowedString(data + lastPosition, i - + lastPosition)) { + result = false; + goto end; + } + lastPosition = i + 1; //Set position to position of last dot + 1 + } + } + } + + if (finalDot) { + //we have to rewind one position to check the rightmost string + //but only in case we find final dot + end--; + } + //Compare only the rightmost string aaa.bbbb.rightmostString. + result = isTopLabelAllowedString(data + lastPosition, end - lastPosition); + +end: + + if (result) { + LogInfo("Hostname is allowed"); + } else { + LogInfo("Hostname is NOT allowed"); + } + + return result; +} + +bool Attribute::isDomainLabelAllowedString(const char * data, + int length) const +{ + LogDebug( + "Is domain allowed String for " << data << " taking first " << + length << + " chars"); + + if (!isAlphanum((int) data[0]) || !isAlphanum((int) data[length - 1])) { + return false; + } + + for (int i = 0; i < length; i++) { + if ((!isAlphanum(data[i])) && !(data[i] == '-')) { + return false; + } + } + return true; +} + +bool Attribute::isTopLabelAllowedString(const char * data, + int length) const +{ + if ((!alpha[(int) data[0]]) || (!isAlphanum((int) data[length - 1]))) { + return false; + } + + for (int i = 1; i < length - 1; i++) { + if ((!isAlphanum(data[i])) && !(data[i] == '-')) { + return false; + } + } + return true; +} + +void printAttributes(const AttributeSet& attrs) +{ + if (attrs.empty()) { + LogWarning("Empty attribute set"); + } else { + LogDebug("PRINT ATTRIBUTES:"); + for (AttributeSet::const_iterator it = attrs.begin(); + it != attrs.end(); + ++it) + { + LogDebug("name: " << *(*it)->getName()); + } + } +} + +void printAttributes(const std::list & attrs) +{ + if (attrs.empty()) { + LogWarning("Empty attribute set"); + } else { + LogDebug("PRINT ATTRIBUTES:"); + for (std::list::const_iterator it = attrs.begin(); + it != attrs.end(); + ++it + ) { + LogDebug(*it); + } + } +} + +//KW const char * matchResultToString(Attribute::MatchResult result){ +//KW +//KW const char * ret = NULL; +//KW +//KW switch(result){ +//KW +//KW case Attribute::MRTrue: +//KW ret = "true"; +//KW break; +//KW case Attribute::MRFalse: +//KW ret = "false"; +//KW break; +//KW case Attribute::MRUndetermined: +//KW ret = "undetermined"; +//KW break; +//KW default: +//KW ret = "Wrong match result"; +//KW } +//KW +//KW return ret; +//KW +//KW } diff --git a/ace/engine/CombinerImpl.cpp b/ace/engine/CombinerImpl.cpp new file mode 100644 index 0000000..bbd179c --- /dev/null +++ b/ace/engine/CombinerImpl.cpp @@ -0,0 +1,333 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : CombinerImpl.cpp +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#include +#include +#include + +#include +#include +#include + +namespace { + +bool denyOverridesPredecessor( + const ExtendedEffect &first, + const ExtendedEffect &second) +{ + if (first.getEffect() == second.getEffect()) + return first.getRuleId() < second.getRuleId(); + return first.getEffect() < second.getEffect(); +} + +bool permitOverridePredecessor( + const ExtendedEffect &first, + const ExtendedEffect &second) +{ + if (first.getEffect() == second.getEffect()) + return first.getRuleId() < second.getRuleId(); + return first.getEffect() > second.getEffect(); +} + +} //anonymous namespace + +ExtendedEffect CombinerImpl::denyOverrides(const ExtendedEffectList &effects) +{ + if (isError(effects)) { + return Error; + } + + ExtendedEffect result(Inapplicable); + + FOREACH(it, effects) { + if (denyOverridesPredecessor(*it, result)) { + result = *it; + } + } + return result; +} + +ExtendedEffect CombinerImpl::permitOverrides(const ExtendedEffectList &effects) +{ + if (isError(effects)) { + return Error; + } + + // This magic number must be bigger that the bigest ruleId number from policy file. + ExtendedEffect result(Deny, 999999); + + //Flag used to indicate that any of Deny,prompt-*,permit options appear + //Consequently if flag is true then result should be return, otherwise inapplicable should be returned + bool flag = false; + bool flagUndetermined = false; + + FOREACH(it,effects) { + ExtendedEffect effect = *it; + + if (effect.getEffect() == Permit) { + return effect; + } // no need for further check if "permit" found + if (effect.getEffect() == Undetermined) { + flagUndetermined = true; + } //check for undetermined + + //Set the flag and the result even if effect is equal to result + //It is done to mark if any "Deny" effect occured + if (permitOverridePredecessor(effect, result) + && effect.getEffect() != Inapplicable + && effect.getEffect() != Undetermined) + { + result = effect; + flag = true; + } + } + + if (flagUndetermined) { + return ExtendedEffect(Undetermined); + } + + if (!flag) { + return ExtendedEffect(Inapplicable); + } + return result; +} + +ExtendedEffect CombinerImpl::firstApplicable( + const ExtendedEffectList & effects) +{ + if (isError(effects)) { + return Error; + } + + FOREACH(it,effects) { + if (it->getEffect() != Inapplicable) { + return *it; + } + } + return Inapplicable; +} + +ExtendedEffect CombinerImpl::firstMatchingTarget( + const ExtendedEffectList &effects) +{ + if (isError(effects)) { + return Error; + } + // effect list constains result of policies which target has been matched. + // + // If target does not match policy result is NotMatchingTarget + // NotMatchingTarget values are not stored on the effects list + // (you can check it in combinePolicies function). + // + // So we are intrested in first value on the list. + return effects.empty() ? Inapplicable : effects.front(); +} + +bool CombinerImpl::isError(const ExtendedEffectList &effects) +{ + FOREACH(it, effects) + { + if (Error == it->getEffect()) { + return true; + } + } + return false; +} + +ExtendedEffect CombinerImpl::combineRules(const TreeNode * policy) +{ + const Policy * policyObj = dynamic_cast(policy->getElement()); + if (!policyObj) { + LogError("dynamic_cast failed. PolicyObj is null."); + return Error; + } + + Policy::CombineAlgorithm algorithm = policyObj->getCombineAlgorithm(); + + Assert( + algorithm != Policy::FirstTargetMatching && + "Policy cannot have algorithm first target matching"); + + bool isUndetermined = false; + + if (!checkIfTargetMatches(policyObj->getSubjects(), isUndetermined)) { + if (isUndetermined) { + //TODO Target is undetermined what should we do now ?? + //Right now simply return NotMatchingTarget + } + //Target doesn't match + return NotMatchingTarget; + } + //Get all rules + const ChildrenSet & children = policy->getChildrenSet(); + ChildrenConstIterator it = children.begin(); + ExtendedEffectList effects; + + while (it != children.end()) { + const Rule * rule = dynamic_cast((*it)->getElement()); + + if (!rule) { + LogError("Error in dynamic_cast. rule is null"); + return ExtendedEffect(Error); + } + + ExtendedEffect effect = rule->evaluateRule(this->getAttributeSet()); + effects.push_back(effect); + if (algorithm == Policy::FirstApplicable && effect.getEffect() != Inapplicable) { + //For first applicable algorithm we may stop after evaluating first policy + //which has effect other than inapplicable + break; + } + ++it; + } //end policy children iteration + + //Use combining algorithm + ExtendedEffect ef = combine(policyObj->getCombineAlgorithm(), effects); + return ef; +} + +//WARNING this method makes an assumption that Policy target is a policy child +ExtendedEffect CombinerImpl::combinePolicies(const TreeNode * policy) +{ + const Policy * policySet = dynamic_cast(policy->getElement()); + + if (!policySet) { + LogError("dynamic_cast failed. Policy set is null."); + return Error; + } + + bool isUndetermined = false; + Policy::CombineAlgorithm algorithm = policySet->getCombineAlgorithm(); + + if (!checkIfTargetMatches(policySet->getSubjects(), isUndetermined)) { + /* I can't explain this... + if (isUndetermined) { + if (algorithm == Policy::FirstTargetMatching) { + return Undetermined; + } + } + */ + //Target doesn't match + return NotMatchingTarget; + } + + const ChildrenSet & children = policy->getChildrenSet(); + + ExtendedEffectList effects; + + FOREACH(it, children) { + ExtendedEffect effect; + + if ((*it)->getTypeID() == TreeNode::PolicySet) { + effect = combinePolicies(*it); + if (effect.getEffect() != NotMatchingTarget) { + effects.push_back(effect); + } + } else if ((*it)->getTypeID() == TreeNode::Policy) { + effect = combineRules(*it); + if (effect.getEffect() != NotMatchingTarget) { + effects.push_back(effect); + } + } else { + // [CR] fix it + LogError("effect value is not initialized!"); + return ExtendedEffect(Error); + } + + if (algorithm == Policy::FirstTargetMatching + && effect.getEffect() != NotMatchingTarget) + { + //In First matching target algorithm we may return when first result is found + break; + } + } + + //Use combining algorithm + return combine(policySet->getCombineAlgorithm(), effects); +} + +ExtendedEffect CombinerImpl::combine( + Policy::CombineAlgorithm algorithm, + ExtendedEffectList &effects) +{ + LogDebug("Effects to be combined with algorithm: " << ::toString(algorithm)); + showEffectList(effects); + + switch (algorithm) { + case Policy::DenyOverride: + return denyOverrides(effects); + break; + case Policy::PermitOverride: + return permitOverrides(effects); + break; + case Policy::FirstApplicable: + return firstApplicable(effects); + break; + case Policy::FirstTargetMatching: + return firstMatchingTarget(effects); + break; + default: + Assert(false && "Wrong combining algorithm used"); + return Error; + } +} + +/** + * + * @param attrSet set of Subject attributes in policy that identifies target + * @return true if target is determined and matches, false and isUndertmined is set to true if the target is undetermined + * false and isUndetermined set to false if target is determined but doesn't match + */ +bool CombinerImpl::checkIfTargetMatches( + const std::list * subjectsList, + bool &isUndetermined) +{ + if (subjectsList->empty()) { + return true; + } + + std::list::const_iterator it = subjectsList->begin(); + bool match = false; + //According to BONDI 1.0 at least one target must match + while (it != subjectsList->end()) { + match = (*it)->matchSubject(this->getAttributeSet(), isUndetermined); + if (match) { //at least one match + break; + } + ++it; + } + + #ifdef _DEBUG + if (match == Attribute::MRTrue) { + LogDebug("Target matches "); + } else if (match == Attribute::MRUndetermined) { + LogDebug("Target match undetermined "); + } else { + LogDebug("Target doesn't match"); + } + #endif + return match; +} + diff --git a/ace/engine/Condition.cpp b/ace/engine/Condition.cpp new file mode 100644 index 0000000..e6121a4 --- /dev/null +++ b/ace/engine/Condition.cpp @@ -0,0 +1,236 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// File: Condition.cpp +// Author: notroot +// +// Created on June 3, 2009, 9:00 AM +// + +#include +#include +#include +#include + +/** + * Check if attribute in condition matches the values obtained from PIP + * attrSet - attributes from PIP + */ + +Attribute::MatchResult Condition::evaluateCondition( + const AttributeSet * attrSet) const +{ + //Condition may include either matches of attributes or other conditions + //in this method all attributes are matched at first and if possible the + //condition is evaluated. If evaluation is not possible based solely on + //attributes then we start recursion into child conditions. + + Attribute::MatchResult match; + bool undeterminedMatchFound = false; + bool isFinalMatch = false; + + LogDebug("Attributes to be matched"); + printAttributes(*attrSet); + LogDebug("Condition attributes values"); + printAttributes(attributes); + + if (this->isEmpty()) { + LogDebug("Condition is empty, returning true"); + //Condition is empty, it means it evaluates to TRUE + return Attribute::MatchResult::MRTrue; + } + + match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound); + if (isFinalMatch) { + LogDebug("Evaluate attributes returning verdict" ) ; //<< match); + return match; + } + + match = evaluateChildConditions(attrSet, + isFinalMatch, + undeterminedMatchFound); + if (isFinalMatch) { + LogDebug("Evaluate child conditions returning verdict" ); // << match); + return match; + } + + if (undeterminedMatchFound) { + //If any child condition/attribute-match was undetermined and + //so far we couldn't make a decision then we must return undetermined + LogDebug("Evaluate condition returning MRUndetermined"); + return Attribute::MatchResult::MRUndetermined; + } + + if (this->isAndCondition()) { + match = Attribute::MatchResult::MRTrue; + } else if (this->isOrCondition()) { + match = Attribute::MatchResult::MRFalse; + } else { + Assert(false && "Condition has to be either AND or OR"); + } + return match; +} + +// KW Attribute::MatchResult Condition::performORalgorithm(const std::set* attrSet) const{ +// KW +// KW Attribute::MatchResult match; +// KW bool undeterminedMatchFound = false; +// KW bool isFinalMatch = false; +// KW +// KW LogDebug("Performing OR algorithm"); +// KW +// KW match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound); +// KW if(isFinalMatch){ +// KW LogDebug("OR algorithm evaluate attributes returning verdict" << match); +// KW return match; +// KW } +// KW +// KW match = evaluateChildConditions(attrSet, isFinalMatch, undeterminedMatchFound); +// KW if(isFinalMatch){ +// KW return match; +// KW } +// KW +// KW if(undeterminedMatchFound){ +// KW //If any child condition/attribute-match was undetermined and +// KW //so far we couldn't make a decision then we must return undetermined +// KW LogDebug("OR algorithm returning MRUndetermined"); +// KW return Attribute::MRUndetermined; +// KW } +// KW +// KW LogDebug("OR algorithm returning MRFalse"); +// KW return Attribute::MRFalse; +// KW } + +// KW Attribute::MatchResult Condition::performANDalgorithm(const std::set* attrSet) const{ +// KW +// KW +// KW Attribute::MatchResult match; +// KW bool undeterminedMatchFound = false; +// KW bool isFinalMatch = false; +// KW +// KW LogDebug("Performing AND algorithm"); +// KW match = evaluateAttributes(attrSet, isFinalMatch, undeterminedMatchFound); +// KW if(isFinalMatch){ +// KW LogDebug("AND algorithm evaluate attributes returning verdict" << match); +// KW return match; +// KW } +// KW match = evaluateChildConditions(attrSet, isFinalMatch, undeterminedMatchFound); +// KW if(isFinalMatch){ +// KW LogDebug("AND algorithm evaluate child returning verdict " << match); +// KW return match; +// KW } +// KW if(undeterminedMatchFound){ +// KW //If any child condition/attribute-match was undetermined and +// KW //so far we couldn't make a decision then we must return undetermined +// KW LogDebug("AND algorithm returning Undetermined"); +// KW return Attribute::MRUndetermined; +// KW } +// KW +// KW LogDebug("AND algorithm returning MRTrue"); +// KW return Attribute::MRTrue; +// KW +// KW } + +Attribute::MatchResult Condition::evaluateAttributes( + const AttributeSet * attrSet, + bool& isFinalMatch, + bool & undeterminedMatchFound) const +{ + Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined; + + std::list::const_iterator condIt = this->attributes.begin(); + while (condIt != this->attributes.end()) { + //Find the value of needed attribute, based on attribute name + AttributeSet::const_iterator attr = + std::find_if(attrSet->begin(), + attrSet->end(), + AceDB::BaseAttribute::UnaryPredicate(&(*condIt))); + if (attr == attrSet->end()) { + LogError("Couldn't find required attribute. This should not happen"); + Assert( + false && + "Couldn't find attribute required in condition. This should not happen" + "This means that some attributes has not been obtained from PIP"); + //Return undetermined here because it seems one of the attributes is unknown/undetermined + isFinalMatch = true; + match = Attribute::MatchResult::MRUndetermined; + break; + } + + match = condIt->matchAttributes(&(*(*attr))); + if ((match == Attribute::MatchResult::MRFalse) && isAndCondition()) { + //FALSE match found in AND condition + isFinalMatch = true; + break; + } else if ((match == Attribute::MatchResult::MRTrue) && isOrCondition()) { + //TRUE match found in OR condition + isFinalMatch = true; + break; + } else if (match == Attribute::MatchResult::MRUndetermined) { + //Just mark that there was undetermined value found + undeterminedMatchFound = true; + } + ++condIt; + } + + return match; +} + +Attribute::MatchResult Condition::evaluateChildConditions( + const AttributeSet * attrSet, + bool& isFinalMatch, + bool & undefinedMatchFound) const +{ + Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined; + + std::list::const_iterator it = conditions.begin(); + while (it != conditions.end()) { + match = it->evaluateCondition(attrSet); + + if ((match == Attribute::MatchResult::MRFalse) && isAndCondition()) { + //FALSE match found in AND condition + LogDebug("Child conditions results MRFalse)"); + isFinalMatch = true; + break; + } else if ((match == Attribute::MatchResult::MRTrue) && isOrCondition()) { + //TRUE match found in OR condition + LogDebug("Child conditions result MRTrue"); + isFinalMatch = true; + break; + } else if (match == Attribute::MatchResult::MRUndetermined) { + undefinedMatchFound = true; + } + ++it; + } + + return match; +} + +void Condition::getAttributes(AttributeSet * attrSet) +{ + //Get attributes from current condition + FOREACH (it, attributes) + { + AceDB::BaseAttributePtr attr(new Attribute(it->getName(), it->getMatchFunction(), it->getType())); + attrSet->insert(attr); + } + //Get attributes from any child conditions + FOREACH (it, conditions) + { + it->getAttributes(attrSet); + } +} + diff --git a/ace/engine/ConfigurationManager.cpp b/ace/engine/ConfigurationManager.cpp new file mode 100644 index 0000000..f1edffb --- /dev/null +++ b/ace/engine/ConfigurationManager.cpp @@ -0,0 +1,144 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace std; + +namespace { +const string currentXMLSchema("bondixml.xsd"); +} + +ConfigurationManager * ConfigurationManager::instance = NULL; + + +string ConfigurationManager::getCurrentPolicyFile(void) const +{ + LogError("ConfigurationManager::getCurrentPolicyFile is DEPRECATED"); + return ""; +} + +string ConfigurationManager::getFullPathToCurrentPolicyFile(void) const +{ + LogError("ConfigurationManager::getFullPathToCurrentPolicyFile" + "is DEPRECATED"); + return ""; +} + +string ConfigurationManager::getFullPathToCurrentPolicyXMLSchema(void) const +{ + LogError("ConfigurationManager::getFullPathToCurrentPolicyXMLSchema" + "is DEPRECATED"); + return ""; +} + +int ConfigurationManager::addPolicyFile(const string &) +{ + LogError("ConfigurationManager::addPolicyFile is DEPRECATED"); + return CM_GENERAL_ERROR; +} + +int ConfigurationManager::removePolicyFile(const string&) +{ + LogError("ConfigurationManager::removePolicyFile is DEPRECATED"); + return CM_GENERAL_ERROR; +} + +int ConfigurationManager::changeCurrentPolicyFile(const string&) +{ + LogError("ConfigurationManager::changeCurrentPolicyFile is DEPRECATED"); + return CM_GENERAL_ERROR; +} + +string ConfigurationManager::extractFilename(const string&) const +{ + LogError("ConfigurationManager::extractFilename is DEPRECATED"); + return ""; +} + + +int ConfigurationManager::parse(const string&) +{ + LogError("ConfigurationManager::parse is DEPRECATED"); + return CM_GENERAL_ERROR; +} + +bool ConfigurationManager::copyFile(FILE*, FILE*, int) const +{ + LogError("ConfigurationManager::copyFile is DEPRECATED"); + return false; +} + +bool ConfigurationManager::checkIfFileExistst(const string&) const +{ + LogError("ConfigurationManager::checkIfFileExistst is DEPRECATED"); + return false; +} + +const list & ConfigurationManager::getPolicyFiles() const +{ + LogError("ConfigurationManager::getPolicyFiles is DEPRECATED"); + static list aList; + return aList; +} + +const string & ConfigurationManager::getConfigFile() const +{ + LogError("ConfigurationManager::getConfigFile is DEPRECATED"); + static string returnString(""); + return returnString; +} + +string ConfigurationManager::getFullPathToPolicyFile(PolicyType policy) const +{ + string storagePath = getStoragePath(); + string fileName; + + switch (policy) { + case PolicyType::WAC2_0: { + fileName = ACE_WAC_POLICY_FILE_NAME; + break; } + case PolicyType::Tizen: { + fileName = ACE_TIZEN_POLICY_FILE_NAME; + break; } + default: { + LogError("Invalid policy file requested"); + return ""; } + } + + return storagePath + fileName; +} + +string ConfigurationManager::getFullPathToPolicyXMLSchema() const +{ + string storagePath = getStoragePath(); + if (*(storagePath.rbegin()) == '/') + { + return storagePath + currentXMLSchema; + } + return storagePath + "/" + currentXMLSchema; +} + +string ConfigurationManager::getStoragePath(void) const +{ + return ACE_MAIN_STORAGE; +} diff --git a/ace/engine/Policy.cpp b/ace/engine/Policy.cpp new file mode 100644 index 0000000..7443090 --- /dev/null +++ b/ace/engine/Policy.cpp @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : Policy.cpp +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#include + +Policy::~Policy() +{ + for (std::list::iterator it = subjects->begin(); + it != subjects->end(); + ++it) { + delete *it; + } + delete subjects; +} + +void Policy::printData() +{ + std::string subject; + if (subjects != NULL && subjects->size()) { + subject = (subjects->front())->getSubjectId(); + } + std::string algorithm = printCombineAlgorithm(this->combineAlgorithm); + + std::cout << "subject: " << subject << " algorithm: " << algorithm << + std::endl; +} + +std::string Policy::printCombineAlgorithm(CombineAlgorithm algorithm) +{ + switch (algorithm) { + case DenyOverride: + return "DenyOverride"; + case PermitOverride: + return "PermitOverride"; + case FirstApplicable: + return "FirstApplicable"; + case FirstTargetMatching: + return "FirstTargetMatching"; + default: + return "ERROR: Wrong Algorithm"; + } +} + +const char * toString(Policy::CombineAlgorithm algorithm) +{ + switch (algorithm) { + case Policy::DenyOverride: + return "DenyOverride"; + case Policy::PermitOverride: + return "PermitOverride"; + case Policy::FirstApplicable: + return "FirstApplicable"; + case Policy::FirstTargetMatching: + return "FirstTargetMatching"; + default: + return "ERROR: Wrong Algorithm"; + } +} diff --git a/ace/engine/PolicyEnforcementPoint.cpp b/ace/engine/PolicyEnforcementPoint.cpp new file mode 100644 index 0000000..1db8488 --- /dev/null +++ b/ace/engine/PolicyEnforcementPoint.cpp @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file security_logic.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @author Ming Jin(ming79.jin@samsung.com) + * @version 1.0 + * @brief Implementation file for security logic + */ +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include +#include +#include + +PolicyEnforcementPoint::PolicyEnforcementPoint() : + m_wrt(0), + m_res(0), + m_sys(0), + m_pdp(0), + m_pip(0) +{} + +void PolicyEnforcementPoint::terminate() +{ + LogInfo("PolicyEnforcementPoint is being deinitialized."); + + delete m_sys; + delete m_res; + delete m_wrt; + delete m_pdp; + delete m_pip; + m_sys = 0; + m_res = 0; + m_wrt = 0; + m_pdp = 0; + m_pip = 0; +} + +PolicyEnforcementPoint::~PolicyEnforcementPoint() +{ + Assert((m_sys == 0) && "You must run " + "PolicyEnforcementPoint::Deinitialize before exit program!"); +} + +void PolicyEnforcementPoint::initialize( + IWebRuntime *wrt, + IResourceInformation *resource, + IOperationSystem *operation) +{ + if (m_wrt) { + ThrowMsg(PEPException::AlreadyInitialized, + "Policy Enforcement Point is already initialzed"); + } + + m_wrt = wrt; + m_res = resource; + m_sys = operation; + + if (this->m_pip != NULL) { + this->m_pip->update(m_wrt, m_res, m_sys); + return; + } + + this->m_pip = new PolicyInformationPoint(wrt, m_res, m_sys); + this->m_pdp = new PolicyEvaluator(m_pip); + + if (!this->m_pdp->initPDP()) { + Assert(0); + } +} + +ExtendedPolicyResult PolicyEnforcementPoint::check(Request &request) +{ + return m_pdp->getPolicyForRequest(request); +} + +void PolicyEnforcementPoint::updatePolicy(const std::string &policy) +{ + LogDebug("ACE updatePolicy: " << policy); + int errorCode = 0; + + if (m_pdp == NULL) { + LogError("Evaluator not set. Ignoring message."); + Assert(false && "UpdateClient error on receiving event"); + } else { + LogDebug("Emitting update signal."); + errorCode = m_pdp->updatePolicy(policy.c_str()); + } + + LogDebug("Sending reponse: " << errorCode); +} + +void PolicyEnforcementPoint::updatePolicy() +{ + LogDebug("ACE updatePolicy"); + if (m_pdp == NULL) { + LogError("Evaluator not set. Ignoring message."); + } else { + m_pdp->updatePolicy(); + } +} + +OptionalExtendedPolicyResult PolicyEnforcementPoint::checkFromCache(Request &request) +{ + return m_pdp->getPolicyForRequestFromCache(request); +} + +OptionalExtendedPolicyResult PolicyEnforcementPoint::check(Request &request, + bool fromCacheOnly) +{ + return m_pdp->getPolicyForRequest(request, fromCacheOnly); +} diff --git a/ace/engine/PolicyEvaluator.cpp b/ace/engine/PolicyEvaluator.cpp new file mode 100644 index 0000000..73d2f6e --- /dev/null +++ b/ace/engine/PolicyEvaluator.cpp @@ -0,0 +1,544 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : PolicyEvaluator.cpp +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace AceDB; + +PolicyEvaluator::~PolicyEvaluator() +{ + delete m_combiner; +} + +PolicyEvaluator::PolicyEvaluator(PolicyInformationPoint * pip) : + m_uniform_policy(NULL), + m_wac_policy(NULL), + m_tizen_policy(NULL), + m_policy_to_use(PolicyType::WAC2_0), + m_combiner(new CombinerImpl()), + m_verdictListener(NULL), + m_pip(pip) +{} + +bool PolicyEvaluator::initPDP() +{ + updatePolicy(); + // TODO change return value someday to void? + return true; +} + +bool PolicyEvaluator::fillAttributeWithPolicy() +{ + if (m_attributeSet.empty()) { + if (!extractAttributes(m_uniform_policy)) { + LogInfo("Warning attribute set cannot be extracted. " + "Returning Deny"); + return false; + } + // Adding widget type attribute to distinguish WAC/Tizen widgets + /** + * This special attribute of WidgetParam type is handled + * in PolicyInformationPoint, it is based on WidgetType + * fron WRT database. + * + * It is needed to distinguish cached policy results and cached prompt + * responses for different policies (WAC/Tizen/any possible + * other in the future). + */ + AceDB::BaseAttributePtr attribute(new AceDB::BaseAttribute()); + attribute->setName(POLICY_WIDGET_TYPE_ATTRIBUTE_NAME); + attribute->setType(AceDB::BaseAttribute::Type::WidgetParam); + m_attributeSet.insert(attribute); + AceDAO::addAttributes(m_attributeSet); + } else { + LogDebug("Required attribute set already loaded"); + } + return true; +} + +PolicyResult PolicyEvaluator::effectToPolicyResult(Effect effect) +{ + if (Effect::Deny == effect) { + return PolicyEffect::DENY; + } + if (Effect::Undetermined == effect) { + return PolicyResult::Value::UNDETERMINED; + } + if (Effect::PromptOneShot == effect) { + return PolicyEffect::PROMPT_ONESHOT; + } + if (Effect::PromptSession == effect) { + return PolicyEffect::PROMPT_SESSION; + } + if (Effect::PromptBlanket == effect) { + return PolicyEffect::PROMPT_BLANKET; + } + if (Effect::Permit == effect) { + return PolicyEffect::PERMIT; + } + if (Effect::Inapplicable == effect) { + return PolicyDecision::Value::NOT_APPLICABLE; + } + return PolicyEffect::DENY; +} + +OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequestInternal( + bool fromCacheOnly) +{ + //ADD_PROFILING_POINT("Search cached verdict in database", "start"); + + OptionalExtendedPolicyResult result = AceDAO::getPolicyResult(m_attributeSet); + + //ADD_PROFILING_POINT("Search cached verdict in database", "stop"); + + if (fromCacheOnly || !result.IsNull()) { + return result; + } + + //ADD_PROFILING_POINT("EvaluatePolicy", "start"); + + ExtendedEffect policyEffect = evaluatePolicies(getCurrentPolicyTree()); + + //ADD_PROFILING_POINT("EvaluatePolicy", "stop"); + + LogDebug("Policy effect is: " << toString(policyEffect.getEffect())); + + ExtendedPolicyResult exResult( + effectToPolicyResult(policyEffect.getEffect()), + policyEffect.getRuleId()); + + AceDAO::setPolicyResult(this->m_attributeSet, exResult); + return OptionalExtendedPolicyResult(exResult); +} + +// +----------------+---------+---------+------+--------+ +// |\User setting | PERMIT | PROMPT* | DENY | DEF | +// | \ | | | | | +// |Policy result\ | | | | | +// |----------------+---------+---------+------+--------+ +// |PERMIT | PERMIT | PROMPT* | DENY | PERMIT | +// |----------------+---------+---------+------+--------+ +// |PROMPT* | PROMPT* | PR MIN | DENY | PROMPT*| +// |----------------+---------+---------+------+--------+ +// |DENY | DENY | DENY | DENY | DENY | +// |----------------+---------+---------+------+--------+ +// |UNDETERMIND | UNDET | UNDET | DENY | UNDET | +// |----------------+---------+---------+------+--------+ +// |NOT_AP | PEMIT | PROMPT* | DENY | NOT_AP | +// +----------------+---------+---------+------+--------+ + +static PolicyResult getMostRestrict( + PreferenceTypes globalPreference, + const PolicyResult &policyResult) +{ + if (globalPreference == PreferenceTypes::PREFERENCE_PERMIT + && policyResult == PolicyEffect::PERMIT) { + return PolicyEffect::PERMIT; + } + + if (globalPreference == PreferenceTypes::PREFERENCE_DENY + || policyResult == PolicyEffect::DENY) { + return PolicyEffect::DENY; + } + + if (policyResult == PolicyResult::UNDETERMINED) { + return PolicyResult::UNDETERMINED; + } + + if (globalPreference == PreferenceTypes::PREFERENCE_DEFAULT) { + return policyResult; + } + + if (globalPreference == PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT + || policyResult == PolicyEffect::PROMPT_ONESHOT) { + return PolicyEffect::PROMPT_ONESHOT; + } + + if (globalPreference == PreferenceTypes::PREFERENCE_SESSION_PROMPT + || policyResult == PolicyEffect::PROMPT_SESSION) { + return PolicyEffect::PROMPT_SESSION; + } + + if (globalPreference == PreferenceTypes::PREFERENCE_BLANKET_PROMPT + || policyResult == PolicyEffect::PROMPT_BLANKET) { + return PolicyEffect::PROMPT_BLANKET; + } + + return PolicyEffect::PERMIT; +} + +OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequestFromCache( + const Request &request) +{ + return getPolicyForRequest(request, true); +} + +ExtendedPolicyResult PolicyEvaluator::getPolicyForRequest(const Request &request) +{ + auto result = this->getPolicyForRequest(request, false); + Assert(!result.IsNull() + && "Policy always has to be evaluated to valid state"); + return *result; +} + +OptionalExtendedPolicyResult PolicyEvaluator::getPolicyForRequest( + const Request &request, + bool fromCacheOnly) +{ + //ADD_PROFILING_POINT("getPolicyForRequest", "start"); + m_attributeSet.clear(); + + switch (request.getAppType()) { + case Request::APP_TYPE_TIZEN: + m_policy_to_use = PolicyType::Tizen; + LogDebug("==== Using Tizen policy ===="); + break; + case Request::APP_TYPE_WAC20: + m_policy_to_use = PolicyType::WAC2_0; + LogDebug("==== Using WAC policy ===="); + break; + default: + LogError("Unsupported(unknown) widget type. Access denied."); + return OptionalExtendedPolicyResult( + ExtendedPolicyResult(PolicyEffect::DENY)); + } + + try { + // Check which attributes should be used + // memory alocated, free in destructor + //ADD_PROFILING_POINT("getAttributes", "start"); + AceDB::AceDAO::getAttributes(&m_attributeSet); + //ADD_PROFILING_POINT("getAttributes", "stop"); + + // If attributes can't be resolved then check the policy + if (!fillAttributeWithPolicy()) { + //ADD_PROFILING_POINT("getPolicyForRequest", "stop"); + return OptionalExtendedPolicyResult( + ExtendedPolicyResult(PolicyEffect::DENY)); + } + + //ADD_PROFILING_POINT("getAttributesValues", "start"); + m_pip->getAttributesValues(&request, &m_attributeSet); + //ADD_PROFILING_POINT("getAttributesValues", "stop"); + LogDebug("==== Attributes set by PIP ===="); + printAttributes(m_attributeSet); + LogDebug("==== End of attributes set by PIP ===="); + + OptionalExtendedPolicyResult policyResult = getPolicyForRequestInternal( + fromCacheOnly); + + if (policyResult.IsNull()) { + if (!fromCacheOnly) { + LogError("Policy evaluated to NULL value"); + Assert(false && "Policy evaluated to NULL value"); + } + return OptionalExtendedPolicyResult::Null; + } + LogDebug("==== getPolicyForRequestInternal result (PolicyResult): " + << policyResult->policyResult << "====="); + + PreferenceTypes globalPreference = + SettingsLogic::findGlobalUserSettings(request); + + auto ret = getMostRestrict(globalPreference, policyResult->policyResult); + //ADD_PROFILING_POINT("getPolicyForRequest", "stop"); + return OptionalExtendedPolicyResult( + ExtendedPolicyResult(ret, policyResult->ruleId)); + + } catch (AceDB::AceDAO::Exception::DatabaseError &e) { + LogError("Database error"); + DPL::Exception::DisplayKnownException(e); + //ADD_PROFILING_POINT("getPolicyForRequest", "stop"); + return OptionalExtendedPolicyResult( + ExtendedPolicyResult(PolicyEffect::DENY)); + } +} + +bool PolicyEvaluator::extractAttributes(TreeNode* policyTree) +{ + if (NULL == policyTree) { + return false; + } + + //We check if root target matches. In general the root's target should + //be empty. Otherwise it would have to have all the subjects available + //specified but just to be on the safe side (and for tests) this checking + const Policy * policy = + dynamic_cast(policyTree->getElement()); + Assert(policy != NULL + && "Policy element has been null while attribute extracting"); + + extractTargetAttributes(policy); + extractAttributesFromSubtree(policyTree); //Enter recursion + + return true; +} + +void PolicyEvaluator::extractTargetAttributes(const Policy *policy) +{ + std::list::const_iterator it = + policy->getSubjects()->begin(); + for (; it != policy->getSubjects()->end(); ++it) { + const std::list & attrList = (*it)->getTargetAttributes(); + FOREACH(it2, attrList) + { + BaseAttributePtr attr( + new Attribute((*it2).getName(), (*it2).getMatchFunction(), + (*it2).getType())); + m_attributeSet.insert(attr); + } + } +} + +TreeNode * PolicyEvaluator::getCurrentPolicyTree() +{ + TreeNode * currentPolicy = NULL; + switch (m_policy_to_use) { + case PolicyType::Tizen: { + currentPolicy = m_tizen_policy; + break;} + case PolicyType::WAC2_0: { + currentPolicy = m_wac_policy; + break;} + default: { + LogError("Invalid policy type to use");} + } + return currentPolicy; +} + +/** + * + * @param *root - the root of the original (full) subtree of politics + * @param *newRoot - the pointer to the root of the copy (reduced) subtree of politics + */ +void PolicyEvaluator::extractAttributesFromSubtree(const TreeNode *root) +{ + const ChildrenSet & children = root->getChildrenSet(); + + for (std::list::const_iterator it = children.begin(); + it != children.end(); ++it) { + TreeNode * node = *it; + if (node->getTypeID() != TreeNode::Policy + && node->getTypeID() != TreeNode::PolicySet) { + //It is not a policy so we may be sure that we have already + //checked that SubjectId matches + //Add new node to new tree and extract attributes + + extractAttributesFromRules(node); + } else { //TreeNode is a Policy or PolicySet + const Policy * policy = + dynamic_cast(node->getElement()); + //We will be needing also the attributes from target + if (policy) { + extractTargetAttributes(policy); + } else { + LogError(" extractAttributesFromSubtree policy=NULL"); + } + //Enter recursion + extractAttributesFromSubtree(node); + } + } +} + +bool PolicyEvaluator::extractAttributesFromRules(const TreeNode *root) +{ + Assert(root->getTypeID() == TreeNode::Rule + && "Tree structure, extracting attributes from node that is not a rule"); + Rule * rule = dynamic_cast(root->getElement());Assert + (rule != NULL); + //Get attributes from rule + rule->getAttributes(&m_attributeSet); + + //[CR] consider returned value, because its added only to eliminate errors + return true; +} + +ExtendedEffect PolicyEvaluator::evaluatePolicies(const TreeNode * root) +{ + if (root == NULL) { + LogInfo("Error: policy tree doesn't exist. " + "Probably xml file is missing"); + return Deny; + } + + if (m_attributeSet.empty()) { + LogInfo("Warning: evaluatePolicies: attribute set was empty"); + } + m_combiner->setAttributeSet(&m_attributeSet); + return m_combiner->combinePolicies(root); +} + + +int PolicyEvaluator::updatePolicy(const char* newPolicy) +{ + LogError("PolicyEvaluator::updatePolicy is DEPRECATED"); + ConfigurationManager* configMgr = ConfigurationManager::getInstance(); + if (NULL == configMgr) { + LogError("ACE fatal error: failed to create configuration manager"); + return POLICY_PARSING_ERROR; + } + int result = POLICY_PARSING_SUCCESS; + if (newPolicy == NULL) { + LogError("Policy Update: incorrect policy name"); + return POLICY_FILE_ERROR; + } + LogDebug("Starting update policy: " << newPolicy); + + Parser parser; + TreeNode *backup = m_uniform_policy; + + m_uniform_policy = parser.parse(newPolicy, + configMgr->getFullPathToPolicyXMLSchema()); + + if (NULL == m_uniform_policy) { + m_uniform_policy = backup; + LogError("Policy Update: corrupted policy file"); + result = POLICY_PARSING_ERROR; + } else { + m_currentPolicyFile = newPolicy; + m_wac_policy = m_uniform_policy; //we must be able to use WAC widgets + m_tizen_policy = m_uniform_policy;//we must be able to use Tizen widgets + m_attributeSet.clear(); + backup->releaseResources(); + LogInfo("Policy Update: successful."); + try { + AceDAO::resetDatabase(); // TODO: this is strange, but this + // method is deprecated so not changing + // it (will disappear with entire method) + } catch (AceDAO::Exception::DatabaseError &e) { + } + } + return result; +} + +TreeNode * PolicyEvaluator::getDefaultSafePolicyTree(void) +{ + Policy * policy = new Policy; + Rule * rule = new Rule; + TreeNode * mainTree = NULL, + * childTree = NULL; + + policy->setCombineAlgorithm(Policy::CombineAlgorithm::DenyOverride); + rule->setEffect(Deny); + + mainTree = new TreeNode(m_uniform_policy, TreeNode::Policy, policy); + childTree = new TreeNode(mainTree, TreeNode::Rule, rule); + mainTree->addChild(childTree); + + LogError("Loading default safe policy tree"); + return mainTree; +} + +void PolicyEvaluator::updatePolicy() +{ + ConfigurationManager *configMgr = ConfigurationManager::getInstance(); + Assert(NULL != configMgr && "ACE fatal error: failed to " + "create configuration manager"); + AceDAO::clearPolicyCache(); + if (NULL != m_uniform_policy) { + m_uniform_policy->releaseResources(); + } + Parser parserWac, parserTizen; + m_wac_policy = parserWac.parse( + configMgr->getFullPathToPolicyFile(PolicyType::WAC2_0), + configMgr->getFullPathToPolicyXMLSchema()); + if (NULL == m_wac_policy) { + LogError("ACE fatal error: cannot parse XML file (WAC policy)"); + m_wac_policy = getDefaultSafePolicyTree(); + } + m_tizen_policy = parserTizen.parse( + configMgr->getFullPathToPolicyFile(PolicyType::Tizen), + configMgr->getFullPathToPolicyXMLSchema()); + if (NULL == m_tizen_policy) { + LogError("ACE fatal error: cannot parse XML file (Tizen policy)"); + m_tizen_policy = getDefaultSafePolicyTree(); + } + // Policy set is usefull for releasing all policies in case of + // policy change + Policy * policySet = new PolicySet(); + policySet->setCombineAlgorithm(Policy::CombineAlgorithm::DenyOverride); + m_uniform_policy = new TreeNode(NULL, TreeNode::PolicySet, policySet); + m_uniform_policy->addChild(m_wac_policy); + m_uniform_policy->addChild(m_tizen_policy); + + // Creating attribute set for the first time after loading policy + // to speed up queries + m_attributeSet.clear(); + fillAttributeWithPolicy(); +} + +std::string PolicyEvaluator::getCurrentPolicy() +{ + LogError("PolicyEvaluator::getCurrentPolicy is DEPRECATED"); + return m_currentPolicyFile; +} + +const char * toString(Validity validity) +{ + switch (validity) { + case Validity::ONCE: + return "Once"; + break; + case Validity::SESSION: + return "Session"; + case Validity::ALWAYS: + return "Always"; + default: + return "WRONG VALIDITY"; + } +} + +const char * toString(Verdict verdict) +{ + switch (verdict) { + case Verdict::VERDICT_PERMIT: + return "Permit"; + case Verdict::VERDICT_DENY: + return "Deny"; + case Verdict::VERDICT_INAPPLICABLE: + return "Inapplicable"; + case Verdict::VERDICT_UNKNOWN: + return "Unknown"; + case Verdict::VERDICT_UNDETERMINED: + return "Undetermined"; + case Verdict::VERDICT_ERROR: + return "Error"; + case Verdict::VERDICT_ASYNC: + return "Async"; + default: + return "Wrong verdict value"; + } +} diff --git a/ace/engine/PolicyInformationPoint.cpp b/ace/engine/PolicyInformationPoint.cpp new file mode 100644 index 0000000..b273809 --- /dev/null +++ b/ace/engine/PolicyInformationPoint.cpp @@ -0,0 +1,278 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// +// @ Project : Access Control Engine +// @ File Name : PolicyInformationPoint.cpp +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// +#include +#include +#include + +#include +#include + +#include +#include +#include + +#include +#include +#include + +using namespace AceDB; + +PolicyInformationPoint::PolicyInformationPoint(IWebRuntime *wrt, + IResourceInformation *resource, + IOperationSystem *system) : wrtInterface(wrt), + resourceInformation(resource), + operationSystem(system) +{ + AceDB::AceDAOReadOnly::attachToThreadRO(); +} + +PolicyInformationPoint::~PolicyInformationPoint() +{ + AceDB::AceDAOReadOnly::detachFromThread(); +} + +/* gather attributes values from adequate interfaces */ +PipResponse PolicyInformationPoint::getAttributesValues(const Request* request, + AttributeSet* attributes) +{ + int subjectReturn = 0; + int resourceReturn = 0; + int operationReturn = 0; + int functionReturn = 0; + /* create query lists */ + createQueries(attributes); + + /* check if subject attributes query has any elements*/ + if (!subjectAttributesQuery.empty()) { + /* get Subject Attributes */ + subjectReturn = wrtInterface->getAttributesValues( + *request, + &subjectAttributesQuery); + } + + AttributeSet::const_iterator iter2; + FOREACH(iter, subjectAttributesQuery) + { + if (iter->second == NULL) { + Attribute attr(*(iter->first)); + attr.setType(Attribute::Type::Subject); + iter2 = std::find_if(attributes->begin(), + attributes->end(), + BaseAttribute::UnaryPredicate(&attr)); + Assert(iter2 != attributes->end() && "This should not happen, " + "the attribute MUST be in attribute set"); + (*iter2)->setUndetermind(true); + } + } + + /* check if resource attributes query has any elements*/ + if (!resourceAttributesQuery.empty()) { + /* get Resource Attributes */ + resourceReturn = resourceInformation->getAttributesValues( + *request, + &resourceAttributesQuery); + /* error analyzys*/ + resourceReturn <<= ERROR_SHIFT_RESOURCE; + } + + FOREACH(iter, resourceAttributesQuery) + { + if (iter->second == NULL) { + LogInfo("Found undetermined attribute"); + Attribute attr(*(iter->first)); + attr.setType(Attribute::Type::Resource); + iter2 = std::find_if(attributes->begin(), + attributes->end(), + BaseAttribute::UnaryPredicate(&attr)); + Assert(iter2 != attributes->end() && "This should not happen, " + "the attribute MUST be in attribute set"); + (*iter2)->setUndetermind(true); + } + } + + /* check if resource attributes query has any elements*/ + if (!environmentAttributesQuery.empty()) { + /* get enviroment attributes */ + operationReturn = operationSystem->getAttributesValues( + *request, + &environmentAttributesQuery); + /* error analyzys*/ + operationReturn <<= ERROR_SHIFT_OS; + } + + FOREACH(iter, environmentAttributesQuery) + { + if (iter->second == NULL) { + //it doesnt change uniqueness of a set element so we can const_cast + Attribute attr(*(iter->first)); + attr.setType(Attribute::Type::Environment); + iter2 = find_if(attributes->begin(), + attributes->end(), + BaseAttribute::UnaryPredicate(&attr)); + Assert(iter2 != attributes->end() && "This should not happen, " + "the attribute MUST be in attribute set"); + (*iter2)->setUndetermind(true); + } + } + + /* check if functionParam attributes query has any elements*/ + if (!functionParamAttributesQuery.empty() && request->getFunctionParam()) { + /* get params attributes */ + functionReturn = request->getFunctionParam()->getAttributesValues( + *request, + &functionParamAttributesQuery); + /* error analyzys*/ + functionReturn <<= ERROR_SHIFT_FP; + } + + FOREACH(iter, functionParamAttributesQuery) + { + if (iter->second == NULL) { + //it doesnt change uniqueness of a set element so we can const_cast + Attribute attr(*(iter->first)); + attr.setType(Attribute::Type::FunctionParam); + iter2 = find_if(attributes->begin(), + attributes->end(), + BaseAttribute::UnaryPredicate(&attr)); + Assert(iter2 != attributes->end() && "This should not happen, " + "the attribute MUST be in attribute set"); + (*iter2)->setUndetermind(true); + } + } + + // Here we must add to attributes proper marking of policy type + // (Tizen or WAC widget) + /** + * This part of code seems odd here, but we don't want to keep it in + * attribute fascade, as it is maintained by ACE clients and we are not + * sure if this kind of distinction between different policies will be ok + * as final solution. + * + * This is somehow private part of ACE, so it may be moved into + * separate ACEAttributeFascade kind of a class in (already planned) + * refactoring, when moving to new, C-only API for ACE. + */ + if (widgetParamAttributesQuery.empty()) { + LogError("No attrbutes of WidgetParam type present - " + "should be widget type at least"); + } else { + LogDebug("WidgetParam type atributes present, searching for widget type"); + FOREACH(iter, widgetParamAttributesQuery) { + const std::string *name = iter->first; + if (POLICY_WIDGET_TYPE_ATTRIBUTE_NAME == *name) { + LogDebug("Widget type attribute found"); + + // Extracting widget type + std::list attrValue; + Try { + AceDB::AppTypes appType = + AceDB::AceDAOReadOnly::getWidgetType( + request->getWidgetHandle()); + switch (appType) { + case AceDB::AppTypes::Tizen : { + attrValue.push_back(POLICY_NAME_TIZEN); + LogDebug("==== Using Tizen policy in PIP ===="); + break;} + case AceDB::AppTypes::WAC20 : { + attrValue.push_back(POLICY_NAME_WAC2_0); + LogDebug("==== Using WAC policy in PIP ===="); + break;} + default: { + LogError("Invalid widget type"); + } + } + } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) + { + LogError("Couldn't find widget for handle " + << request->getWidgetHandle()); + } + + // Setting real attribute value + Attribute attr(*(iter->first)); + attr.setType(Attribute::Type::WidgetParam); + iter2 = find_if(attributes->begin(), + attributes->end(), + BaseAttribute::UnaryPredicate(&attr)); + Assert(iter2 != attributes->end() && "This should not happen, " + "the attribute MUST be in attribute set"); + (*iter2)->setUndetermind(false); + (*iter2)->setValue(attrValue); + } + } + } + + /** clear query lists*/ + resourceAttributesQuery.clear(); + environmentAttributesQuery.clear(); + subjectAttributesQuery.clear(); + functionParamAttributesQuery.clear(); + widgetParamAttributesQuery.clear(); + + return subjectReturn | resourceReturn | operationReturn | functionReturn; +} + +/** create query lists */ +void PolicyInformationPoint::createQueries(AttributeSet* attributes) +{ + AttributeSet::const_iterator it; + + enum Attribute::Type type; + + /**iterate all attributes and split them into adequate query */ + FOREACH (it, *attributes) { + type = (*it)->getType(); + + switch (type) { + case Attribute::Type::Subject: + subjectAttributesQuery.push_back(ATTRIBUTE((*it)->getName(), + (*it)->getValue())); + break; + + case Attribute::Type::Environment: + environmentAttributesQuery.push_back(ATTRIBUTE((*it)->getName(), + (*it)->getValue())); + break; + + case Attribute::Type::Resource: + resourceAttributesQuery.push_back(ATTRIBUTE((*it)->getName(), + (*it)->getValue())); + break; + + case Attribute::Type::FunctionParam: + functionParamAttributesQuery.push_back(ATTRIBUTE((*it)->getName(), + (*it)->getValue())); + break; + + case Attribute::Type::WidgetParam: + widgetParamAttributesQuery.push_back(ATTRIBUTE((*it)->getName(), + (*it)->getValue())); + break; + default: + break; + } + } +} + diff --git a/ace/engine/Rule.cpp b/ace/engine/Rule.cpp new file mode 100644 index 0000000..c1703bb --- /dev/null +++ b/ace/engine/Rule.cpp @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : Rule.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#include +#include + +#include + +void Rule::printData() +{ + std::cout << "Rule: effect: " << printEffect(this->effect) << + " condition: " << this->condition; +} + +std::string Rule::printEffect(const ExtendedEffect &effect) const +{ + switch (effect.getEffect()) { + case Deny: + return "Deny"; + case PromptBlanket: + return "PromptBlanket"; + case PromptOneShot: + return "PromptOneShot"; + case PromptSession: + return "PromptSession"; + case Permit: + return "Permit"; + case Inapplicable: + return "Inapplicable"; + case Error: + return "Error"; + default: + return "ERROR"; + } +} + +ExtendedEffect Rule::evaluateRule(const AttributeSet * attrSet) const +{ + Attribute::MatchResult result = condition.evaluateCondition(attrSet); + + if (result == Attribute::MatchResult::MRUndetermined) { + // LogInfo("Rule is undetermined"); + return ExtendedEffect(Undetermined); + } else if (result == Attribute::MatchResult::MRTrue) { + // LogInfo("Rule effect "< + +#include +#include + +#include + +using namespace AceDB; + +Preference SettingsLogic::findGlobalUserSettings( + const std::string &resource, + WidgetHandle handler) +{ + Preference p = AceDAO::getWidgetDevCapSetting(resource, handler); + if (PreferenceTypes::PREFERENCE_DEFAULT == p) { + return AceDAO::getDevCapSetting(resource); + } else { + return p; + } +} + +Preference SettingsLogic::findGlobalUserSettings( + const Request &request) +{ + Request::DeviceCapabilitySet devset = request.getDeviceCapabilitySet(); + Assert(!devset.empty() && "No device cap set in request"); + return findGlobalUserSettings( + *(devset.begin()), + request.getWidgetHandle()); +} + +Preference SettingsLogic::getDevCapSetting(const std::string &resource) +{ + return AceDAO::getDevCapSetting(resource); +} + +void SettingsLogic::getDevCapSettings(PreferenceMap *globalSettingsMap) +{ + AceDAO::getDevCapSettings(globalSettingsMap); // NULL check inside +} + + +void SettingsLogic::setDevCapSetting(const std::string &resource, + Preference preference) +{ + if (resource.empty()) { + LogInfo("WARNING: setting resource settings for empty resource name"); + } + + AceDAO::addResource(resource); + + if (preference == PreferenceTypes::PREFERENCE_DEFAULT) { + return; + } + + Assert((PreferenceTypes::PREFERENCE_PERMIT == preference || + PreferenceTypes::PREFERENCE_DENY == preference || + PreferenceTypes::PREFERENCE_BLANKET_PROMPT == preference || + PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT == preference || + PreferenceTypes::PREFERENCE_SESSION_PROMPT == preference)); + + AceDAO::setDevCapSetting(resource,preference); +} + +void SettingsLogic::setAllDevCapSettings( + const std::list < std::pair < const std::string*, + Preference > > &resourcesList) +{ + std::list < std::pair < const std::string*, + Preference > >::const_iterator iter; + for (iter = resourcesList.begin(); iter != resourcesList.end(); ++iter) { + SettingsLogic::setDevCapSetting(*(iter->first), iter->second); + } +} + +void SettingsLogic::removeDevCapSetting(const std::string &resource) +{ + AceDAO::removeDevCapSetting(resource); +} + +void SettingsLogic::updateDevCapSetting(const std::string &resource, + Preference p) +{ + if (PreferenceTypes::PREFERENCE_DEFAULT == p) { + SettingsLogic::removeDevCapSetting(resource); + } else { + SettingsLogic::setDevCapSetting(resource, p); + } +} + +Preference SettingsLogic::getWidgetDevCapSetting( + const std::string &resource, + WidgetHandle handler) +{ + return AceDAO::getWidgetDevCapSetting(resource, handler); +} + +void SettingsLogic::getWidgetDevCapSettings(PermissionList *outputList) +{ + AceDAO::getWidgetDevCapSettings(outputList); // NULL check inside +} + + +void SettingsLogic::setWidgetDevCapSetting( + const std::string &resource, + WidgetHandle handler, + Preference preference) +{ + if (resource.empty()) { + LogError("Empty resource"); + return; + } + + LogDebug("userSetting, resource: " << resource << + " app_id: " << handler); + + AceDAO::addResource(resource); + SettingsLogic::removeWidgetDevCapSetting(resource, handler); + + if (PreferenceTypes::PREFERENCE_DEFAULT == preference) { + return; + } + + Assert((PreferenceTypes::PREFERENCE_PERMIT == preference || + PreferenceTypes::PREFERENCE_DENY == preference || + PreferenceTypes::PREFERENCE_BLANKET_PROMPT == preference || + PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT == preference || + PreferenceTypes::PREFERENCE_SESSION_PROMPT == preference)); + + AceDAO::setWidgetDevCapSetting(resource, handler, preference); +} + + +void SettingsLogic::setWidgetDevCapSettings(const PermissionList &permissionsList) +{ + FOREACH(i, permissionsList) { + SettingsLogic::setWidgetDevCapSetting(i->devCap, + i->appId, + i->access); + } +} + + +void SettingsLogic::removeWidgetDevCapSetting(const std::string &resource, + WidgetHandle handler) +{ + AceDAO::removeWidgetDevCapSetting(resource, handler); +} diff --git a/ace/engine/Subject.cpp b/ace/engine/Subject.cpp new file mode 100644 index 0000000..57724be --- /dev/null +++ b/ace/engine/Subject.cpp @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include + +#include + +bool Subject::matchSubject(const AttributeSet *attrSet, + bool &isUndetermined) const +{ + bool result = true; + Attribute::MatchResult match = Attribute::MatchResult::MRUndetermined; + + FOREACH(it, targetAttributes) + { + AttributeSet::const_iterator attr = + std::find_if(attrSet->begin(), + attrSet->end(), + AceDB::BaseAttribute::UnaryPredicate(&(*it))); + if (attr == attrSet->end()) { + LogError("Cannot find attribute value for " << *(it->getName())); + Assert(false && + "Attribute for subject hasn't been found." + "It shoud not happen. This attribute should be undetermined," + "not missing"); + result = false; //According to BONDI 1.0 for signle subject all attributes must match + isUndetermined = true; + break; + } + + match = it->matchAttributes(&(*(*attr))); + + if (match == Attribute::MatchResult::MRUndetermined) { + result = false; + isUndetermined = true; + /// LogError("Subject doesn match and UNDETERMINED"); + break; //According to BONDI 1.0 for signle subject all attributes must match + } else if (match == Attribute::MatchResult::MRFalse) { + result = false; + // LogError("Subject doesn match and DETERMINED"); + break; //According to BONDI 1.0 for signle subject all attributes must match + } + } + + return result; +} + +const std::list& Subject::getTargetAttributes() const +{ + return targetAttributes; +} + diff --git a/ace/engine/TreeNode.cpp b/ace/engine/TreeNode.cpp new file mode 100644 index 0000000..039ada6 --- /dev/null +++ b/ace/engine/TreeNode.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include + +//Tree node destructor is a tricky part, only the original tree should remove the elements +//release resources should be called when we want to destroy the whole tree +TreeNode::~TreeNode() +{ +} + +//TODO release resources is releaseTheSubtree and delete the element +void TreeNode::releaseResources() +{ + Assert(this != 0); + delete element; + std::list::iterator it = this->children.begin(); + while (it != children.end()) { + (*it)->releaseResources(); + ++it; + } + delete this; +} + +int TreeNode::level = 0; + +std::ostream & operator<<(std::ostream & out, + const TreeNode * node) +{ + std::string tmp; + + switch (node->getTypeID()) { + case TreeNode::Policy: + tmp = "Policy"; + break; + case TreeNode::PolicySet: + tmp = "PolicySet"; + break; + case TreeNode::Rule: + tmp = "Rule"; + break; + default: + break; + } + + out << "" << tmp << "-> children count: " << node->children.size() << + ": " << std::endl; + AbstractTreeElement * el = node->getElement(); + if (el != NULL) { + el->printData(); + } else { + std::cout << "Empty element!" << std::endl; + } + + return out; +} + diff --git a/ace/engine/parser.cpp b/ace/engine/parser.cpp new file mode 100644 index 0000000..26cd5cc --- /dev/null +++ b/ace/engine/parser.cpp @@ -0,0 +1,745 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include + +#include +#include + +namespace { + +class ParserWarningLogger +{ + public: + void operator()(const std::string& logMsg) + { + LogWarning(logMsg); + } +}; + +class ParserErrorLogger +{ + public: + void operator()(const std::string& logMsg) + { + LogError(logMsg); + } +}; + +template +void xmlLogFunction(void* /*ctx*/, const char *msg, ...) +{ + const int BUFFER_SIZE = 1024; + char buffer[BUFFER_SIZE]; + buffer[BUFFER_SIZE - 1] = '\0'; + Logger l; + + va_list va; + va_start(va, msg); + vsnprintf(buffer, BUFFER_SIZE - 1, msg, va); + va_end(va); + + std::string logmsg(buffer); + l(logmsg); +} + +} + +const char *Parser::TOKEN_PARAM = "param:"; + +Parser::Parser() : + ruleId(0), + reader(NULL), + root(NULL), + currentRoot(NULL), + currentSubject(NULL), + currentCondition(NULL), + currentAttribute(NULL), + currentText(NULL), + processingSignature(false), + canonicalizeOnce(false) +{ + processingSignature = true; + canonicalizeOnce = true; +} + +Parser::~Parser() +{ + /* parse function destroys reader */ + // free(this->xmlFilename); +} + +TreeNode* Parser::parse(const std::string& filename, const std::string& schema) +{ + if(root != NULL) { + root->releaseResources(); + root = NULL; + } + + LogDebug("Parser: opening file " << filename); + + xmlDocPtr xmlDocument = xmlParseFile(filename.c_str()); + if (!xmlDocument) { + LogError("Couldn't parse file " << filename); + return root; + } + + std::unique_ptr > + doc(xmlDocument, xmlFreeDoc); + + xmlSchemaParserCtxtPtr xmlSchemaParserContext = + xmlSchemaNewParserCtxt(schema.c_str()); + + if (!xmlSchemaParserContext) { + LogError("Couldn't load xml schema: " << schema); + return root; + } + + std::unique_ptr < + xmlSchemaParserCtxt, + std::function > + schemaContext( + xmlSchemaParserContext, + xmlSchemaFreeParserCtxt); + + LogDebug("Setting callbacks"); + + xmlSchemaSetParserErrors( + schemaContext.get(), + static_cast + (&xmlLogFunction), + static_cast + (&xmlLogFunction), + NULL); + + xmlSchemaPtr xmlSchema = xmlSchemaParse(schemaContext.get()); + + if (!xmlSchema) { + LogError("Couldn't parse xml schema: " << xmlSchema); + return root; + } + + xmlSchemaValidCtxtPtr xmlValidContext = xmlSchemaNewValidCtxt(xmlSchema); + + if (!xmlValidContext) { + LogError("Couldn't create validation context!"); + return root; + } + + std::unique_ptr < + xmlSchemaValidCtxt, + std::function > + schemaValidContext( + xmlValidContext, + xmlSchemaFreeValidCtxt); + + xmlSchemaSetValidErrors( + schemaValidContext.get(), + static_cast + (&xmlLogFunction), + static_cast + (&xmlLogFunction), + NULL); + + xmlSchemaSetValidOptions( + schemaValidContext.get(), + XML_SCHEMA_VAL_VC_I_CREATE); + + bool result = + (xmlSchemaValidateDoc( + schemaValidContext.get(), + xmlDocument) == 0 ? true : false); + + if (!result) { + LogError("Couldn't validate policy file: " << filename << + " against xml schema: " << schema); + + return root; + } + + LogInfo("Policy file: " << filename << " validated!"); + + xmlTextReaderPtr xmlReader = xmlReaderWalker(xmlDocument); + + //[CR] consider using ASSERT/DASSERT + if (NULL == xmlReader) { + LogError("Error, xml reader cannot be created. Probably xml file is missing (opening file " << filename << ")"); + return root; + } + + std::unique_ptr > + reader(xmlReader, xmlFreeTextReader); + + int ret; + ret = xmlTextReaderRead(reader.get()); + while (ret == 1) { + std::unique_ptr > + name(xmlTextReaderName(reader.get()), xmlFree); + + if (!strcmp("policy-set", (const char *)name.get())) { + processingSignature = false; + } else if (!strcmp("SignedInfo", + (const char *)name.get()) && canonicalizeOnce) { + #if 0 //TODO I think we don't need canonicalization in ACE only in PM, + //we have to verify it tough + extractNodeToFile(reader, "output.xml"); + //TODO we should be able to handle more than one canonicalization algorithm + canonicalize("output.xml", "canon.xml", Canonicalization::C14N); + canonicalizeOnce = false; + #endif + } + //Do not process signature of xml file + if(!processingSignature) { + processNode(reader.get()); + } + ret = xmlTextReaderRead(reader.get()); + } + + if (ret != 0) { + LogError("Error while parsing XML file"); + if (root) { + root->releaseResources(); + root = NULL; + } + } + + return root; +} + +void Parser::processNode(xmlTextReaderPtr reader) +{ + //TODO this is interesting, xmlTextReaderNodeType returns int but I am pretty sure + //those integers coresponds to xmlReaderTypes + xmlReaderTypes type = + static_cast(xmlTextReaderNodeType(reader)); + + switch (type) { + //Start element + case XML_READER_TYPE_ELEMENT: + startNodeHandler(reader); + break; + //End element + case XML_READER_TYPE_END_ELEMENT: + endNodeHandler(reader); + break; + //Text element + case XML_READER_TYPE_TEXT: + textNodeHandler(reader); + break; + default: + //Do not handle other xml tags + break; + } +} + +void Parser::startNodeHandler(xmlTextReaderPtr reader) +{ + xmlChar *name = xmlTextReaderName(reader); + + switch (*name) { + case 'p': //policy and policy-set + if (*(name + 6) == 0) { + handlePolicy(reader, TreeNode::Policy); + } else { + handlePolicy(reader, TreeNode::PolicySet); + } + break; + case 'r': //rule and resource-match + if (*(name + 1) == 'u') { + handleRule(reader); + } else if (*(name + 9) == 'm') { + handleMatch(reader, Attribute::Type::Resource); + } else { + handleAttr(reader); + } + break; + case 's': //subject and subject-match + if (*(name + 7) == 0) { + handleSubject(); + } else if (*(name + 8) == 'm') { //subject match + handleSubjectMatch(reader); + } else { //subject attr + handleAttr(reader); + } + break; + case 'c': //condition + handleCondition(reader); + break; + case 'e': //environment-match + if (*(name + 12) == 'm') { + handleMatch(reader, Attribute::Type::Environment); + } else { //env-attr + handleAttr(reader); + } + break; + } + xmlFree(name); +} + +void Parser::endNodeHandler(xmlTextReaderPtr reader) +{ + xmlChar *name = xmlTextReaderName(reader); + + switch (*name) { + case 'p': //policy and policy-set + //Restore old root + currentRoot = currentRoot->getParent(); + break; + case 'r': //Rule and resource match + if (*(name + 1) == 'u') { //Rule + currentRoot = currentRoot->getParent(); + } else { //Resource-match + consumeCurrentText(); //consume text if any available + consumeCurrentAttribute(); //consume attribute + } + break; + case 's': //subject and subject-match + if (*(name + 7) == 0) { //handle subject + consumeCurrentSubject(); + } else if (*(name + 8) == 'm') { //handle subject match + consumeCurrentText(); + consumeSubjectMatch(); + } + //Subject-match end doesn't require handling + break; + case 'c': //condition + consumeCurrentCondition(); + break; + case 'e': //environment-match + consumeCurrentText(); //consume text if any available + consumeCurrentAttribute(); //consume attribute + break; + } + xmlFree(name); +} + +void Parser::textNodeHandler(xmlTextReaderPtr reader) +{ + delete currentText; + xmlChar * text = xmlTextReaderValue(reader); + Assert(text != NULL && "Parser couldn't parse PCDATA"); + + currentText = new std::string(reinterpret_cast(text)); + trim(currentText); + xmlFree(text); +} + +void Parser::handlePolicy(xmlTextReaderPtr reader, + TreeNode::TypeID type) +{ + Policy::CombineAlgorithm algorithm; + + //Get first attribute + xmlChar * combAlg = xmlTextReaderGetAttribute(reader, BAD_CAST("combine")); + + Assert(combAlg != NULL && "Parser error while getting attributes"); + algorithm = convertToCombineAlgorithm(combAlg); + + //Create TreeNode element + Policy * policy = NULL; + if (type == TreeNode::Policy) { + policy = new Policy(); + } else { + policy = new PolicySet(); + } + policy->setCombineAlgorithm(algorithm); + TreeNode * node = new TreeNode(currentRoot, type, policy); + //Add new tree node to current's root children set + if (currentRoot != NULL) { + currentRoot->addChild(node); + } + + //Switch the current root to the new node + if (!xmlTextReaderIsEmptyElement(reader)) { + //Current root switching is necessary only if tag is not empty + currentRoot = node; + } + if (root == NULL) { + root = currentRoot; + } + + if (NULL == currentRoot) { + node->releaseResources(); + } + + xmlFree(combAlg); +} + +void Parser::handleRule(xmlTextReaderPtr reader) +{ + ExtendedEffect effect(Inapplicable); + + //[CR] create macros for attribute names + xmlChar * eff = xmlTextReaderGetAttribute(reader, BAD_CAST("effect")); //get the rule attribute + + Assert(eff != NULL && "Parser error while getting attributes"); + effect = convertToEffect(eff); + + Rule * rule = NULL; + rule = new Rule(); + rule->setEffect(effect); + + TreeNode * node = new TreeNode(currentRoot, TreeNode::Rule, rule); + //Add new tree node to current's root children set + if (currentRoot != NULL) { // + currentRoot->addChild(node); + } + + if (!xmlTextReaderIsEmptyElement(reader)) { + currentRoot = node; + } + + if (NULL == currentRoot) { + node->releaseResources(); + } + + xmlFree(eff); +} + +void Parser::handleSubject() +{ + currentSubject = new Subject(); + //TODO what about empty subject tag +} + +void Parser::handleCondition(xmlTextReaderPtr reader) +{ + Condition::CombineType combineType = Condition::AND; + + xmlChar * combine = xmlTextReaderGetAttribute(reader, BAD_CAST("combine")); //get the rule attribute + + Assert(combine != NULL && "Parser error while getting attributes"); + + combineType = *combine == 'a' ? Condition::AND : Condition::OR; + + Condition * condition = new Condition(); + condition->setCombineType(combineType); + condition->setParent(currentCondition); + + currentCondition = condition; + //TODO what about empty condition tag? +} + +//Subject match is handled differently than resource or environment match +//Because it cannot have any children tags and can only include PCDATA +void Parser::handleSubjectMatch(xmlTextReaderPtr reader) +{ + //processing Subject + int attributes = xmlTextReaderAttributeCount(reader); + + xmlChar * func = NULL; + xmlChar * value = NULL; + xmlChar * attrName = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute + + if (attributes == 2) { + //match attribute ommited, text value will be used + func = xmlTextReaderGetAttribute(reader, BAD_CAST("func")); + } else if (attributes == 3) { + value = xmlTextReaderGetAttribute(reader, BAD_CAST("match")); + func = xmlTextReaderGetAttribute(reader, BAD_CAST("func")); + } else { + Assert(false && "Wrong XML file format"); + } + + // creating temporiary object is not good idea + // but we have no choice untill Attribute have constructor taking std::string* + std::string temp(reinterpret_cast(attrName)); + Attribute * attr = new Attribute(&temp, convertToMatchFunction( + func), Attribute::Type::Subject); + if (value != NULL) { //add value of the attribute if possible + //[CR] consider create Attribute::addValue(char *) function + std::string temp(reinterpret_cast(value)); + attr->addValue(&temp); + } + currentAttribute = attr; + + if (xmlTextReaderIsEmptyElement(reader)) { + Assert(value != NULL && "XML file format is wrong"); + //Attribute value is required to obtain the match value easier + consumeSubjectMatch(value); + } + + if (attributes == 2 || attributes == 3) { + xmlFree(func); + } + xmlFree(value); + xmlFree(attrName); +} + +void Parser::handleMatch(xmlTextReaderPtr reader, + Attribute::Type type) +{ + int attributes = xmlTextReaderAttributeCount(reader); + + xmlChar * func = NULL; + xmlChar * value = NULL; + xmlChar * attrName = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute + + if (attributes == 2) { + //match attribute ommited, text value will be used + func = xmlTextReaderGetAttribute(reader, BAD_CAST("func")); + //the content may be resource-attr or PCDATA + } else if (attributes == 3) { + value = xmlTextReaderGetAttribute(reader, BAD_CAST("match")); + func = xmlTextReaderGetAttribute(reader, BAD_CAST("func")); + } else { + Assert(false && "Wrong XML file format"); + } + + // FunctionParam type is sybtype of Resource. + // FunctionParam is used to storage attriburess of call functions. + if (0 == + xmlStrncmp(attrName, BAD_CAST(TOKEN_PARAM), + xmlStrlen(BAD_CAST(TOKEN_PARAM))) && type == + Attribute::Type::Resource) { + type = Attribute::Type::FunctionParam; + } + + std::string temp(reinterpret_cast(attrName)); + Attribute * attr = new Attribute(&temp, convertToMatchFunction(func), type); + currentAttribute = attr; + + if (xmlTextReaderIsEmptyElement(reader)) { + Assert(value != NULL && "XML is currupted"); + std::string tempVal(reinterpret_cast(value)); + currentAttribute->addValue(&tempVal); + consumeCurrentAttribute(); + } + + if (attributes == 2 || attributes == 3) { + xmlFree(func); + } + xmlFree(value); + xmlFree(attrName); +} + +Policy::CombineAlgorithm Parser::convertToCombineAlgorithm(xmlChar* algorithm) +{ + switch (*algorithm) { + case 'f': + if (*(algorithm + 6) == 'a') { //first applicable + return Policy::FirstApplicable; + } + return Policy::FirstTargetMatching; + case 'd': + return Policy::DenyOverride; + case 'p': + return Policy::PermitOverride; + default: + Assert(false && "Wrong combine algorithm name"); + return Policy::DenyOverride; + } +} + +ExtendedEffect Parser::convertToEffect(xmlChar *effect) +{ + switch (*effect) { + case 'd': //deny + return Deny; + break; + case 'p': + //permit, prompt-blanket, prompt-session, prompt-oneshot + if (*(effect + 1) == 'e') { + return ExtendedEffect(Permit, ruleId++); + } + switch (*(effect + 7)) { + case 'b': + return ExtendedEffect(PromptBlanket, ruleId++); + case 's': + return ExtendedEffect(PromptSession, ruleId++); + case 'o': + return ExtendedEffect(PromptOneShot, ruleId++); + default: + Assert(false && "Effect is Error"); + return ExtendedEffect(); + } + break; + default: + Assert(false && "Effect is Error"); + return ExtendedEffect(); + } + return ExtendedEffect(Inapplicable); +} + +Attribute::Match Parser::convertToMatchFunction(xmlChar * func) +{ + if (func == NULL) { + LogError("[ERROR] match function value is NULL"); + return Attribute::Match::Error; + } + + if (*func == 'g') { + return Attribute::Match::Glob; + } else if (*func == 'e') { + return Attribute::Match::Equal; + } else if (*func == 'r') { + return Attribute::Match::Regexp; + } else { + LogError("[ERROR] match function value is NULL"); + return Attribute::Match::Error; + } + Assert(false); +} + +void Parser::handleAttr(xmlTextReaderPtr reader) +{ + xmlChar * attrValue = xmlTextReaderGetAttribute(reader, BAD_CAST("attr")); //get the first attribute + Assert(attrValue != NULL && "Error while obtaining attribute"); + + std::string temp(reinterpret_cast(attrValue)); + currentAttribute->addValue(&temp); + + xmlFree(attrValue); +} + +void Parser::consumeCurrentText() +{ + Assert(currentText != NULL); + currentAttribute->addValue(currentText); + delete currentText; + + currentText = NULL; +} + +void Parser::consumeCurrentAttribute() +{ + Assert(currentAttribute != NULL); + + currentCondition->addAttribute(*currentAttribute); + delete currentAttribute; + + currentAttribute = NULL; +} + +void Parser::consumeCurrentSubject() +{ + Policy * policy = dynamic_cast(currentRoot->getElement()); + Assert(policy != NULL); + policy->addSubject(currentSubject); + //TODO maybe keep subjects not subject pointers in Policies and consume subjects here + currentSubject = NULL; +} + +void Parser::consumeCurrentCondition() +{ + Condition * temp = NULL; + if (currentCondition != NULL) { + if (currentCondition->getParent() != NULL) { //Condition is a child of another condition + currentCondition->getParent()->addCondition(*currentCondition); + } else { //Condition parent is a Rule + Rule * rule = dynamic_cast(currentRoot->getElement()); + Assert(rule != NULL); + rule->setCondition(*currentCondition); + } + temp = currentCondition->getParent(); + delete currentCondition; + } + currentCondition = temp; //switch current condition ( it may be switched to NULL if condition's parent was rule +} + +void Parser::consumeSubjectMatch(xmlChar * value) +{ + Assert( + currentAttribute != NULL && + "consuming subject match without attribute set"); + + if (currentSubject != NULL) { + currentSubject->addNewAttribute(*currentAttribute); + //[CR] matching/modyfing functions transform uri.host to uri ( etc. ) so strncmp is not needed, string equality will do + if (!strncmp(currentAttribute->getName()->c_str(), "uri", + 3) || + !strncmp(currentAttribute->getName()->c_str(), "id", 2)) { + if (value != NULL) { + currentSubject->setSubjectId(reinterpret_cast( + value)); + } else if (currentAttribute->getValue()->size()) { + currentSubject->setSubjectId( + currentAttribute->getValue()->front()); + } else { + Assert(false); + } + } + } else if (currentCondition != NULL) { + currentCondition->addAttribute(*currentAttribute); + } + + delete currentAttribute; + currentAttribute = NULL; +} + +void Parser::trim(std::string * str) +{ + std::string::size_type pos = str->find_last_not_of(whitespaces); + if (pos != std::string::npos) { + str->erase(pos + 1); + pos = str->find_first_not_of(whitespaces); + if (pos != std::string::npos) { + str->erase(0, pos); + } + } else { + str->erase(str->begin(), str->end()); + LogInfo("Warning, empty string as attribute value"); + } +} + +// KW void Parser::canonicalize(const char * input, const char * output, CanonicalizationAlgorithm canonicalizationAlgorithm){ +// KW +// KW xmlDocPtr doc = xmlParseFile(input); +// KW //xmlDocDump(stdout, doc); +// KW +// KW if(doc == NULL) +// KW { +// KW LogError("Canonicalization error, cannot parser xml file"); +// KW } +// KW +// KW +// KW int mode = -1; +// KW if(canonicalizationAlgorithm == C14N) +// KW { +// KW mode = 0; +// KW } +// KW else if(canonicalizationAlgorithm == C14NEXCLUSIVE) +// KW { +// KW mode = 1; +// KW } +// KW +// KW +// KW xmlC14NDocSave(doc, NULL, mode, NULL, 0, output, 0); +// KW +// KW xmlFreeDoc(doc); +// KW +// KW } + +// KW int Parser::extractNodeToFile(xmlTextReaderPtr reader, const char * filename){ +// KW +// KW xmlNodePtr node = xmlTextReaderExpand(reader); +// KW xmlBufferPtr buff = xmlBufferCreate(); +// KW xmlNodeDump(buff, node->doc, node, 0, 0); +// KW FILE * file = fopen(filename, "w"); +// KW if(file == NULL){ +// KW LogError("Error while trying to open file "< +#include + +namespace AceDB { +namespace AceDaoConversions { + +DPL::String convertToHash(const BaseAttributeSet &attributes); + +} +} + +#endif diff --git a/ace/include/ace-dao-ro/AceDAOReadOnly.h b/ace/include/ace-dao-ro/AceDAOReadOnly.h new file mode 100644 index 0000000..cda83c8 --- /dev/null +++ b/ace/include/ace-dao-ro/AceDAOReadOnly.h @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file AceDAOReadOnly.h + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef ACE_DAO_READ_ONLY_H_ +#define ACE_DAO_READ_ONLY_H_ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace AceDB { + +typedef std::map RequestedDevCapsMap; +typedef DPL::String FeatureName; +typedef std::vector FeatureNameVector; + +class AceDAOReadOnly +{ + public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, DatabaseError) + }; + + AceDAOReadOnly() {} + + static void attachToThreadRO(void); + static void attachToThreadRW(void); + static void detachFromThread(void); + + // policy effect/decision + static OptionalExtendedPolicyResult getPolicyResult( + const BaseAttributeSet &attributes); + + static OptionalExtendedPolicyResult getPolicyResult( + const DPL::String &attrHash); + + static OptionalCachedPromptDecision getPromptDecision( + WidgetHandle widgetHandle, + int ruleId); + + // resource settings + static PreferenceTypes getDevCapSetting(const std::string &resource); + static void getDevCapSettings(PreferenceTypesMap *preferences); + + // user settings + static void getWidgetDevCapSettings(BasePermissionList *permissions); + static PreferenceTypes getWidgetDevCapSetting( + const std::string &resource, + WidgetHandle handler); + + static void getAttributes(BaseAttributeSet *attributes); + + // Getter for device capabilities that are requested in widgets config. + // + // Additional boolean flag means whether widget will always get + // (at launch) the SMACK permissions needed to use the device cap). + // + // 'permissions' is the map of device cap names and smack status for + // given widget handle. + static void getRequestedDevCaps( + WidgetHandle widgetHandle, + RequestedDevCapsMap *permissions); + + static void getAcceptedFeature( + WidgetHandle widgetHandle, + FeatureNameVector *featureVector); + + static WidgetHandleList getHandleList(); + + static AppTypes getWidgetType(WidgetHandle handle); + static std::string getVersion(WidgetHandle widgetHandle); + static std::string getAuthorName(WidgetHandle widgetHandle); + static std::string getGUID(WidgetHandle widgetHandle); + + static WidgetCertificateCNList getKeyCommonNameList( + WidgetHandle widgetHandle, + WidgetCertificateData::Owner owner, + WidgetCertificateData::Type type); + static FingerPrintList getKeyFingerprints( + WidgetHandle widgetHandle, + WidgetCertificateData::Owner owner, + WidgetCertificateData::Type type); + + static std::string getShareHref(WidgetHandle widgetHandle); + static bool isWidgetInstalled(WidgetHandle handle); + + protected: + static int promptDecisionToInt(PromptDecision decision); + static PromptDecision intToPromptDecision(int decision); + static int appTypeToInt(AppTypes app_type); + static AppTypes intToAppType(int app_type); +}; + +} + +#endif diff --git a/ace/include/ace-dao-ro/AceDAOUtilities.h b/ace/include/ace-dao-ro/AceDAOUtilities.h new file mode 100644 index 0000000..cae59a4 --- /dev/null +++ b/ace/include/ace-dao-ro/AceDAOUtilities.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file AceDAOUtil.h + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef WRT_ACE_DAO_UTILITIES_H_ +#define WRT_ACE_DAO_UTILITIES_H_ + +#include +#include +#include +#include +#include + +namespace AceDB { + +namespace AceDaoUtilities { + +BaseAttribute::Type intToAttributeType(int val); +int attributeTypeToInt(BaseAttribute::Type type); +int preferenceToInt(PreferenceTypes p); +PreferenceTypes intToPreference(int p); +VerdictTypes intToVerdict(int v); +int verdictToInt(VerdictTypes v); +bool getSubjectByUri(const std::string &uri, + DPL::DB::ORM::ace::AceSubject::Row &row); +bool getResourceByUri(const std::string &uri, + DPL::DB::ORM::ace::AceDevCap::Row &row); + +extern DPL::DB::ThreadDatabaseSupport m_databaseInterface; + +} + +} + +#endif diff --git a/ace/include/ace-dao-ro/AceDatabase.h b/ace/include/ace-dao-ro/AceDatabase.h new file mode 100644 index 0000000..d5b2838 --- /dev/null +++ b/ace/include/ace-dao-ro/AceDatabase.h @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file AceDatabase.h + * @author Lukasz Marek (l.marek@samsung.com) + * @version 1.0 + * @brief This file contains the declaration of ace database + */ + +#ifndef WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H +#define WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H + +#include +#include + +extern DPL::Mutex g_aceDbQueriesMutex; + +#define ACE_DB_INTERNAL(tlsCommand, InternalType, interface) \ + static DPL::ThreadLocalVariable *tlsCommand ## Ptr = NULL; \ + { \ + DPL::Mutex::ScopedLock lock(&g_aceDbQueriesMutex); \ + if (!tlsCommand ## Ptr) { \ + static DPL::ThreadLocalVariable tmp; \ + tlsCommand ## Ptr = &tmp; \ + } \ + } \ + DPL::ThreadLocalVariable &tlsCommand = *tlsCommand ## Ptr; \ + if (tlsCommand.IsNull()) { tlsCommand = InternalType(interface); } + +#define ACE_DB_SELECT(name, type, interface) \ + ACE_DB_INTERNAL(name, type::Select, interface) + +#define ACE_DB_INSERT(name, type, interface) \ + ACE_DB_INTERNAL(name, type::Insert, interface) + +#define ACE_DB_UPDATE(name, type, interface) \ + ACE_DB_INTERNAL(name, type::Update, interface) + +#define ACE_DB_DELETE(name, type, interface) \ + ACE_DB_INTERNAL(name, type::Delete, interface) + + +#endif // WRT_ENGINE_SRC_ACCESS_CONTROL_ACE_DATABASE_H diff --git a/ace/include/ace-dao-ro/AppTypes.h b/ace/include/ace-dao-ro/AppTypes.h new file mode 100644 index 0000000..b8b56fa --- /dev/null +++ b/ace/include/ace-dao-ro/AppTypes.h @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file AppTypes.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + */ + +#ifndef ACCESS_CONTROL_DAO_APPTYPES_H_ +#define ACCESS_CONTROL_DAO_APPTYPES_H_ + +namespace AceDB{ + +enum class AppTypes +{ + Unknown, + WAC20, + Tizen +}; + +} + +#endif // ACCESS_CONTROL_DAO_APPTYPES_H_ diff --git a/ace/include/ace-dao-ro/BaseAttribute.h b/ace/include/ace-dao-ro/BaseAttribute.h new file mode 100644 index 0000000..6fb9a83 --- /dev/null +++ b/ace/include/ace-dao-ro/BaseAttribute.h @@ -0,0 +1,150 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file IAttribute.h + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef ACCESS_CONTROL_DAO_BASEATTRIBUTE_H_ +#define ACCESS_CONTROL_DAO_BASEATTRIBUTE_H_ + +#include +#include +#include +#include +#include + +namespace AceDB { + +class BaseAttribute; +typedef DPL::SharedPtr BaseAttributePtr; + +class BaseAttribute +{ + + public: + /** + * Types of attributes + */ + enum class Type { Subject, Environment, Resource, FunctionParam, + WidgetParam, Undefined }; + + struct UnaryPredicate + { + public: + UnaryPredicate(const AceDB::BaseAttribute *comp = NULL) : + m_priv(comp) + { + } + + bool operator()(const AceDB::BaseAttributePtr &comp) + { + Assert(m_priv != NULL); + if (m_priv->getName()->compare(*comp->getName()) != 0) { + return false; + } + return m_priv->getType() == comp->getType(); + } + + bool operator()(const AceDB::BaseAttributePtr &comp1, + const AceDB::BaseAttributePtr &comp2) + { + if (comp1->getType() != comp2->getType()) { + return comp1->getType() < comp2->getType(); + } + return comp1->getName()->compare(*comp2->getName()) < 0; + } + + private: + const AceDB::BaseAttribute *m_priv; + }; + + public: + BaseAttribute() : + m_typeId(Type::Undefined), + m_undetermindState(false) + {} + + virtual void setName(const std::string& name) + { + m_name = name; + } + virtual void setName(const std::string* name) + { + m_name = *name; + } + + virtual void setType(const Type& type) + { + m_typeId = type; + } + virtual Type getType() const + { + return m_typeId; + } + + virtual const std::string* getName() const + { + return &m_name; + } + + //TODO think + virtual void setUndetermind(bool tmp) + { + m_undetermindState = tmp; + } + virtual bool isUndetermind() const + { + return m_undetermindState; + } + virtual std::list * getValue() const + { + return const_cast* >(&value); + } + virtual bool isValueEmpty() const + { + return value.empty(); + } + + virtual void setValue(const std::list& arg) + { + value = arg; + } + + virtual ~BaseAttribute() + { + } + + static const char * typeToString(Type type); + + virtual std::string toString() const; + + protected: + std::string m_name; + Type m_typeId; + bool m_undetermindState; + std::list value; //string bag list +}; + +typedef std::set BaseAttributeSet; + +} + +#endif diff --git a/ace/include/ace-dao-ro/BasePermission.h b/ace/include/ace-dao-ro/BasePermission.h new file mode 100644 index 0000000..103cc58 --- /dev/null +++ b/ace/include/ace-dao-ro/BasePermission.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file IPermission.h + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef ACCESS_CONTROL_DAO_BASEPERMISSION_H_ +#define ACCESS_CONTROL_DAO_BASEPERMISSION_H_ + +#include +#include + +namespace AceDB{ + +struct BasePermission +{ + BasePermission(WidgetHandle handler, + const std::string& devCap, + PreferenceTypes accessAllowed) : + appId(handler), + devCap(devCap), + access(accessAllowed) + { + } + + WidgetHandle appId; + std::string devCap; + PreferenceTypes access; +}; + +typedef std::list BasePermissionList; + +} + +#endif diff --git a/ace/include/ace-dao-ro/IRequest.h b/ace/include/ace-dao-ro/IRequest.h new file mode 100644 index 0000000..2975b8b --- /dev/null +++ b/ace/include/ace-dao-ro/IRequest.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file IRequest.h + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef ACCESS_CONTROL_DAO_IREQUEST_H_ +#define ACCESS_CONTROL_DAO_IREQUEST_H_ + +namespace AceDB{ + +class IRequest +{ +public: + virtual ~IRequest(){} +}; + +} + +#endif diff --git a/ace/include/ace-dao-ro/PreferenceTypes.h b/ace/include/ace-dao-ro/PreferenceTypes.h new file mode 100644 index 0000000..0f96dc5 --- /dev/null +++ b/ace/include/ace-dao-ro/PreferenceTypes.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file PreferenceTypes.h + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef ACCESS_CONTROL_DAO_PREFERENCETYPES_H_ +#define ACCESS_CONTROL_DAO_PREFERENCETYPES_H_ + +#include +#include + +namespace AceDB{ + +enum class PreferenceTypes +{ + PREFERENCE_PERMIT, + PREFERENCE_DENY, + PREFERENCE_DEFAULT, + PREFERENCE_BLANKET_PROMPT, + PREFERENCE_SESSION_PROMPT, + PREFERENCE_ONE_SHOT_PROMPT +}; + + +typedef std::map PreferenceTypesMap; + +} + +#endif diff --git a/ace/include/ace-dao-ro/PromptModel.h b/ace/include/ace-dao-ro/PromptModel.h new file mode 100644 index 0000000..8819eae --- /dev/null +++ b/ace/include/ace-dao-ro/PromptModel.h @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* @file PromptModel.h + * @author Justyna Mejzner (j.kwiatkowsk@samsung.com) + * @author Jaroslaw Osmanski (j.osmanski@samsung.com) + * @version 1.0 + * + */ + +#ifndef WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_ +#define WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_ + +#include +#include +#include + +#include + +namespace Prompt { +typedef std::vector ButtonLabels; + +class PromptLabels +{ +public: + PromptLabels(int promptType, + const Prompt::ButtonLabels& questionLabel, + const std::string& mainLabel); + DPL::OptionalString getCheckLabel() const; + bool isAllowed(const size_t buttonNumber) const; + int getPromptType() const; + const ButtonLabels& getButtonLabels() const; + const std::string& getMainLabel() const; + +private: + int m_promptType; + ButtonLabels m_buttonLabels; + std::string m_mainLabel; +}; + +typedef std::unique_ptr PromptLabelsPtr; + +enum Validity +{ + ONCE, + SESSION, + ALWAYS +}; + +class PromptAnswer +{ +public: + PromptAnswer(bool isAccessAllowed, Validity validity); + PromptAnswer(int aPromptType, unsigned int buttonAns, bool checkAns); + bool isAccessAllowed() const; + Validity getValidity() const; + +private: + bool m_isAccessAllowed; + Validity m_validity; +}; + +class PromptModel +{ + public: + static PromptLabels* getOneShotModel(const std::string& resourceId); + static PromptLabels* getSessionModel(const std::string& resourceId); + static PromptLabels* getBlanketModel(const std::string& resourceId); + + enum PromptType + { + PROMPT_ONESHOT, + PROMPT_SESSION, + PROMPT_BLANKET + }; +}; + +} // Prompt + +#endif /* WRT_SRC_ACCESSCONTROL_ENGINE_PROMPT_MODEL_H_ */ diff --git a/ace/include/ace-dao-ro/TimedVerdict.h b/ace/include/ace-dao-ro/TimedVerdict.h new file mode 100644 index 0000000..8f9be66 --- /dev/null +++ b/ace/include/ace-dao-ro/TimedVerdict.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file TimedVerdict.h + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef ACCESS_CONTROL_DAO_TIMEDVERDICT_H_ +#define ACCESS_CONTROL_DAO_TIMEDVERDICT_H_ + +#include + +namespace AceDB{ + +struct TimedVerdict +{ + VerdictTypes decision; + /*Below values are optional,its filled only when verdict depend on session*/ + std::string session; + int subjectVerdictId; +}; + +} + +#endif diff --git a/ace/include/ace-dao-ro/ValidityTypes.h b/ace/include/ace-dao-ro/ValidityTypes.h new file mode 100644 index 0000000..1283cf1 --- /dev/null +++ b/ace/include/ace-dao-ro/ValidityTypes.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file ValidityTypes.h + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef ACCESS_CONTROL_DAO_VALIDITYTYPES_H_ +#define ACCESS_CONTROL_DAO_VALIDITYTYPES_H_ + +namespace AceDB{ + +enum class ValidityTypes +{ + ONCE, + SESSION, + ALWAYS, + UNWRITEABLE +}; + +} + +#endif diff --git a/ace/include/ace-dao-ro/VerdictTypes.h b/ace/include/ace-dao-ro/VerdictTypes.h new file mode 100644 index 0000000..8a312b5 --- /dev/null +++ b/ace/include/ace-dao-ro/VerdictTypes.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file VerdictTypes.h + * @author Grzegorz Krawczyk (g.krawczyk@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef ACCESS_CONTROL_DAO_VERDICTTYPES_H_ +#define ACCESS_CONTROL_DAO_VERDICTTYPES_H_ + +namespace AceDB{ + +enum class VerdictTypes +{ + VERDICT_PERMIT, + VERDICT_DENY, + //Verdict is innapplicable if policy evaluate to INAPPLICABLE, + //in this case WRT should decide what to do + VERDICT_INAPPLICABLE, + VERDICT_UNDETERMINED, + VERDICT_UNKNOWN, //Verdict is unknown if Verdicts manager cannot find it + VERDICT_ASYNC, + VERDICT_ERROR +}; + +} + +#endif diff --git a/ace/include/ace-dao-ro/common_dao_types.h b/ace/include/ace-dao-ro/common_dao_types.h new file mode 100644 index 0000000..94b4c5e --- /dev/null +++ b/ace/include/ace-dao-ro/common_dao_types.h @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * @file common_dao_types.h + * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) + * @version 1.1 + * @brief This file contains the declaration of common data types for ace database. + */ +#ifndef ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_ +#define ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_ + +#include +#include +#include +#include "AppTypes.h" + +typedef int WidgetHandle; +typedef std::list WidgetHandleList; + +namespace AceDB { + +enum { + INVALID_PLUGIN_HANDLE = -1 +}; +typedef int DbPluginHandle; + +enum CertificateSource { + SIGNATURE_DISTRIBUTOR = 0, + SIGNATURE_AUTHOR = 1 +}; + +struct WidgetRegisterInfo { + AppTypes type; + DPL::OptionalString widget_id; + DPL::OptionalString authorName; + DPL::OptionalString version; + DPL::OptionalString shareHref; +}; + +typedef std::list WidgetCertificateCNList; + +struct WidgetCertificateData { + enum Owner { AUTHOR, DISTRIBUTOR, UNKNOWN }; + enum Type { ROOT, ENDENTITY }; + + Owner owner; + Type type; + + int chainId; + std::string strMD5Fingerprint; + std::string strSHA1Fingerprint; + DPL::String strCommonName; + + bool operator== (const WidgetCertificateData& certData) const { + return certData.chainId == chainId && + certData.owner == owner && + certData.strCommonName == strCommonName && + certData.strMD5Fingerprint == strMD5Fingerprint && + certData.strSHA1Fingerprint == strSHA1Fingerprint; + } +}; +typedef std::list WidgetCertificateDataList; + +typedef std::list FingerPrintList; + +typedef std::list CertificateChainList; +class IWacSecurity { + public: + virtual ~IWacSecurity() {} + virtual const WidgetCertificateDataList& getCertificateList() const = 0; + virtual bool isRecognized() const = 0; + virtual bool isDistributorSigned() const = 0; + virtual bool isWacSigned() const = 0; + virtual void getCertificateChainList(CertificateChainList& list) const = 0; +}; + +} //namespace AceDB + +#endif /* ACE_SRC_CONFIGURATION_COMMON_DAO_TYPES_H_ */ diff --git a/ace/include/ace-dao-rw/AceDAO.h b/ace/include/ace-dao-rw/AceDAO.h new file mode 100644 index 0000000..5a01cfe --- /dev/null +++ b/ace/include/ace-dao-rw/AceDAO.h @@ -0,0 +1,117 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file AceDAO.h + * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef ACEDAO_H_ +#define ACEDAO_H_ + +#include +#include +#include + +#include +#include +#include +#include +#include + +namespace AceDB { +/* + * + */ +class AceDAO : public AceDAOReadOnly +{ + public: + + AceDAO() {} + + // Policy Decisions + static void setPolicyResult( + const BaseAttributeSet &attributes, + const ExtendedPolicyResult &policyResult); + + static void removePolicyResult( + const BaseAttributeSet &attributes); + + // PromptDecision + static void setPromptDecision( + WidgetHandle widgetHandle, + int ruleId, + const DPL::OptionalString &session, + PromptDecision decision); + + static void clearPromptDecisions(void); + + // reseting database + static void clearWidgetDevCapSettings(void); + static void clearDevCapSettings(void); + static void clearAllSettings(void); + static void resetDatabase(void); + // clears all databse information relevant to policy cache + static void clearPolicyCache(void); + + // resource settings + static void setDevCapSetting(const std::string &resource, + PreferenceTypes preference); + static void removeDevCapSetting(const std::string &resource); + + // user settings + static void setWidgetDevCapSetting( + const std::string &resource, + WidgetHandle handler, + PreferenceTypes); + static void removeWidgetDevCapSetting( + const std::string &resource, + WidgetHandle handler); + + // resource and subject management + static int addResource(const std::string &request); + + // utilities + static void addAttributes(const BaseAttributeSet &attributes); + + // Setter for device capabilities that are requested in widgets config. + // + // Additional boolean flag means whether widget will always get + // (at launch) the SMACK permissions needed to use the device cap). + // + // 'permissions' is the map of device cap names and smack status for + // given widget handle. + static void setRequestedDevCaps( + WidgetHandle widgetHandle, + const RequestedDevCapsMap &permissions); + + static void setAcceptedFeature( + WidgetHandle widgetHandle, + const FeatureNameVector &vector); + + static void removeAcceptedFeature(WidgetHandle widgetHandle); + + static void registerWidgetInfo(WidgetHandle handle, + const WidgetRegisterInfo& info, + const WidgetCertificateDataList& dataList); + static void unregisterWidgetInfo(WidgetHandle handle); + +}; +} +#endif /* ACEDAO_H_ */ diff --git a/ace/include/ace/AbstractPolicyEnforcementPoint.h b/ace/include/ace/AbstractPolicyEnforcementPoint.h new file mode 100644 index 0000000..ede3792 --- /dev/null +++ b/ace/include/ace/AbstractPolicyEnforcementPoint.h @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H +#define WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H + +#include +#include +#include + +class AbstractPolicyEnforcementPoint +{ + public: + typedef DPL::Event::ICDelegate ResponseReceiver; + virtual ExtendedPolicyResult check(Request &request) = 0; +}; + +#endif /* WRT_SRC_ACCESS_CONTROL_LOGIC_ABSTRACT_POLICY_ENFORCEMENT_POINTS_H */ diff --git a/ace/include/ace/AbstractPolicyInformationPoint.h b/ace/include/ace/AbstractPolicyInformationPoint.h new file mode 100644 index 0000000..e8d95ed --- /dev/null +++ b/ace/include/ace/AbstractPolicyInformationPoint.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +class AbstractPolicyInformationPoint +{ + public: + virtual ~AbstractPolicyInformationPoint() {} +}; diff --git a/ace/include/ace/AbstractTreeElement.h b/ace/include/ace/AbstractTreeElement.h new file mode 100644 index 0000000..ffe2e89 --- /dev/null +++ b/ace/include/ace/AbstractTreeElement.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : AbstractTreeElement.h +// @ Date : 2009-05-25 +// @ Author : Samsung +// +// +#if !defined(_ABSTRACTTREEELEMENT_H) +#define _ABSTRACTTREEELEMENT_H + +#include +#include "Effect.h" +#include + +class AbstractTreeElement +{ + public: + + virtual ~AbstractTreeElement() + { + } + + virtual void printData() = 0; + protected: +}; + +#endif //_ABSTRACTTREEELEMENT_H diff --git a/ace/include/ace/AsyncVerdictResultListener.h b/ace/include/ace/AsyncVerdictResultListener.h new file mode 100644 index 0000000..47ef573 --- /dev/null +++ b/ace/include/ace/AsyncVerdictResultListener.h @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef _ASYNCVERDICT_H +#define _ASYNCVERDICT_H + +#include +#include +#include + +class AsyncVerdictResultListener +{ + public: + virtual void onVerdict(const Verdict &verdict, + const Request *request) = 0; + virtual ~AsyncVerdictResultListener() + { + } +}; + +#endif diff --git a/ace/include/ace/Attribute.h b/ace/include/ace/Attribute.h new file mode 100644 index 0000000..e1a62b4 --- /dev/null +++ b/ace/include/ace/Attribute.h @@ -0,0 +1,212 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : Attribute.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#if !defined(_ATTRIBUTE_H) +#define _ATTRIBUTE_H + +#include +#include +#include +#include + +#include + +class Attribute : public AceDB::BaseAttribute +{ + public: + /** + * Types of match functions + */ + enum class Match { Equal, Glob, Regexp, Error }; + /** + * Types of attribute value modifiers + */ + enum class Modifier { Non, Scheme, Authority, SchemeAuthority, Host, Path }; + /** + * Possible match results + */ + enum class MatchResult { MRUndetermined = -1, MRFalse = 0, MRTrue = 1}; + + public: + + /** + * New attribute constructor + * @param name name of the new attribute + * @param matchFunction match function used in the attribute + * @param type attribute type + */ + Attribute(const std::string *name, + const Match matchFunction, + const Type type); + + + /** + * Constructor used to create default attribute ( used for unit tests ) + * @param nm name of the default attribute + */ + Attribute(const std::string& nm) : + matchFunction(Match::Error), + modifierFunction(Modifier::Non) + { + m_name = nm; + m_typeId = Type::Subject; + m_undetermindState = false; + } + + /** + * Destructor + */ + virtual ~Attribute(); + + std::list * getValue() const + { + return AceDB::BaseAttribute::getValue(); + } + Match getMatchFunction() const + { + return matchFunction; + } + + /* --- Setters --- */ + void addValue (const std::string *value); + + MatchResult matchAttributes(const BaseAttribute *) const; + + /** + * Operator used in for attribute set,used to distinguished only attribute names + * It cannot take attribute type into consideration + */ + bool operator< (const Attribute & obj) const + { + int result = this->m_name.compare(*obj.getName()); + if (result == 0) { //If names are equal check attribute types + if (this->m_typeId < obj.getType()) { + result = -1; + } else if (this->m_typeId > obj.getType()) { + result = 1; + } + } + //If result is negative that means that 'this' was '<' than obj + return result < 0; + } + + /** Checks if object type is equal to argument */ + bool instanceOf(Type type_) + { + return type_ == m_typeId; + } + + friend std::ostream & operator<<(std::ostream & out, + const Attribute & attr); + + protected: + + bool searchAndCut(const char *); + + /* + * URI definition from rfc2396 + * + * ://? + * Each of the components may be absent, apart from the scheme. + * Host is a part of authority as in definition below: + * + * authority = server | reg_name + * server = [ [ userinfo "@" ] hostport ] + * @: + * + * Extract from rfc2396 + * The authority component is preceded by a double slash "//" and is + * terminated by the next slash "/", question-mark "?", or by the end of + * the URI. Within the authority component, the characters ";", ":", + * "@", "?", and "/" are reserved. + * + * Modifiers should return pointer to empty string if given part of string was empty. + * Modifiers should return NULL if the string to be modified was not an URI. + */ + std::string * uriScheme(const std::string *) const; + std::string * uriAuthority(const std::string *) const; + std::string * uriSchemeAuthority(const std::string *) const; + std::string * uriHost(const std::string *) const; + std::string * uriPath(const std::string *) const; + std::string * applyModifierFunction(const std::string * val) const; + + bool parse(const std::string *input, + std::string *part) const; + bool find_error(const std::string *part) const; + + bool checkScheme(const std::string *scheme) const; + bool checkAuthority(const std::string *scheme) const; + std::string * getHost(const std::string *scheme) const; + bool checkPath(const std::string *scheme) const; + + bool isSchemeAllowedCharacter(int c) const; + bool isSegmentAllowedCharacter(int c) const; + bool isUserInfoAllowedString(const std::string *str) const; + bool isHostAllowedString(const std::string *str) const; + bool isHostNameAllowedString(const std::string * str) const; + bool isIPv4AllowedString(const std::string * str) const; + bool isDomainLabelAllowedString(const char * data, + int lenght) const; + bool isTopLabelAllowedString(const char* data, + int lenght) const; + + bool isUnreserved(int c) const; + bool isAlphanum(int c) const; + bool isEscaped(const char esc[3]) const; + bool isHex(int c) const; + + MatchResult lists_comparator( + const std::list *first, + const std::list *second, + MatchResult (*comparator)(const std::string *, + const std::string *)) const; + + /** + * Map used to check if character is a 'mark' + */ + static const bool mark[256]; + /** + * Map used to check if character is a 'digit' + * + */ + static const bool digit[256]; + /** + * Map used to check if character is an 'alphanumeric' value + * + */ + static const bool alpha[256]; + + protected: + Match matchFunction; + Modifier modifierFunction; +}; + +typedef AceDB::BaseAttributeSet AttributeSet; + +//TODO remove later or ifdef debug methods +void printAttributes(const AttributeSet& attrs); +void printAttributes(const std::list & attrs); + +#endif //_ATTRIBUTE_H diff --git a/ace/include/ace/Combiner.h b/ace/include/ace/Combiner.h new file mode 100644 index 0000000..784dcea --- /dev/null +++ b/ace/include/ace/Combiner.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : Combiner.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#if !defined(_COMBINER_H) +#define _COMBINER_H + +#include + +#include +#include + +class Combiner +{ + protected: + + const AttributeSet * attrSet; + + public: + + virtual ExtendedEffect combineRules(const TreeNode * rule) = 0; + virtual ExtendedEffect combinePolicies(const TreeNode * policy) = 0; + + const AttributeSet * getAttributeSet() const + { + return this->attrSet; + } + void setAttributeSet(const AttributeSet * attrSet) + { + this->attrSet = attrSet; + } + virtual ~Combiner() + { + } //attrSet is deleted elsewhere +}; + +#endif //_COMBINER_H diff --git a/ace/include/ace/CombinerImpl.h b/ace/include/ace/CombinerImpl.h new file mode 100644 index 0000000..d7c2e21 --- /dev/null +++ b/ace/include/ace/CombinerImpl.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : CombinerImpl.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#ifndef _COMBINER_IMPL_H +#define _COMBINER_IMPL_H + +#include +#include + +#include "Combiner.h" +#include "Effect.h" +#include "Policy.h" +#include "Subject.h" + +class CombinerImpl : public Combiner +{ + public: + + virtual ExtendedEffect combineRules(const TreeNode * rule); + virtual ExtendedEffect combinePolicies(const TreeNode * policy); + + virtual ~CombinerImpl() + { + } + + protected: + + bool checkIfTargetMatches(const std::list * subjectsSet, + bool &isUndetermined); + + ExtendedEffect combine(Policy::CombineAlgorithm algorithm, + ExtendedEffectList &effects); + + ExtendedEffect denyOverrides(const ExtendedEffectList &effects); + ExtendedEffect permitOverrides(const ExtendedEffectList &effects); + ExtendedEffect firstApplicable(const ExtendedEffectList &effects); + ExtendedEffect firstMatchingTarget(const ExtendedEffectList &effects); + + std::list * convertEffectsToInts(const std::list * effects); + Effect convertIntToEffect(int intEffect); + + void showEffectList(ExtendedEffectList & effects) + { + ExtendedEffectList::iterator it = effects.begin(); + for (; it != effects.end(); ++it) { + LogDebug(toString(*it)); + } + } + + private: + bool isError(const ExtendedEffectList &effects); +}; + +#endif //_COMBINERIMPL_H diff --git a/ace/include/ace/Condition.h b/ace/include/ace/Condition.h new file mode 100644 index 0000000..918c1fe --- /dev/null +++ b/ace/include/ace/Condition.h @@ -0,0 +1,133 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// File: Condition.h +// Author: notroot +// +// Created on June 3, 2009, 9:00 AM +// +#ifndef _CONDITION_H +#define _CONDITION_H + +#include +#include +#include +#include + +#include "Attribute.h" +#include "Effect.h" +#include "TreeNode.h" + +class Condition +{ + public: + enum CombineType + { + AND, OR + }; + + void addCondition(const Condition & condition) + { + this->conditions.push_back(condition); + } + + void addAttribute(const Attribute & attribute) + { + this->attributes.push_back(attribute); + } + + void setCombineType(CombineType type) + { + this->combineType = type; + } + + Condition() : combineType(AND), + parent(NULL) + { + } + + Condition(CombineType type) : combineType(type), + parent(NULL) + { + } + + virtual ~Condition() + { + } + + Condition * getParent() + { + return this->parent; + } + + void setParent(Condition * condition) + { + this->parent = condition; + } + + Attribute::MatchResult evaluateCondition( + const AttributeSet * attrSet) const; + + friend std::ostream & operator<<(std::ostream & out, + Condition & condition) + { + FOREACH (it, condition.attributes) + { + out << *it; + } + return out; + } + //[CR] change function name + void getAttributes(AttributeSet * attrSet); + + private: + Attribute::MatchResult evaluateChildConditions( + const AttributeSet * attrSet, + bool &isFinalMatch, + bool & undefinedMatchFound) const; + + Attribute::MatchResult evaluateAttributes( + const AttributeSet * attrSet, + bool& isFinalMatch, + bool & undefinedMatchFound) const; + + // KW Attribute::MatchResult performANDalgorithm(const std::set * attributes) const; + + // KW Attribute::MatchResult performORalgorithm(const std::set * attributes) const; + + bool isEmpty() const + { + return attributes.empty() && conditions.empty(); + } + + bool isAndCondition() const + { + return combineType == AND; + } + + bool isOrCondition() const + { + return combineType == OR; + } + + std::list conditions; + CombineType combineType; + std::list attributes; + Condition *parent; +}; + +#endif /* _CONDITION_H */ + diff --git a/ace/include/ace/ConfigurationManager.h b/ace/include/ace/ConfigurationManager.h new file mode 100644 index 0000000..e15d343 --- /dev/null +++ b/ace/include/ace/ConfigurationManager.h @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef _CONFIGURATIONMANAGER_H_ +#define _CONFIGURATIONMANAGER_H_ + +#include +#include +#include +#include "Constants.h" +#include +#include + +enum class PolicyType { + WAC2_0, + Tizen +}; + +#define POLICY_NAME_WAC2_0 "WAC2.0" +#define POLICY_NAME_TIZEN "Tizen" +#define POLICY_WIDGET_TYPE_ATTRIBUTE_NAME "WrtSecurity.WidgetPolicyType" + +#pragma message "ATTR_ACTIVE_POLICY BAD_CAST, PARSER_ERROR, PARSER_SUCCESS\ + macros are DEPRECATED" +#define ATTR_ACTIVE_POLICY BAD_CAST("active") // !! DEPRECATED !! +#define PARSER_ERROR 1 // !! DEPRECATED !! +#define PARSER_SUCCESS 0 // !! DEPRECATED !! + +class ConfigurationManager +{ + public: + // !! DEPRECATED !! + enum ConfigurationManagerResult + { + CM_OPERATION_SUCCESS = 0, + CM_GENERAL_ERROR = -1, + CM_FILE_EXISTS = -2, + CM_REMOVE_ERROR = -3, + CM_REMOVE_CURRENT = -4, + CM_REMOVE_NOT_EXISTING = -5 + }; + + // !! DEPRECATED !! + std::string getCurrentPolicyFile(void) const; + std::string getFullPathToCurrentPolicyFile(void) const; + std::string getFullPathToCurrentPolicyXMLSchema(void) const; + int addPolicyFile(const std::string & filePath); + int removePolicyFile(const std::string& fileName); + int changeCurrentPolicyFile(const std::string& filePath); + std::string extractFilename(const std::string& path) const; + + /** + * ACE policy file path getter + * @return Full path to policy file + */ + std::string getFullPathToPolicyFile(PolicyType policy) const; + + /** + * ACE policy dtd file path getter + * @return Full path to ACE current policy file + */ + std::string getFullPathToPolicyXMLSchema(void) const; + + /** + * ACE policy storage path getter + * @return Full path to ACE policy file storage + */ + std::string getStoragePath(void) const; + + /** + * Method to obtain instance of configuration manager + * @return retuns pointer to configuration manager or NULL in case of error + */ + static ConfigurationManager * getInstance() + { + if (!instance) { + instance = new ConfigurationManager(); + } + return instance; + } + + protected: + + // !! DEPRECATED !! + int parse(const std::string&); + bool copyFile(FILE*, FILE*, int lenght = 1024) const; + bool checkIfFileExistst(const std::string&) const; + const std::list & getPolicyFiles() const; + const std::string & getConfigFile() const; + + ConfigurationManager() + { + } + virtual ~ConfigurationManager() + { + } + +private: + + static ConfigurationManager * instance; +}; + +#endif + diff --git a/ace/include/ace/Constants.h b/ace/include/ace/Constants.h new file mode 100644 index 0000000..ec9d9f0 --- /dev/null +++ b/ace/include/ace/Constants.h @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file Constants.h + * @author Piotr Fatyga (p.fatyga@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef _CONSTANTS_H +#define _CONSTANTS_H + +#define ACE_MAIN_STORAGE "/usr/etc/ace" +#define ACE_WAC_POLICY_FILE_NAME "/WAC2.0Policy.xml" +#define ACE_TIZEN_POLICY_FILE_NAME "/TizenPolicy.xml" +#define ACE_DTD_LOCATION ACE_MAIN_STORAGE "/bondixml.dtd" + +// !! DEPRECATED !! +#pragma message "ACE_CONFIGURATION_PATH, ACE_CONFIGURATION_DTD \ + macros are DEPRECATED" +#define ACE_CONFIGURATION_PATH ACE_MAIN_STORAGE "/config.xml" +#define ACE_CONFIGURATION_DTD ACE_MAIN_STORAGE "/config.dtd" + +/////////////////FOR GUI////////////////////// + +#define MYSTERIOUS_BITMAP "/usr/apps/org.tizen.policy/d.png" +#define MYSTERIOUS_BITMAP2 "/usr/apps/org.tizen.policy/file.png" + +///////////////////FOR TESTS////////////////////////// + +#define COMBINER_TEST "/usr/etc/ace/CMTest/com_general-test.xml" +#define CONFIGURATION_MGR_TEST_PATH "/usr/etc/ace/CMTest/" +#define CONFIGURATION_MGR_TEST_CONFIG ACE_MAIN_STORAGE "/CMTest/pms_config.xml" +#define CONFIGURATION_MGR_TEST_POLICY_STORAGE ACE_MAIN_STORAGE "/CMTest/active" +#define CONFIGURATION_MGR_TEST_POLICY_STORAGE_MOVED ACE_MAIN_STORAGE \ + "/CMTest/activeMoved" +#define CONFIGURATION_MGR_TEST_POLICY CONFIGURATION_MGR_TEST_POLICY_STORAGE \ + "/pms_general-test.xml" +#define POLICIES_TO_SIGN_DIR ACE_MAIN_STORAGE "/SignerTests/" + +#define OUTPUT_DIR ACE_MAIN_STORAGE "/SignerTests/signedPolicies/" +#define PRIVATE_KEY_DIR ACE_MAIN_STORAGE "/SignerTests/PrvKey/" +#define X509_DATA_BASE_DIR ACE_MAIN_STORAGE "/SignerTests/X509Data/" + +#endif /* _CONSTANTS_H */ + diff --git a/ace/include/ace/Effect.h b/ace/include/ace/Effect.h new file mode 100644 index 0000000..c771c15 --- /dev/null +++ b/ace/include/ace/Effect.h @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : Effect.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#ifndef _EFFECT_H_ +#define _EFFECT_H_ + +#include + +typedef int RuleId; + +enum Effect +{ + Deny =0, + Undetermined=1, // jk mb added this enum, so the ones below are inceremented!!!!!!! + PromptOneShot =2, + PromptSession =3, + PromptBlanket =4, + Permit =5, + Inapplicable =6, + NotMatchingTarget=7, + Error=8, +}; + +struct ExtendedEffect { +public: + ExtendedEffect(Effect effect = Error, RuleId ruleId = -1) + : m_effect(effect) + , m_ruleId(ruleId) + {} + + ExtendedEffect(const ExtendedEffect &second) + : m_effect(second.m_effect) + , m_ruleId(second.m_ruleId) + {} + + ExtendedEffect& operator=(const ExtendedEffect &second) { + m_effect = second.m_effect; + m_ruleId = second.m_ruleId; + return *this; + } + + Effect getEffect() const { return m_effect; } + + RuleId getRuleId() const { return m_ruleId; } + +private: + Effect m_effect; + RuleId m_ruleId; +}; + +typedef std::list ExtendedEffectList; + +inline const char *toString(const ExtendedEffect &effect) +{ + const char * temp = ""; + + switch (effect.getEffect()) { + case Deny: + temp = "Deny"; + break; + case Undetermined: + temp = "Undetermined"; + break; + case PromptOneShot: + temp = "PromptOneShot"; + break; + case PromptSession: + temp = "PromptSession"; + break; + case PromptBlanket: + temp = "PromptBlanket"; + break; + case Permit: + temp = "Permit"; + break; + case Inapplicable: + temp = "Inapplicable"; + break; + case NotMatchingTarget: + temp = "NotMatchingTarget"; + break; + case Error: + temp = "Error"; + break; + default:; + } + return temp; +} + +#endif //_EFFECT_H_ diff --git a/ace/include/ace/PermissionTriple.h b/ace/include/ace/PermissionTriple.h new file mode 100644 index 0000000..fcb7e47 --- /dev/null +++ b/ace/include/ace/PermissionTriple.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : PermissionTriple.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#if !defined(_PERMISSION_TRIPLE_H) +#define _PERMISSION_TRIPLE_H + +#include +#include +#include +#include + +typedef AceDB::BasePermission PermissionTriple; +typedef AceDB::BasePermissionList PermissionList; + +struct GeneralSetting +{ + GeneralSetting(const std::string& resourceName, + AceDB::PreferenceTypes accessAllowed) : generalSettingName(resourceName), + access(accessAllowed) + { + } + std::string generalSettingName; + AceDB::PreferenceTypes access; +}; + +#endif //_PERMISSION_TRIPLE_H diff --git a/ace/include/ace/Policy.h b/ace/include/ace/Policy.h new file mode 100644 index 0000000..2c43bd5 --- /dev/null +++ b/ace/include/ace/Policy.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : Policy.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#if !defined(_POLICY_H) +#define _POLICY_H + +#include + +#include +#include +#include +#include +#include +#include + +class Policy : public AbstractTreeElement, + DPL::Noncopyable +{ + public: + enum CombineAlgorithm { DenyOverride, PermitOverride, FirstApplicable, + FirstTargetMatching }; + + Policy() + { + combineAlgorithm = DenyOverride; + subjects = new std::list(); + } + + CombineAlgorithm getCombineAlgorithm() const + { + return this->combineAlgorithm; + } + + void setCombineAlgorithm(CombineAlgorithm algorithm) + { + this->combineAlgorithm = algorithm; + } + + const std::list * getSubjects() const + { + return this->subjects; + } + + void addSubject(const Subject * subject) + { + if (this->subjects == NULL) { + return; + } + this->subjects->push_back(subject); + } + + virtual ~Policy(); + + void printData(); + + std::string printCombineAlgorithm(CombineAlgorithm algorithm); + + private: + std::list *subjects; + CombineAlgorithm combineAlgorithm; +}; + +const char * toString(Policy::CombineAlgorithm algorithm); + +#endif //_POLICY_H diff --git a/ace/include/ace/PolicyEffect.h b/ace/include/ace/PolicyEffect.h new file mode 100644 index 0000000..43c79d7 --- /dev/null +++ b/ace/include/ace/PolicyEffect.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file PolicyEffect.h + * @author B.Grzelewski (b.grzelewski@samsung.com) + * @version 1.0 + * @brief This file contains the declaration of PolicyEffect type. + */ +#ifndef _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_ +#define _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_ + +enum class PolicyEffect { + DENY = 0, + PERMIT, + PROMPT_ONESHOT, + PROMPT_SESSION, + PROMPT_BLANKET +}; + +inline static std::ostream & operator<<(std::ostream& stream, + PolicyEffect effect) +{ + switch (effect) { + case PolicyEffect::DENY: stream << "DENY"; break; + case PolicyEffect::PERMIT: stream << "PERMIT"; break; + case PolicyEffect::PROMPT_ONESHOT: stream << "PROMPT_ONESHOT"; break; + case PolicyEffect::PROMPT_SESSION: stream << "PROMPT_SESSION"; break; + case PolicyEffect::PROMPT_BLANKET: stream << "PROMPT_BLANKET"; break; + default: Assert(false && "Invalid PolicyEffect constant"); + } + return stream; +} + +#endif // _SRC_ACCESS_CONTROL_COMMON_POLICY_EFFECT_H_ diff --git a/ace/include/ace/PolicyEnforcementPoint.h b/ace/include/ace/PolicyEnforcementPoint.h new file mode 100644 index 0000000..902587a --- /dev/null +++ b/ace/include/ace/PolicyEnforcementPoint.h @@ -0,0 +1,96 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * This class simply redirects the access requests to access control engine. + * The aim is to hide access control engine specific details from WRT modules. + * It also implements WRT_INTERFACE.h interfaces, so that ACE could access + * WRT specific and other information during the decision making. + * + * @file security_logic.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @author Ming Jin(ming79.jin@samsung.com) + * @brief Implementation file for security logic + */ +#ifndef POLICY_ENFORCEMENT_POINT_H +#define POLICY_ENFORCEMENT_POINT_H + +#include +#include +#include + +//#include +//#include +//#include + +//#include +#include +#include + +#include +#include + +// Forwards +class IWebRuntime; +class IResourceInformation; +class IOperationSystem; +class PolicyEvaluator; +class PolicyInformationPoint; +class Request; + +class PolicyEnforcementPoint : public AbstractPolicyEnforcementPoint +{ + public: + OptionalExtendedPolicyResult checkFromCache(Request &request); + ExtendedPolicyResult check(Request &request); + OptionalExtendedPolicyResult check(Request &request, + bool fromCacheOnly); + + virtual ~PolicyEnforcementPoint(); + + class PEPException + { + public: + DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, AlreadyInitialized) + }; + + /** + * This function take ownership of objects pass in call. + * Object will be deleted after call Deinitialize function. + */ + void initialize(IWebRuntime *wrt, + IResourceInformation *resource, + IOperationSystem *operation); + void terminate(); + + void updatePolicy(const std::string &policy); + void updatePolicy(); + + PolicyEvaluator *getPdp() const { return this->m_pdp; } + PolicyInformationPoint *getPip() const { return this->m_pip; } + + protected: + PolicyEnforcementPoint(); + friend class SecurityLogic; + private: // private data + IWebRuntime *m_wrt; + IResourceInformation *m_res; + IOperationSystem *m_sys; + PolicyEvaluator *m_pdp; + PolicyInformationPoint *m_pip; +}; + +#endif // POLICY_ENFORCEMENT_POINT_H diff --git a/ace/include/ace/PolicyEvaluator.h b/ace/include/ace/PolicyEvaluator.h new file mode 100644 index 0000000..e9c9285 --- /dev/null +++ b/ace/include/ace/PolicyEvaluator.h @@ -0,0 +1,153 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : PolicyEvaluator.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#ifndef _POLICY_EVALUATOR_H +#define _POLICY_EVALUATOR_H + +#include +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +class PolicyEvaluator : DPL::Noncopyable +{ + protected: + + /** + * Internal method used to initiate policy evaluation. Called after attribute set has been fetched + * by PIP. + * @param root root of the policies tree to be evaluated + */ + virtual ExtendedEffect evaluatePolicies(const TreeNode * root); + + // !! DEPRECATED !! + enum updateErrors + { + POLICY_PARSING_SUCCESS = 0, + POLICY_FILE_ERROR = 1, + PARSER_CREATION_ERROR, + POLICY_PARSING_ERROR + }; + private: + AttributeSet m_attributeSet; + + TreeNode *m_uniform_policy, *m_wac_policy, *m_tizen_policy; + std::string m_currentPolicyFile; + PolicyType m_policy_to_use; + + Combiner * m_combiner; + AsyncVerdictResultListener * m_verdictListener; + PolicyInformationPoint * m_pip; + + /** + * @return current policy Tree acc. to m_policy_to_use + */ + TreeNode * getCurrentPolicyTree(); + + /** + * Method used to extract attributes from subtree defined by PolicySet + * @param root original TreeStructure root node + * @param newRoot copy of TreeStructure containing only policies that matches current request + * + */ + void extractAttributesFromSubtree(const TreeNode *root); + + /** + * Method used to extract attributes from Tree Structure + * @return pointer to set of attributes needed to evaluate current request + * @return if extraction has been successful + * TODO return reducte tree structure + * TODO change comments + */ + bool extractAttributesFromRules(const TreeNode *); + + /** + * Extracts attributes from target of a given policy that are required to be fetched by PIP + */ + void extractTargetAttributes(const Policy *policy); + bool extractAttributes(TreeNode*); + + OptionalExtendedPolicyResult getPolicyForRequestInternal(bool fromCacheOnly); + PolicyResult effectToPolicyResult(Effect effect); + + /** + * Return safe policy tree in case of error with loading policy from file + */ + TreeNode * getDefaultSafePolicyTree(void); + + public: + PolicyEvaluator(PolicyInformationPoint * pip); + + bool extractAttributesTest() + { + m_attributeSet.clear(); + if (!extractAttributes(m_uniform_policy)) { + LogInfo("Warnign attribute set cannot be extracted. Returning Deny"); + return true; + } + + return extractAttributes(m_uniform_policy); + } + + AttributeSet * getAttributeSet() + { + return &m_attributeSet; + } + + virtual bool initPDP(); + virtual ~PolicyEvaluator(); + virtual ExtendedPolicyResult getPolicyForRequest(const Request &request); + virtual OptionalExtendedPolicyResult getPolicyForRequestFromCache( + const Request &request); + virtual OptionalExtendedPolicyResult getPolicyForRequest(const Request &request, + bool fromCacheOnly); + bool fillAttributeWithPolicy(); + + virtual int updatePolicy(const char *); + // This function updates policy from well known locations + virtual void updatePolicy(); + + std::string getCurrentPolicy(); +}; + +#endif //_POLICYEVALUATOR_H diff --git a/ace/include/ace/PolicyEvaluatorFactory.h b/ace/include/ace/PolicyEvaluatorFactory.h new file mode 100644 index 0000000..73e36a1 --- /dev/null +++ b/ace/include/ace/PolicyEvaluatorFactory.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file AbstractObjectFactory.h + * @author Piotr Fatyga (p.fatyga@samsung.com) + * @version 0.1 + * @brief + */ + +#ifndef _ABSTRACTOBJECTFACTORY_H +#define _ABSTRACTOBJECTFACTORY_H + +#include + +class AbstractPolicyEvaluatorFactory +{ + public: + virtual PolicyEvaluator * createPolicyEvaluator(PolicyInformationPoint *pip) + const = 0; +}; + +class PolicyEvaluatorFactory : public AbstractPolicyEvaluatorFactory +{ + public: + PolicyEvaluator * createPolicyEvaluator(PolicyInformationPoint *pip) const + { + return new PolicyEvaluator(pip); + } +}; + +#endif /* _ABSTRACTOBJECTFACTORY_H */ + diff --git a/ace/include/ace/PolicyInformationPoint.h b/ace/include/ace/PolicyInformationPoint.h new file mode 100644 index 0000000..ccb9763 --- /dev/null +++ b/ace/include/ace/PolicyInformationPoint.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : PolicyInformationPoint.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#ifndef _POLICY_INFORMATION_POINT_H +#define _POLICY_INFORMATION_POINT_H + +#include + +#include +#include +#include +#include +#include + +typedef int PipResponse; + +class PolicyInformationPoint : public DPL::Noncopyable +{ + private: + + /** queries for interfaces*/ + std::list resourceAttributesQuery; + std::list environmentAttributesQuery; + std::list subjectAttributesQuery; + std::list functionParamAttributesQuery; + std::list widgetParamAttributesQuery; + + /** create queries */ + void createQueries(AttributeSet* attributes); + + IWebRuntime* wrtInterface; + IResourceInformation* resourceInformation; + IOperationSystem* operationSystem; + + public: + static const int ERROR_SHIFT_RESOURCE = 3; + static const int ERROR_SHIFT_OS = 6; + static const int ERROR_SHIFT_FP = 9; + + /** Mask used to identify PIP error */ + enum ResponseTypeMask + { + SUCCESS = 0, + /* WebRuntime Error */ + WRT_UNKNOWN_SUBJECT = 1 << 0, + WRT_UNKNOWN_ATTRIBUTE = 1 << 1, + WRT_INTERNAL_ERROR = 1 << 2, + /* Resource Information Storage Error */ + RIS_UNKNOWN_RESOURCE = 1 << 3, + RIS_UNKNOWN_ATTRIBUTE = 1 << 4, + RIS_INTERNAL_ERROR = 1 << 5, + /*Operating system */ + OS_UNKNOWN_ATTRIBUTE = 1 << 6, + OS_INTERNAL_ERROR = 1 << 7 + }; + + //TODO add checking values of attributes + /** gather attributes values from adequate interfaces */ + virtual PipResponse getAttributesValues(const Request* request, + AttributeSet* attributes); + virtual ~PolicyInformationPoint(); + PolicyInformationPoint(IWebRuntime *wrt, + IResourceInformation *resource, + IOperationSystem *system); + virtual void update(IWebRuntime *wrt, + IResourceInformation *resource, + IOperationSystem *system) + { + wrtInterface = wrt; + resourceInformation = resource; + operationSystem = system; + } + IWebRuntime * getWebRuntime() + { + return wrtInterface; + } +}; + +#endif //_POLICY_INFORMATION_POINT_H diff --git a/ace/include/ace/PolicyResult.h b/ace/include/ace/PolicyResult.h new file mode 100644 index 0000000..f59fe80 --- /dev/null +++ b/ace/include/ace/PolicyResult.h @@ -0,0 +1,259 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_ +#define _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_ + +#include +#include +#include + +#include + +typedef DPL::Optional OptionalPolicyEffect; + +class PolicyDecision +{ +public: + enum Value { NOT_APPLICABLE = -1 }; + + PolicyDecision(PolicyEffect effect) + : m_isPolicyEffect(true) + , m_effect(effect) + {} + + PolicyDecision(const PolicyDecision &decision) + : m_isPolicyEffect(decision.m_isPolicyEffect) + , m_effect(decision.m_effect) + {} + + PolicyDecision(Value) + : m_isPolicyEffect(false) + {} + + bool operator==(const PolicyDecision &decision) const { + return (m_isPolicyEffect + && decision.m_isPolicyEffect + && m_effect == decision.m_effect) + || (!m_isPolicyEffect && !decision.m_isPolicyEffect); + } + + bool operator==(Value) const { + return !m_isPolicyEffect; + } + + bool operator!=(const PolicyDecision &decision) const { + return !(*this == decision); + } + + bool operator!=(Value value) const { + return !(*this == value); + } + + OptionalPolicyEffect getEffect() const + { + if (!m_isPolicyEffect) { + return OptionalPolicyEffect(); + } + return OptionalPolicyEffect(m_effect); + } + + std::ostream & toStream(std::ostream& stream) { + if (m_isPolicyEffect) + stream << m_effect; + else + stream << "NOT-APPLICABLE"; + return stream; + } + +private: + bool m_isPolicyEffect; + PolicyEffect m_effect; +}; + +inline static bool operator==(PolicyEffect e, const PolicyDecision &d) { + return d.operator==(e); +} + +inline static bool operator!=(PolicyEffect e, const PolicyDecision &d) { + return !(e == d); +} + +inline static std::ostream & operator<<(std::ostream& stream, + PolicyDecision decision) +{ + return decision.toStream(stream); +} + +class PolicyResult { +public: + enum Value { UNDETERMINED = -2 }; + + // This constructor is required by dpl controller and by dpl optional + PolicyResult() + : m_isDecision(false) + , m_decision(PolicyDecision::Value::NOT_APPLICABLE) // don't care + {} + + PolicyResult(PolicyEffect effect) + : m_isDecision(true) + , m_decision(effect) + {} + + PolicyResult(const PolicyDecision &decision) + : m_isDecision(true) + , m_decision(decision) + {} + + PolicyResult(const PolicyResult &result) + : m_isDecision(result.m_isDecision) + , m_decision(result.m_decision) + {} + + PolicyResult(PolicyDecision::Value value) + : m_isDecision(true) + , m_decision(value) + {} + + PolicyResult(Value) + : m_isDecision(false) + , m_decision(PolicyDecision::Value::NOT_APPLICABLE) // don't care + {} + + bool operator==(const PolicyResult &result) const { + return (m_isDecision + && result.m_isDecision + && m_decision == result.m_decision) + || (!m_isDecision && !result.m_isDecision); + } + + bool operator==(Value) const { + return !m_isDecision; + } + + bool operator!=(const PolicyResult &result) const { + return !(*this == result); + } + + bool operator!=(Value value) const { + return !(*this == value); + } + + OptionalPolicyEffect getEffect() const + { + if (!m_isDecision) { + return OptionalPolicyEffect(); + } + return m_decision.getEffect(); + } + + static int serialize(const PolicyResult &policyResult) + { + if (!policyResult.m_isDecision) { + return BD_UNDETERMINED; + } else if (policyResult.m_decision == + PolicyDecision::Value::NOT_APPLICABLE) + { + return BD_NOT_APPLICABLE; + } else if (policyResult.m_decision == PolicyEffect::PROMPT_BLANKET) { + return BD_PROMPT_BLANKET; + } else if (policyResult.m_decision == PolicyEffect::PROMPT_SESSION) { + return BD_PROMPT_SESSION; + } else if (policyResult.m_decision == PolicyEffect::PROMPT_ONESHOT) { + return BD_PROMPT_ONESHOT; + } else if (policyResult.m_decision == PolicyEffect::PERMIT) { + return BD_PERMIT; + } else if (policyResult.m_decision == PolicyEffect::DENY) { + return BD_DENY; + } + Assert(false && "Unknown value of policyResult."); + } + + static PolicyResult deserialize(int dec){ + switch (dec) { + case BD_DENY: + return PolicyEffect::DENY; + case BD_PERMIT: + return PolicyEffect::PERMIT; + case BD_PROMPT_ONESHOT: + return PolicyEffect::PROMPT_ONESHOT; + case BD_PROMPT_SESSION: + return PolicyEffect::PROMPT_SESSION; + case BD_PROMPT_BLANKET: + return PolicyEffect::PROMPT_BLANKET; + case BD_NOT_APPLICABLE: + return PolicyDecision::Value::NOT_APPLICABLE; + case BD_UNDETERMINED: + return Value::UNDETERMINED; + } + Assert(false && "Broken database"); + } + + std::ostream & toStream(std::ostream& stream) { + if (m_isDecision) + stream << m_decision; + else + stream << "UNDETERMINED"; + return stream; + } + +private: + static const int BD_UNDETERMINED = 6; + static const int BD_NOT_APPLICABLE = 5; + static const int BD_PROMPT_BLANKET = 4; + static const int BD_PROMPT_SESSION = 3; + static const int BD_PROMPT_ONESHOT = 2; + static const int BD_PERMIT = 1; + static const int BD_DENY = 0; + + bool m_isDecision; + PolicyDecision m_decision; +}; + +inline static bool operator==(const PolicyDecision &d, const PolicyResult &r) { + return r == d; +} + +inline static bool operator!=(const PolicyDecision &d, const PolicyResult &r) { + return !(d == r); +} + +inline static bool operator==(const PolicyEffect &e, const PolicyResult &r) { + return e == r; +} + +inline static bool operator!=(const PolicyEffect &e, const PolicyResult &r) { + return !(e == r); +} + +inline static std::ostream & operator<<(std::ostream& stream, + PolicyResult result) +{ + return result.toStream(stream); +} + +struct ExtendedPolicyResult { + ExtendedPolicyResult(const PolicyResult pr = PolicyEffect::DENY, int rule = -1) + : policyResult(pr) + , ruleId(rule) + {} + PolicyResult policyResult; + int ruleId; +}; + +typedef DPL::Optional OptionalExtendedPolicyResult; + +#endif // _SRC_ACCESS_CONTROL_COMMON_POLICY_RESULT_H_ diff --git a/ace/include/ace/PolicySet.h b/ace/include/ace/PolicySet.h new file mode 100644 index 0000000..de12394 --- /dev/null +++ b/ace/include/ace/PolicySet.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : PolicySet.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#if !defined(_POLICYSET_H) +#define _POLICYSET_H + +#include "Policy.h" +#include + +class PolicySet : public Policy +{ + public: + + //TODO Clean this class + //PolicySet(CombineAlgorithm algorithm, std::list * targetAttr,const std::string & subjectId) + // : Policy(algorithm,targetAttr,subjectId) + // {} + PolicySet() + { + } + ~PolicySet() + { + } +}; + +#endif //_POLICYSET_H diff --git a/ace/include/ace/Preference.h b/ace/include/ace/Preference.h new file mode 100644 index 0000000..c37fce8 --- /dev/null +++ b/ace/include/ace/Preference.h @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : Preference.h +// @ Date : 2009-05-2 +// @ Author : Samsung +// +// + +#ifndef _Preference_H_ +#define _Preference_H_ + +#include +#include + +#include + +typedef AceDB::PreferenceTypes Preference; +typedef AceDB::PreferenceTypesMap PreferenceMap; + +#endif //_Preference_H + diff --git a/ace/include/ace/PromptDecision.h b/ace/include/ace/PromptDecision.h new file mode 100644 index 0000000..bfe425b --- /dev/null +++ b/ace/include/ace/PromptDecision.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_ +#define _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_ + +#include +#include + +enum class PromptDecision { + ALLOW_ALWAYS, + DENY_ALWAYS, + ALLOW_THIS_TIME, + DENY_THIS_TIME, + ALLOW_FOR_SESSION, + DENY_FOR_SESSION +}; + +typedef DPL::Optional OptionalPromptDecision; + +struct CachedPromptDecision { + PromptDecision decision; + DPL::OptionalString session; +}; + +typedef DPL::Optional OptionalCachedPromptDecision; + +#endif // _SRC_ACCESS_CONTROL_COMMON_PROMPT_DECISION_H_ diff --git a/ace/include/ace/Request.h b/ace/include/ace/Request.h new file mode 100644 index 0000000..5e5fa9a --- /dev/null +++ b/ace/include/ace/Request.h @@ -0,0 +1,104 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : Request.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#ifndef _REQUEST_H_ +#define _REQUEST_H_ + +#include +#include +#include + +#include +#include + +class Request : public AceDB::IRequest +{ + public: + typedef std::string DeviceCapability; + typedef std::set DeviceCapabilitySet; + + enum ApplicationType { + APP_TYPE_TIZEN, + APP_TYPE_WAC20, + APP_TYPE_UNKNOWN + }; + + Request(WidgetHandle widgetHandle, + WidgetExecutionPhase phase, + IFunctionParam *functionParam = 0) + : m_widgetHandle(widgetHandle) + , m_phase(phase) + , m_functionParam(functionParam) + , m_appType(APP_TYPE_UNKNOWN) + {} + + WidgetHandle getWidgetHandle() const + { + return m_widgetHandle; + } + + WidgetExecutionPhase getExecutionPhase() const + { + return m_phase; + } + + IFunctionParam *getFunctionParam() const + { + return m_functionParam; + } + + void addDeviceCapability(const std::string& device) + { + m_devcapSet.insert(device); + } + + DeviceCapabilitySet getDeviceCapabilitySet() const + { + return m_devcapSet; + } + + void setAppType(ApplicationType appType) + { + m_appType = appType; + } + + ApplicationType getAppType() const + { + return m_appType; + } + + private: + WidgetHandle m_widgetHandle; + WidgetExecutionPhase m_phase; + //! \brief list of function param (only for intercept) + IFunctionParam *m_functionParam; + //! \brief Set of defice capabilities + DeviceCapabilitySet m_devcapSet; + ApplicationType m_appType; +}; + +typedef std::vector Requests; + +#endif //_REQUEST_H_ diff --git a/ace/include/ace/Rule.h b/ace/include/ace/Rule.h new file mode 100644 index 0000000..dc64389 --- /dev/null +++ b/ace/include/ace/Rule.h @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : Rule.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#if !defined(_RULE_H) +#define _RULE_H + +#include "Attribute.h" +#include "Effect.h" +#include "Condition.h" +#include + +class Rule : public AbstractTreeElement +{ + public: + + ExtendedEffect evaluateRule(const AttributeSet * attrSet) const; + + Rule() + : effect(Inapplicable) + { + //TODO we should set it to deny or smth, not inapplicable + } + + void setEffect(ExtendedEffect effect) + { + //We should not allow to set "Inapplicable" effect. + //Rules cannot have effect that is inapplicable, evaluation of the rules may however + //render the effect inapplicable. + Assert(effect.getEffect() != Inapplicable); + this->effect = effect; + } + void setCondition(Condition condition) + { + this->condition = condition; + } + void getAttributes(AttributeSet * attrSet) + { + condition.getAttributes(attrSet); + } + + //DEBUG methods + std::string printEffect(const ExtendedEffect &effect) const; + void printData(); + + private: + + ExtendedEffect effect; + Condition condition; +}; + +#endif //_RULE_H diff --git a/ace/include/ace/SettingsLogic.h b/ace/include/ace/SettingsLogic.h new file mode 100644 index 0000000..e0d1fdb --- /dev/null +++ b/ace/include/ace/SettingsLogic.h @@ -0,0 +1,88 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * + * @file SettingsLogic.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 0.1 + * @brief Header file for class getting/setting user/global ACE settings + */ + +#ifndef WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_ +#define WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +class SettingsLogic +{ + public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, DatabaseError) + }; + + // global settings + static AceDB::PreferenceTypes findGlobalUserSettings( + const std::string &resource, + WidgetHandle handler); + + static AceDB::PreferenceTypes findGlobalUserSettings( + const Request &request); + + // resource settings + static AceDB::PreferenceTypes getDevCapSetting( + const std::string &request); + static void getDevCapSettings(AceDB::PreferenceTypesMap *preferences); + static void setDevCapSetting(const std::string &resource, + AceDB::PreferenceTypes preference); + static void setAllDevCapSettings( + const std::list > &resourcesList); + static void removeDevCapSetting(const std::string &resource); + static void updateDevCapSetting(const std::string &resource, + AceDB::PreferenceTypes p); + + // user settings + static AceDB::PreferenceTypes getWidgetDevCapSetting( + const std::string &resource, + WidgetHandle handler); + static void getWidgetDevCapSettings(PermissionList *permissions); + static void setWidgetDevCapSetting(const std::string &resource, + WidgetHandle handler, + AceDB::PreferenceTypes preference); + static void setWidgetDevCapSettings(const PermissionList &tripleList); + static void removeWidgetDevCapSetting(const std::string &resource, + WidgetHandle handler); + + private: + SettingsLogic() + { + } + +}; + +#endif /* WRT_SRC_ACCESS_CONTROL_LOGIC_SETTINGS_LOGIC_H_ */ diff --git a/ace/include/ace/Subject.h b/ace/include/ace/Subject.h new file mode 100644 index 0000000..5176c99 --- /dev/null +++ b/ace/include/ace/Subject.h @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// File: Subject.h +// Author: notroot +// +// Created on June 2, 2009, 8:47 AM +// + +#ifndef _SUBJECT_H +#define _SUBJECT_H + +#include +#include +#include +#include +#include + +#include "Attribute.h" + +class Subject : DPL::Noncopyable +{ + std::string subjectId; + std::list targetAttributes; + + public: + Subject() + {} + + const std::list& getTargetAttributes() const; + + void setSubjectId(const std::string & subjectId) + { + this->subjectId = subjectId; + } + + //TODO maybe we should remove that becuase this causes a memory leak right now!! [CR] maybe thats true, maybe whe can remove this fun + // KW void setTargetAttributes(std::list * targetAttributes){ this->targetAttributes = targetAttributes; } + + const std::string & getSubjectId() const + { + return this->subjectId; + } + + void addNewAttribute(Attribute & attr) + { + this->targetAttributes.push_back(attr); + } + + //TODO in 1.0 change to true/false/undetermined + bool matchSubject(const AttributeSet *attrSet, + bool &isUndetermined) const; + + ~Subject() + {} +}; + +#endif /* _SUBJECT_H */ + diff --git a/ace/include/ace/TestTimer.h b/ace/include/ace/TestTimer.h new file mode 100644 index 0000000..1f07e61 --- /dev/null +++ b/ace/include/ace/TestTimer.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef _TEST_TIMER_H +#define _TEST_TIMER_H + +#include + +class TestTimer +{ + time_t startt, endt; + + public: + void start() + { + time(&startt); + } + void stop() + { + time(&endt); + } + double getTime() + { + return difftime(endt, startt); + } +}; + +#endif //_TEST_TIMER_H + diff --git a/ace/include/ace/TreeNode.h b/ace/include/ace/TreeNode.h new file mode 100644 index 0000000..473c26f --- /dev/null +++ b/ace/include/ace/TreeNode.h @@ -0,0 +1,130 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : TreeNode.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#ifndef _TREE_NODE_H +#define _TREE_NODE_H + +#include +#include + +#include + +class TreeNode; + +typedef std::list ChildrenSet; +typedef std::list::iterator ChildrenIterator; +typedef std::list::const_iterator ChildrenConstIterator; + +class TreeNode +{ + public: + //TODO nazwac pozadnie TYPY - moze jakas konwencja ... ??!! + enum TypeID { Policy =0, PolicySet=1, Rule=2}; + + const ChildrenSet & getChildrenSet() const + { + return children; + } + + TreeNode * getParent() const + { + return this->parent; + } + + void setParent(TreeNode *parent) + { + this->parent = parent; + } + + TypeID getTypeID() const + { + return this->typeID; + } + + void addChild(TreeNode *child) + { + child->setParent(this); + children.push_back(child); + } + + /** + * Clone the node + */ + // KW TreeNode * clone() { return new TreeNode(NULL,this->getTypeID(),this->getElement()); } + + TreeNode(TreeNode * parent, + TypeID type, + AbstractTreeElement * element) : + parent(parent), + typeID(type), + element(element) + { + } + + AbstractTreeElement * getElement() const + { + return element; + } + + private: + virtual ~TreeNode(); + + public: + /* + * It is common that we create a copy of tree structure created out of xml file. However we don't want to + * copy abstract elements ( Policies and Rules ) because we need them only for reading. We want to modify the + * tree structure though. Therefore we copy TreeNode. When the copy of the original tree is being destroyed method + * releaseTheSubtree should be called on "root". It automatically traverse the tree and call TreeNode destructors for + * each TreeNode in the tree. It doesn't remove the abstract elements in the tree ( there is always at most one abstract + * element instance, when tree is copied it is a shallow copy. + * When we want to completely get rid of the the tree and abstract elements we have to call releaseResources on tree root. + * We may want to do this for instance when we want to serialize the tree to disc. releaseResource method traverses the tree + * and releses the resources, as well as the TreeNode so NO releaseTheSubtree is required any more + */ + void releaseResources(); + + /** + * Used to delete the copies of tree structure. The original tree structure should be removed with releaseResources method. + * ReleaseTheSubtree method doesn't delete the abstract elements, only TreeNodes. It traverses the whole tree, so it should be + * called on behalf of root of the tree + */ + // KW void releaseTheSubtree(); + + friend std::ostream & operator<<(std::ostream & out, + const TreeNode * node); + // KW void printSubtree(); + + private: + // KW TreeNode(const TreeNode& pattern){ (void)pattern; } + + std::list children; + TreeNode * parent; + //TODO standarize ID case + TypeID typeID; + AbstractTreeElement * element; + static int level; +}; + +#endif //_TREE_NODE_H diff --git a/ace/include/ace/UserDecision.h b/ace/include/ace/UserDecision.h new file mode 100644 index 0000000..67bdbcf --- /dev/null +++ b/ace/include/ace/UserDecision.h @@ -0,0 +1,37 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : UserDecision.h +// @ Date : 2009-05-22 +// @ Author : Samsung +// +// + +#ifndef _USERDECISION_H +#define _USERDECISION_H + +#include +#include + +typedef AceDB::ValidityTypes Validity; + +const char * toString(Validity validity); + +#endif //_USERDECISION_H + diff --git a/ace/include/ace/Verdict.h b/ace/include/ace/Verdict.h new file mode 100644 index 0000000..83d2d79 --- /dev/null +++ b/ace/include/ace/Verdict.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : Verdict.h +// @ Date : 2009-05-2 +// @ Author : Samsung +// +// + +#ifndef _VERDICT_H +#define _VERDICT_H + +#include +#include +#include + +typedef AceDB::VerdictTypes Verdict; +//typedef AceDB::TimedVerdict TimedVerdict; + +const char * toString(Verdict verditct); + +#endif //_VERDICT_H + diff --git a/ace/include/ace/WRT_INTERFACE.h b/ace/include/ace/WRT_INTERFACE.h new file mode 100644 index 0000000..ac8ab93 --- /dev/null +++ b/ace/include/ace/WRT_INTERFACE.h @@ -0,0 +1,144 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef _WRT_INERFACE_4_ACE_EXAMPLE_H_ +#define _WRT_INERFACE_4_ACE_EXAMPLE_H_ + +#include +#include +#include + +typedef int WidgetHandle; + +class Request; + +enum WidgetExecutionPhase +{ + WidgetExecutionPhase_Unknown = 0, + WidgetExecutionPhase_WidgetInstall = 1 << 0, + WidgetExecutionPhase_WidgetInstantiate = 1 << 1, + WidgetExecutionPhase_WebkitBind = 1 << 2, + WidgetExecutionPhase_Invoke = 1 << 3 +}; + +struct RequestContext +{ + const WidgetHandle Handle; + WidgetExecutionPhase Phase; + + RequestContext(WidgetHandle handle, + WidgetExecutionPhase phase) : + Handle(handle), + Phase(phase) + { + } +}; + +// Pair of pointer to attribute name and pointer to list of value for +// this attribute name +typedef std::pair< const std::string* const, std::list* > +ATTRIBUTE; + +/* + * Each function should return 0 as success and positive value as error + * + * Possible return value: + * 0 - succes + * 1 - subjectId/resourceId name unknown + * 2 - unknown attribute name + * 4 - interface error + **/ + +/************** Web Runtime ********************/ + +class IWebRuntime +{ + public: + + /** + * gather and set attributes values for specified subjectId + * and attribute name + * @param subjectId is a name of subject (widget or internet site URI ) + * @param attributes is a list of pairs( + * first: pointer to attribute name + * second: list of values for attribute (std::string) - + * its a list of string (BONDI requirement), but usually there will + * be only one string + * */ + virtual int getAttributesValues(const Request &request, + std::list *attributes) = 0; + + /*return current sessionId */ + virtual std::string getSessionId(const Request &request) = 0; + + virtual ~IWebRuntime() + { + } +}; + +/************** Resource Information ********************/ +class IResourceInformation +{ + public: + /** + * gather and set attributes values for specified resourceId + * and attribute name + * @param resourceId is a name of subject (widget or internet site URI ) + * @param attributes is a list of pairs( + * first: pointer to attribute name + * second: list of values for attribute (std::string) - + * its a list of string (BONDI requirement), but usually there will + * be only one string + * */ + virtual int getAttributesValues(const Request &request, + std::list *attributes) = 0; + + virtual ~IResourceInformation() + { + } +}; + +/************** Operation System ********************/ +class IOperationSystem +{ + public: + + /** + * gather and set attributes values for specified attribute name + * @param attributes is a list of pairs( + * first: pointer to attribute name + * second: list of values for attribute (std::string) - + * its a list of string (BONDI requirement), but usually + * there will be only one string + * */ + virtual int getAttributesValues(const Request &request, + std::list *attributes) = 0; + + virtual ~IOperationSystem() + { + } +}; + +class IFunctionParam +{ + public: + virtual int getAttributesValues(const Request &request, + std::list *attributes) = 0; + virtual ~IFunctionParam() + { + } +}; + +#endif //_WRT_INERFACE_4_ACE_EXAMPLE_H_ diff --git a/ace/include/ace/WidgetUsageModel.h b/ace/include/ace/WidgetUsageModel.h new file mode 100644 index 0000000..09d15f8 --- /dev/null +++ b/ace/include/ace/WidgetUsageModel.h @@ -0,0 +1,97 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// @ Project : Access Control Engine +// @ File Name : UserDecision.h +// @ Date : 2009-05-22 +// @ Author : Samsung +// +// + +#ifndef _WIDGET_USAGE_H +#define _WIDGET_USAGE_H + +#include + +#include "Request.h" +#include "AsyncVerdictResultListener.h" + +enum UsageValidity +{ + USAGE_UNKNOWN, + USAGE_ONCE, + USAGE_SESSION, + USAGE_ALWAYS +}; + +enum UsageVerdict +{ + USAGE_VERDICT_PERMIT, + USAGE_VERDICT_DENY, + USAGE_VERDICT_INAPPLICABLE, + USAGE_VERDICT_UNDETERMINED, + USAGE_VERDICT_UNKNOWN, + USAGE_VERDICT_ERROR +}; +//Forward declaration +class PolicyEvaluator; + +class PolicyEvaluatorData +{ + private: + Request m_request; + UsageValidity m_validity; + UsageVerdict m_verdict; + AsyncVerdictResultListener *m_listener; + public: + + PolicyEvaluatorData(const Request& request, + AsyncVerdictResultListener *listener) : + m_request(request), + m_validity(USAGE_UNKNOWN), + m_verdict(USAGE_VERDICT_ERROR), + m_listener(listener) + { + } + + // KW UsageValidity getValidity() const { + // KW return m_validity; + // KW } + // KW + // KW UsageVerdict getVerdict() const { + // KW return m_verdict; + // KW } + // KW + // KW void setValidity(UsageValidity validity) { + // KW this->m_validity = validity; + // KW } + // KW + // KW void setVerdict(UsageVerdict verdict) { + // KW this->m_verdict = verdict; + // KW } + + const Request& getRequest() const + { + return m_request; + } + + AsyncVerdictResultListener* getListener() const + { + return m_listener; + } +}; + +#endif //_USERDECISION_H diff --git a/ace/include/ace/acf_consts.h b/ace/include/ace/acf_consts.h new file mode 100644 index 0000000..93ecfae --- /dev/null +++ b/ace/include/ace/acf_consts.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * This file contain consts for Signing Template and Policy Manager + * This values will be used to specified and identified algorithms in xml policy documents. + * Its consistent with BONDI 1.0 released requirements + * + * NOTE: This values should be verified when ACF will be updated to the latest version of BONDI requirements + * This values comes from widget digital signature 1.0 - required version of this doc is very important + * + **/ + +#ifndef ACF_CONSTS_TYPES_H +#define ACF_CONSTS_TYPES_H + +//Digest Algorithms +extern const char* DIGEST_ALG_SHA256; + +//Canonicalization Algorithms +extern const char* CANONICAL_ALG_C14N; + +//Signature Algorithms +extern const char* SIGNATURE_ALG_RSA_with_SHA256; +extern const char* SIGNATURE_ALG_DSA_with_SHA1; +extern const char* SIGNATURE_ALG_ECDSA_with_SHA256; + +#endif + diff --git a/ace/include/ace/parser.h b/ace/include/ace/parser.h new file mode 100644 index 0000000..26f15e2 --- /dev/null +++ b/ace/include/ace/parser.h @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +// +// +// +// @ Project : Access Control Engine +// @ File Name : parser.h +// @ Date : 2009-05-06 +// @ Author : Samsung +// +// + +#ifndef _PARSER_H_ +#define _PARSER_H_ + +//#include "/usr/include/libxml2/libxml/parser.h" +#include +#include +#include +#include +#include + +#include "Policy.h" +#include "PolicySet.h" +#include "Request.h" +#include "Rule.h" +#include "Attribute.h" +#include "TreeNode.h" +#include "Subject.h" +#include "Condition.h" +#include "Effect.h" + +#define whitespaces " \n\t\r" + +enum CanonicalizationAlgorithm +{ + C14N, + C14NEXCLUSIVE +}; + +class Parser +{ + private: + RuleId ruleId; + xmlTextReaderPtr reader; + + TreeNode * root; + TreeNode * currentRoot; + Subject * currentSubject; + Condition * currentCondition; + Attribute * currentAttribute; + std::string * currentText; + + bool processingSignature; + bool canonicalizeOnce; + + void processNode(xmlTextReaderPtr reader); + + //Node Handlers + void endNodeHandler(xmlTextReaderPtr reader); + void textNodeHandler(xmlTextReaderPtr reader); + void startNodeHandler(xmlTextReaderPtr reader); + + //Node names handlers + void handleAttr(xmlTextReaderPtr reader); + void handleRule(xmlTextReaderPtr reader); + void handleSubject(); + void handleCondition(xmlTextReaderPtr reader); + void handleSubjectMatch(xmlTextReaderPtr reader); + void handleMatch(xmlTextReaderPtr reader, + Attribute::Type); + void handlePolicy(xmlTextReaderPtr reader, + TreeNode::TypeID type); + + //helpers + Policy::CombineAlgorithm convertToCombineAlgorithm(xmlChar*); + ExtendedEffect convertToEffect(xmlChar *effect); + Attribute::Match convertToMatchFunction(xmlChar * func); + void consumeCurrentText(); + void consumeCurrentAttribute(); + void consumeSubjectMatch(xmlChar * value = NULL); + void consumeCurrentSubject(); + void consumeCurrentCondition(); + void trim(std::string *); + // KW void canonicalize(const char *, const char *, CanonicalizationAlgorithm canonicalizationAlgorithm); + // KW int extractNodeToFile(xmlTextReaderPtr reader, const char * filename); + + static const char *TOKEN_PARAM; + public: + Parser(); + ~Parser(); + TreeNode * parse(const std::string& filename, const std::string& schema); +}; + +#endif //_PARSER_H diff --git a/ace/orm/ace_db b/ace/orm/ace_db new file mode 100644 index 0000000..7f90ed4 --- /dev/null +++ b/ace/orm/ace_db @@ -0,0 +1,92 @@ +SQL( + PRAGMA foreign_keys = ON; + BEGIN TRANSACTION; +) + +CREATE_TABLE(AcePolicyResult) + COLUMN_NOT_NULL(decision, INTEGER, check(decision between 0 and 6)) + COLUMN_NOT_NULL(hash, TEXT,) + COLUMN_NOT_NULL(rule_id, INTEGER) + TABLE_CONSTRAINTS( + PRIMARY KEY(hash) + ) +CREATE_TABLE_END() + +CREATE_TABLE(AcePromptDecision) + COLUMN_NOT_NULL(app_id, INTEGER,) + COLUMN_NOT_NULL(decision, INTEGER, check(decision between 0 and 5)) + COLUMN(session, TEXT,) + COLUMN_NOT_NULL(rule_id, INTEGER,) + TABLE_CONSTRAINTS( + PRIMARY KEY(app_id,rule_id) + ) +CREATE_TABLE_END() + +CREATE_TABLE(AceAttribute) + COLUMN_NOT_NULL(attr_id, INTEGER, primary key autoincrement) + COLUMN_NOT_NULL(name, TEXT,) + COLUMN_NOT_NULL(type, INTEGER, check(type between 0 and 4)) + + TABLE_CONSTRAINTS(unique(name,type)) +CREATE_TABLE_END() + +CREATE_TABLE(AceSubject) + COLUMN_NOT_NULL(subject_id, INTEGER, primary key autoincrement) + COLUMN_NOT_NULL(id_uri, TEXT, unique) +CREATE_TABLE_END() + +CREATE_TABLE(AceDevCap) + COLUMN_NOT_NULL(resource_id, INTEGER, primary key autoincrement) + COLUMN_NOT_NULL(id_uri, TEXT, unique) + COLUMN_NOT_NULL(general_setting,INTEGER, check(general_setting between -1 and 4)) +CREATE_TABLE_END() + +CREATE_TABLE(AceWidgetDevCapSetting) + COLUMN_NOT_NULL(app_id, INTEGER, not null) + COLUMN_NOT_NULL(resource_id, INTEGER, references AceDevCap(resource_id)) + COLUMN_NOT_NULL(access_value, INTEGER, check(access_value between -1 and 4)) + + TABLE_CONSTRAINTS(unique(app_id,resource_id)) +CREATE_TABLE_END() + +CREATE_TABLE(AceRequestedDevCaps) + COLUMN_NOT_NULL(app_id, INTEGER, not null) + COLUMN_NOT_NULL(grant_smack, INTEGER, not null) + COLUMN_NOT_NULL(dev_cap, TEXT,) + + TABLE_CONSTRAINTS(unique(app_id,dev_cap)) +CREATE_TABLE_END() + +CREATE_TABLE(AceAcceptedFeature) + COLUMN_NOT_NULL(app_id, INTEGER, not null) + COLUMN_NOT_NULL(feature, TEXT, not null) + + TABLE_CONSTRAINTS(unique(app_id,feature)) +CREATE_TABLE_END() + +CREATE_TABLE(WidgetInfo) + COLUMN_NOT_NULL(app_id, INTEGER, PRIMARY KEY) + COLUMN(widget_type, INT, DEFAULT 1) + COLUMN(widget_id, VARCHAR(256), DEFAULT '') + COLUMN(widget_version, VARCHAR(256), DEFAULT '') + COLUMN(author_name, VARCHAR(256), DEFAULT '') + COLUMN(share_href, VARCHAR(256), DEFAULT '') +CREATE_TABLE_END() + +CREATE_TABLE(WidgetCertificateFingerprint) + COLUMN_NOT_NULL(app_id, INT,) + COLUMN_NOT_NULL(owner, INT,) + COLUMN_NOT_NULL(chainid, INT,) + COLUMN_NOT_NULL(type, INT,) + COLUMN(md5_fingerprint, VARCHAR(64),) + COLUMN(sha1_fingerprint, VARCHAR(64),) + COLUMN(common_name, VARCHAR(64),) + TABLE_CONSTRAINTS( + PRIMARY KEY (app_id, chainid, owner, type) + FOREIGN KEY (app_id) REFERENCES WidgetInfo (app_id) ON DELETE CASCADE + ) +CREATE_TABLE_END() + +SQL( + COMMIT; +) diff --git a/ace/orm/ace_db_definitions b/ace/orm/ace_db_definitions new file mode 100644 index 0000000..46836e9 --- /dev/null +++ b/ace/orm/ace_db_definitions @@ -0,0 +1,6 @@ +DATABASE_START(ace) + +#include "ace_db" +#include "version_db" + +DATABASE_END() diff --git a/ace/orm/ace_db_sql_generator.h b/ace/orm/ace_db_sql_generator.h new file mode 100644 index 0000000..5af05ac --- /dev/null +++ b/ace/orm/ace_db_sql_generator.h @@ -0,0 +1,27 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file wrt_db_sql_generator.h + * @author Bartosz Janiak (b.janiak@samsung.com) + * @version 1.0 + * @brief Macro definitions for generating the SQL input file from database definition. + */ + +//Do not include this file directly! It is used only for SQL code generation. + +#include + +#include "ace_db_definitions" diff --git a/ace/orm/gen_db_md5.sh b/ace/orm/gen_db_md5.sh new file mode 100755 index 0000000..38587b7 --- /dev/null +++ b/ace/orm/gen_db_md5.sh @@ -0,0 +1,19 @@ +#!/bin/sh +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +CHECKSUM=`cat ${2} ${3} 2>/dev/null | md5sum 2>/dev/null | cut -d\ -f1 2>/dev/null` +echo "#define DB_CHECKSUM DB_VERSION_${CHECKSUM}" > ${1} +echo "#define DB_CHECKSUM_STR \"DB_VERSION_${CHECKSUM}\"" >> ${1} + diff --git a/ace/orm/orm_generator_ace.h b/ace/orm/orm_generator_ace.h new file mode 100644 index 0000000..640dd35 --- /dev/null +++ b/ace/orm/orm_generator_ace.h @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ORM_GENERATOR_ACE_H +#define ORM_GENERATOR_ACE_H + +#define ORM_GENERATOR_DATABASE_NAME ace_db_definitions +#include +#undef ORM_GENERATOR_DATABASE_NAME + +#endif diff --git a/ace/orm/version_db b/ace/orm/version_db new file mode 100644 index 0000000..7e20d8d --- /dev/null +++ b/ace/orm/version_db @@ -0,0 +1,5 @@ +SQL( + BEGIN TRANSACTION; + CREATE TABLE DB_CHECKSUM (version INT); + COMMIT; +) diff --git a/ace_client/CMakeLists.txt b/ace_client/CMakeLists.txt new file mode 100644 index 0000000..4b7537b --- /dev/null +++ b/ace_client/CMakeLists.txt @@ -0,0 +1 @@ +ADD_SUBDIRECTORY(src) diff --git a/ace_client/include/ace-client/ace_client.h b/ace_client/include/ace-client/ace_client.h new file mode 100644 index 0000000..4b4081b --- /dev/null +++ b/ace_client/include/ace-client/ace_client.h @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file ace_client.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This file contains definitions of AceThinClient API + */ +#ifndef WRT_ACE_CLIENT_H +#define WRT_ACE_CLIENT_H + +#include +#include +#include +#include + +class WebRuntimeImpl; +class ResourceInformationImpl; +class OperationSystemImpl; + +namespace AceClient { + +class AceThinClientImpl; + +class AceThinClient : private DPL::Noncopyable { + public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, AceThinClientException) + }; + + bool checkFunctionCall(const AceRequest& ace_request) const; + AcePreference getWidgetResourcePreference( + const AceResource& resource, + const AceWidgetHandle& handle) const; + AceResourcesPreferences* getGlobalResourcesPreferences() const; + bool isInitialized() const; + + private: + AceThinClient(); + virtual ~AceThinClient(); + + AceThinClientImpl* m_impl; + friend class DPL::Singleton; + WebRuntimeImpl* m_wrt; + ResourceInformationImpl* m_res; + OperationSystemImpl* m_sys; +}; + +typedef DPL::Singleton AceThinClientSingleton; + +} // namespace AceClient + +#endif // WRT_ACE_CLIENT_H diff --git a/ace_client/include/ace-client/ace_client_helper.h b/ace_client/include/ace-client/ace_client_helper.h new file mode 100644 index 0000000..14c5964 --- /dev/null +++ b/ace_client/include/ace-client/ace_client_helper.h @@ -0,0 +1,139 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file ace_client_helper.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This file contains definitions of AceClient helper types and + * functions. + */ +#ifndef WRT_ACE_CLIENT_HELPER_H +#define WRT_ACE_CLIENT_HELPER_H + +#include +#include +#include + +#include +#include + +#include "ace_client_types.h" + +namespace AceClient { + +AcePreference toAcePreference(AceDB::PreferenceTypes preference) +{ + switch (preference) { + case AceDB::PreferenceTypes::PREFERENCE_PERMIT: { + return PREFERENCE_PERMIT; } + case AceDB::PreferenceTypes::PREFERENCE_DENY: { + return PREFERENCE_DENY; } + case AceDB::PreferenceTypes::PREFERENCE_DEFAULT: { + return PREFERENCE_DEFAULT; } + case AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT: { + return PREFERENCE_BLANKET_PROMPT; } + case AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT: { + return PREFERENCE_SESSION_PROMPT; } + case AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: { + return PREFERENCE_ONE_SHOT_PROMPT; } + } + return PREFERENCE_DEFAULT; +} + +typedef std::vector AceParamKeys; +typedef std::vector AceParamValues; + +class AceFunctionParam +{ + public: + virtual ~AceFunctionParam() + { + } + + void addAttribute(const std::string& key, + const std::string& value) + { + m_paramMap.insert(std::make_pair(key, value)); + } + + AceParamKeys getKeys() const + { + AceParamKeys out; + FOREACH (it, m_paramMap) { + out.push_back(it->first); + } + return out; + } + + AceParamValues getValues() const + { + AceParamValues out; + FOREACH (it, m_paramMap) { + out.push_back(it->second); + } + return out; + } + + static std::string aceFunctionParamToken; + + private: + typedef std::multimap ParamMap; + ParamMap m_paramMap; +}; + +typedef std::vector AceFunctionParams; + +class AceBasicRequest : public AceDB::IRequest { + public: + AceBasicRequest(const AceSubject& subject, + const AceResource& resource) : + m_subject(subject), + m_resource(resource) + { + } + + AceBasicRequest(const AceSubject& subject, + const AceResource& resource, + const AceFunctionParam& param) : + m_subject(subject), + m_resource(resource), + m_param(param) + { + } + virtual const std::string& getSubjectId() const + { + return m_subject; + } + virtual const std::string& getResourceId() const + { + return m_resource; + } + virtual const AceFunctionParam& getFunctionParam() const + { + return m_param; + } + + private: + AceSubject m_subject; + AceResource m_resource; + AceFunctionParam m_param; +}; + +typedef std::vector AceBasicRequests; + +} // namespace AceClient + +#endif // WRT_ACE_CLIENT_HELPER_H diff --git a/ace_client/include/ace-client/ace_client_types.h b/ace_client/include/ace-client/ace_client_types.h new file mode 100644 index 0000000..f27a4ba --- /dev/null +++ b/ace_client/include/ace-client/ace_client_types.h @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file ace_client_types.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This file contains definitions of AceClient types + */ +#ifndef WRT_ACE_CLIENT_TYPES_H +#define WRT_ACE_CLIENT_TYPES_H + +#include +#include +#include + +namespace AceClient { + +typedef int AceWidgetHandle; +typedef void* AceJobWidgetInstallId; + +typedef std::string AceResource; +typedef std::string AceSubject; +typedef std::string AceSessionId; + +enum AcePreference +{ + PREFERENCE_PERMIT, + PREFERENCE_DENY, + PREFERENCE_DEFAULT, + PREFERENCE_BLANKET_PROMPT, + PREFERENCE_SESSION_PROMPT, + PREFERENCE_ONE_SHOT_PROMPT +}; + +typedef std::map AceResourcesPreferences; +typedef std::pair AceResurcePreference; + +struct AceParam +{ + const char *name; + const char *value; + + AceParam(): + name(NULL), value(NULL) + {} + + AceParam(const char *name, const char *value): + name(name), value(value) + {} +}; + +struct AceParamList +{ + size_t count; + AceParam* param; + AceParamList(): + count(0), + param(NULL) + {} +}; + +struct AceDeviceCap +{ + size_t devcapsCount; + const char** devCapNames; + size_t paramsCount; + AceParamList* params; + AceDeviceCap(): + devcapsCount(0), + devCapNames(NULL), + paramsCount(0), + params(NULL) + {} +}; + +struct AceApiFeatures +{ + size_t count; + const char** apiFeature; + AceApiFeatures(): + count(0), + apiFeature(NULL) + {} +}; + +struct AceRequest +{ + AceSessionId sessionId; + AceWidgetHandle widgetHandle; + AceApiFeatures apiFeatures; + const char* functionName; + AceDeviceCap deviceCapabilities; + AceRequest(): + widgetHandle(0), + apiFeatures(), + functionName(NULL), + deviceCapabilities() + {} +}; + +} // namespace AceClient + +#endif // WRT_ACE_CLIENT_TYPES_H diff --git a/ace_client/include/ace_api_client.h b/ace_client/include/ace_api_client.h new file mode 100644 index 0000000..817a988 --- /dev/null +++ b/ace_client/include/ace_api_client.h @@ -0,0 +1,118 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_api_client.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This is C api for Access Control Engine (ACE), client mode + * (RO part). + */ + +#ifndef ACE_API_CLIENT_H +#define ACE_API_CLIENT_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * API defined in this header should be used only from one thread. If used + * otherwise, unexpected behaviour may occur, including segmentation faults and + * escalation of global warming. Be warned. + */ + +// --------------- Initialization and deinitialization ------------------------- + +/* + * Function type that must be implemented externally and passed to ACE + * on initialization. This function must show to the user a popup with + * information on access request to single device capability. Will be used by + * implementation of ace_check_access API, when policy requires to display + * popup. + * + * Function must be synchronous and must behave accordingly: + * + * Function may return value other than ACE_OK, but it will be treated as + * denial of access. + * + * If returned value is ACE_OK, then 'validation_result' must hold information + * on whether the access was granted or not. + * + * Executed function must display a popup with readable information presented to + * user, covering 'resource_name' that is to be accessed for 'handle' widget + * which is requesting the access. + * + * In its implementation, after the user answered to displayed question, + * UI handler must call popup answer validation API (ace_validate_answer) + * from separate, ace-popup-validation library, with passed 'param_list', + * 'session_id', 'handle' and given answer as arguments. Validation result + * returned by ace_validate_answer needs to be returned in 'validation_result' + * parameter of UI handler. + * + * 'popup_type' describes what kind of options should be given to user - i.e. + * ONESHOT prompt only gives possibility to answer Permit/Deny and returned + * validity for this prompt must be ONCE. PER_SESSION prompt allows to return + * validity ONCE or PER_SESSION. BLANKET prompt allows to return any validity, + * as defined in ace_validity_t. + * + * This call must be made from properly SMACK labelled, safe process - otherwise + * the validation will not occur in security daemon and caller will not be + * granted access to requested device capability. + */ +typedef ace_return_t (*ace_popup_handler_func_t)( + ace_popup_t popup_type, + const ace_resource_t resource_name, + const ace_session_id_t session_id, + const ace_param_list_t* param_list, + ace_widget_handle_t handle, + ace_bool_t* validation_result); + +/* + * Initializes ACE for check access API (client mode). Must be called only once. + * Keep in mind that initializing ACE in client mode disallows usage of API + * defined in ace_api.h and ace_api_settings.h (RW part). + * + * 'handler' must not be NULL, see definition of ace_popup_handler_func_t for + * more information. + * + * Returns error or ACE_OK. + */ +ace_return_t ace_client_initialize(ace_popup_handler_func_t handler); + +/* + * Deinitializes ACE client for check access API. Can be called only once. + */ +ace_return_t ace_client_shutdown(void); + +// --------------- Check Access API -------------------------------------------- + +/* + * Does ACE check with set of device capabilities and function parameters. + * Checks cache first, if it is non-existent, does full ACE check. + * + * Returns error or ACE_OK and information if access was allowed or not + * (value ACE_TRUE or ACE_FALSE is in 'access' argument, only if returned value + * is ACE_OK - otherwise, 'access' value is undefined) + */ +ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access); + +#ifdef __cplusplus +} +#endif + +#endif // ACE_API_CLIENT_H diff --git a/ace_client/include/ace_popup_handler.h b/ace_client/include/ace_popup_handler.h new file mode 100644 index 0000000..e63630d --- /dev/null +++ b/ace_client/include/ace_popup_handler.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_popup_handler.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief Private header for access to UI handling function. + * (RO part). + */ + +#ifndef ACE_POPUP_HANDLER_H +#define ACE_POPUP_HANDLER_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +extern ace_popup_handler_func_t popup_func; + +#ifdef __cplusplus +} +#endif + +#endif // ACE_POPUP_HANDLER_H diff --git a/ace_client/src/CMakeLists.txt b/ace_client/src/CMakeLists.txt new file mode 100644 index 0000000..72a7f56 --- /dev/null +++ b/ace_client/src/CMakeLists.txt @@ -0,0 +1,71 @@ +include(FindPkgConfig) + +PKG_CHECK_MODULES(ACE_CLIENT_DEPS + dpl-efl + dpl-event-efl + dpl-dbus-efl + REQUIRED + ) + +SET(ACE_CLIENT_DIR + ${PROJECT_SOURCE_DIR}/ace_client + ) + +SET(ACE_CLIENT_SRC_DIR + ${ACE_CLIENT_DIR}/src + ) + +SET(ACE_CLIENT_INCLUDE_DIR + ${ACE_CLIENT_DIR}/include + ) + +SET(ACE_CLIENT_SOURCES + ${COMMUNICATION_CLIENT_SOURCES} + ${ACE_CLIENT_SRC_DIR}/ace_client.cpp + ${ACE_CLIENT_SRC_DIR}/ace_api_client.cpp + ${PROJECT_SOURCE_DIR}/src/services/ace/logic/attribute_facade.cpp + ${PROJECT_SOURCE_DIR}/src/services/ace/logic/simple_roaming_agent.cpp + ) + +SET(ACE_CLIENT_INCLUDES + ${COMMUNICATION_CLIENT_INCLUDES} + ${ACE_CLIENT_DEPS_INCLUDE_DIRS} + ${ACE_CLIENT_INCLUDE_DIR} + ${PROJECT_SOURCE_DIR}/ace_common/include + ${PROJECT_SOURCE_DIR}/src/services/ace + ${PROJECT_SOURCE_DIR}/src/services/ace/ + ${PROJECT_SOURCE_DIR}/src/services/ace/logic + ${PROJECT_SOURCE_DIR}/src/services/popup + ${PROJECT_SOURCE_DIR}/popup_process + ${PROJECT_SOURCE_DIR}/ace/include + ) + +ADD_DEFINITIONS(${ACE_CLIENT_DEPS_CFLAGS}) +ADD_DEFINITIONS(${ACE_CLIENT_CFLAGS_OTHER}) + +INCLUDE_DIRECTORIES(${ACE_CLIENT_INCLUDES}) + +ADD_LIBRARY(${TARGET_ACE_CLIENT_LIB} SHARED ${ACE_CLIENT_SOURCES}) + +SET_TARGET_PROPERTIES(${TARGET_ACE_CLIENT_LIB} PROPERTIES + SOVERSION ${API_VERSION} + VERSION ${VERSION}) + +SET_TARGET_PROPERTIES(${TARGET_ACE_CLIENT_LIB} PROPERTIES + COMPILE_FLAGS -fPIC) + +TARGET_LINK_LIBRARIES(${TARGET_ACE_CLIENT_LIB} + ${ACE_CLIENT_DEPS_LIBRARIES} + ${TARGET_ACE_DAO_RO_LIB} + ${TARGET_ACE_LIB} + ) + +INSTALL(TARGETS ${TARGET_ACE_CLIENT_LIB} + DESTINATION lib) + +INSTALL(FILES +# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client.h +# ${ACE_CLIENT_INCLUDE_DIR}/ace-client/ace_client_types.h + ${ACE_CLIENT_INCLUDE_DIR}/ace_api_client.h + DESTINATION include/ace-client + ) diff --git a/ace_client/src/ace_api_client.cpp b/ace_client/src/ace_api_client.cpp new file mode 100644 index 0000000..16d9f36 --- /dev/null +++ b/ace_client/src/ace_api_client.cpp @@ -0,0 +1,122 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file ace_api_client.cpp + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This file contains implementation of ACE client API + */ + +#include +#include +#include "ace_api_client.h" +#include "ace-client/ace_client.h" + +#include +#include +#include +#include "popup_response_server_api.h" +#include "security_daemon_dbus_config.h" +//#include "PromptModel.h" + +ace_return_t ace_client_initialize(ace_popup_handler_func_t handler) +{ + if (!AceClient::AceThinClientSingleton::Instance().isInitialized()) { + return ACE_INTERNAL_ERROR; + } + popup_func = handler; + // Changed order of checks to make API run with old popup implementation + // instead of always needing the popup handler to be implemented. + if (NULL == handler) { + LogError("NULL argument(s) passed"); + return ACE_INVALID_ARGUMENTS; + } + return ACE_OK; +} + +ace_return_t ace_client_shutdown(void) +{ + popup_func = NULL; + return ACE_OK; +} + +ace_return_t ace_check_access(const ace_request_t* request, ace_bool_t* access) +{ + if (NULL == request || NULL == access) { + LogError("NULL argument(s) passed"); + return ACE_INVALID_ARGUMENTS; + } + + AceClient::AceRequest aceRequest; + aceRequest.sessionId = request->session_id; + aceRequest.widgetHandle = request->widget_handle; + + aceRequest.apiFeatures.count = request->feature_list.count; + aceRequest.apiFeatures.apiFeature = + const_cast(request->feature_list.items); + aceRequest.functionName = NULL; // TODO will be removed + aceRequest.deviceCapabilities.devcapsCount = request->dev_cap_list.count; + aceRequest.deviceCapabilities.paramsCount = request->dev_cap_list.count; + + char** devCapNames = new char*[request->dev_cap_list.count]; + AceClient::AceParamList* paramList = + new AceClient::AceParamList[request->dev_cap_list.count]; + + unsigned int i; + for (i = 0; i < request->dev_cap_list.count; ++i) { + devCapNames[i] = request->dev_cap_list.items[i].name; + paramList[i].count = request->dev_cap_list.items[i].param_list.count; + + paramList[i].param = new AceClient::AceParam[ + request->dev_cap_list.items[i].param_list.count]; + + unsigned int j; + for (j = 0; j < request->dev_cap_list.items[i].param_list.count; ++j) { + paramList[i].param[j].name = + request->dev_cap_list.items[i].param_list.items[j].name; + paramList[i].param[j].value = + request->dev_cap_list.items[i].param_list.items[j].value; + + } + } + + aceRequest.deviceCapabilities.devCapNames = + const_cast(devCapNames); + aceRequest.deviceCapabilities.params = paramList; + + bool ret = false; + + Try { + ret = AceClient::AceThinClientSingleton:: + Instance().checkFunctionCall(aceRequest); + *access = ret ? ACE_TRUE : ACE_FALSE; + } Catch (AceClient::AceThinClient::Exception::AceThinClientException) { + LogError("Ace client exception"); + delete [] devCapNames; + for (i = 0; i < request->dev_cap_list.count; ++i) { + delete [] paramList[i].param; + } + delete [] paramList; + return ACE_INTERNAL_ERROR; + } + + delete [] devCapNames; + for (i = 0; i < request->dev_cap_list.count; ++i) { + delete [] paramList[i].param; + } + delete [] paramList; + return ACE_OK; +} diff --git a/ace_client/src/ace_client.cpp b/ace_client/src/ace_client.cpp new file mode 100644 index 0000000..3c4d086 --- /dev/null +++ b/ace_client/src/ace_client.cpp @@ -0,0 +1,665 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file ace_client.cpp + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This file contains implementation of AceThinClient class + */ + +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include + +#include "ace_server_api.h" +#include "popup_response_server_api.h" +#include "ace-client/ace_client.h" +#include "ace-client/ace_client_helper.h" +#include +#include + +// ACE tests need to use mock implementations +#ifdef ACE_CLIENT_TESTS + +#include "AceDAOReadOnly_mock.h" +#include "communication_client_mock.h" +#include "PolicyInformationPoint_mock.h" + +#else + +#include +#include "SecurityCommunicationClient.h" +#include + +#endif // ACE_CLIENT_TESTS + +IMPLEMENT_SAFE_SINGLETON(AceClient::AceThinClient) + +ace_popup_handler_func_t popup_func = NULL; + +namespace AceClient { + +namespace { +// These devcaps actually are not requested in config file, so should be treaded +// as if were requested (access tags/WARP will block request if desired) +const std::string DEVCAP_EXTERNAL_NETWORK_ACCESS = "externalNetworkAccess"; +const std::string DEVCAP_XML_HTTP_REQUEST = "XMLHttpRequest"; +} // anonymous + + +std::string AceFunctionParam::aceFunctionParamToken = "param:function"; + +// popup cache result + +enum class AceCachedPromptResult { + PERMIT, + DENY, + ASK_POPUP +}; + +// AceThinClient implementation singleton +class AceThinClientImpl { + public: + bool checkFunctionCall(const AceRequest& ace_request); + AcePreference getWidgetResourcePreference( + const AceResource& resource, + const AceWidgetHandle& handle) const; + AceResourcesPreferences* getGlobalResourcesPreferences() const; + bool isInitialized() const; + + AceThinClientImpl(); + ~AceThinClientImpl(); + + protected: + bool containsNetworkDevCap(const AceRequest &ace_request); + bool checkFeatureList(const AceRequest& ace_request); + private: + WebRuntimeImpl* m_wrt; + ResourceInformationImpl* m_res; + OperationSystemImpl* m_sys; + WrtSecurity::Communication::Client *m_communicationClient, *m_popupValidationClient; + + AceSubject getSubjectForHandle(AceWidgetHandle handle) const; + AceCachedPromptResult getCachedPromptResult( + WidgetHandle widgetHandle, + int ruleId, + const AceSessionId& sessionId) const; + bool askUser(PolicyEffect popupType, + const AceRequest& ace_request, + const AceBasicRequest& request); + // Prompt validation + bool validatePopupResponse( + const AceRequest& ace_request, + const AceBasicRequest& request, + bool answer = true, + Prompt::Validity validity = Prompt::Validity::ALWAYS); + mutable PolicyInformationPoint m_pip; + DPL::Optional> m_grantedDevCaps; + std::set m_acceptedFeatures; +}; + +AceThinClientImpl::AceThinClientImpl() + : m_communicationClient(NULL), + m_popupValidationClient(NULL), + m_wrt(new WebRuntimeImpl()), + m_res(new ResourceInformationImpl()), + m_sys(new OperationSystemImpl()), + m_pip(m_wrt, m_res, m_sys) +{ + AceDB::AceDAOReadOnly::attachToThreadRO(); + Try { + m_communicationClient = new WrtSecurity::Communication::Client(WrtSecurity::AceServerApi::INTERFACE_NAME()); + m_popupValidationClient = new WrtSecurity::Communication::Client(WrtSecurity::PopupServerApi::INTERFACE_NAME()); + } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { + if(m_communicationClient) delete m_communicationClient; + if(m_popupValidationClient) delete m_popupValidationClient; + delete m_wrt; + delete m_res; + delete m_sys; + ReThrowMsg(AceThinClient::Exception::AceThinClientException, + "Failed to call security daemon"); + } +} + +AceThinClientImpl::~AceThinClientImpl() +{ + Assert(NULL != m_communicationClient); + Assert(NULL != m_popupValidationClient); + delete m_communicationClient; + delete m_popupValidationClient; + delete m_wrt; + delete m_res; + delete m_sys; + m_communicationClient = NULL; + m_popupValidationClient = NULL; + AceDB::AceDAOReadOnly::detachFromThread(); + +} + +bool AceThinClientImpl::isInitialized() const +{ + return NULL != m_communicationClient && NULL != m_popupValidationClient; +} + +bool AceThinClientImpl::containsNetworkDevCap(const AceRequest &ace_request) +{ + AceDeviceCap deviceCap = ace_request.deviceCapabilities; + for (size_t j=0; j(); + m_acceptedFeatures.clear(); + + AceDB::FeatureNameVector fvector; + AceDB::AceDAOReadOnly::getAcceptedFeature(ace_request.widgetHandle, &fvector); + for(size_t i=0; ipolicyResult.getEffect(); + if (effect.IsNull()) { + // PolicyDecision is UNDETERMINED or NOT_APPLICABLE + result = false; + break; + } else if (*effect == PolicyEffect::DENY) { + // Access denied + result = false; + break; + } else if (*effect == PolicyEffect::PERMIT) { + // Access granted + if (m_grantedDevCaps->find( + DPL::FromASCIIString(request.getResourceId())) + != m_grantedDevCaps->end()) + { + continue; + } else + askServer = true; + } else { + // Check for cached popup response + LogInfo("Checking cached popup response"); + AceCachedPromptResult promptCached = + getCachedPromptResult(ace_request.widgetHandle, + exPolicyResult->ruleId, + ace_request.sessionId); + if (promptCached == AceCachedPromptResult::PERMIT) { + // Granted by previous popup + LogDebug("Cache found OK"); + if (m_grantedDevCaps->find( + DPL::FromASCIIString(request.getResourceId())) + != m_grantedDevCaps->end()) + { + LogDebug("SMACK given previously"); + continue; + } else { + if (*effect != PolicyEffect::PROMPT_BLANKET) { + // This should not happen. + LogDebug("This should not happen."); + result = false; + break; + } + if (!validatePopupResponse(ace_request, + request)) { + LogDebug("Daemon has not validated response."); + result = false; + break; + } else { + // Access granted, move on to next request + LogDebug("SMACK granted, all OK"); + m_grantedDevCaps->insert( + DPL::FromASCIIString( + request.getResourceId())); + continue; + } + } + } + if (promptCached == AceCachedPromptResult::DENY) { + // Access denied by earlier popup + result = false; + break; + } + if (promptCached == AceCachedPromptResult::ASK_POPUP) { + askPopup = true; + popupType = *effect; + } + } + } + } + + if (askServer) { + // IPC to security daemon + // here we must check if we have a SMACK permission for + // the device cap requested + LogInfo("Asking security daemon"); + int serializedPolicyResult = 0; + Try { + m_communicationClient->call(WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD(), + ace_request.widgetHandle, + request.getSubjectId(), + request.getResourceId(), + request.getFunctionParam().getKeys(), + request.getFunctionParam().getValues(), + ace_request.sessionId, + &serializedPolicyResult); + } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { + ReThrowMsg(AceThinClient::Exception::AceThinClientException, + "Failed to call security daemon"); + } + PolicyResult policyResult = PolicyResult:: + deserialize(serializedPolicyResult); + OptionalPolicyEffect effect = policyResult.getEffect(); + if (effect.IsNull()) { + // PolicyDecision is UNDETERMINED or NOT_APPLICABLE + result = false; + break; + } + if (*effect == PolicyEffect::DENY) { + // Access denied + result = false; + break; + } + if (*effect == PolicyEffect::PERMIT) { + // Access granted, move on to next request + m_grantedDevCaps->insert( + DPL::FromASCIIString(request.getResourceId())); + + continue; + } + // Policy says: ask user - setup popup kind + popupType = *effect; + askPopup = true; + } + + if (askPopup) { + result = askUser(popupType, ace_request, request); + } + } + LogInfo("Result: " << (result ? "GRANTED" : "DENIED")); + return result; +} + +bool AceThinClientImpl::askUser(PolicyEffect popupType, + const AceRequest& ace_request, + const AceBasicRequest& request) +{ + LogInfo("Asking popup"); + Assert(NULL != popup_func); + + const AceFunctionParam& fParam = request.getFunctionParam(); + AceParamKeys keys = fParam.getKeys(); + AceParamValues values = fParam.getValues(); + + ace_popup_t ace_popup_type; + ace_resource_t resource = const_cast( + request.getResourceId().c_str()); + ace_session_id_t session = const_cast( + ace_request.sessionId.c_str());; + ace_param_list_t parameters; + ace_widget_handle_t handle = ace_request.widgetHandle; + + parameters.count = keys.size(); + parameters.items = new ace_param_t[parameters.count]; + unsigned int i; + for (i = 0; i < parameters.count; ++i) { + parameters.items[i].name = + const_cast(keys[i].c_str()); + parameters.items[i].value = + const_cast(values[i].c_str()); + } + + switch (popupType) { + case PolicyEffect::PROMPT_ONESHOT: { + ace_popup_type = ACE_ONESHOT; + break; } + case PolicyEffect::PROMPT_SESSION: { + ace_popup_type = ACE_SESSION; + break; } + case PolicyEffect::PROMPT_BLANKET: { + ace_popup_type = ACE_BLANKET; + break; } + default: { + LogError("Unknown popup type passed!"); + LogError("Maybe effect isn't a popup?"); + LogError("Effect number is: " << static_cast(popupType)); + Assert(0); } + } + + ace_bool_t answer = ACE_FALSE; + ace_return_t ret = popup_func(ace_popup_type, + resource, + session, + ¶meters, + handle, + &answer); + + delete [] parameters.items; + + if (ACE_OK != ret) { + LogError("Error in popup handler"); + return false; + } + + if (ACE_TRUE == answer) { + m_grantedDevCaps->insert( + DPL::FromASCIIString(request.getResourceId())); + return true; + } + + return false; +} + +bool AceThinClientImpl::validatePopupResponse( + const AceRequest& ace_request, + const AceBasicRequest& request, + bool answer, + Prompt::Validity validity + ) +{ + bool response = false; + Try{ + m_popupValidationClient->call( + WrtSecurity::PopupServerApi::VALIDATION_METHOD(), + answer, + static_cast(validity), + ace_request.widgetHandle, + request.getSubjectId(), + request.getResourceId(), + request.getFunctionParam().getKeys(), + request.getFunctionParam().getValues(), + ace_request.sessionId, + &response); + } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { + ReThrowMsg(AceThinClient::Exception::AceThinClientException, + "Failed to call security daemon"); + } + return response; +} + +AcePreference AceThinClientImpl::getWidgetResourcePreference ( + const AceResource& resource, + const AceWidgetHandle& handle) const +{ + return toAcePreference( + AceDB::AceDAOReadOnly::getWidgetDevCapSetting(resource, handle)); +} + +AceResourcesPreferences* AceThinClientImpl::getGlobalResourcesPreferences() +const +{ + AceDB::PreferenceTypesMap globalSettingsMap; + AceResourcesPreferences* acePreferences = new AceResourcesPreferences(); + AceDB::AceDAOReadOnly::getDevCapSettings(&globalSettingsMap); + FOREACH(it, globalSettingsMap) { + acePreferences->insert( + AceResurcePreference((*it).first, + toAcePreference((*it).second))); + } + return acePreferences; +} + +AceSubject AceThinClientImpl::getSubjectForHandle(AceWidgetHandle handle) const +{ + try + { + return AceDB::AceDAOReadOnly::getGUID(handle); + } + catch (AceDB::AceDAOReadOnly::Exception::DatabaseError& /*ex*/) + { + LogError("Couldn't find GIUD for handle " << handle); + return ""; + } +} + +AceCachedPromptResult AceThinClientImpl::getCachedPromptResult( + WidgetHandle widgetHandle, + int ruleId, + const AceSessionId& sessionId) const +{ + OptionalCachedPromptDecision promptDecision = + AceDB::AceDAOReadOnly::getPromptDecision( + widgetHandle, + ruleId); + if (promptDecision.IsNull()) { + LogDebug("No cache"); + return AceCachedPromptResult::ASK_POPUP; + } else { + // These should not be stored in DB! + Assert(PromptDecision::ALLOW_THIS_TIME + != (*promptDecision).decision); + Assert(PromptDecision::DENY_THIS_TIME + != (*promptDecision).decision); + if ((*promptDecision).decision == + PromptDecision::ALLOW_ALWAYS) { + // Access granted via earlier popup + LogDebug("ALLOW_ALWAYS"); + return AceCachedPromptResult::PERMIT; + } + if ((*promptDecision).decision == + PromptDecision::DENY_ALWAYS) { + LogDebug("DENY_ALWAYS"); + // Access denied via earlier popup + return AceCachedPromptResult::DENY; + } + // Only thing left is per session prompts + if ((*promptDecision).session.IsNull()) { + LogDebug("NO SESSION"); + return AceCachedPromptResult::ASK_POPUP; + } + AceSessionId cachedSessionId = DPL::ToUTF8String(*((*promptDecision).session)); + if ((*promptDecision).decision == + PromptDecision::ALLOW_FOR_SESSION) { + if (cachedSessionId == sessionId) { + // Access granted for this session. + LogDebug("SESSION OK, PERMIT"); + return AceCachedPromptResult::PERMIT; + } else { + LogDebug("SESSION NOT OK, ASKING"); + return AceCachedPromptResult::ASK_POPUP; + } + } + if ((*promptDecision).decision == + PromptDecision::DENY_FOR_SESSION) { + if (cachedSessionId == sessionId) { + // Access denied for this session. + LogDebug("SESSION OK, DENY"); + return AceCachedPromptResult::DENY; + } else { + LogDebug("SESSION NOT OK, ASKING"); + return AceCachedPromptResult::ASK_POPUP; + } + } + } + LogDebug("NO RESULT, ASKING"); + return AceCachedPromptResult::ASK_POPUP; +} + +// AceThinClient + +bool AceThinClient::checkFunctionCall( + const AceRequest& ace_request) const +{ + return m_impl->checkFunctionCall(ace_request); +} + +AcePreference AceThinClient::getWidgetResourcePreference( + const AceResource& resource, + const AceWidgetHandle& handle) const +{ + return m_impl->getWidgetResourcePreference( + resource, handle); +} + +AceResourcesPreferences* AceThinClient::getGlobalResourcesPreferences() +const +{ + return m_impl->getGlobalResourcesPreferences(); +} + +AceThinClient::AceThinClient() +{ + m_impl = new AceThinClientImpl(); +} + +AceThinClient::~AceThinClient() +{ + Assert(NULL != m_impl); + delete m_impl; +} + +bool AceThinClient::isInitialized() const +{ + return NULL != m_impl && m_impl->isInitialized(); +} + + +} // namespace AceClient diff --git a/ace_client/src/example/CMakeLists.txt b/ace_client/src/example/CMakeLists.txt new file mode 100644 index 0000000..b3e9259 --- /dev/null +++ b/ace_client/src/example/CMakeLists.txt @@ -0,0 +1,26 @@ +cmake_minimum_required(VERSION 2.6) +project(ace-thin-client-example) + +include(FindPkgConfig) + +pkg_check_modules(DEPS + dpl-efl + REQUIRED) + +pkg_search_module(wrt-ace-client REQUIRED wrt-ace-client) + +set(TARGET_NAME "ace-thin-client-example") + +set(SRCS + ace-thin-client-example.cpp) + +include_directories(${DEPS_INCLUDE_DIRS}) +include_directories(${wrt-ace-client_INCLUDE_DIRS}) + +add_definitions("-DDPL_LOGS_ENABLED") + +add_executable(${TARGET_NAME} ${SRCS}) + +target_link_libraries(${TARGET_NAME} + ${DEPS_LDFLAGS} + ${wrt-ace-client_LDFLAGS}) diff --git a/ace_client/src/example/ace-thin-client-example.cpp b/ace_client/src/example/ace-thin-client-example.cpp new file mode 100644 index 0000000..aa4c4a8 --- /dev/null +++ b/ace_client/src/example/ace-thin-client-example.cpp @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace-thin-client-example.cpp + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief Example usage of ACE thin client. + */ + +#include + +int main(int argc, char **argv) +{ + AceClient::AceThinClient& client = + AceClient::AceThinClientSingleton::Instance(); + client.initialize(); // this fires echo method - see logs + client.deinitialize(); + return 0; +} + diff --git a/ace_common/CMakeLists.txt b/ace_common/CMakeLists.txt new file mode 100644 index 0000000..7e7926a --- /dev/null +++ b/ace_common/CMakeLists.txt @@ -0,0 +1,4 @@ +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/ace_common/include/ace_api_common.h + DESTINATION include/ace-common + ) diff --git a/ace_common/include/ace_api_common.h b/ace_common/include/ace_api_common.h new file mode 100644 index 0000000..30fee60 --- /dev/null +++ b/ace_common/include/ace_api_common.h @@ -0,0 +1,125 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_api_common.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This is header for basic ACE data types and error codes + */ + +#ifndef ACE_API_COMMON_H +#define ACE_API_COMMON_H + +#ifdef __cplusplus +extern "C" { +#endif + +// --------------- Boolean type and errors ------------------------------------- + +/* + * Order and values of enum constants are part of API + */ +typedef enum +{ + ACE_FALSE, + ACE_TRUE +} ace_bool_t; + +typedef enum +{ + ACE_OK, // Operation succeeded + ACE_INVALID_ARGUMENTS, // Invalid input parameters + ACE_INTERNAL_ERROR, // ACE internal error + ACE_ACE_UNKNOWN_ERROR // Unexpected operation +} ace_return_t; + +// --------------- Basic types ------------------------------------------------- + +typedef size_t ace_size_t; +typedef char* ace_string_t; // NULL-terminated string +typedef int ace_widget_handle_t; +typedef char* ace_resource_t; +typedef char* ace_subject_t; +typedef char* ace_session_id_t; +typedef void* ace_private_data_t; + +// --------------- Access requests --------------------------------------------- + +typedef struct +{ + ace_size_t count; + ace_string_t* items; +} ace_feature_list_t; + +typedef struct +{ + ace_string_t name; + ace_string_t value; +} ace_param_t; + +typedef struct +{ + ace_size_t count; + ace_param_t* items; +} ace_param_list_t; + +typedef struct +{ + ace_string_t name; + ace_param_list_t param_list; +} ace_dev_cap_t; + +typedef struct +{ + ace_size_t count; + ace_dev_cap_t* items; +} ace_dev_cap_list_t; + +typedef struct +{ + ace_session_id_t session_id; // DEPRECATED will be removed + ace_widget_handle_t widget_handle; // DEPRECATED will be removed + ace_feature_list_t feature_list; + ace_dev_cap_list_t dev_cap_list; +} ace_request_t; + +// --------------- Popup data types -------------------------------------------- + +/* + * Popup types that can be requested to be displayed by ACE + */ +typedef enum +{ + ACE_ONESHOT, + ACE_SESSION, + ACE_BLANKET +} ace_popup_t; + +/* + * Validity of answer that can be returned by ACE popup + */ +typedef enum +{ + ACE_ONCE, + ACE_PER_SESSION, + ACE_ALWAYS +} ace_validity_t; + +#ifdef __cplusplus +} +#endif + +#endif // ACE_API_COMMON_H diff --git a/ace_install/CMakeLists.txt b/ace_install/CMakeLists.txt new file mode 100644 index 0000000..4b7537b --- /dev/null +++ b/ace_install/CMakeLists.txt @@ -0,0 +1 @@ +ADD_SUBDIRECTORY(src) diff --git a/ace_install/include/ace_api_install.h b/ace_install/include/ace_api_install.h new file mode 100644 index 0000000..598b96d --- /dev/null +++ b/ace_install/include/ace_api_install.h @@ -0,0 +1,183 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_api_setup.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This is C api for Access Control Engine (ACE), installer mode + * (RW part). + * + */ + +#ifndef ACE_API_H +#define ACE_API_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * API defined in this header should be used only from one thread. If used + * otherwise, unexpected behaviour may occur, including segmentation faults and + * escalation of global warming. Be warned. + */ + +// --------------- Initialization and policy update ---------------------------- + +/* + * Initializes ACE - connects (RW) to the database. Must be called only once. + * Returns ACE_OK or error + */ +ace_return_t ace_install_initialize(void); + +/* + * Deinitializes ACE - deinitialize internal structures, detach DB, etc. + * Must be called only once. + * Returns ACE_OK or error + */ +ace_return_t ace_install_shutdown(void); + +/* + * Updates policy - parses XML files from known locations (reason for no arguments), + * also clears policy and prompt caches. + * Returns ACE_OK or error + */ +ace_return_t ace_update_policy(void); + +// --------------- Requested device capabilities API for installer ------------- + +typedef struct +{ + ace_string_t device_capability; + ace_bool_t smack_granted; +} ace_requested_dev_cap_t; + +typedef struct +{ + ace_size_t count; + ace_requested_dev_cap_t* items; +} ace_requested_dev_cap_list_t; + +/* + * Deletes data allocated by ace_get_requested_dev_caps - a helper function + */ +ace_return_t ace_free_requested_dev_caps(ace_requested_dev_cap_list_t* caps); + +/* + * Returns ACE_OK or error; 'caps' will hold device capabilities information. + * To free allcated resources in 'caps', use ace_free_requested_dev_caps + */ +ace_return_t ace_get_requested_dev_caps(ace_widget_handle_t handle, + ace_requested_dev_cap_list_t* caps); + +/* + * Returns error or ACE_OK + */ +ace_return_t ace_set_requested_dev_caps(ace_widget_handle_t handle, + const ace_requested_dev_cap_list_t* caps); + +// ---------------- Accepted Api featuresk API for installer ---------------- + + +ace_return_t ace_set_accepted_feature(ace_widget_handle_t handle, + const ace_feature_list_t* flist); + +ace_return_t ace_rem_accepted_feature(ace_widget_handle_t handle); + +// --------------- Widget data setup for installation -------------------------- + +typedef enum +{ + WAC20 = 0, + Tizen +} ace_widget_type_t; + +struct widget_info { + ace_widget_type_t type; + ace_string_t id; + ace_string_t version; + ace_string_t author; + ace_string_t shareHerf; +}; + +typedef enum +{ + AUTHOR, + DISTRIBUTOR, + UNKNOWN +} ace_cert_owner_t; + +typedef enum +{ + ROOT, + ENDENTITY +} ace_cert_type_t; + +typedef struct certificate_data { + ace_cert_owner_t owner; + ace_cert_type_t type; + int chain_id; + ace_string_t md5_fp; + ace_string_t sha1_fp; + ace_string_t common_name; +} ace_certificate_data; + +/* + * Register widget info into database. + * @param cert_data NULL terminated list of widget certificates + */ + +ace_return_t ace_register_widget(ace_widget_handle_t handle, + struct widget_info* info, + ace_certificate_data* cert_data[]); + +ace_return_t ace_unregister_widget(ace_widget_handle_t handle); + +ace_return_t ace_is_widget_installed(ace_widget_handle_t handle, bool *installed); + +/* + * Gets widget type in 'type'. Use in installer to determine which policy will be used + * by ACE for this widget. + * Returns error or ACE_OK + */ +ace_return_t ace_get_widget_type(ace_widget_handle_t handle, + ace_widget_type_t* type); + +// --------------- Installation time policy check ------------------------------ + +typedef enum +{ + ACE_PERMIT, + ACE_DENY, + ACE_PROMPT, + ACE_UNDEFINED +} ace_policy_result_t; + +/* + * Gets current policy evaluation for given device capability and given widget. + * Returns error or ACE_OK + */ +ace_return_t ace_get_policy_result(const ace_resource_t, + ace_widget_handle_t handle, + ace_policy_result_t* result); + +#ifdef __cplusplus +} +#endif + +#endif // ACE_API_H diff --git a/ace_install/src/CMakeLists.txt b/ace_install/src/CMakeLists.txt new file mode 100644 index 0000000..d0757e1 --- /dev/null +++ b/ace_install/src/CMakeLists.txt @@ -0,0 +1,62 @@ +include(FindPkgConfig) + +PKG_CHECK_MODULES(ACE_INSTALL_DEPS + dpl-efl + dpl-dbus-efl + REQUIRED + ) + +SET(ACE_INSTALL_DIR + ${PROJECT_SOURCE_DIR}/ace_install + ) + +SET(ACE_INSTALL_SRC_DIR + ${ACE_INSTALL_DIR}/src + ) + +SET(ACE_INSTALL_INCLUDE_DIR + ${ACE_INSTALL_DIR}/include + ) + +SET(ACE_INSTALL_SOURCES + ${COMMUNICATION_CLIENT_SOURCES} + ${ACE_INSTALL_SRC_DIR}/ace_api_install.cpp + ) + +SET(ACE_INSTALL_INCLUDES + ${COMMUNICATION_CLIENT_INCLUDES} + ${ACE_INSTALL_DEPS_INCLUDE_DIRS} + ${ACE_INSTALL_INCLUDE_DIR} + ${PROJECT_SOURCE_DIR}/ace_common/include + ${PROJECT_SOURCE_DIR}/ace/include + ${PROJECT_SOURCE_DIR}/src/services/ace + ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api + ${PROJECT_SOURCE_DIR}/src/daemon/dbus + ) + +ADD_DEFINITIONS(${ACE_INSTALL_DEPS_CFLAGS}) +ADD_DEFINITIONS(${ACE_INSTALL_CFLAGS_OTHER}) + +INCLUDE_DIRECTORIES(${ACE_INSTALL_INCLUDES}) + +ADD_LIBRARY(${TARGET_ACE_INSTALL_LIB} SHARED ${ACE_INSTALL_SOURCES}) + +SET_TARGET_PROPERTIES(${TARGET_ACE_INSTALL_LIB} PROPERTIES + SOVERSION ${API_VERSION} + VERSION ${VERSION}) + +SET_TARGET_PROPERTIES(${TARGET_ACE_INSTALL_LIB} PROPERTIES + COMPILE_FLAGS -fPIC) + +TARGET_LINK_LIBRARIES(${TARGET_ACE_INSTALL_LIB} + ${ACE_INSTALL_DEPS_LIBRARIES} + ${TARGET_ACE_DAO_RW_LIB} + ) + +INSTALL(TARGETS ${TARGET_ACE_INSTALL_LIB} + DESTINATION lib) + +INSTALL(FILES + ${ACE_INSTALL_INCLUDE_DIR}/ace_api_install.h + DESTINATION include/ace-install + ) diff --git a/ace_install/src/ace_api_install.cpp b/ace_install/src/ace_api_install.cpp new file mode 100644 index 0000000..eca3305 --- /dev/null +++ b/ace_install/src/ace_api_install.cpp @@ -0,0 +1,345 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file ace_api_install.cpp + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This file contains implementation ACE installator API + */ + +#include +#include +#include +#include +#include +#include +#include "SecurityCommunicationClient.h" +#include +#include "ace_server_api.h" + +#include "ace_api_install.h" + +static WrtSecurity::Communication::Client *communicationClient = NULL; + +// helper functions + +static AceDB::AppTypes to_db_app_type(ace_widget_type_t widget_type) +{ + switch (widget_type) { + case WAC20: + return AceDB::AppTypes::WAC20; + case Tizen: + return AceDB::AppTypes::Tizen; + default: + return AceDB::AppTypes::Unknown; + } +} + +static ace_widget_type_t to_ace_widget_type(AceDB::AppTypes app_type) +{ + switch (app_type) { + case AceDB::AppTypes::WAC20: + return WAC20; + case AceDB::AppTypes::Tizen: + return Tizen; + default: + LogError("Invalid app type for widget"); + return WAC20; + } +} + +ace_return_t ace_install_initialize(void) +{ + if (NULL != communicationClient) { + LogError("ace_api_install already initialized"); + return ACE_INTERNAL_ERROR; + } + AceDB::AceDAO::attachToThreadRW(); + Try { + communicationClient = new WrtSecurity::Communication::Client( + WrtSecurity::AceServerApi::INTERFACE_NAME()); + } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { + LogError("Can't connect to daemon"); + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_install_shutdown(void) +{ + if (NULL == communicationClient) { + LogError("ace_api_install not initialized"); + return ACE_INTERNAL_ERROR; + } + delete communicationClient; + communicationClient = NULL; + AceDB::AceDAO::detachFromThread(); + return ACE_OK; +} + +ace_return_t ace_update_policy(void) +{ + Try { + communicationClient->call(WrtSecurity::AceServerApi::UPDATE_POLICY_METHOD()); + } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { + LogError("Problem with connection to daemon"); + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_free_requested_dev_caps(ace_requested_dev_cap_list_t* caps) +{ + if (NULL == caps || NULL == caps->items) { + LogError("Invalid arguments"); + return ACE_INVALID_ARGUMENTS; + } + unsigned int i; + for (i = 0; i < caps->count; ++i) { + delete [] caps->items[i].device_capability; + } + delete [] caps->items; + return ACE_OK; +} + +ace_return_t ace_get_requested_dev_caps(ace_widget_handle_t handle, + ace_requested_dev_cap_list_t* caps) +{ + if (NULL == caps) { + LogError("Invalid arguments"); + return ACE_INVALID_ARGUMENTS; + } + AceDB::RequestedDevCapsMap permissions; + Try { + AceDB::AceDAO::getRequestedDevCaps( + handle, &permissions); + } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + caps->items = new ace_requested_dev_cap_t[permissions.size()]; + caps->count = permissions.size(); + unsigned int i = 0; + FOREACH (it, permissions) { + std::string devCapRequested = DPL::ToUTF8String(it->first); + caps->items[i].device_capability = + new char[strlen(devCapRequested.c_str())+1]; + strcpy(caps->items[i].device_capability, devCapRequested.c_str()); + caps->items[i].smack_granted = it->second ? ACE_TRUE : ACE_FALSE; + ++i; + } + return ACE_OK; +} + +ace_return_t ace_set_requested_dev_caps( + ace_widget_handle_t handle, + const ace_requested_dev_cap_list_t* caps) +{ + if (NULL == caps) { + LogError("Invalid arguments"); + return ACE_INVALID_ARGUMENTS; + } + AceDB::RequestedDevCapsMap db_permissions; + unsigned int i; + for (i = 0; i < caps->count; ++i) { + std::string devCap = std::string(caps->items[i].device_capability); + db_permissions.insert(std::make_pair(DPL::FromUTF8String(devCap), + caps->items[i].smack_granted == ACE_TRUE)); + } + Try { + AceDB::AceDAO::setRequestedDevCaps( + handle, db_permissions); + } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_set_accepted_feature( + ace_widget_handle_t handle, + const ace_feature_list_t *feature) +{ + if (NULL == feature) { + LogError("Invalid argument"); + return ACE_INVALID_ARGUMENTS; + } + AceDB::FeatureNameVector fvector; + ace_size_t i; + for (i = 0; i < feature->count; ++i) { + fvector.push_back( + DPL::FromUTF8String(feature->items[i])); + } + Try { + AceDB::AceDAO::setAcceptedFeature(handle, fvector); + } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_rem_accepted_feature( + ace_widget_handle_t handle) +{ + Try { + AceDB::AceDAO::removeAcceptedFeature(handle); + } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_register_widget(ace_widget_handle_t handle, + struct widget_info *info, + ace_certificate_data* cert_data[]) +{ + LogDebug("enter"); + + if (NULL == info || AceDB::AceDAOReadOnly::isWidgetInstalled(handle)) + return ACE_INVALID_ARGUMENTS; + + AceDB::WidgetRegisterInfo wri; + wri.type = to_db_app_type(info->type); + + if (info->id) + wri.widget_id = DPL::FromUTF8String(info->id); + if (info->version) + wri.version = DPL::FromUTF8String(info->version); + if (info->author) + wri.authorName = DPL::FromUTF8String(info->author); + if (info->shareHerf) + wri.shareHref = DPL::FromUTF8String(info->shareHerf); + + AceDB::WidgetCertificateDataList dataList; + if (NULL != cert_data) { + AceDB::WidgetCertificateData wcd; + ace_certificate_data* cd; + int i = 0; + while (cert_data[i] != NULL) + { + cd = cert_data[i++]; //increment + switch(cd->type) { + case ROOT: + wcd.type = AceDB::WidgetCertificateData::Type::ROOT; + break; + case ENDENTITY: + wcd.type = AceDB::WidgetCertificateData::Type::ENDENTITY; + break; + } + switch(cd->owner) { + case AUTHOR: + wcd.owner = AceDB::WidgetCertificateData::Owner::AUTHOR; + break; + case DISTRIBUTOR: + wcd.owner = AceDB::WidgetCertificateData::Owner::DISTRIBUTOR; + break; + case UNKNOWN: default: + wcd.owner = AceDB::WidgetCertificateData::Owner::UNKNOWN; + break; + } + wcd.chainId = cd->chain_id; + if (cd->md5_fp) + wcd.strMD5Fingerprint = cd->md5_fp; + if (cd->sha1_fp) + wcd.strSHA1Fingerprint = cd->sha1_fp; + if (cd->common_name) + wcd.strCommonName = DPL::FromUTF8String(cd->common_name); + dataList.push_back(wcd); + } + LogDebug("All data set. Inserting into database."); + } + + Try { + AceDB::AceDAO::registerWidgetInfo((WidgetHandle)(handle), wri, dataList); + LogDebug("AceDB entry done"); + } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_unregister_widget(ace_widget_handle_t handle) +{ + Try { + AceDB::AceDAO::unregisterWidgetInfo((WidgetHandle)(handle)); + } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_is_widget_installed(ace_widget_handle_t handle, bool *installed) +{ + Try { + *installed = AceDB::AceDAO::isWidgetInstalled((WidgetHandle)(handle)); + } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_get_widget_type(ace_widget_handle_t handle, + ace_widget_type_t* type) +{ + if (NULL == type) { + LogError("Invalid arguments"); + return ACE_INVALID_ARGUMENTS; + } + Try { + AceDB::AppTypes db_type = AceDB::AceDAO::getWidgetType(handle); + *type = to_ace_widget_type(db_type); + } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_get_policy_result(const ace_resource_t resource, + ace_widget_handle_t handle, + ace_policy_result_t* result) +{ + if (NULL == result) { + LogError("Invalid arguments"); + return ACE_INVALID_ARGUMENTS; + } + int serializedPolicyResult = 0; + Try { + std::string resource_str(resource); + communicationClient->call(WrtSecurity::AceServerApi::CHECK_ACCESS_INSTALL_METHOD(), + handle, + resource_str, + &serializedPolicyResult); + } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { + LogError("Can't connect to daemon"); + return ACE_INTERNAL_ERROR; + } + PolicyResult policyResult = PolicyResult:: + deserialize(serializedPolicyResult); + OptionalPolicyEffect effect = policyResult.getEffect(); + if (effect.IsNull()) { + *result = ACE_UNDEFINED; + } else if (*effect == PolicyEffect::DENY) { + *result = ACE_DENY; + } else if (*effect == PolicyEffect::PERMIT) { + *result = ACE_PERMIT; + } else if (*effect == PolicyEffect::PROMPT_ONESHOT || + *effect == PolicyEffect::PROMPT_BLANKET || + *effect == PolicyEffect::PROMPT_SESSION){ + *result = ACE_PROMPT; + } else { + *result = ACE_UNDEFINED; + } + + return ACE_OK; +} diff --git a/ace_popup_validation/CMakeLists.txt b/ace_popup_validation/CMakeLists.txt new file mode 100644 index 0000000..4b7537b --- /dev/null +++ b/ace_popup_validation/CMakeLists.txt @@ -0,0 +1 @@ +ADD_SUBDIRECTORY(src) diff --git a/ace_popup_validation/include/ace_api_popup_validation.h b/ace_popup_validation/include/ace_api_popup_validation.h new file mode 100644 index 0000000..f06dfcf --- /dev/null +++ b/ace_popup_validation/include/ace_api_popup_validation.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_popup_validation_api.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This is C api for Access Control Engine (ACE), popup + * validation library. + * + */ + +#ifndef ACE_API_H +#define ACE_API_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +// --------------- Initialization and deinitialization ------------------------- + +/* + * Initializes the library. + * + * Returns error or ACE_OK. + */ +ace_return_t ace_popup_validation_initialize(void); + +/* + * Deinitializes the library. + * + * Returns error or ACE_OK. + */ +ace_return_t ace_popup_validation_shutdown(void); + +// --------------- Popup answer validation API --------------------------------- + +/* + * Validation of popup answer. This API must be called by implementation of + * UI handler. The call must be made from safe process, specially labelled by + * SMACK. If returned value is ACE_OK, 'validation_result' holds validation + * result that needs to be passed by UI handler as validation result. Otherwise + * value of 'validation_result' is undefined. + * + * See header ace_api_client.h for more details on where this function needs to + * be called and what arguments need to be passed here. + * + * Returns error or ACE_OK. + */ +ace_return_t ace_validate_answer(ace_bool_t answer, + ace_validity_t validity, + const ace_resource_t resource_name, + const ace_session_id_t session_id, + const ace_param_list_t* param_list, + ace_widget_handle_t handle, + ace_bool_t* validation_result); + +#ifdef __cplusplus +} +#endif + +#endif // ACE_API_H diff --git a/ace_popup_validation/src/CMakeLists.txt b/ace_popup_validation/src/CMakeLists.txt new file mode 100644 index 0000000..69fe495 --- /dev/null +++ b/ace_popup_validation/src/CMakeLists.txt @@ -0,0 +1,62 @@ +include(FindPkgConfig) + +PKG_CHECK_MODULES(ACE_POPUP_VALIDATION_DEPS + dpl-efl + dpl-dbus-efl + REQUIRED + ) + +SET(ACE_POPUP_VALIDATION_DIR + ${PROJECT_SOURCE_DIR}/ace_popup_validation + ) + +SET(ACE_POPUP_VALIDATION_SRC_DIR + ${ACE_POPUP_VALIDATION_DIR}/src + ) + +SET(ACE_POPUP_VALIDATION_INCLUDE_DIR + ${ACE_POPUP_VALIDATION_DIR}/include + ) + +SET(ACE_POPUP_VALIDATION_SOURCES + ${COMMUNICATION_CLIENT_SOURCES} + ${ACE_POPUP_VALIDATION_SRC_DIR}/ace_api_popup_validation.cpp + ) + +SET(ACE_POPUP_VALIDATION_INCLUDES + ${COMMUNICATION_CLIENT_INCLUDES} + ${ACE_POPUP_VALIDATION_DEPS_INCLUDE_DIRS} + ${ACE_POPUP_VALIDATION_INCLUDE_DIR} + ${PROJECT_SOURCE_DIR}/ace_common/include + ${PROJECT_SOURCE_DIR}/ace/include + ${PROJECT_SOURCE_DIR}/src/services/ace/dbus/api + ${PROJECT_SOURCE_DIR}/src/services/ace + ${PROJECT_SOURCE_DIR}/src/services/popup/ + ${PROJECT_SOURCE_DIR}/src/daemon/dbus + ) + +ADD_DEFINITIONS(${ACE_POPUP_VALIDATION_DEPS_CFLAGS}) +ADD_DEFINITIONS(${ACE_POPUP_VALIDATION_CFLAGS_OTHER}) + +INCLUDE_DIRECTORIES(${ACE_POPUP_VALIDATION_INCLUDES}) + +ADD_LIBRARY(${TARGET_ACE_POPUP_VALIDATION_LIB} SHARED ${ACE_POPUP_VALIDATION_SOURCES}) + +SET_TARGET_PROPERTIES(${TARGET_ACE_POPUP_VALIDATION_LIB} PROPERTIES + SOVERSION ${API_VERSION} + VERSION ${VERSION}) + +SET_TARGET_PROPERTIES(${TARGET_ACE_POPUP_VALIDATION_LIB} PROPERTIES + COMPILE_FLAGS -fPIC) + +TARGET_LINK_LIBRARIES(${TARGET_ACE_POPUP_VALIDATION_LIB} + ${ACE_POPUP_VALIDATION_DEPS_LIBRARIES} ${ACE_POPUP_VALIDATION_DEPS_LDFLAGS} + ) + +INSTALL(TARGETS ${TARGET_ACE_POPUP_VALIDATION_LIB} + DESTINATION lib) + +INSTALL(FILES + ${ACE_POPUP_VALIDATION_INCLUDE_DIR}/ace_api_popup_validation.h + DESTINATION include/ace-popup-validation + ) diff --git a/ace_popup_validation/src/ace_api_popup_validation.cpp b/ace_popup_validation/src/ace_api_popup_validation.cpp new file mode 100644 index 0000000..8277c2f --- /dev/null +++ b/ace_popup_validation/src/ace_api_popup_validation.cpp @@ -0,0 +1,135 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file ace_api_popup_validation.cpp + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This file contains implementation of ACE popup validation API. + */ + +#include +#include +#include +#include "SecurityCommunicationClient.h" +#include "popup_response_server_api.h" +#include "security_daemon_dbus_config.h" +#include "ace_api_popup_validation.h" + +namespace { +static WrtSecurity::Communication::Client *communicationClient = NULL; +static const int VALIDITY_ONCE_VALUE = 0; +static const int VALIDITY_SESSION_VALUE = 1; +static const int VALIDITY_ALWAYS_VALUE = 1; +} // anonymous + +ace_return_t ace_popup_validation_initialize(void) +{ + if (NULL != communicationClient) { + LogError("ace_api_popup_validation already initialized"); + return ACE_INTERNAL_ERROR; + } + Try { + communicationClient = new WrtSecurity::Communication::Client( + WrtSecurity::PopupServerApi::INTERFACE_NAME()); + } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { + LogError("Can't connect to daemon"); + return ACE_INTERNAL_ERROR; + } + + return ACE_OK; +} + +ace_return_t ace_popup_validation_shutdown(void) +{ + if (NULL == communicationClient) { + LogError("ace_api_popup_validation not initialized"); + return ACE_INTERNAL_ERROR; + } + delete communicationClient; + communicationClient = NULL; + + return ACE_OK; +} + +ace_return_t ace_validate_answer(ace_bool_t answer, + ace_validity_t validity, + const ace_resource_t resource_name, + const ace_session_id_t session_id, + const ace_param_list_t* param_list, + ace_widget_handle_t handle, + ace_bool_t* validation_result) +{ + if (NULL == resource_name || + NULL == session_id || + NULL == param_list || + NULL == validation_result) + { + LogError("NULL argument(s) passed"); + return ACE_INVALID_ARGUMENTS; + } + + bool dbusAnswer = answer == ACE_TRUE; + int dbusValidity = 0; + + switch (validity) { + case ACE_ONCE: { + dbusValidity = VALIDITY_ONCE_VALUE; + //static_cast(Prompt::Validity::ONCE); + break; } + case ACE_SESSION: { + dbusValidity = VALIDITY_SESSION_VALUE; + //static_cast(Prompt::Validity::SESSION); + break; } + case ACE_ALWAYS: { + dbusValidity = VALIDITY_ALWAYS_VALUE; + //static_cast(Prompt::Validity::ALWAYS); + break; } + default: { + LogError("Invalid validity passed"); + return ACE_INVALID_ARGUMENTS; } + } + + std::string subjectId; + std::string resourceId(resource_name); + std::string sessionId(session_id); + std::vector keys, values; + unsigned int i; + for (i = 0; i < param_list->count; ++i) { + keys.push_back(std::string(param_list->items[i].name)); + values.push_back(std::string(param_list->items[i].value)); + } + + bool response = false; + Try{ + communicationClient->call(WrtSecurity::PopupServerApi::VALIDATION_METHOD(), + dbusAnswer, + dbusValidity, + handle, + subjectId, + resourceId, + keys, + values, + sessionId, + &response); + } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { + LogError("Can't call daemon"); + return ACE_INTERNAL_ERROR; + } + + *validation_result = response ? ACE_TRUE : ACE_FALSE; + + return ACE_OK; +} diff --git a/ace_settings/CMakeLists.txt b/ace_settings/CMakeLists.txt new file mode 100644 index 0000000..4b7537b --- /dev/null +++ b/ace_settings/CMakeLists.txt @@ -0,0 +1 @@ +ADD_SUBDIRECTORY(src) diff --git a/ace_settings/include/ace_api_settings.h b/ace_settings/include/ace_api_settings.h new file mode 100644 index 0000000..a3c72ab --- /dev/null +++ b/ace_settings/include/ace_api_settings.h @@ -0,0 +1,121 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_api_settings.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This is header for ACE settings API (RW part). + */ + +#ifndef ACE_API_SETTINGS_H +#define ACE_API_SETTINGS_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * API defined in this header should be used only from one thread. If used + * otherwise, unexpected behaviour may occur, including segmentation faults and + * escalation of global warming. Be warned. + */ + +// --------------- Initialization ---------------------------------------------- + +/* + * Initializes ACE - connects (RW) to the database. Must be called only once. + * Returns ACE_OK or error + */ +ace_return_t ace_settings_initialize(void); + +/* + * Deinitializes ACE - deinitialize internal structures, detach DB, etc. + * Must be called only once. + * Returns ACE_OK or error + */ +ace_return_t ace_settings_shutdown(void); + +// --------------- Resource settings API --------------------------------------- + +/* + * Order and values of enum constants are part of API + */ +typedef enum +{ + ACE_PREFERENCE_PERMIT, + ACE_PREFERENCE_DENY, + ACE_PREFERENCE_DEFAULT, // means: not set + ACE_PREFERENCE_BLANKET_PROMPT, + ACE_PREFERENCE_SESSION_PROMPT, + ACE_PREFERENCE_ONE_SHOT_PROMPT +} ace_preference_t; + +/* + * Returns error or ACE_OK + * If return value is ACE_OK, 'prerefence' value is the queried one, otherwise + * 'preference' value is undefined + */ +ace_return_t ace_get_widget_resource_preference(ace_widget_handle_t handle, + const ace_resource_t resource, + ace_preference_t* preference); + +/* + * Returns error or ACE_OK + * If return value is ACE_OK, 'prerefence' value is the queried one, otherwise + * 'preference' value is undefined + */ +ace_return_t ace_get_global_resource_preference(const ace_resource_t resource, + ace_preference_t* preference); + +/* + * To reset setting, pass ACE_PREFERENCE_DEFAULT + * Returns error or ACE_OK + */ +ace_return_t ace_set_widget_resource_preference(ace_widget_handle_t handle, + const ace_resource_t resource, + ace_preference_t preference); + +/* + * To reset setting, pass ACE_PREFERENCE_DEFAULT + * Returns error or ACE_OK + */ +ace_return_t ace_set_global_resource_preference(const ace_resource_t resource, + ace_preference_t preference); + +/* + * Resets per widget resource settings to ACE_PREFERENCE_DEFAULT + */ +ace_return_t ace_reset_widget_resource_settings(void); + +/* + * Resets global resource settings to ACE_PREFERENCE_DEFAULT + */ +ace_return_t ace_reset_global_resource_settings(void); + +/* + * After execution, is_privacy_api is ACE_TRUE if resource_name is the name + * of Privacy API + */ +ace_return_t ace_is_private_api(const ace_resource_t resource_name, + ace_bool_t* is_private_api); + +#ifdef __cplusplus +} +#endif + +#endif // ACE_API_SETTINGS_H diff --git a/ace_settings/src/CMakeLists.txt b/ace_settings/src/CMakeLists.txt new file mode 100644 index 0000000..8cd835e --- /dev/null +++ b/ace_settings/src/CMakeLists.txt @@ -0,0 +1,56 @@ +include(FindPkgConfig) + +PKG_CHECK_MODULES(ACE_SETTINGS_DEPS + dpl-efl + REQUIRED + ) + +SET(ACE_SETTINGS_DIR + ${PROJECT_SOURCE_DIR}/ace_settings + ) + +SET(ACE_SETTINGS_SRC_DIR + ${ACE_SETTINGS_DIR}/src + ) + +SET(ACE_SETTINGS_INCLUDE_DIR + ${ACE_SETTINGS_DIR}/include + ) + +SET(ACE_SETTINGS_SOURCES + ${ACE_SETTINGS_SRC_DIR}/ace_api_settings.cpp + ) + +SET(ACE_SETTINGS_INCLUDES + ${ACE_SETTINGS_DEPS_INCLUDE_DIRS} + ${ACE_SETTINGS_INCLUDE_DIR} + ${PROJECT_SOURCE_DIR}/ace_common/include + ${PROJECT_SOURCE_DIR}/ace/include + ) + +ADD_DEFINITIONS(${ACE_SETTINGS_DEPS_CFLAGS}) +ADD_DEFINITIONS(${ACE_SETTINGS_CFLAGS_OTHER}) + +INCLUDE_DIRECTORIES(${ACE_SETTINGS_INCLUDES}) + +ADD_LIBRARY(${TARGET_ACE_SETTINGS_LIB} SHARED ${ACE_SETTINGS_SOURCES}) + +SET_TARGET_PROPERTIES(${TARGET_ACE_SETTINGS_LIB} PROPERTIES + SOVERSION ${API_VERSION} + VERSION ${VERSION}) + +SET_TARGET_PROPERTIES(${TARGET_ACE_SETTINGS_LIB} PROPERTIES + COMPILE_FLAGS -fPIC) + +TARGET_LINK_LIBRARIES(${TARGET_ACE_SETTINGS_LIB} + ${ACE_SETTINGS_DEPS_LIBRARIES} + ${TARGET_ACE_DAO_RW_LIB} + ) + +INSTALL(TARGETS ${TARGET_ACE_SETTINGS_LIB} + DESTINATION lib) + +INSTALL(FILES + ${ACE_SETTINGS_INCLUDE_DIR}/ace_api_settings.h + DESTINATION include/ace-settings + ) diff --git a/ace_settings/src/ace_api_settings.cpp b/ace_settings/src/ace_api_settings.cpp new file mode 100644 index 0000000..a1a811d --- /dev/null +++ b/ace_settings/src/ace_api_settings.cpp @@ -0,0 +1,203 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file ace_api_settings.cpp + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This file contains implementation ACE settings API + */ + +#include +#include +#include + +#include "ace_api_settings.h" + +// helper functions +static ace_preference_t to_ace_preference(const AceDB::PreferenceTypes& db_preference) +{ + switch (db_preference) { + case AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT: { + return ACE_PREFERENCE_BLANKET_PROMPT; } + case AceDB::PreferenceTypes::PREFERENCE_DEFAULT: { + return ACE_PREFERENCE_DEFAULT;} + case AceDB::PreferenceTypes::PREFERENCE_DENY: { + return ACE_PREFERENCE_DENY;} + case AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT: { + return ACE_PREFERENCE_ONE_SHOT_PROMPT;} + case AceDB::PreferenceTypes::PREFERENCE_PERMIT: { + return ACE_PREFERENCE_PERMIT;} + case AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT: { + return ACE_PREFERENCE_SESSION_PROMPT;} + default: { + return ACE_PREFERENCE_DEFAULT;} + } +} + + +static AceDB::PreferenceTypes to_ace_db_preference(const ace_preference_t& preference) +{ + switch (preference) { + case ACE_PREFERENCE_BLANKET_PROMPT: { + return AceDB::PreferenceTypes::PREFERENCE_BLANKET_PROMPT; } + case ACE_PREFERENCE_DEFAULT: { + return AceDB::PreferenceTypes::PREFERENCE_DEFAULT;} + case ACE_PREFERENCE_DENY: { + return AceDB::PreferenceTypes::PREFERENCE_DENY;} + case ACE_PREFERENCE_ONE_SHOT_PROMPT: { + return AceDB::PreferenceTypes::PREFERENCE_ONE_SHOT_PROMPT;} + case ACE_PREFERENCE_PERMIT: { + return AceDB::PreferenceTypes::PREFERENCE_PERMIT;} + case ACE_PREFERENCE_SESSION_PROMPT: { + return AceDB::PreferenceTypes::PREFERENCE_SESSION_PROMPT;} + default: { + return AceDB::PreferenceTypes::PREFERENCE_DEFAULT;} + } +} + +ace_return_t ace_settings_initialize(void) +{ + AceDB::AceDAO::attachToThreadRW(); + return ACE_OK; +} + +ace_return_t ace_settings_shutdown(void) +{ + AceDB::AceDAO::detachFromThread(); + return ACE_OK; +} + +ace_return_t ace_get_widget_resource_preference(ace_widget_handle_t handle, + const ace_resource_t resource, + ace_preference_t* preference) +{ + if (NULL == resource || NULL == preference) { + LogError("NULL argument(s) passed"); + return ACE_INVALID_ARGUMENTS; + } + Try { + std::string resource_str(resource); + AceDB::PreferenceTypes db_preference = + AceDB::AceDAO::getWidgetDevCapSetting(resource_str, handle); + *preference = to_ace_preference(db_preference); + } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_get_global_resource_preference(const ace_resource_t resource, + ace_preference_t* preference) +{ + if (NULL == resource || NULL == preference) { + LogError("NULL argument(s) passed"); + return ACE_INVALID_ARGUMENTS; + } + Try { + AceDB::PreferenceTypes db_preference = + AceDB::AceDAO::getDevCapSetting(resource); + *preference = to_ace_preference(db_preference); + } Catch(AceDB::AceDAOReadOnly::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_set_widget_resource_preference(ace_widget_handle_t handle, + const ace_resource_t resource, + ace_preference_t preference) +{ + if (NULL == resource) { + LogError("NULL argument passed"); + return ACE_INVALID_ARGUMENTS; + } + Try { + AceDB::AceDAO::addResource(resource); + AceDB::PreferenceTypes db_preference = to_ace_db_preference(preference); + AceDB::AceDAO::removeWidgetDevCapSetting(resource, handle); + AceDB::AceDAO::setWidgetDevCapSetting(resource, handle, db_preference); + } Catch(AceDB::AceDAO::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_set_global_resource_preference(const ace_resource_t resource, + ace_preference_t preference) +{ + if (NULL == resource) { + LogError("NULL argument passed"); + return ACE_INVALID_ARGUMENTS; + } + Try { + AceDB::AceDAO::addResource(resource); + AceDB::PreferenceTypes db_preference = to_ace_db_preference(preference); + AceDB::AceDAO::setDevCapSetting(resource, db_preference); + } Catch(AceDB::AceDAO::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_reset_widget_resource_settings() +{ + Try { + AceDB::AceDAO::clearWidgetDevCapSettings(); + } Catch(AceDB::AceDAO::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_reset_global_resource_settings(void) +{ + Try { + AceDB::AceDAO::clearDevCapSettings(); + } Catch(AceDB::AceDAO::Exception::DatabaseError) { + return ACE_INTERNAL_ERROR; + } + return ACE_OK; +} + +ace_return_t ace_is_private_api(const ace_resource_t resource_name, ace_bool_t* is_private_api) +{ + static const char * const private_api[] = { + "bluetooth.admin", + "bluetooth.gap", + "bluetooth.spp", + "calendar.read", + "calendar.write", + "callhistory.read", + "callhistory.write", + "contact.read", + "contact.write", + "nfc.admin", + "nfc.common", + "nfc.cardemulation", + "nfc.p2p", + "nfc.tag", + NULL + }; + + *is_private_api = ACE_TRUE; + for (int i=0; private_api[i]; ++i) + if (!strcmp(resource_name, private_api[i])) + return ACE_OK; + + *is_private_api = ACE_FALSE; + return ACE_OK; +} + diff --git a/build/CMakeLists.txt b/build/CMakeLists.txt new file mode 100644 index 0000000..a31271e --- /dev/null +++ b/build/CMakeLists.txt @@ -0,0 +1,25 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Tomasz Swierczek (t.swierczek@samsung.com) +# +ADD_SUBDIRECTORY(ace) +ADD_SUBDIRECTORY(ace_client) +ADD_SUBDIRECTORY(ace_settings) +ADD_SUBDIRECTORY(ace_install) +ADD_SUBDIRECTORY(ace_popup_validation) +ADD_SUBDIRECTORY(communication_client) +ADD_SUBDIRECTORY(wrt-security) +ADD_SUBDIRECTORY(wrt_ocsp) diff --git a/build/ace/CMakeLists.txt b/build/ace/CMakeLists.txt new file mode 100644 index 0000000..b42ab2e --- /dev/null +++ b/build/ace/CMakeLists.txt @@ -0,0 +1,31 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) +# @author Tomasz Swierczek (t.swierczek@samsung.com) +# @brief +# + +CONFIGURE_FILE(security-dao-ro.pc.in security-dao-ro.pc @ONLY) +CONFIGURE_FILE(security-dao-rw.pc.in security-dao-rw.pc @ONLY) +CONFIGURE_FILE(security.pc.in security.pc @ONLY) +INSTALL(FILES + ${CMAKE_BINARY_DIR}/build/ace/security-dao-ro.pc + ${CMAKE_BINARY_DIR}/build/ace/security-dao-rw.pc + ${CMAKE_BINARY_DIR}/build/ace/security.pc + DESTINATION + lib/pkgconfig + ) + diff --git a/build/ace/security-dao-ro.pc.in b/build/ace/security-dao-ro.pc.in new file mode 100644 index 0000000..820a4b3 --- /dev/null +++ b/build/ace/security-dao-ro.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include + +Name: ace-dao-ro +Description: ace-dao-ro +Version: @VERSION@ +Requires: dpl-efl openssl +Libs: -lace-dao-ro -L${libdir} +Cflags: -I${includedir} diff --git a/build/ace/security-dao-rw.pc.in b/build/ace/security-dao-rw.pc.in new file mode 100644 index 0000000..4268970 --- /dev/null +++ b/build/ace/security-dao-rw.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include + +Name: aco-dao-rw +Description: ace-dao-rw +Version: @VERSION@ +Requires: security-dao-ro +Libs: -lace-dao-rw -L${libdir} +Cflags: -I${includedir} diff --git a/build/ace/security.pc.in b/build/ace/security.pc.in new file mode 100644 index 0000000..9f5bd4a --- /dev/null +++ b/build/ace/security.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include + +Name: ace +Description: ace +Version: @VERSION@ +Requires: dpl-efl openssl +Libs: -lace -L${libdir} +Cflags: -I${includedir} diff --git a/build/ace_client/CMakeLists.txt b/build/ace_client/CMakeLists.txt new file mode 100644 index 0000000..b7bdaa0 --- /dev/null +++ b/build/ace_client/CMakeLists.txt @@ -0,0 +1,26 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Tomasz Swierczek (t.swierczek@samsung.com) +# @brief +# + +CONFIGURE_FILE(security-client.pc.in security-client.pc @ONLY) +INSTALL(FILES + ${CMAKE_BINARY_DIR}/build/ace_client/security-client.pc + DESTINATION + lib/pkgconfig + ) + diff --git a/build/ace_client/security-client.pc.in b/build/ace_client/security-client.pc.in new file mode 100644 index 0000000..ea166b3 --- /dev/null +++ b/build/ace_client/security-client.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include + +Name: ace-client +Description: ACE thin client library +Version: @VERSION@ +Requires: dpl-wrt-dao-ro dpl-efl dpl-event-efl dpl-dbus-efl security-dao-ro +Libs: -lace-client -L${libdir} +Cflags: -I${includedir}/ace-client -I${includedir}/ace-common diff --git a/build/ace_install/CMakeLists.txt b/build/ace_install/CMakeLists.txt new file mode 100644 index 0000000..8c0a70b --- /dev/null +++ b/build/ace_install/CMakeLists.txt @@ -0,0 +1,26 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Tomasz Swierczek (t.swierczek@samsung.com) +# @brief +# + +CONFIGURE_FILE(security-install.pc.in security-install.pc @ONLY) +INSTALL(FILES + ${CMAKE_BINARY_DIR}/build/ace_install/security-install.pc + DESTINATION + lib/pkgconfig + ) + diff --git a/build/ace_install/security-install.pc.in b/build/ace_install/security-install.pc.in new file mode 100644 index 0000000..9ddcefa --- /dev/null +++ b/build/ace_install/security-install.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include + +Name: ace-install +Description: ACE insall library to be used by installer +Version: @VERSION@ +Requires: dpl-efl dpl-dbus-efl security-dao-rw +Libs: -lace-install -L${libdir} +Cflags: -I${includedir}/ace-install -I${includedir}/ace-common diff --git a/build/ace_popup_validation/CMakeLists.txt b/build/ace_popup_validation/CMakeLists.txt new file mode 100644 index 0000000..b79c6f5 --- /dev/null +++ b/build/ace_popup_validation/CMakeLists.txt @@ -0,0 +1,26 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Tomasz Swierczek (t.swierczek@samsung.com) +# @brief +# + +CONFIGURE_FILE(security-popup-validation.pc.in security-popup-validation.pc @ONLY) +INSTALL(FILES + ${CMAKE_BINARY_DIR}/build/ace_popup_validation/security-popup-validation.pc + DESTINATION + lib/pkgconfig + ) + diff --git a/build/ace_popup_validation/security-popup-validation.pc.in b/build/ace_popup_validation/security-popup-validation.pc.in new file mode 100644 index 0000000..385b47b --- /dev/null +++ b/build/ace_popup_validation/security-popup-validation.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include + +Name: ace-popup-validation +Description: ACE popup validation library +Version: @VERSION@ +Requires: dpl-efl dpl-dbus-efl +Libs: -lace-popup-validation -L${libdir} +Cflags: -I${includedir}/ace-popup-validation -I${includedir}/ace-common diff --git a/build/ace_settings/CMakeLists.txt b/build/ace_settings/CMakeLists.txt new file mode 100644 index 0000000..b768f2f --- /dev/null +++ b/build/ace_settings/CMakeLists.txt @@ -0,0 +1,26 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Tomasz Swierczek (t.swierczek@samsung.com) +# @brief +# + +CONFIGURE_FILE(security-settings.pc.in security-settings.pc @ONLY) +INSTALL(FILES + ${CMAKE_BINARY_DIR}/build/ace_settings/security-settings.pc + DESTINATION + lib/pkgconfig + ) + diff --git a/build/ace_settings/security-settings.pc.in b/build/ace_settings/security-settings.pc.in new file mode 100644 index 0000000..1abc082 --- /dev/null +++ b/build/ace_settings/security-settings.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include + +Name: ace-settings +Description: ACE settings library +Version: @VERSION@ +Requires: +Libs: -lace-settings -lace-dao-rw -L${libdir} +Cflags: -I${includedir}/ace-settings -I${includedir}/ace-common diff --git a/build/communication_client/CMakeLists.txt b/build/communication_client/CMakeLists.txt new file mode 100644 index 0000000..4f11913 --- /dev/null +++ b/build/communication_client/CMakeLists.txt @@ -0,0 +1,26 @@ +# Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Zofia Abramowska (z.abramowska@samsung.com) +# @brief +# + +CONFIGURE_FILE(security-communication-client.pc.in security-communication-client.pc @ONLY) +INSTALL(FILES + ${CMAKE_BINARY_DIR}/build/communication_client/security-communication-client.pc + DESTINATION + lib/pkgconfig + ) + diff --git a/build/communication_client/security-communication-client.pc.in b/build/communication_client/security-communication-client.pc.in new file mode 100644 index 0000000..1b01b5f --- /dev/null +++ b/build/communication_client/security-communication-client.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include + +Name: communication-client +Description: Security communication client library +Version: @VERSION@ +Requires: dpl-efl dpl-dbus-efl +Libs: -lcommunication-client -L${libdir} +Cflags: -I${includedir}/communication-client diff --git a/build/wrt-security/CMakeLists.txt b/build/wrt-security/CMakeLists.txt new file mode 100644 index 0000000..9995265 --- /dev/null +++ b/build/wrt-security/CMakeLists.txt @@ -0,0 +1,19 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Tomasz Swierczek (t.swierczek@samsung.com) +# +CONFIGURE_FILE(security-core.pc.in security-core.pc @ONLY) +INSTALL(FILES ${CMAKE_BINARY_DIR}/build/wrt-security/security-core.pc DESTINATION lib/pkgconfig) diff --git a/build/wrt-security/security-core.pc.in b/build/wrt-security/security-core.pc.in new file mode 100644 index 0000000..7f63cc5 --- /dev/null +++ b/build/wrt-security/security-core.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include/wrt-security + +Name: wrt-security +Description: wrt-security +Version: @VERSION@ +Requires: dpl-efl dpl-wrt-dao-rw dpl-dbus-efl +Libs: -L${libdir} -ldpl-dbus-efl +Cflags: -I${includedir} diff --git a/build/wrt_ocsp/CMakeLists.txt b/build/wrt_ocsp/CMakeLists.txt new file mode 100644 index 0000000..7b1bf5f --- /dev/null +++ b/build/wrt_ocsp/CMakeLists.txt @@ -0,0 +1,26 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Zofia Abramowska (z.abramowska@samsung.com) +# @brief +# + +CONFIGURE_FILE(security-wrt-ocsp.pc.in security-wrt-ocsp.pc @ONLY) +INSTALL(FILES + ${CMAKE_BINARY_DIR}/build/wrt_ocsp/security-wrt-ocsp.pc + DESTINATION + lib/pkgconfig + ) + diff --git a/build/wrt_ocsp/security-wrt-ocsp.pc.in b/build/wrt_ocsp/security-wrt-ocsp.pc.in new file mode 100644 index 0000000..2fb4258 --- /dev/null +++ b/build/wrt_ocsp/security-wrt-ocsp.pc.in @@ -0,0 +1,11 @@ +prefix=@CMAKE_INSTALL_PREFIX@ +exec_prefix=${prefix} +libdir=${prefix}/lib +includedir=${prefix}/include + +Name: wrt-ocsp +Description: WRT OCSP library to be used by wrt-client +Version: @VERSION@ +Requires: dpl-efl dpl-dbus-efl +Libs: -lwrt-ocsp -L${libdir} +Cflags: -I${includedir}/wrt-ocsp diff --git a/communication_client/include/SecurityCommunicationClient.h b/communication_client/include/SecurityCommunicationClient.h new file mode 100644 index 0000000..8244c60 --- /dev/null +++ b/communication_client/include/SecurityCommunicationClient.h @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file SecurityCommunicationClient.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief This is header of class used by IPC client with implemented templates + * + */ + +/* + * This class hides implementation of specific communication types + * and enables switching between them by #defined macros. + * + * supported types : DBUS_CONNECTION + * + * IMPORTANT : Exactly ONE type MUST be defined. + * + */ + +#ifndef SECURITYCOMMUNICATIONCLIENT_H_ +#define SECURITYCOMMUNICATIONCLIENT_H_ + +#include +#include +#include +#include "SecuritySocketClient.h" +#include +#include + + +namespace WrtSecurity { +namespace Communication { +class Client +{ +public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, SecurityCommunicationClientException) + }; + + explicit Client(const std::string &intefaceName); + + + + template + void call(const char* methodName, const Args& ... args) + { + + connect(); + Try{ + #ifdef DBUS_CONNECTION + m_dbusClient->call(methodName, args...); + } Catch (DPL::DBus::Client::Exception::DBusClientException){ + #endif //DBUS_CONNECTION + #ifdef SOCKET_CONNECTION + m_socketClient->call(methodName, args...); + } Catch (SecuritySocketClient::Exception::SecuritySocketClientException){ + #endif //SOCKET_CONNECTION + LogError("Error getting response"); + disconnect(); + ReThrowMsg(Exception::SecurityCommunicationClientException, + "Error getting response"); + } + LogInfo("Call served"); + disconnect(); + } + + template + void call(std::string methodName, const Args&... args) + { + call(methodName.c_str(), args...); + } + + +private: + + void connect(); + void disconnect(); + + std::string m_interfaceName; + #ifdef DBUS_CONNECTION + std::unique_ptr m_dbusClient; + #endif + + #ifdef SOCKET_CONNECTION + std::unique_ptr m_socketClient; + #endif +}; +} // namespace Communication +} // namespace WrtSecurity + +#endif /* SECURITYCOMMUNICATIONCLIENT_H_ */ diff --git a/communication_client/src/SecurityCommunicationClient.cpp b/communication_client/src/SecurityCommunicationClient.cpp new file mode 100644 index 0000000..13b137e --- /dev/null +++ b/communication_client/src/SecurityCommunicationClient.cpp @@ -0,0 +1,89 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file SecurityCommunicationClient.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief This is implementation of class used IPC client + */ + + +#include "SecurityCommunicationClient.h" + +#ifdef DBUS_CONNECTION +#include "security_daemon_dbus_config.h" +#endif + +namespace WrtSecurity{ +namespace Communication{ + + Client::Client(const std::string& interfaceName){ + #if DBUS_CONNECTION + LogInfo("DBus create"); + Try { + m_dbusClient.reset(new DPL::DBus::Client(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(), + WrtSecurity::SecurityDaemonConfig::SERVICE_NAME(), + interfaceName)); + } Catch (DPL::DBus::Client::Exception::DBusClientException) { + LogError("Error getting connection"); + ReThrowMsg(Exception::SecurityCommunicationClientException, + "Error getting connection"); + } + if(NULL == m_dbusClient.get()){ + LogError("Couldn't get client"); + ThrowMsg(Exception::SecurityCommunicationClientException, + "Error getting client"); + } + #endif //DBUS_CONNECTION + + #ifdef SOCKET_CONNECTION + m_socketClient.reset(new SecuritySocketClient(interfaceName)); + if(NULL == m_socketClient.get()){ + LogError("Couldn't get client"); + ThrowMsg(Exception::SecurityCommunicationClientException, + "Error getting client"); + } + #endif //SOCKET_CONNECTION + LogInfo("Created communication client"); + } + + void Client::connect(){ + #ifdef SOCKET_CONNECTION + Try { + m_socketClient->connect(); + } Catch(SecuritySocketClient::Exception::SecuritySocketClientException){ + LogError("Couldn't connect"); + ReThrowMsg(Exception::SecurityCommunicationClientException, + "Error connecting"); + } + + #endif //SOCKET_CONNECTION + LogInfo("Connected"); + } + + void Client::disconnect(){ + + #ifdef SOCKET_CONNECTION + m_socketClient->disconnect(); + #endif //SOCKET_CONNECTION + LogInfo("Disconnected"); + } + + +} // namespace Communication + +} // namespace WrtSecurity + diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt new file mode 100644 index 0000000..7239cb1 --- /dev/null +++ b/etc/CMakeLists.txt @@ -0,0 +1,30 @@ + +SET(ETC_DIR ${PROJECT_SOURCE_DIR}/etc) + + INSTALL(FILES + ${ETC_DIR}/wrt_security_create_clean_db.sh + ${ETC_DIR}/wrt_security_change_policy.sh + DESTINATION /usr/bin + ) + +INSTALL(FILES + ${ETC_DIR}/schema.xsd + DESTINATION share/wrt-engine + ) + +INSTALL(FILES + ${ETC_DIR}/fingerprint_list.xsd + DESTINATION share/wrt-engine/ + ) + +INSTALL(FILES + ${ETC_DIR}/fingerprint_list.xml + DESTINATION share/wrt-engine/ + ) + +INSTALL(FILES + ${ETC_DIR}/wrt-security-daemon.sh + DESTINATION /etc/rc.d/init.d/ + ) + +ADD_SUBDIRECTORY(certificates) diff --git a/etc/certificates/CMakeLists.txt b/etc/certificates/CMakeLists.txt new file mode 100644 index 0000000..78c3dce --- /dev/null +++ b/etc/certificates/CMakeLists.txt @@ -0,0 +1,39 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file CMakeLists.txt +# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) +# @author Yunchan Cho (yunchan.cho@samsung.com) +# @version 1.0 +# @brief +# + +SET(CERT_DIR ${PROJECT_SOURCE_DIR}/etc/certificates) + +INSTALL(FILES + ${CERT_DIR}/wac.root.preproduction.pem + ${CERT_DIR}/wac.root.production.pem + ${CERT_DIR}/wac.publisherid.pem + DESTINATION /opt/share/cert-svc/certs/code-signing/wac/ + ) + + INSTALL(FILES + ${CERT_DIR}/tizen.root.preproduction.cert.pem + ${CERT_DIR}/tizen-developer-root-ca.pem + ${CERT_DIR}/tizen-distributor-root-ca-partner.pem + ${CERT_DIR}/tizen-distributor-root-ca-public.pem + ${CERT_DIR}/tizen-distributor-root-ca-partner-manufacturer.pem + ${CERT_DIR}/tizen-distributor-root-ca-partner-operator.pem + DESTINATION /opt/share/cert-svc/certs/code-signing/tizen/ + ) diff --git a/etc/certificates/orange.production.pem b/etc/certificates/orange.production.pem new file mode 100644 index 0000000..888967d --- /dev/null +++ b/etc/certificates/orange.production.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIICVTCCAb6gAwIBAgIETdzAMDANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJHQjERMA8GA1UE +CBMITm9ybWFuZHkxDTALBgNVBAcTBENBRU4xDzANBgNVBAoTBk9yYW5nZTETMBEGA1UECxMKT3Jh +bmdlTGFiczEYMBYGA1UEAxMPT3JhbmdlTGFicyBDQUVOMB4XDTExMDUyNTA4MzkxMloXDTM2MDUx +ODA4MzkxMlowbzELMAkGA1UEBhMCR0IxETAPBgNVBAgTCE5vcm1hbmR5MQ0wCwYDVQQHEwRDQUVO +MQ8wDQYDVQQKEwZPcmFuZ2UxEzARBgNVBAsTCk9yYW5nZUxhYnMxGDAWBgNVBAMTD09yYW5nZUxh +YnMgQ0FFTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAj9130ZtpXp/679/2pmFldFgjz5tN +CjLT6CEWC9yketyKgyV1c0DBMcy4PNLdOb0VxhfcNXNYoBylCp6mPj3mWRM5VSet03XA8k6/L0T4 +dYicYGaIojowhzBBfaIXnBDvMQD5kanC5CDd6HtFzQbBkN73NIdGrR/aFqNtC/wopFECAwEAATAN +BgkqhkiG9w0BAQUFAAOBgQCIjZYXTdsMCpIYENX6UyD/EM+SZBkVvoB2R8ghRZbKHOcr58ZyGvdH +i/Y0hp5zNN7bUQurEMWtIxF+s3oaYH0x9xwXCd5UEV9Y+dmD1/qlK7lfSlC7mwynHs3bhMEGOJF2 +TlDzZyVYBIT3LQjfq6G18bGHkwU3uTsxZMSgtz5LgQ== +-----END CERTIFICATE----- diff --git a/etc/certificates/tizen-developer-root-ca.pem b/etc/certificates/tizen-developer-root-ca.pem new file mode 100644 index 0000000..76c003c --- /dev/null +++ b/etc/certificates/tizen-developer-root-ca.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICnzCCAggCCQCn+GGT4zh+BjANBgkqhkiG9w0BAQUFADCBkzELMAkGA1UEBhMC +S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6 +ZW4gVGVzdCBDQTElMCMGA1UECwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBD +QTElMCMGA1UEAwwcVGl6ZW4gVGVzdCBEZXZlbG9wZXIgUm9vdCBDQTAeFw0xMjEw +MjYwOTUwMTNaFw0yMjEwMjQwOTUwMTNaMIGTMQswCQYDVQQGEwJLUjEOMAwGA1UE +CAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQKDA1UaXplbiBUZXN0IENB +MSUwIwYDVQQLDBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMSUwIwYDVQQD +DBxUaXplbiBUZXN0IERldmVsb3BlciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUA +A4GNADCBiQKBgQDWT6ZH5JyGadTUK1QmNwU8j+py4WtuElJE+4/wPFP8/KBmvvmI +rGVjhUbKXToKIo8N6C/0SLxGEWuRAIoZHhg5JVbw1Ay7smgJJHizDUAqMTmV6LI9 +yTFbBV+OlO2Dir4LVdQ/XDBiqqslr7pqXgsg1V2g7x+tOI/f3dn2kWoVZQIDAQAB +MA0GCSqGSIb3DQEBBQUAA4GBADGJYMtzUBDK+KKLZQ6zYmrKb+OWLlmEr/t/c2af +KjTKUtommcz8VeTPqrDBOwxlVPdxlbhisCYzzvwnWeZk1aeptxxU3kdW9N3/wocN +5nBzgqkkHJnj/ptqjrH2v/m0Z3hBuI4/akHIIfCBF8mUHwqcxYsRdcCIrkgp2Aiv +bSaM +-----END CERTIFICATE----- diff --git a/etc/certificates/tizen-distributor-root-ca-partner-manufacturer.pem b/etc/certificates/tizen-distributor-root-ca-partner-manufacturer.pem new file mode 100644 index 0000000..c504d7a --- /dev/null +++ b/etc/certificates/tizen-distributor-root-ca-partner-manufacturer.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC1DCCAj2gAwIBAgIJAJZH47dCtgPdMA0GCSqGSIb3DQEBBQUAMIGiMQswCQYD +VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK +DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0 +IENBMTcwNQYDVQQDDC5UaXplbiBQYXJ0bmVyLU1hbnVmYWN0dXJlciBEaXN0cmli +dXRvciBSb290IENBMB4XDTEyMTIxMzA1NDQxN1oXDTIyMTIxMTA1NDQxN1owgaIx +CzAJBgNVBAYTAktSMQ4wDAYDVQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAU +BgNVBAoMDVRpemVuIFRlc3QgQ0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9y +IFRlc3QgQ0ExNzA1BgNVBAMMLlRpemVuIFBhcnRuZXItTWFudWZhY3R1cmVyIERp +c3RyaWJ1dG9yIFJvb3QgQ0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJG +0gq3XrDn7W7cIH58w7hSDMVENnXLmXm4Jl5teXXrgL/BgpORracGMgm0Fmxxq/Nq +8OEI2RfmtrlN5nWGiphs3XqLHtO+BAPY1BbZS6YVZjrVXrGWdzk12zQxd6sXJMiV +B08ECQiQ0qgKFbTDSEbH/p4eyKCMG9lnrBLPHTpJAgMBAAGjEDAOMAwGA1UdEwQF +MAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAJTJYCr9GhZ1xXwvxsWLGd9XV9wixo1zk +FV2+eJZbCc4xJyOSb0cZds8fYUuzw32oyElLvPhYfAHVTHu/WlkwSshZlKdI2hCT +Iy03/Up+JNfuom8JLgF7qc3YtbuJHzoVu1jJ/akXU6y52D/J5CkYy2JSsV0KZuh2 +ZeRWlV2f1Uo= +-----END CERTIFICATE----- diff --git a/etc/certificates/tizen-distributor-root-ca-partner-operator.pem b/etc/certificates/tizen-distributor-root-ca-partner-operator.pem new file mode 100644 index 0000000..c6c09c4 --- /dev/null +++ b/etc/certificates/tizen-distributor-root-ca-partner-operator.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICzDCCAjWgAwIBAgIJAJrv22F9wyp/MA0GCSqGSIb3DQEBBQUAMIGeMQswCQYD +VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xDjAMBgNVBAcMBVN1d29uMRYwFAYDVQQK +DA1UaXplbiBUZXN0IENBMSIwIAYDVQQLDBlUaXplbiBEaXN0cmlidXRvciBUZXN0 +IENBMTMwMQYDVQQDDCpUaXplbiBQYXJ0bmVyLU9wZXJhdG9yIERpc3RyaWJ1dG9y +IFJvb3QgQ0EwHhcNMTIxMjEzMDUzOTMyWhcNMjIxMjExMDUzOTMyWjCBnjELMAkG +A1UEBhMCS1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UE +CgwNVGl6ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVz +dCBDQTEzMDEGA1UEAwwqVGl6ZW4gUGFydG5lci1PcGVyYXRvciBEaXN0cmlidXRv +ciBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9X0Hw0EfAuagg +De9h6Jtvh8Df4fyVbvLm9VNea/iVP3/qTbG8tNqoQ32lu0SwzAZBnjpvpbxzsWs9 +pSYo7Ys1fymHlu+gf+kmTGTVscBrAHWkr4O0m33x2FYfy/wmu+IImnRDYDud83rN +tjQmMO6BihN9Lb6kLiEtVIa8ITwdQwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G +CSqGSIb3DQEBBQUAA4GBAHS2M2UnfEsZf80/sT84xTcfASXgpFL/1M5HiAVpR+1O +UwLpLyqHiGQaASuADDeGEfcIqEf8gP1SzvnAZqLx9GchbOrOKRleooVFH7PRxFBS +VWJ5Fq46dJ1mCgTWSkrL6dN5j9hWCzzGfv0Wco+NAf61n9kVbCv7AScIJwQNltOy +-----END CERTIFICATE----- diff --git a/etc/certificates/tizen-distributor-root-ca-partner.pem b/etc/certificates/tizen-distributor-root-ca-partner.pem new file mode 100644 index 0000000..2be6916 --- /dev/null +++ b/etc/certificates/tizen-distributor-root-ca-partner.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICozCCAgwCCQD9IBoOxzq2hjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC +S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6 +ZW4gVGVzdCBDQTEiMCAGA1UECwwZVGl6ZW4gRGlzdHJpYnV0b3IgVGVzdCBDQTEq +MCgGA1UEAwwhVGl6ZW4gUGFydG5lciBEaXN0cmlidXRvciBSb290IENBMB4XDTEy +MTAyNjA4MTIzMVoXDTIyMTAyNDA4MTIzMVowgZUxCzAJBgNVBAYTAktSMQ4wDAYD +VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg +Q0ExIjAgBgNVBAsMGVRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0ExKjAoBgNVBAMM +IVRpemVuIFBhcnRuZXIgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEAnIBA2qQEaMzGalP0kzvwUxdCC6ybSC/fb+M9iGvt8QXp +ic2yARQB+bIhfbEu1XHwE1jCAGxKd6uT91b4FWr04YwnBPoRX4rBGIYlqo/dg+pS +rGyFjy7vfr0BOdWp2+WPlTe7SOS6bVauncrSoHxX0spiLaU5LU686BKr7YaABV0C +AwEAATANBgkqhkiG9w0BAQUFAAOBgQAX0Tcfmxcs1TUPBdr1U1dx/W/6Y4PcAF7n +DnMrR0ZNRPgeSCiVLax1bkHxcvW74WchdKIb24ZtAsFwyrsmUCRV842YHdfddjo6 +xgUu7B8n7hQeV3EADh6ft/lE8nalzAl9tALTxAmLtYvEYA7thvDoKi1k7bN48izL +gS9G4WEAUg== +-----END CERTIFICATE----- diff --git a/etc/certificates/tizen-distributor-root-ca-public.pem b/etc/certificates/tizen-distributor-root-ca-public.pem new file mode 100644 index 0000000..9b16176 --- /dev/null +++ b/etc/certificates/tizen-distributor-root-ca-public.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICozCCAgwCCQD9XW6kNg4bbjANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC +S1IxDjAMBgNVBAgMBVN1d29uMQ4wDAYDVQQHDAVTdXdvbjEWMBQGA1UECgwNVGl6 +ZW4gVGVzdCBDQTEjMCEGA1UECwwaVFRpemVuIERpc3RyaWJ1dG9yIFRlc3QgQ0Ex +KTAnBgNVBAMMIFRpemVuIFB1YmxpYyBEaXN0cmlidXRvciBSb290IENBMB4XDTEy +MTAyNjA4MDAyN1oXDTIyMTAyNDA4MDAyN1owgZUxCzAJBgNVBAYTAktSMQ4wDAYD +VQQIDAVTdXdvbjEOMAwGA1UEBwwFU3V3b24xFjAUBgNVBAoMDVRpemVuIFRlc3Qg +Q0ExIzAhBgNVBAsMGlRUaXplbiBEaXN0cmlidXRvciBUZXN0IENBMSkwJwYDVQQD +DCBUaXplbiBQdWJsaWMgRGlzdHJpYnV0b3IgUm9vdCBDQTCBnzANBgkqhkiG9w0B +AQEFAAOBjQAwgYkCgYEA8o0kPY1U9El1BbBUF1k4jCq6mH8a6MmDJdjgsz+hILAY +sPWimRTXUcW8GAUWhZWgm1Fbb49xWcasA8b4bIJabC/6hLb8uWiozzpRXyQJbe7k +//RocskRqDmFOky8ANFsCCww72/Xbq8BFK1sxlGdmOWQiGwDWBDlS2Lw1XOMqb0C +AwEAATANBgkqhkiG9w0BAQUFAAOBgQBUotZqTNFr+SNyqeZqhOToRsg3ojN1VJUa +07qdlVo5I1UObSE+UTJPJ0NtSj7OyTY7fF3E4xzUv/w8aUoabQP1erEmztY/AVD+ +phHaPytkZ/Dx+zDZ1u5e9bKm5zfY4dQs/A53zDQta5a/NkZOEF97Dj3+bzAh2bP7 +KOszlocFYw== +-----END CERTIFICATE----- diff --git a/etc/certificates/tizen.root.preproduction.cert.pem b/etc/certificates/tizen.root.preproduction.cert.pem new file mode 100644 index 0000000..bbf523b --- /dev/null +++ b/etc/certificates/tizen.root.preproduction.cert.pem @@ -0,0 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b3:cb:d1:5b:de:6e:66:95 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com + Validity + Not Before: Dec 8 10:27:32 2011 GMT + Not After : Nov 30 10:27:32 2021 GMT + Subject: C=KR, ST=Suwon, O=Samsung Electronics, OU=SLP, CN=SLP WebApp Temporary CA/emailAddress=yunchan.cho@samsung.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:cb:46:b8:94:81:b1:83:d7:29:05:2a:33:01:9e: + 66:15:f8:be:bb:95:17:dd:7a:c4:c2:f5:d9:e4:aa: + fd:c8:8d:a9:48:65:fc:3d:dc:47:d7:2a:2f:5e:c7: + 1f:22:ed:e0:98:e6:43:6d:74:82:ca:7d:22:9c:60: + 44:18:cd:ca:d6:6b:16:ca:ed:63:c9:7a:f1:00:df: + e4:6b:33:47:2f:78:75:61:d7:c9:29:3e:a9:ee:76: + dd:2e:fe:9d:e7:3c:0d:02:f4:e9:2d:46:74:49:52: + ef:a0:d6:9d:4d:08:65:ea:6b:35:72:a5:08:d8:46: + 46:03:99:7c:66:8c:60:c4:91 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03 + X509v3 Authority Key Identifier: + keyid:47:A8:8F:CD:1F:22:BA:69:85:13:55:21:2D:C2:19:2D:5F:FF:DC:03 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + c2:c4:62:f2:ec:6f:2b:05:9c:09:cc:ae:e9:77:a9:1d:66:6b: + 03:7b:01:3a:e6:29:bb:2a:b8:15:d8:a1:7d:9b:05:b4:8c:cb: + ae:c7:eb:68:c0:e3:29:c7:e7:5a:ca:1a:0c:3a:ab:91:80:4f: + 9b:36:d4:45:b4:7b:2c:ef:f3:fd:cb:84:84:85:42:3d:ec:18: + 3f:5f:9e:b1:1f:8d:0a:57:89:51:e4:eb:7e:da:e9:79:82:61: + 38:ad:ca:94:43:71:00:73:13:b9:e9:ef:bc:68:c5:ff:5e:0a: + f6:b9:2a:3d:1d:21:77:22:d0:4e:e7:ad:da:31:0b:51:fa:44: + cd:fa +-----BEGIN CERTIFICATE----- +MIIC9jCCAl+gAwIBAgIJALPL0VvebmaVMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYD +VQQGEwJLUjEOMAwGA1UECAwFU3V3b24xHDAaBgNVBAoME1NhbXN1bmcgRWxlY3Ry +b25pY3MxDDAKBgNVBAsMA1NMUDEgMB4GA1UEAwwXU0xQIFdlYkFwcCBUZW1wb3Jh +cnkgQ0ExJjAkBgkqhkiG9w0BCQEWF3l1bmNoYW4uY2hvQHNhbXN1bmcuY29tMB4X +DTExMTIwODEwMjczMloXDTIxMTEzMDEwMjczMlowgZMxCzAJBgNVBAYTAktSMQ4w +DAYDVQQIDAVTdXdvbjEcMBoGA1UECgwTU2Ftc3VuZyBFbGVjdHJvbmljczEMMAoG +A1UECwwDU0xQMSAwHgYDVQQDDBdTTFAgV2ViQXBwIFRlbXBvcmFyeSBDQTEmMCQG +CSqGSIb3DQEJARYXeXVuY2hhbi5jaG9Ac2Ftc3VuZy5jb20wgZ8wDQYJKoZIhvcN +AQEBBQADgY0AMIGJAoGBAMtGuJSBsYPXKQUqMwGeZhX4vruVF916xML12eSq/ciN +qUhl/D3cR9cqL17HHyLt4JjmQ210gsp9IpxgRBjNytZrFsrtY8l68QDf5GszRy94 +dWHXySk+qe523S7+nec8DQL06S1GdElS76DWnU0IZeprNXKlCNhGRgOZfGaMYMSR +AgMBAAGjUDBOMB0GA1UdDgQWBBRHqI/NHyK6aYUTVSEtwhktX//cAzAfBgNVHSME +GDAWgBRHqI/NHyK6aYUTVSEtwhktX//cAzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3 +DQEBBQUAA4GBAMLEYvLsbysFnAnMrul3qR1mawN7ATrmKbsquBXYoX2bBbSMy67H +62jA4ynH51rKGgw6q5GAT5s21EW0eyzv8/3LhISFQj3sGD9fnrEfjQpXiVHk637a +6XmCYTitypRDcQBzE7np77xoxf9eCva5Kj0dIXci0E7nrdoxC1H6RM36 +-----END CERTIFICATE----- diff --git a/etc/certificates/wac.publisherid.pem b/etc/certificates/wac.publisherid.pem new file mode 100644 index 0000000..758fe66 --- /dev/null +++ b/etc/certificates/wac.publisherid.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID9DCCAtygAwIBAgIOZscBAQACO65mNg72468wDQYJKoZIhvcNAQEFBQAwgZQx +CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYD +VQQLEyhQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQw +MgYDVQQDEytQcmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENB +IElJMB4XDTA2MDYwODE0MTYwMVoXDTI1MTIzMTIyNTk1OVowgZQxCzAJBgNVBAYT +AkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMTEwLwYDVQQLEyhQcmUt +UHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBMTQwMgYDVQQDEytQ +cmUtUHJvZHVjdGlvbiBUQyBUcnVzdENlbnRlciBDbGFzcyAyIENBIElJMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ewnr8E24AqXnf1Lu7w/g79Hht+W +lvWQg7cPC7685oj0htT0SmDy94uQaC3qRzBJktLKCyuniABykhdTr04rGWgzqD8n +EzcFCt5k0gF39l3ND/JL+S2YJK/f/xc884hjcLsHUU7cAd6mDlVkOszFK86DNbu0 +noz0y1y462RIOvPCjkYl/GJ5zL62bdDbgFqrWMPZ54JFG0Rj1v575ygfOd2LwOXe +xjzqfYI4JOx9frKWakPTehW+0UY5UdF0cMvHuLJie9H0vOobR4vtkenbS283b6j7 +0WCoU/BeAr4qskvMs9WwkwDquO4XnzYQDsEVgjBu4H2W0ihNUYJbRo8wtQIDAQAB +o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU +DTX6+fYyziPR1HZxViaGOj66QOYwDQYJKoZIhvcNAQEFBQADggEBALZ0pfjOfePn +D/6QDCt+cjQ5+U4eKcOlJMXrpEAlnC6oAnN1hqbOQaj44aIAbNap36E/Hl9s0Uga +c4nz73o5uPvdDmbWzNnMz6ey5NU0XXNzHxQWFdb0+Z7Cho5txoZjjynYXmyQc3RJ +rrPI+6Uej6sEv15ZGirjABza6pNJ+2NLojLyUb+8et3OCLS+wJ4qrX/5uwgL50Lt +0M2iPdZv+gjZwNmNWYIflYrSXa3ujclH+EAkkk/G1JxPzhVI3cII3y2DUZQAPCcX +XQDXIX2zJo7bYaUYJhlEeiGX17cdXMXDT1tbXKKg2mRIga1K4lknn9U/vzkjMJXL +GA38dUZRZ2Y= +-----END CERTIFICATE----- diff --git a/etc/certificates/wac.root.preproduction.pem b/etc/certificates/wac.root.preproduction.pem new file mode 100644 index 0000000..7c46a6a --- /dev/null +++ b/etc/certificates/wac.root.preproduction.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDijCCAnKgAwIBAgIOMwoBAQAuBBKsIqIni7QwDQYJKoZIhvcNAQELBQAwYDEL +MAkGA1UEBhMCR0IxJTAjBgNVBAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBM +dGQxKjAoBgNVBAMMIVdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQgVEVTVDAe +Fw0xMTAzMDMxNTA3MTlaFw0zNjAzMDMxNTA3MTlaMGAxCzAJBgNVBAYTAkdCMSUw +IwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMSowKAYDVQQDDCFX +QUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkIFRFU1QwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQC1PB3UrpAQgLSVqHRPhHqdDJsjKQe/CT9oS4lA+mI/ +vkhAvam/EvcNrNHcLVvSph+Mj0d2Y2J9wkcNW7fS3qZJXtpMNU36r7XdBk9kiYhc +PwJbckCo9Pp8YFxkuR6xV6Cc4o54mO2mumxDQ1hbwCsc5CT7yQz0FVVhCE01X6JJ +D61DvqmAzCUpehmEXthNV/s/o8fL+I2mD75p8vNDyIZHSJX59czO3PriT3tH2h+0 +tQx7NEWG70fQEU2CzcH9UngPYU7xXqNOhT9GmI/yL3HTeYGNH3i5VHrBjxeTF11t +IWSUDWQX1W0Y7TbN06XcGcuqPgjZ9xMcV7S4OiCBJz5nAgMBAAGjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQp5dzy2tJEArpT +qcQWNXG6J7y5WTANBgkqhkiG9w0BAQsFAAOCAQEAoXuyi8AjMx2yKVpss7xpVi5v +aUjcHU3AlptjNCFrXI6Bw+KJGNo8ydYlEASRd5dL/pJ6/V+UuUt9EngjUSdYOZGB +OgCeB2sJI8EZSay2LLhOCmkAxltC94Y/KRzkKqsYvNc6yvF85d+d4gbokf4APjmR +1TSlZLZsVhwfR0k0mer2rHQGE5Ljezdk7ZGeEMLdn6WFScwjo980EI0OqEoJU3on ++1TTBYudZ4o3qMgHiFwJafUJ6i3zuYbi9x86zMqeI4dJTbsTKLM0QV8vIdzI9fkV +t1tO/uBBAsNFUv8PAYwP4AFyGvyJbR4uxwxuQZKrltgjSTkPGYR14JtrGk7Y9g== +-----END CERTIFICATE----- + diff --git a/etc/certificates/wac.root.production.pem b/etc/certificates/wac.root.production.pem new file mode 100644 index 0000000..efccefd --- /dev/null +++ b/etc/certificates/wac.root.production.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIPAKTxAAEALtiV8/+rhB6+MA0GCSqGSIb3DQEBCwUAMFsx +CzAJBgNVBAYTAkdCMSUwIwYDVQQKDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMg +THRkMSUwIwYDVQQDDBxXQUMgQXBwbGljYXRpb24gU2VydmljZXMgTHRkMB4XDTEx +MDMxNDE0MDEwNFoXDTM2MDMxNDE0MDEwNFowWzELMAkGA1UEBhMCR0IxJTAjBgNV +BAoMHFdBQyBBcHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQxJTAjBgNVBAMMHFdBQyBB +cHBsaWNhdGlvbiBTZXJ2aWNlcyBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDCf6RHUPVBUY4YXYMdrmt5yO95eRCOG6vJtI9w0UM2w/2fihD5SMYa +3cCVam4j6F8FSspMIx+4CTCwdDSUixBGENwGEhD4qxqqV3KTObmxmYbELa97S1IP +qwoFelzUX6e+qHmYHi+eu/hONeiZaPBLtUtCd6ppCd5ACrD/kf/Ug/tfUtngozjG +sJ1UB10Ezi3fKs3OkkZMuecJvjWmDpRAyvIeeV8xfzeyn+DMpvhnI9RrSY0j4huE +ud6Lzzg0jV8+m54v0j7hv9klyNcGiZ+bmHr0LIyAtT+uktcms/4p3V9j01SI9Tmw +HcHKDXnM6kuThWpr6DR9KFSZ8zD2Nx5nAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBT5bKdU2+CGE17R+o/rMCZHHMn+ +WzANBgkqhkiG9w0BAQsFAAOCAQEAXmO+J5suIGuzbfYBoTdr8gahFfWEbhm1y6mJ +eZAc+Mf5L+In20p+Oj5uy6LsTmJsE9VE/+gi1eALKl9EhgYhET2ZlAzRFCN5dTWv +NTAFxJfGMkn2U5iW+luJ+lejyYBqEEFRpzwhXZbVDZQLim4CU75H75KzFkUgTulG +5M6U/Plt6S1rKgMkeYiR27W4C2NZMFXYqctt0m+eKEa3ueZE9pYUxqVcvQKSI017 +Nbc1kSkcuSKFV2Bk2T5dh5jQvywykdWLubAe6XiiC5CIT31kcSX6AlVhgNxWRRKP +QFO7lWqxnQMR2Or38ve7oSg1oL5Sx80fcbp3ovaYSKt5jnVWfg== +-----END CERTIFICATE----- + diff --git a/etc/fingerprint_list.xml b/etc/fingerprint_list.xml new file mode 100644 index 0000000..c5252f8 --- /dev/null +++ b/etc/fingerprint_list.xml @@ -0,0 +1,43 @@ + + + AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE + A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2 + C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12 + 2B:A0:20:7D:40:90:1D:00:04:89:60:00:3B:DE:34:89:21:BE:D4:4F + + + AF:90:29:D2:B2:E1:6F:D6:7E:7E:EC:8E:BE:74:FA:4C:00:9C:49:FE + C2:C4:B5:72:9A:CF:D9:72:C5:DE:C1:E1:30:FF:74:7F:7A:AF:27:12 + A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1 + 8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A + 84:A8:85:67:1C:D9:A9:C9:8C:7C:C3:BC:7F:EB:A6:7D:44:94:D9:8F + + + 4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38 + + + + + 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85 + 04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE + 2A:74:E8:CF:9E:0F:C3:D9:80:48:8B:E7:86:F7:83:49:91:11:E1:E0 + B0:5F:40:43:71:1F:11:BC:9A:6A:62:FA:DA:92:54:79:92:16:11:DF + AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E + FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD + + + FE:11:C7:FB:38:2E:90:3A:F4:41:80:EE:28:40:61:C2:56:7D:0B:BD + + + 04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE + + + 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85 + + + B0:5F:40:43:71:1F:11:BC:9A:6A:62:FA:DA:92:54:79:92:16:11:DF + + + 2A:74:E8:CF:9E:0F:C3:D9:80:48:8B:E7:86:F7:83:49:91:11:E1:E0 + + diff --git a/etc/fingerprint_list.xsd b/etc/fingerprint_list.xsd new file mode 100644 index 0000000..b0fab23 --- /dev/null +++ b/etc/fingerprint_list.xsd @@ -0,0 +1,21 @@ + + + + + + + + + + + + + + + + + + + + + diff --git a/etc/schema.xsd b/etc/schema.xsd new file mode 100644 index 0000000..8028f3e --- /dev/null +++ b/etc/schema.xsd @@ -0,0 +1,415 @@ + + + + + + ]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/etc/wrt-security-daemon.sh b/etc/wrt-security-daemon.sh new file mode 100755 index 0000000..57ae37b --- /dev/null +++ b/etc/wrt-security-daemon.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +/usr/bin/wrt-security-daemon & +set_pmon -p wrt-security-daemon diff --git a/etc/wrt_security_change_policy.sh b/etc/wrt_security_change_policy.sh new file mode 100644 index 0000000..b54bc9d --- /dev/null +++ b/etc/wrt_security_change_policy.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +#Uncomment this when IPC is set to DBus +#dbus-send --system --print-reply --dest=org.tizen.SecurityDaemon /org/tizen/SecurityDaemon org.tizen.AceCheckAccessInterface.update_policy + +#Uncomment this when IPC is set to sockets +echo "delete from AcePolicyResult where 1==1;" | sqlite3 /opt/dbspace/.ace.db +echo "delete from AceAttribute where 1==1;" | sqlite3 /opt/dbspace/.ace.db +echo "delete from AcePromptDecision where 1==1;" | sqlite3 /opt/dbspace/.ace.db +pkill -9 wrt-security +sleep 3 + diff --git a/etc/wrt_security_create_clean_db.sh b/etc/wrt_security_create_clean_db.sh new file mode 100644 index 0000000..ead4467 --- /dev/null +++ b/etc/wrt_security_create_clean_db.sh @@ -0,0 +1,31 @@ +#!/bin/sh +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +for name in ace +do + rm -f /opt/dbspace/.$name.db + rm -f /opt/dbspace/.$name.db-journal + SQL="PRAGMA journal_mode = PERSIST;" + sqlite3 /opt/dbspace/.$name.db "$SQL" + SQL=".read /usr/share/wrt-engine/"$name"_db.sql" + sqlite3 /opt/dbspace/.$name.db "$SQL" + touch /opt/dbspace/.$name.db-journal + chown 0:6026 /opt/dbspace/.$name.db + chown 0:6026 /opt/dbspace/.$name.db-journal + chmod 660 /opt/dbspace/.$name.db + chmod 660 /opt/dbspace/.$name.db-journal +done + + diff --git a/mockups/AceDAOReadOnly_mock.cpp b/mockups/AceDAOReadOnly_mock.cpp new file mode 100644 index 0000000..9a463d8 --- /dev/null +++ b/mockups/AceDAOReadOnly_mock.cpp @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 0.1 + * @brief ACE DAO read only mockup class + */ +#include "AceDAOReadOnly_mock.h" + +namespace AceDB { +OptionalExtendedPolicyResult AceDAOReadOnly::m_policyResult = ExtendedPolicyResult(); +OptionalCachedPromptDecision AceDAOReadOnly::m_promptDecision = + OptionalCachedPromptDecision(); +PreferenceTypes AceDAOReadOnly::m_devCapSetting = + PreferenceTypes::PREFERENCE_DEFAULT; +PreferenceTypes AceDAOReadOnly::m_widgetDevCapSetting = + PreferenceTypes::PREFERENCE_DEFAULT; +PreferenceTypesMap AceDAOReadOnly::m_devCapSettings = PreferenceTypesMap(); +BaseAttributeSet AceDAOReadOnly::m_attributeSet = BaseAttributeSet(); +BasePermissionList AceDAOReadOnly::m_widgetDevCapSettings = BasePermissionList(); +RequestedDevCapsMap AceDAOReadOnly::m_devCapPermissions = + RequestedDevCapsMap(); +FeatureNameVector AceDAOReadOnly::m_featureName; +std::string AceDAOReadOnly::m_guid = std::string(); +}; diff --git a/mockups/AceDAOReadOnly_mock.h b/mockups/AceDAOReadOnly_mock.h new file mode 100644 index 0000000..b28b304 --- /dev/null +++ b/mockups/AceDAOReadOnly_mock.h @@ -0,0 +1,187 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 0.1 + * @brief ACE DAO read only mockup class + */ + +#ifndef WRT_MOCKUPS_ACE_DAO_READ_ONLY_MOCK_H_ +#define WRT_MOCKUPS_ACE_DAO_READ_ONLY_MOCK_H_ + +#include +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +namespace AceDB { + +typedef std::map RequestedDevCapsMap; +typedef DPL::String FeatureName; +typedef std::vector FeatureNameVector; + +class AceDAOReadOnly +{ + public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, DatabaseError) + }; + + AceDAOReadOnly() {} + + static void attachToThreadRO(){}; + static void attachToThreadRW(){}; + static void detachFromThread(){}; + + // policy effect/decision + static OptionalExtendedPolicyResult getPolicyResult( + const BaseAttributeSet &/*attributes*/) + { + return m_policyResult; + } + + // prompt decision + static OptionalCachedPromptDecision getPromptDecision( + WidgetHandle /*widgetHandle*/, + int /*hash*/) + { + return m_promptDecision; + } + + // resource settings + static PreferenceTypes getDevCapSetting(const std::string &/*resource*/) + { + return m_devCapSetting; + } + static void getDevCapSettings(PreferenceTypesMap *preferences) + { + *preferences = m_devCapSettings; + } + + // user settings + static void getWidgetDevCapSettings(BasePermissionList *permissions) + { + *permissions = m_widgetDevCapSettings; + } + + static PreferenceTypes getWidgetDevCapSetting( + const std::string &/*resource*/, + WidgetHandle /*handler*/) + { + return m_widgetDevCapSetting; + } + + static void getAttributes(BaseAttributeSet *attributes) + { + *attributes = m_attributeSet; + } + + static void getRequestedDevCaps( + int /*widgetHandle*/, + RequestedDevCapsMap *permissions) + { + *permissions = m_devCapPermissions; + } + + // Setting return values for mockups + static void setPolicyResult(OptionalExtendedPolicyResult value) + { + m_policyResult = value; + } + + static void setPromptDecision(OptionalCachedPromptDecision value) + { + m_promptDecision = value; + } + + static void setDevCapSetting(PreferenceTypes value) + { + m_devCapSetting = value; + } + + static void setWidgetDevCapSetting(PreferenceTypes value) + { + m_widgetDevCapSetting = value; + } + + static void setWidgetDevCapSettings(BasePermissionList value) + { + m_widgetDevCapSettings = value; + } + + static void setDevCapSettings(PreferenceTypesMap value) + { + m_devCapSettings = value; + } + + static void setAttributeSet(BaseAttributeSet value) + { + m_attributeSet = value; + } + + static void setDevCapPermissions(RequestedDevCapsMap value) + { + m_devCapPermissions = value; + } + + static void getAcceptedFeature( + WidgetHandle /* widgetHandle */, + FeatureNameVector *featureVector) + { + *featureVector = m_featureName; + } + + static void setAcceptedFeature(const FeatureNameVector &fvector) + { + m_featureName = fvector; + } + + static std::string getGUID(const WidgetHandle& handle) + { + return m_guid; + } + + protected: + static OptionalExtendedPolicyResult m_policyResult; + static OptionalCachedPromptDecision m_promptDecision; + static PreferenceTypes m_devCapSetting; + static PreferenceTypes m_widgetDevCapSetting; + static PreferenceTypesMap m_devCapSettings; + static BaseAttributeSet m_attributeSet; + static BasePermissionList m_widgetDevCapSettings; + static RequestedDevCapsMap m_devCapPermissions; + static FeatureNameVector m_featureName; + static std::string m_guid; +}; + +} + +#endif // WRT_MOCKUPS_ACE_DAO_READ_ONLY_MOCK_H_ diff --git a/mockups/PolicyInformationPoint_mock.h b/mockups/PolicyInformationPoint_mock.h new file mode 100644 index 0000000..07ced18 --- /dev/null +++ b/mockups/PolicyInformationPoint_mock.h @@ -0,0 +1,32 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief PolicyInformationPoint mockup class + */ +#ifndef WRT_MOCKUPS_POLICY_INFORMATION_POINT_MOCK_H_ +#define WRT_MOCKUPS_POLICY_INFORMATION_POINT_MOCK_H_ + +class PolicyInformationPoint { + public: + PolicyInformationPoint(void*, void*, void*){}; + virtual ~PolicyInformationPoint(){}; + void getAttributesValues(void*, void*){}; + +}; + +#endif // WRT_MOCKUPS_POLICY_INFORMATION_POINT_MOCK_H_ diff --git a/mockups/communication_client_mock.cpp b/mockups/communication_client_mock.cpp new file mode 100644 index 0000000..bb75880 --- /dev/null +++ b/mockups/communication_client_mock.cpp @@ -0,0 +1,28 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief DBus client mockup class. + */ +#include "communication_client_mock.h" + +namespace WrtSecurity { +namespace Communication { + int Client::m_checkAccessResult = 0; + bool Client::m_validationResult = true; +} +}; diff --git a/mockups/communication_client_mock.h b/mockups/communication_client_mock.h new file mode 100644 index 0000000..457fd0e --- /dev/null +++ b/mockups/communication_client_mock.h @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief DBus client mockup class. + */ + +#ifndef WRT_MOCKUPS_DBUS_CLIENT_MOCK_H_ +#define WRT_MOCKUPS_DBUS_CLIENT_MOCK_H_ + +#include +#include + +#include +#include +#include "ace_server_api.h" +#include "popup_response_server_api.h" + +namespace WrtSecurity { +namespace Communication { + +/* + * This class is a mockup implementation for some methods called + * with DBus::Client. + */ + +class Client +{ + + public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, SecurityCommunicationClientException) + }; + + Client(std::string /*interfaceName*/) + { + } + + // ACE server api check access method + void call(const std::string &methodName, + int, + const std::string&, + const std::string&, + const std::vector&, + const std::vector&, + const std::string&, + int* outArg) + { + if (methodName == WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD()) { + Assert(NULL != outArg); + *outArg = m_checkAccessResult; + return; + } + } + + void call(const std::string &methodName, + bool, + int, + int, + const std::string&, + const std::string&, + const std::vector&, + const std::vector&, + const std::string&, + bool* outArg) + { + if (methodName == WrtSecurity::PopupServerApi::VALIDATION_METHOD()) { + Assert(NULL != outArg); + *outArg = m_validationResult; + return; + } + } + + + ~Client() + { + } + + static void setCheckAccessResult(int value) + { + m_checkAccessResult = value; + } + + static void setValidationResult(bool value) + { + m_validationResult = value; + } + + private: + static int m_checkAccessResult; + static bool m_validationResult; +}; + +} // namespace DBus +} + +#endif // WRT_MOCKUPS_DBUS_CLIENT_MOCK_H_ diff --git a/packaging/wrt-security-daemon.service b/packaging/wrt-security-daemon.service new file mode 100644 index 0000000..ff062c3 --- /dev/null +++ b/packaging/wrt-security-daemon.service @@ -0,0 +1,9 @@ + +[Unit] +Description=Wrt security daemon + +[Service] +ExecStart=/usr/bin/wrt-security-daemon + +[Install] +WantedBy=multi-user.target diff --git a/packaging/wrt-security.manifest b/packaging/wrt-security.manifest new file mode 100644 index 0000000..442cac0 --- /dev/null +++ b/packaging/wrt-security.manifest @@ -0,0 +1,12 @@ + + + + + + + + + + diff --git a/packaging/wrt-security.spec b/packaging/wrt-security.spec index 30b8750..db9c786 100644 --- a/packaging/wrt-security.spec +++ b/packaging/wrt-security.spec @@ -1,11 +1,163 @@ +#sbs-git:slp/pkgs/s/security-server security-server 0.0.37 Name: wrt-security -Summary: This repository will be abandoned. -Version: 0.0.44 -Release: 1 -Group: Development/Libraries +Summary: Wrt security daemon. +Version: 0.0.61 +Release: 2 +Group: TO_BE/FILLED_IN License: Apache License, Version 2.0 URL: N/A Source0: %{name}-%{version}.tar.gz +Source1: wrt-security.manifest +Source2: wrt-security-daemon.service +BuildRequires: cmake +BuildRequires: zip +BuildRequires: pkgconfig(dlog) +BuildRequires: pkgconfig(openssl) +BuildRequires: libattr-devel +BuildRequires: pkgconfig(libsmack) +BuildRequires: pkgconfig(dbus-1) +BuildRequires: pkgconfig(dpl-efl) +BuildRequires: pkgconfig(dpl-utils-efl) +BuildRequires: pkgconfig(dpl-dbus-efl) +BuildRequires: pkgconfig(libpcrecpp) +BuildRequires: pkgconfig(icu-i18n) +BuildRequires: pkgconfig(libsoup-2.4) +BuildRequires: pkgconfig(xmlsec1) %description -This repository will be abandoned. +Wrt security daemon and utilities. + +%package -n wrt-security-devel +Summary: Header files for client libraries. +Group: Development/Libraries +Requires: wrt-security = %{version}-%{release} + +%description -n wrt-security-devel +Developer files for client libraries. + +%package -n security-server-certs +Summary: Certificates for web applications. +Group: Development/Libraries +Requires: security-server + +%description -n security-server-certs +Certificates for wrt. + +%prep +%setup -q + +%build +export LDFLAGS+="-Wl,--rpath=%{_prefix}/lib" + +cmake . -DCMAKE_INSTALL_PREFIX=%{_prefix} \ + -DDPL_LOG="ON" \ + -DVERSION=%{version} \ + -DCMAKE_BUILD_TYPE=%{?build_type:%build_type} +make %{?jobs:-j%jobs} + + +%install +rm -rf %{buildroot} +mkdir -p %{buildroot}/usr/share/license +cp LICENSE %{buildroot}/usr/share/license/%{name} +%make_install +install -D %{SOURCE1} %{buildroot}%{_datadir}/wrt-security.manifest + +mkdir -p %{buildroot}/etc/rc.d/rc3.d +mkdir -p %{buildroot}/etc/rc.d/rc5.d +ln -sf /etc/rc.d/init.d/wrt-security-daemon.sh %{buildroot}/etc/rc.d/rc3.d/S10wrt-security-daemon +ln -sf /etc/rc.d/init.d/wrt-security-daemon.sh %{buildroot}/etc/rc.d/rc5.d/S10wrt-security-daemon + +mkdir -p %{buildroot}%{_libdir}/systemd/system/multi-user.target.wants +install -m 0644 %{SOURCE2} %{buildroot}%{_libdir}/systemd/system/wrt-security-daemon.service +ln -sf /usr/lib/systemd/system/wrt-security-daemon.service %{buildroot}%{_libdir}/systemd/system/multi-user.target.wants/wrt-security-daemon.service + +%clean +rm -rf %{buildroot} + +%post +if [ -z ${2} ]; then + echo "This is new install of wrt-security" + echo "Calling /usr/bin/wrt_security_create_clean_db.sh" + /usr/bin/wrt_security_create_clean_db.sh +else + # Find out old and new version of databases + ACE_OLD_DB_VERSION=`sqlite3 /opt/dbspace/.ace.db ".tables" | grep "DB_VERSION_"` + ACE_NEW_DB_VERSION=`cat /usr/share/wrt-engine/ace_db.sql | tr '[:blank:]' '\n' | grep DB_VERSION_` + echo "OLD ace database version ${ACE_OLD_DB_VERSION}" + echo "NEW ace database version ${ACE_NEW_DB_VERSION}" + + if [ ${ACE_OLD_DB_VERSION} -a ${ACE_NEW_DB_VERSION} ] + then + if [ ${ACE_NEW_DB_VERSION} = ${ACE_OLD_DB_VERSION} ] + then + echo "Equal database detected so db installation ignored" + else + echo "Calling /usr/bin/wrt_security_create_clean_db.sh" + /usr/bin/wrt_security_create_clean_db.sh + fi + else + echo "Calling /usr/bin/wrt_security_create_clean_db.sh" + /usr/bin/wrt_security_create_clean_db.sh + fi +fi + +/sbin/ldconfig +echo "[WRT] wrt-security postinst done ..." + +%postun +/sbin/ldconfig + +%files -n wrt-security +%manifest %{_datadir}/wrt-security.manifest +%defattr(-,root,root,-) +%attr(755,root,root) /usr/bin/wrt-security-daemon +%{_libdir}/libace*.so +%{_libdir}/libace*.so.* +%{_libdir}/libwrt-ocsp.so +%{_libdir}/libwrt-ocsp.so.* +/usr/share/wrt-engine/* +%attr(755,root,root) %{_bindir}/wrt_security_create_clean_db.sh +%attr(755,root,root) %{_bindir}/wrt_security_change_policy.sh +%attr(664,root,root) %{_datadir}/dbus-1/services/* +%attr(664,root,root) /usr/etc/ace/bondixml* +%attr(664,root,root) /usr/etc/ace/UnrestrictedPolicy.xml +%attr(664,root,root) /usr/etc/ace/WAC2.0Policy.xml +%attr(664,root,root) /usr/etc/ace/TizenPolicy.xml +%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.publisherid.pem +%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen.root.preproduction.cert.pem +%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.root.production.pem +%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/wac/wac.root.preproduction.pem +%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen-developer-root-ca.pem +%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-partner.pem +%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-public.pem +%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-partner-manufacturer.pem +%attr(664,root,root) /opt/share/cert-svc/certs/code-signing/tizen/tizen-distributor-root-ca-partner-operator.pem +%{_datadir}/license/%{name} +/etc/rc.d/init.d/wrt-security-daemon.sh +%attr(755,root,root) /etc/rc.d/init.d/wrt-security-daemon.sh +/etc/rc.d/rc3.d/S10wrt-security-daemon +/etc/rc.d/rc5.d/S10wrt-security-daemon +%{_libdir}/systemd/* + +%files -n wrt-security-devel +%defattr(-,root,root,-) +%{_includedir}/wrt-security/* +%{_includedir}/ace/* +%{_includedir}/ace-client/* +%{_includedir}/ace-settings/* +%{_includedir}/ace-install/* +%{_includedir}/ace-common/* +%{_includedir}/ace-popup-validation/* +%{_includedir}/wrt-ocsp/* +%{_libdir}/pkgconfig/security-client.pc +%{_libdir}/pkgconfig/security-communication-client.pc +%{_libdir}/pkgconfig/security-core.pc +%{_libdir}/pkgconfig/security-dao-ro.pc +%{_libdir}/pkgconfig/security-dao-rw.pc +%{_libdir}/pkgconfig/security-install.pc +%{_libdir}/pkgconfig/security-popup-validation.pc +%{_libdir}/pkgconfig/security-settings.pc +%{_libdir}/pkgconfig/security-wrt-ocsp.pc +%{_libdir}/pkgconfig/security.pc + diff --git a/socket_connection/client/SecuritySocketClient.cpp b/socket_connection/client/SecuritySocketClient.cpp new file mode 100644 index 0000000..6ad4a7b --- /dev/null +++ b/socket_connection/client/SecuritySocketClient.cpp @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file SecuritySocketClient.cpp + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Implemtation of socket client class. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "SecuritySocketClient.h" +#include "security_daemon_socket_config.h" + +void SecuritySocketClient::throwWithErrnoMessage(const std::string& specificInfo){ + LogError(specificInfo << " : " << strerror(errno)); + ThrowMsg(Exception::SecuritySocketClientException, specificInfo << " : " << strerror(errno)); +} + +SecuritySocketClient::SecuritySocketClient(const std::string& interfaceName) { + m_interfaceName = interfaceName; + m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS(); + LogInfo("Client created"); +} + +void SecuritySocketClient::connect(){ + struct sockaddr_un remote; + if(-1 == (m_socketFd = socket(AF_UNIX, SOCK_STREAM,0))){ + throwWithErrnoMessage("socket()"); + } + + //socket needs to be nonblocking, because read can block after select + int flags; + if (-1 == (flags = fcntl(m_socketFd, F_GETFL, 0))) + flags = 0; + if(-1 == (fcntl(m_socketFd, F_SETFL, flags | O_NONBLOCK))){ + throwWithErrnoMessage("fcntl"); + } + + bzero(&remote, sizeof(remote)); + remote.sun_family = AF_UNIX; + strcpy(remote.sun_path, m_serverAddress.c_str()); + if(-1 == ::connect(m_socketFd, (struct sockaddr *)&remote, SUN_LEN(&remote))){ + throwWithErrnoMessage("connect()"); + } + + m_socketConnector.reset(new SocketConnection(m_socketFd)); + + LogInfo("Client connected"); +} + +void SecuritySocketClient::disconnect(){ + //Socket should be already closed by server side, + //even though we should close it in case of any errors + close(m_socketFd); + LogInfo("Client disconnected"); +} diff --git a/socket_connection/client/SecuritySocketClient.h b/socket_connection/client/SecuritySocketClient.h new file mode 100644 index 0000000..7d4bc95 --- /dev/null +++ b/socket_connection/client/SecuritySocketClient.h @@ -0,0 +1,142 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file SecuritySocketClient.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Header of socket client class. + */ + +#ifndef SECURITYSOCKETCLIENT_H_ +#define SECURITYSOCKETCLIENT_H_ + +#include +#include +#include +#include "SocketConnection.h" + +/* IMPORTANT: + * Methods connect(), call() and disconnected() should be called one by one. + * Between connect() and disconnect() you can use call() only once. + * It is because of timeout on call, e.g. to avoid waiting for corrupted data. + */ + +/* USAGE: + * Class should be used according to this scheme: + * SecuritySocketClient client("Interface Name"); + * (...) + * client.connect(); + * client.call("Method name", in_arg1, in_arg2, ..., in_argN, + * out_arg1, out_arg2, ..., out_argM); + * client.disconnect(); + * (...) + * + * input parameters of the call are passed with reference, + * output ones are passed as pointers - parameters MUST be passed this way. + * + * Currently client supports serialization and deserialization of simple types + * (int, char, float, unsigned), strings (std::string and char*) and + * some STL containers (std::vector, std::list, std::map, std::pair). + * Structures and classes are not (yet) supported. + */ + +class SecuritySocketClient { +public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, SecuritySocketClientException) + }; + + SecuritySocketClient(const std::string &interfaceName); + void connect(); + void disconnect(); + + void call(std::string methodName){ + make_call(m_interfaceName); + make_call(methodName); + } + + template + void call(std::string methodName, const Args&... args){ + make_call(m_interfaceName); + make_call(methodName); + make_call(args...); + } + +private: + template + void make_call(const T& invalue, const Args&... args){ + make_call(invalue); + make_call(args...); + } + + template + void make_call(const T& invalue){ + Try { + m_socketConnector->write(invalue); + } + Catch (SocketConnection::Exception::SocketConnectionException){ + LogError("Socket connection write error"); + ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error"); + } + } + + template + void make_call(const T* invalue, const Args&... args){ + make_call(invalue); + make_call(args...); + } + + template + void make_call(const T* invalue){ + Try { + m_socketConnector->write(invalue); + } + Catch (SocketConnection::Exception::SocketConnectionException){ + LogError("Socket connection write error"); + ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection write error"); + } + } + + template + void make_call(T * outvalue, const Args&... args){ + make_call(outvalue); + make_call(args...); + } + + template + void make_call(T* outvalue){ + Try { + m_socketConnector->read(outvalue); + } + Catch (SocketConnection::Exception::SocketConnectionException){ + LogError("Socket connection read error"); + ReThrowMsg(Exception::SecuritySocketClientException,"Socket connection read error"); + } + } + + +private: + void throwWithErrnoMessage(const std::string& specificInfo); + std::string m_serverAddress; + std::string m_interfaceName; + std::unique_ptr m_socketConnector; + int m_socketFd; +}; + +#endif /* SECURITYSOCKETCLIENT_H_ */ diff --git a/socket_connection/connection/SocketConnection.cpp b/socket_connection/connection/SocketConnection.cpp new file mode 100644 index 0000000..f504bae --- /dev/null +++ b/socket_connection/connection/SocketConnection.cpp @@ -0,0 +1,30 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file SocketConnection.cpp + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + */ + +#include "SocketConnection.h" + +// +// Note: +// +// The file here is left blank to enable precompilation +// of templates in corresponding header file. +// Do not remove this file. +// diff --git a/socket_connection/connection/SocketConnection.h b/socket_connection/connection/SocketConnection.h new file mode 100644 index 0000000..a11b588 --- /dev/null +++ b/socket_connection/connection/SocketConnection.h @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file SocketConnection.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief This file is a header of Socket Connection class with implemented templates + */ + +#ifndef SOCKETCONNECTION_H_ +#define SOCKETCONNECTION_H_ + +#include +#include +#include +#include "SocketStream.h" + +/* + * This class implements interface for generic read and write from given socket. + * It does not maintain socket descriptor, so any connecting and disconnecting should be + * done above calls to this class. + */ + +/* + * Throws SocketConnectionException when read/write will not succeed or if any bad allocation + * exception occurs during read. + */ + +class SocketConnection { + +public: + + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, SocketConnectionException) + }; + + explicit SocketConnection(int socket_fd) : m_socketStream(socket_fd){ + LogInfo("Created"); + } + + template + void read(T* out, const Args&... args ){ + read(out); + read(args...); + } + + template + void read(T* out){ + Try { + DPL::Deserialization::Deserialize(m_socketStream, *out); + } + + Catch (std::bad_alloc){ + LogError("Bad allocation error"); + ThrowMsg(Exception::SocketConnectionException, "Bad allocation error"); + } + + Catch (SocketStream::Exception::SocketStreamException) { + LogError("Socket stream error"); + ReThrowMsg(Exception::SocketConnectionException, "Socket stream error"); + } + } + + template + void write(const T& in, const Args&... args){ + write(in); + write(args...); + } + + template + void write(const T& in){ + Try { + DPL::Serialization::Serialize(m_socketStream, in); + } Catch (SocketStream::Exception::SocketStreamException) { + LogError("Socket stream error"); + ReThrowMsg(Exception::SocketConnectionException, "Socket stream error"); + } + } + + template + void write(const T* in, const Args&... args){ + write(in); + write(args...); + } + + template + void write(const T* in){ + Try { + DPL::Serialization::Serialize(m_socketStream, in); + } Catch (SocketStream::Exception::SocketStreamException) { + LogError("Socket stream error"); + ReThrowMsg(Exception::SocketConnectionException, "Socket stream error"); + } + } + +private: + SocketStream m_socketStream; +}; + +#endif /* SOCKETCONNECTION_H_ */ diff --git a/socket_connection/connection/SocketStream.cpp b/socket_connection/connection/SocketStream.cpp new file mode 100644 index 0000000..73abedf --- /dev/null +++ b/socket_connection/connection/SocketStream.cpp @@ -0,0 +1,167 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file SocketStream.cpp + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Implementation of socket stream class + */ + + +#include +#include +#include +#include +#include +#include +#include "SocketStream.h" + +#define READ_TIEMOUT_SEC 1 +#define READ_TIMEUOT_NSEC 0 +#define WRITE_TIMEOUT_SEC 0 +#define WRITE_TIMEOUT_NSEC 100000000 +#define MAX_BUFFER 10240 + +void SocketStream::throwWithErrnoMessage(std::string function_name){ + LogError(function_name << " : " << strerror(errno)); + ThrowMsg(Exception::SocketStreamException, function_name << " : " << strerror(errno)); +} + +void SocketStream::Read(size_t num, void * bytes){ + + if(NULL == bytes){ + LogError("Null pointer to buffer"); + ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer"); + } + + m_bytesRead += num; + + if(m_bytesRead > MAX_BUFFER){ + LogError("Too big buffer requested!"); + ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!"); + } + + char part_buffer[MAX_BUFFER]; + std::string whole_buffer; + + fd_set rset, allset; + int max_fd; + ssize_t bytes_read = 0, bytes_to_read = (ssize_t) num; + + timespec timeout; + + max_fd = m_socketFd; + ++max_fd; + + FD_ZERO(&allset); + FD_SET(m_socketFd, &allset); + + int returned_value; + + while(bytes_to_read != 0){ + timeout.tv_sec = READ_TIEMOUT_SEC; + timeout.tv_nsec = READ_TIMEUOT_NSEC; + rset = allset; + + if(-1 == (returned_value = pselect(max_fd, &rset, NULL, NULL, &timeout, NULL))){ + if(errno == EINTR) continue; + throwWithErrnoMessage("pselect()"); + } + if(0 == returned_value){ + //This means pselect got timedout + //This is not a proper behavior in reading data from UDS + //And could mean we got corrupted connection + LogError("Couldn't read whole data"); + ThrowMsg(Exception::SocketStreamException, "Couldn't read whole data"); + } + if(FD_ISSET(m_socketFd, &rset)){ + bytes_read = read(m_socketFd, part_buffer, num); + if(bytes_read <= 0){ + if(errno == ECONNRESET || errno == ENOTCONN || errno == ETIMEDOUT){ + LogInfo("Connection closed : " << strerror(errno)); + ThrowMsg(Exception::SocketStreamException, + "Connection closed : " << strerror(errno) << ". Couldn't read whole data"); + }else if (errno != EAGAIN && errno != EWOULDBLOCK){ + throwWithErrnoMessage("read()"); + } + } + + whole_buffer.append(part_buffer, bytes_read); + bytes_to_read-=bytes_read; + bytes_read = 0; + continue; + } + + } + memcpy(bytes, whole_buffer.c_str(), num); +} + +void SocketStream::Write(size_t num, const void * bytes){ + + if(NULL == bytes){ + LogError("Null pointer to buffer"); + ThrowMsg(Exception::SocketStreamException, "Null pointer to buffer"); + } + + m_bytesWrote += num; + + if(m_bytesWrote > MAX_BUFFER){ + LogError("Too big buffer requested!"); + ThrowMsg(Exception::SocketStreamException, "Too big buffer requested!"); + } + + fd_set wset, allset; + int max_fd; + + timespec timeout; + + max_fd = m_socketFd; + ++max_fd; + + FD_ZERO(&allset); + FD_SET(m_socketFd, &allset); + + int returned_value; + + int write_res, bytes_to_write = num; + unsigned int current_offset = 0; + + while(current_offset != num){ + timeout.tv_sec = WRITE_TIMEOUT_SEC; + timeout.tv_nsec = WRITE_TIMEOUT_NSEC; + wset = allset; + + if(-1 == (returned_value = pselect(max_fd, NULL, &wset, NULL, &timeout, NULL))){ + if(errno == EINTR) continue; + throwWithErrnoMessage("pselect()"); + } + + if(FD_ISSET(m_socketFd, &wset)){ + if(-1 == (write_res = write(m_socketFd, reinterpret_cast(bytes) + current_offset, bytes_to_write))){ + if(errno == ECONNRESET || errno == EPIPE){ + LogInfo("Connection closed : " << strerror(errno)); + ThrowMsg(Exception::SocketStreamException, + "Connection closed : " << strerror(errno) << ". Couldn't write whole data"); + + }else if(errno != EAGAIN && errno != EWOULDBLOCK){ + throwWithErrnoMessage("write()"); + } + } + current_offset += write_res; + bytes_to_write -= write_res; + } + } +} diff --git a/socket_connection/connection/SocketStream.h b/socket_connection/connection/SocketStream.h new file mode 100644 index 0000000..dc1db61 --- /dev/null +++ b/socket_connection/connection/SocketStream.h @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file SocketStream.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Header of socket stream class. + */ + +#ifndef SOCKETSTREAM_H_ +#define SOCKETSTREAM_H_ + +#include +#include +#include +#include +#include + +/* + * This class implements binary read/write from socket used for DPL serialization and deserialization + * It can read or write buffers of max *total* size 10kB. + * I does not maintain socket descriptor. + */ + +/* + * Throws SocketStreamException when buffer is null or its size exceeds max size or when + * there is an error during read or write. + */ + + + +class SocketStream : public DPL::IStream { +public: + class Exception + { + public: + DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, SocketStreamException) + }; + + explicit SocketStream(int socket_fd) : m_socketFd(socket_fd), + m_bytesRead(0), + m_bytesWrote(0) + { + LogInfo("Created"); + } + void Read(size_t num, void * bytes); + void Write(size_t num, const void * bytes); +private: + void throwWithErrnoMessage(std::string specificInfo); + int m_socketFd; + int m_bytesRead; + int m_bytesWrote; +}; + +#endif /* SOCKETSTREAM_H_ */ diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt new file mode 100644 index 0000000..47aee3b --- /dev/null +++ b/src/CMakeLists.txt @@ -0,0 +1,126 @@ +# Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# +# @file CMakeLists.txt +# @author Bartlomiej Grzelewski (b.grzelewski@samsung.com) +# + +SET(DAEMON_BASIC_DEP + dpl-efl + dpl-dbus-efl + dpl-utils-efl + libsoup-2.4 + openssl + libsmack + ) + +IF(SMACK_ENABLE) + LIST(APPEND DAEMON_BASIC_DEP libprivilege-control) +ENDIF(SMACK_ENABLE) + +PKG_CHECK_MODULES(DAEMON_DEP + ${DAEMON_BASIC_DEP} + REQUIRED) + +SET(DAEMON_SOURCES_PATH ${PROJECT_SOURCE_DIR}/src) + +SET(DAEMON_SOURCES + #socket connection + ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketConnection.cpp + ${PROJECT_SOURCE_DIR}/socket_connection/connection/SocketStream.cpp + #caller + ${DAEMON_SOURCES_PATH}/services/caller/security_caller.cpp + #daemon + ${DAEMON_SOURCES_PATH}/daemon/dbus/security_dbus_service.cpp + ${DAEMON_SOURCES_PATH}/daemon/sockets/security_socket_service.cpp + ${DAEMON_SOURCES_PATH}/daemon/security_daemon.cpp + ${DAEMON_SOURCES_PATH}/main.cpp + #ocsp + ${DAEMON_SOURCES_PATH}/services/ocsp/dbus/ocsp_server_dbus_interface.cpp + ${DAEMON_SOURCES_PATH}/services/ocsp/socket/ocsp_service_callbacks.cpp + ${DAEMON_SOURCES_PATH}/services/ocsp/ocsp_service.cpp + #ace + ${DAEMON_SOURCES_PATH}/services/ace/dbus/ace_server_dbus_interface.cpp + ${DAEMON_SOURCES_PATH}/services/ace/socket/ace_service_callbacks.cpp + ${DAEMON_SOURCES_PATH}/services/ace/ace_service.cpp + ${DAEMON_SOURCES_PATH}/services/ace/logic/security_controller.cpp + ${DAEMON_SOURCES_PATH}/services/ace/logic/attribute_facade.cpp + ${DAEMON_SOURCES_PATH}/services/ace/logic/security_logic.cpp + ${DAEMON_SOURCES_PATH}/services/ace/logic/simple_roaming_agent.cpp + #popup + ${DAEMON_SOURCES_PATH}/services/popup/dbus/popup_response_dbus_interface.cpp + ${DAEMON_SOURCES_PATH}/services/popup/socket/popup_service_callbacks.cpp + ) + +SET_SOURCE_FILES_PROPERTIES(${DAEMON_SOURCES} PROPERTIES COMPILE_FLAGS "-std=c++0x") + +############################# Lets start compilation process ################## +#ace library +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include) +#socket connection library +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/socket_connection/connection) +#daemon +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/dbus) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets/api) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/daemon/sockets) +#caller +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/caller) +#ace +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/dbus) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/socket/api) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ace/logic) +#ocsp +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/socket/api) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/ocsp/logic) +#popup +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/dbus) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/socket/api) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/src/services/popup/logic) +INCLUDE_DIRECTORIES(${PROJECT_SOURCE_DIR}/ace/include) +INCLUDE_DIRECTORIES(${DAEMON_DEP_INCLUDE_DIRS}) + +ADD_EXECUTABLE(${TARGET_DAEMON} + ${DAEMON_SOURCES}) + +TARGET_LINK_LIBRARIES(${TARGET_DAEMON} + ${DAEMON_DEP_LIBRARIES} + ${TARGET_ACE_LIB} + ${TARGET_ACE_DAO_RW_LIB}) + +INSTALL(TARGETS ${TARGET_DAEMON} + DESTINATION bin) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/src/daemon/dbus/org.tizen.SecurityDaemon.service + DESTINATION /usr/share/dbus-1/services + ) + +INSTALL(FILES + ${PROJECT_SOURCE_DIR}/src/services/ace/ace_server_api.h + ${PROJECT_SOURCE_DIR}/src/services/ocsp/ocsp_server_api.h + ${PROJECT_SOURCE_DIR}/src/services/popup/popup_response_server_api.h + ${PROJECT_SOURCE_DIR}/src/services/popup/popup_ace_data_types.h + ${PROJECT_SOURCE_DIR}/src/daemon/dbus/security_daemon_dbus_config.h + DESTINATION /usr/include/wrt-security + ) diff --git a/src/TODO.txt b/src/TODO.txt new file mode 100644 index 0000000..48755fd --- /dev/null +++ b/src/TODO.txt @@ -0,0 +1,11 @@ +Security Daemon todos: + +* One runtime instance should be allowed (DONE) +* Hide application symbols that should not be exported. +* Add support for service/module dependencies. +* Signals blocking/handlers should be added. +* Connections to other databases should be set. +* Make it a real daemon (demonize ? auto restarting support ?) +* Same of the files needs to be separated from the rest of WebRuntime sources: + - global_config.cpp + diff --git a/src/daemon/dbus/org.tizen.SecurityDaemon.service b/src/daemon/dbus/org.tizen.SecurityDaemon.service new file mode 100644 index 0000000..fc51772 --- /dev/null +++ b/src/daemon/dbus/org.tizen.SecurityDaemon.service @@ -0,0 +1,3 @@ +[D-BUS Service] +Name=org.tizen.SecurityDaemon +Exec=/usr/bin/wrt-security-daemon diff --git a/src/daemon/dbus/security_daemon_dbus_config.h b/src/daemon/dbus/security_daemon_dbus_config.h new file mode 100644 index 0000000..30b8d90 --- /dev/null +++ b/src/daemon/dbus/security_daemon_dbus_config.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file security_daemon_dbus_config.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This file contains security daemon DBus configuration. + */ +#ifndef WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_ +#define WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_ + +#include + +namespace WrtSecurity { + +struct SecurityDaemonConfig { + static const std::string OBJECT_PATH() + { + return "/org/tizen/SecurityDaemon"; + } + + static const std::string SERVICE_NAME() + { + return "org.tizen.SecurityDaemon"; + } +}; + +} // namespace WrtSecurity + +#endif // WRT_SRC_RPC_SECURITY_DAEMON_DBUS_CONFIG_H_ diff --git a/src/daemon/dbus/security_dbus_service.cpp b/src/daemon/dbus/security_dbus_service.cpp new file mode 100644 index 0000000..303aa19 --- /dev/null +++ b/src/daemon/dbus/security_dbus_service.cpp @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file security_dbus_service.cpp + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com) + * @version 1.0 + * @brief This file contains implementation of security DBus service. + */ +#include +#include +#include +#include +#include +#include +#include "security_dbus_service.h" +#include "security_daemon_dbus_config.h" +#include +#include +#include + + +void SecurityDBusService::start() +{ + LogDebug("SecurityDBusService starting"); + m_connection = DPL::DBus::Connection::systemBus(); + std::for_each(m_objects.begin(), + m_objects.end(), + [this] (const DPL::DBus::ObjectPtr& object) + { + m_connection->registerObject(object); + }); + m_connection->registerService( + WrtSecurity::SecurityDaemonConfig::SERVICE_NAME()); +} + +void SecurityDBusService::stop() +{ + LogDebug("SecurityDBusService stopping"); + m_connection.reset(); +} + +void SecurityDBusService::initialize() +{ + LogDebug("SecurityDBusService initializing"); + g_type_init(); + + addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(), + std::make_shared()); + addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(), + std::make_shared()); + addInterface(WrtSecurity::SecurityDaemonConfig::OBJECT_PATH(), + std::make_shared()); +} + +void SecurityDBusService::addInterface(const std::string& objectPath, + const InterfaceDispatcherPtr& dispatcher) +{ + auto ifaces = + DPL::DBus::Interface::fromXMLString(dispatcher->getXmlSignature()); + if (ifaces.empty()) + { + ThrowMsg(DPL::Exception, "No interface description."); + } + + auto iface = ifaces.at(0); + iface->setDispatcher(dispatcher.get()); + + m_dispatchers.push_back(dispatcher); + m_objects.push_back(DPL::DBus::Object::create(objectPath, iface)); +} + +void SecurityDBusService::deinitialize() +{ + LogDebug("SecurityDBusService deinitializing"); + m_objects.clear(); + m_dispatchers.clear(); +} + +#ifdef DBUS_CONNECTION +DAEMON_REGISTER_SERVICE_MODULE(SecurityDBusService) +#endif //DBUS_CONNECTION diff --git a/src/daemon/dbus/security_dbus_service.h b/src/daemon/dbus/security_dbus_service.h new file mode 100644 index 0000000..82fd627 --- /dev/null +++ b/src/daemon/dbus/security_dbus_service.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file security_dbus_service.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com) + * @version 1.0 + * @brief This file contains definitions of security DBus service. + */ +#ifndef WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_ +#define WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_ + +#include +#include +#include +#include +#include +#include +#include + +class SecurityDBusService : public SecurityDaemon::DaemonService { +private: + virtual void initialize(); + virtual void start(); + virtual void stop(); + virtual void deinitialize(); + +private: + typedef std::shared_ptr InterfaceDispatcherPtr; + typedef std::shared_ptr DispatcherPtr; + + void addInterface(const std::string& objectPath, + const InterfaceDispatcherPtr& dispatcher); + + DPL::DBus::ConnectionPtr m_connection; + std::vector m_objects; + std::vector m_dispatchers; +}; + +#endif // WRT_SRC_RPC_SECURITY_DBUS_SERVICE_H_ diff --git a/src/daemon/security_daemon.cpp b/src/daemon/security_daemon.cpp new file mode 100644 index 0000000..7f93e4f --- /dev/null +++ b/src/daemon/security_daemon.cpp @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file security_daemon.cpp + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief This is implementation file of Security Daemon + */ + +#include "security_daemon.h" + +#include +#include +#include + +#include + +#include +IMPLEMENT_SINGLETON(SecurityDaemon::SecurityDaemon) + +#include + +namespace SecurityDaemon { + +//This is declared not in SecurityDaemon class, so no Ecore.h is needed there. +static Ecore_Event_Handler *g_exitHandler; +static Eina_Bool exitHandler(void */*data*/, int /*type*/, void */*event*/) +{ + auto& daemon = SecurityDaemonSingleton::Instance(); + daemon.terminate(0); + + return ECORE_CALLBACK_CANCEL; +} + +SecurityDaemon::SecurityDaemon() : + m_initialized(false), + m_terminating(false), + m_returnValue(0) +{ +} + +void SecurityDaemon::initialize(int& /*argc*/, char** /*argv*/) +{ + DPL::Log::LogSystemSingleton::Instance().SetTag("SECURITY_DAEMON"); + LogDebug("Initializing"); + Assert(!m_initialized && "Already Initialized"); + + g_exitHandler = ecore_event_handler_add(ECORE_EVENT_SIGNAL_EXIT, + &exitHandler, + NULL); + + DatabaseService::initialize(); + FOREACH (service, m_servicesList) { + (*service)->initialize(); + } + m_initialized = true; + LogDebug("Initialized"); +} + +int SecurityDaemon::execute() +{ + Assert(m_initialized && "Not Initialized"); + LogDebug("Starting execute"); + FOREACH (service, m_servicesList) { + (*service)->start(); + } + ecore_main_loop_begin(); + return m_returnValue; +} + +void SecurityDaemon::terminate(int returnValue) +{ + Assert(m_initialized && "Not Initialized"); + Assert(!m_terminating && "Already terminating"); + LogDebug("Terminating"); + + ecore_event_handler_del(g_exitHandler); + + m_returnValue = returnValue; + m_terminating = true; + + FOREACH (service, m_servicesList) { + (*service)->stop(); + } + + ecore_main_loop_quit(); +} + +void SecurityDaemon::shutdown() +{ + LogDebug("Shutdown"); + Assert(m_initialized && "Not Initialized"); + Assert(m_terminating && "Not terminated"); + + DatabaseService::deinitialize(); + FOREACH (service, m_servicesList) { + (*service)->deinitialize(); + } + + m_initialized = false; +} + +namespace DatabaseService { + +void initialize(void) +{ + LogDebug("Ace/Wrt database services initializing..."); + AceDB::AceDAO::attachToThreadRW(); +} + +void deinitialize(void) +{ + LogDebug("Ace/Wrt database services deinitializing..."); + AceDB::AceDAO::detachFromThread(); +} + +} //namespace DatabaseService + +} //namespace SecurityDaemon diff --git a/src/daemon/security_daemon.h b/src/daemon/security_daemon.h new file mode 100644 index 0000000..a98f309 --- /dev/null +++ b/src/daemon/security_daemon.h @@ -0,0 +1,94 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file security_daemon.h + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief This is header file of Security Daemon + */ + +#ifndef WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H +#define WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H + +#include +#include +#include +#include +#include +#include + + +namespace SecurityDaemon { + +class DaemonService : DPL::Noncopyable { + public: + virtual void initialize() = 0; + virtual void start() = 0; + virtual void stop() = 0; + virtual void deinitialize() = 0; +}; + +class SecurityDaemon : DPL::Noncopyable +{ + public: + SecurityDaemon(); + + void initialize(int& argc, char** argv); + int execute(); + void terminate(int returnValue = 0); + + template + void registerService(Args&&... args) + { + Assert(!m_initialized && "Too late for registration"); + + m_servicesList.push_back( + std::make_shared(std::forward(args)...)); + } + + void shutdown(); + + private: + bool m_initialized; + bool m_terminating; + int m_returnValue; + typedef std::list> DaemonServiceList; + DaemonServiceList m_servicesList; +}; + +namespace DatabaseService { + void initialize(); + void deinitialize(); +}; + +} //namespace SecurityDaemon + +typedef DPL::Singleton SecurityDaemonSingleton; + +#define DAEMON_REGISTER_SERVICE_MODULE(Type) \ + namespace { \ + static int initializeModule(); \ + static int initializeModuleHelper = initializeModule(); \ + int initializeModule() \ + { \ + (void)initializeModuleHelper; \ + SecurityDaemonSingleton::Instance().registerService(); \ + return 0; \ + } \ + } + + +#endif /* WRT_SRC_SECURITY_DAEMON_SECURITY_DAEMON_H */ diff --git a/src/daemon/sockets/api/callback_api.h b/src/daemon/sockets/api/callback_api.h new file mode 100644 index 0000000..ddda4d4 --- /dev/null +++ b/src/daemon/sockets/api/callback_api.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file callback_api.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief This header provides types and exceptions required for security service callbacks + */ + +#ifndef CALLBACK_API_H_ +#define CALLBACK_API_H_ + +#include + +typedef void (*socketServerCallback) (SocketConnection * connector); + +typedef bool (*securityCheck) (int socketfd); + +namespace ServiceCallbackApi{ + + class Exception{ + public: + DECLARE_EXCEPTION_TYPE(DPL::Exception, Base) + DECLARE_EXCEPTION_TYPE(Base, ServiceCallbackException) + }; + +} + +#endif /* CALLBACK_API_H_ */ diff --git a/src/daemon/sockets/security_daemon_socket_config.h b/src/daemon/sockets/security_daemon_socket_config.h new file mode 100644 index 0000000..3d8b6f8 --- /dev/null +++ b/src/daemon/sockets/security_daemon_socket_config.h @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file security_daemon_socket_config.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief + */ + +#ifndef SECURITY_DAEMON_SOCKET_CONFIG_H_ +#define SECURITY_DAEMON_SOCKET_CONFIG_H_ + +#include +#include + +namespace WrtSecurity { + +struct SecurityDaemonSocketConfig { + static const std::string SERVER_ADDRESS() + { + return "/tmp/server"; + } +}; + +} // namespace WrtSecurity +#endif /* SECURITY_DAEMON_SOCKET_CONFIG_H_ */ diff --git a/src/daemon/sockets/security_socket_service.cpp b/src/daemon/sockets/security_socket_service.cpp new file mode 100644 index 0000000..2b4615f --- /dev/null +++ b/src/daemon/sockets/security_socket_service.cpp @@ -0,0 +1,384 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file security_socket_service.cpp + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Implementation of socket server + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "ace_service_callbacks_api.h" +#include "ocsp_service_callbacks_api.h" +#include "popup_service_callbacks_api.h" +#include "security_daemon_socket_config.h" +#include "security_socket_service.h" + +#define TIMEOUT_SEC 0 +#define TIMEOUT_NSEC 100000000 +#define MAX_LISTEN 5 +#define SIGNAL_TO_CLOSE SIGUSR1 + +void SecuritySocketService::throwWithErrnoMessage(const std::string& specificInfo){ + LogError(specificInfo << " : " << strerror(errno)); + ThrowMsg(DPL::Exception, specificInfo << " : " << strerror(errno)); +} + +void SecuritySocketService::registerServiceCallback(const std::string &interfaceName, + const std::string &methodName, + socketServerCallback callbackMethod, + securityCheck securityMethod){ + if(NULL == callbackMethod){ + LogError("Null callback"); + ThrowMsg(DPL::Exception, "Null callback"); + } + if(interfaceName.empty() || methodName.empty()){ + LogError("Interface and method name cannot be empty"); + ThrowMsg(DPL::Exception, "Empty interface or method name"); + } + + auto serviceCallbackPtr = std::make_shared(ServiceCallback(callbackMethod, securityMethod)); + m_callbackMap[interfaceName][methodName] = serviceCallbackPtr; +} + +void SecuritySocketService::addClientSocket(int clientSocket){ + std::lock_guard guard(m_clientSocketListMutex); + m_clientSocketList.push_back(clientSocket); +} + +void SecuritySocketService::removeClientSocket(int clientSocket){ + std::lock_guard guard(m_clientSocketListMutex); + m_clientSocketList.remove(clientSocket); +} + +bool SecuritySocketService::popClientSocket(int * clientSocket){ + std::lock_guard guard(m_clientSocketListMutex); + if(m_clientSocketList.empty()) + return false; + *clientSocket = m_clientSocketList.front(); + m_clientSocketList.pop_front(); + return true; +} + +void SecuritySocketService::initialize(){ + + LogInfo("Initializing..."); + m_serverAddress = WrtSecurity::SecurityDaemonSocketConfig::SERVER_ADDRESS(); + m_signalToClose = SIGNAL_TO_CLOSE; + + //registering Ace callbacks + registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(), + WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first, + WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second); + + registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(), + WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().first, + WrtSecurity::AceServiceCallbacksApi::CHECK_ACCESS_INSTALL_METHOD_CALLBACK().second); + + registerServiceCallback(WrtSecurity::AceServerApi::INTERFACE_NAME(), + WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().first, + WrtSecurity::AceServiceCallbacksApi::UPDATE_POLICY_METHOD_CALLBACK().second); + LogInfo("Registered Ace callbacks"); + + //registering Ocsp callbacks + registerServiceCallback(WrtSecurity::OcspServerApi::INTERFACE_NAME(), + WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().first, + WrtSecurity::OcspServiceCallbacksApi::CHECK_ACCESS_METHOD_CALLBACK().second); + LogInfo("Registered Ocsp callbacks"); + + //registering Popup callbacks + registerServiceCallback(WrtSecurity::PopupServerApi::INTERFACE_NAME(), + WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().first, + WrtSecurity::PopupServiceCallbacksApi::VALIDATION_METHOD_CALLBACK().second); + LogInfo("Registered Popup callbacks"); + + if(-1 == (m_listenFd = socket(AF_UNIX, SOCK_STREAM, 0))){ + throwWithErrnoMessage("socket()"); + } + LogInfo("Server socket created"); + + //socket needs to be nonblocking, because read can block after select + int flags; + if (-1 == (flags = fcntl(m_listenFd, F_GETFL, 0))) + flags = 0; + if(-1 == (fcntl(m_listenFd, F_SETFL, flags | O_NONBLOCK))){ + throwWithErrnoMessage("fcntl"); + } + + sockaddr_un server_address; + bzero(&server_address, sizeof(server_address)); + server_address.sun_family = AF_UNIX; + strcpy(server_address.sun_path, m_serverAddress.c_str()); + unlink(server_address.sun_path); + + mode_t socket_umask, original_umask; + socket_umask = 0; + original_umask = umask(socket_umask); + + if(-1 == bind(m_listenFd, (struct sockaddr *)&server_address, SUN_LEN(&server_address))){ + throwWithErrnoMessage("bind()"); + } + + umask(original_umask); + + LogInfo("Initialized"); +} + +void SecuritySocketService::start(){ + + LogInfo("Starting..."); + if(m_serverAddress.empty()){ + LogError("Server not initialized"); + ThrowMsg(DPL::Exception, "Server not initialized"); + } + + sigset_t sigset; + sigemptyset(&sigset); + if(-1 == sigaddset(&sigset, m_signalToClose)){ + throwWithErrnoMessage("sigaddset()"); + } + int returned_value; + if ((returned_value = pthread_sigmask(SIG_BLOCK, &sigset, NULL)) < 0) { + errno = returned_value; + throwWithErrnoMessage("pthread_sigmask()"); + } + + pthread_t mainThread; + if((returned_value = pthread_create(&mainThread, NULL, &serverThread, this)) < 0){ + errno = returned_value; + throwWithErrnoMessage("pthread_create()"); + } + m_mainThread = mainThread; + + LogInfo("Started"); +} + +void * SecuritySocketService::serverThread(void * data){ + pthread_detach(pthread_self()); + SecuritySocketService &t = *static_cast(data); + LogInfo("Running server main thread"); + Try { + t.mainLoop(); + } Catch (DPL::Exception) { + LogError("Socket server error. Exiting..."); + return (void *)1; + } + + return (void *)0; +} + + +void SecuritySocketService::mainLoop(){ + + if(listen(m_listenFd, MAX_LISTEN) == -1){ + throwWithErrnoMessage("listen()"); + } + + //Settings to catch closing signal in select + int signal_fd; + sigset_t sigset; + if(-1 == (sigemptyset(&sigset))){ + throwWithErrnoMessage("sigemptyset()"); + } + if(-1 == (sigaddset(&sigset, m_signalToClose))) { + throwWithErrnoMessage("sigaddset()"); + } + if((signal_fd = signalfd(-1, &sigset, 0)) < 0){ + throwWithErrnoMessage("signalfd()"); + } + + //Setting descriptors for pselect + fd_set allset, rset; + int maxfd; + FD_ZERO(&allset); + FD_SET(m_listenFd, &allset); + FD_SET(signal_fd, &allset); + timespec timeout; + maxfd = (m_listenFd > signal_fd) ? (m_listenFd) : (signal_fd); + ++maxfd; + //this will block SIGPIPE for this thread and every thread created in it + //reason : from here on we don't won't to receive SIGPIPE on writing to closed socket + //instead of signal we want to receive error from write - hence blocking SIGPIPE + sigset_t set; + sigemptyset(&set); + sigaddset(&set, SIGPIPE); + pthread_sigmask(SIG_BLOCK, &set, NULL); + + while(1){ + timeout.tv_sec = TIMEOUT_SEC; + timeout.tv_nsec = TIMEOUT_NSEC; + rset = allset; + if(-1 == pselect(maxfd, &rset, NULL, NULL, &timeout, NULL)){ + closeConnections(); + throwWithErrnoMessage("pselect()"); + } + + if(FD_ISSET(signal_fd, &rset)){ + LogInfo("Got signal to close"); + signalfd_siginfo siginfo; + ssize_t res; + res = read(signal_fd, &siginfo, sizeof(siginfo)); + if(res <= 0){ + closeConnections(); + throwWithErrnoMessage("read()"); + } + if((size_t)res != sizeof(siginfo)){ + closeConnections(); + LogError("couldn't read whole siginfo"); + ThrowMsg(DPL::Exception, "couldn't read whole siginfo"); + } + if((int)siginfo.ssi_signo == m_signalToClose){ + LogInfo("Server thread got signal to close"); + closeConnections(); + return; + } else { + LogInfo("Got not handled signal"); + } + } + if(FD_ISSET(m_listenFd, &rset)){ + int client_fd; + if(-1 == (client_fd = accept(m_listenFd, NULL, NULL))){ + closeConnections(); + throwWithErrnoMessage("accept()"); + } + LogInfo("Got incoming connection"); + Connection_Info * connection = new Connection_Info(client_fd, (void *)this); + int res; + pthread_t client_thread; + if((res = pthread_create(&client_thread, NULL, &connectionThread, connection)) < 0){ + delete connection; + errno = res; + closeConnections(); + throwWithErrnoMessage("pthread_create()"); + } + addClientSocket(client_fd); + } + } +} + +void * SecuritySocketService::connectionThread(void * data){ + pthread_detach(pthread_self()); + std::auto_ptr c (static_cast(data)); + SecuritySocketService &t = *static_cast(c->data); + LogInfo("Starting connection thread"); + Try { + t.connectionService(c->connfd); + } Catch (DPL::Exception){ + LogError("Connection thread error : " << _rethrown_exception.DumpToString()); + t.removeClientSocket(c->connfd); + close(c->connfd); + return (void*)1; + } + LogInfo("Client serviced"); + return (void*)0; +} + +void SecuritySocketService::connectionService(int fd){ + + SocketConnection connector = SocketConnection(fd); + std::string interfaceName, methodName; + + Try { + connector.read(&interfaceName, &methodName); + } Catch (SocketConnection::Exception::SocketConnectionException){ + LogError("Socket Connection read error"); + ReThrowMsg(DPL::Exception, "Socket Connection read error"); + } + + LogDebug("Got interface : " << interfaceName); + LogDebug("Got method : " << methodName); + + if( m_callbackMap.find(interfaceName) == m_callbackMap.end()){ + LogError("Unknown interface : " << interfaceName); + ThrowMsg(DPL::Exception, "Unknown interface : " << interfaceName); + } + + if(m_callbackMap[interfaceName].find(methodName) == m_callbackMap[interfaceName].end()){ + LogError("Unknown method : " << methodName); + ThrowMsg(DPL::Exception, "Unknown method"); + } + + if(m_callbackMap[interfaceName][methodName]->securityCallback != NULL){ + if(!m_callbackMap[interfaceName][methodName]->securityCallback(fd)){ + LogError("Security check returned false"); + ThrowMsg(DPL::Exception, "Security check returned false"); + } + } + + LogInfo("Calling service"); + Try{ + m_callbackMap[interfaceName][methodName]->serviceCallback(&connector); + } Catch (ServiceCallbackApi::Exception::ServiceCallbackException){ + LogError("Service callback error"); + ReThrowMsg(DPL::Exception, "Service callback error"); + } + + LogInfo("Removing client"); + removeClientSocket(fd); + close(fd); + + LogInfo("Call served"); + +} + +void SecuritySocketService::stop(){ + LogInfo("Stopping"); + if(-1 == close(m_listenFd)) + if(errno != ENOTCONN) + throwWithErrnoMessage("close()"); + int returned_value; + if((returned_value = pthread_kill(m_mainThread, m_signalToClose)) < 0){ + errno = returned_value; + throwWithErrnoMessage("pthread_kill()"); + } + pthread_join(m_mainThread, NULL); + + LogInfo("Stopped"); +} + +void SecuritySocketService::closeConnections(){ + + int clientSocket; + LogInfo("Closing client sockets"); + while(popClientSocket(&clientSocket)){ + if(-1 == close(clientSocket)){ + LogError("close() : " << strerror(errno)); + } + } + + LogInfo("Connections closed"); +} + +void SecuritySocketService::deinitialize(){ + m_serverAddress.clear(); + + LogInfo("Deinitialized"); + +} + +#ifdef SOCKET_CONNECTION +DAEMON_REGISTER_SERVICE_MODULE(SecuritySocketService) +#endif diff --git a/src/daemon/sockets/security_socket_service.h b/src/daemon/sockets/security_socket_service.h new file mode 100644 index 0000000..882d0e5 --- /dev/null +++ b/src/daemon/sockets/security_socket_service.h @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file security_socket_service.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Header of socket server class + */ + +#ifndef SECURITY_SOCKET_SERVICE_H_ +#define SECURITY_SOCKET_SERVICE_H_ + +#include +#include +#include +#include +#include +#include +#include +#include + +class SecuritySocketService : public SecurityDaemon::DaemonService { + +private: + + virtual void initialize(); + virtual void start(); + virtual void stop(); + virtual void deinitialize(); + + +private: + + //Function for registering callback with given interface and method name and possibly security check callback + void registerServiceCallback(const std::string& interfaceName, + const std::string& methodName, + socketServerCallback serviceCallback, + securityCheck securityCallback = NULL); + //Thread function for server + static void * serverThread(void *); + //Main function for server + void mainLoop(); + //Thread function for connection serving + static void * connectionThread(void *); + //Main function for connection serving + void connectionService(int fd); + //closing all connections + void closeConnections(); + //logs an error and throws an exception with message containing errno message + void throwWithErrnoMessage(const std::string &specificInfo); + + //concurrency safe methods for client socket list - add, remove and pop (with returned value) + void addClientSocket(int clientThread); + void removeClientSocket(int clientThread); + bool popClientSocket(int* clientThread); + + //Address of socket server + std::string m_serverAddress; + //Signal used for informing threads to stop + int m_signalToClose; + //Socket for listening + int m_listenFd; + //Number of main thread + pthread_t m_mainThread; + //Numbers of all created threads for connections + std::list m_clientSocketList; + + //Thread list mutex + std::mutex m_clientSocketListMutex; + + //Structure for callback maps + class ServiceCallback + { + public: + ServiceCallback(socketServerCallback ser, securityCheck sec) : serviceCallback(ser), securityCallback(sec){} + socketServerCallback serviceCallback; + securityCheck securityCallback; + }; + + typedef std::shared_ptr ServiceCallbackPtr; + //Map for callback methods, key is a method name and value is a callback to method + typedef std::map ServiceMethodCallbackMap; + //Map for interface methods, key is an interface name and value is a map of available methods with callbacks + std::map m_callbackMap; + + //Structure passed to connection thread + struct Connection_Info{ + Connection_Info(int fd, void * data) : connfd(fd), data(data) + {} + int connfd; + void * data; + }; + +}; + +#endif /* SECURITY_SOCKET_SERVICE_H_ */ diff --git a/src/main.cpp b/src/main.cpp new file mode 100644 index 0000000..3d1c1d2 --- /dev/null +++ b/src/main.cpp @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file main.cpp + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief This is main routing for Security Daemon + */ + +#include +#include + +#include "security_daemon.h" + +#include + +static const std::string DAEMON_INSTANCE_UUID = + "5ebf3f24-dad6-4a27-88b4-df7970efe7a9"; + +int main(int argc, char* argv[]) +{ + DPL::SingleInstance instance; + if (!instance.TryLock(DAEMON_INSTANCE_UUID)) { + LogError("Security Daemon is already running"); + return -1; + } + + auto& daemon = SecurityDaemonSingleton::Instance(); + + daemon.initialize(argc, argv); + + //Run daemon + auto retVal = daemon.execute(); + + daemon.shutdown(); + instance.Release(); + + return retVal; +} diff --git a/src/services/ace/ace_server_api.h b/src/services/ace/ace_server_api.h new file mode 100644 index 0000000..e327e31 --- /dev/null +++ b/src/services/ace/ace_server_api.h @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_server_api.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief This file contains definitions of ACE server interface name & methods. + */ + +#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_ +#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_ + +#include + + +namespace WrtSecurity{ +namespace AceServerApi{ + + // DBus interface names + inline const std::string INTERFACE_NAME() + { + return "org.tizen.AceCheckAccessInterface"; + } + + // IN string subject + // IN string resource + // IN vector function param names + // IN vector function param values + // OUT int allow, deny, popup type + inline const std::string CHECK_ACCESS_METHOD() + { + return "check_access"; + } + + // IN string subject + // IN string resource + // OUT int allow, deny, popup type + inline const std::string CHECK_ACCESS_INSTALL_METHOD() + { + return "check_access_install"; + } + + // Policy update trigger + inline const std::string UPDATE_POLICY_METHOD() + { + return "update_policy"; + } +}; +}; + + +#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_API_H_ diff --git a/src/services/ace/ace_service.cpp b/src/services/ace/ace_service.cpp new file mode 100644 index 0000000..15227f4 --- /dev/null +++ b/src/services/ace/ace_service.cpp @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_service.cpp + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief This is implementation file of AceService service + */ + +#include +#include + +#include "security_daemon.h" + +namespace AceService +{ + +class AceService : public SecurityDaemon::DaemonService +{ + private: + virtual void initialize() + { + LogDebug("AceService initializing"); + + SecurityControllerSingleton::Instance().Touch(); + SecurityControllerSingleton::Instance().SwitchToThread(NULL); + + CONTROLLER_POST_SYNC_EVENT( + SecurityController, + SecurityControllerEvents::InitializeSyncEvent()); + } + + virtual void start() + { + LogDebug("Starting AceService"); + } + + virtual void stop() + { + LogDebug("Stopping AceService"); + } + + virtual void deinitialize() + { + LogDebug("AceService deinitializing"); + SecurityControllerSingleton::Instance().SwitchToThread(NULL); + //this is direct call inside + CONTROLLER_POST_SYNC_EVENT( + SecurityController, + SecurityControllerEvents::TerminateSyncEvent()); + } + +}; + +DAEMON_REGISTER_SERVICE_MODULE(AceService) + +}//namespace AceService diff --git a/src/services/ace/dbus/ace_server_dbus_interface.cpp b/src/services/ace/dbus/ace_server_dbus_interface.cpp new file mode 100644 index 0000000..e77b9f9 --- /dev/null +++ b/src/services/ace/dbus/ace_server_dbus_interface.cpp @@ -0,0 +1,144 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_service_dbus_interface.cpp + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief Implementation of ACE server API. + */ +#include +#include +#include +#include "ace_server_dbus_interface.h" +#include +#include + +#include +#include +#include +#include + + +namespace RPC { + +void AceServerDBusInterface::onMethodCall(const gchar* methodName, + GVariant* parameters, + GDBusMethodInvocation* invocation) +{ + using namespace WrtSecurity; + + if (0 == g_strcmp0(methodName, AceServerApi::ECHO_METHOD().c_str())) + { + std::string str; + DPL::DBus::ServerDeserialization::deserialize(parameters, &str); + g_dbus_method_invocation_return_value(invocation, + DPL::DBus::ServerSerialization::serialize(str)); + } else if (0 == g_strcmp0(methodName, + AceServerApi::CHECK_ACCESS_METHOD().c_str())) + { + int widgetHandle; + std::string subject, resource, sessionId; + std::vector paramNames, paramValues; + if (!DPL::DBus::ServerDeserialization::deserialize(parameters, + &widgetHandle, + &subject, + &resource, + ¶mNames, + ¶mValues, + &sessionId)) { + g_dbus_method_invocation_return_dbus_error( + invocation, + "org.tizen.AceCheckAccessInterface.UnknownError", + "Error in deserializing input parameters"); + return; + } + if (paramNames.size() != paramValues.size()) { + g_dbus_method_invocation_return_dbus_error( + invocation, + "org.tizen.AceCheckAccessInterface.UnknownError", + "Varying sizes of parameter names and parameter values"); + return; + } + LogDebug("We got subject: " << subject); + LogDebug("We got resource: " << resource); + + FunctionParamImpl params; + for (size_t i = 0; i < paramNames.size(); ++i) { + params.addAttribute(paramNames[i], paramValues[i]); + } + + Request request(widgetHandle, + WidgetExecutionPhase_Invoke, + ¶ms); + request.addDeviceCapability(resource); + + PolicyResult result(PolicyEffect::DENY); + CONTROLLER_POST_SYNC_EVENT( + SecurityController, + SecurityControllerEvents::CheckRuntimeCallSyncEvent( + &result, + &request, + sessionId)); + + int response = PolicyResult::serialize(result); + g_dbus_method_invocation_return_value(invocation, + DPL::DBus::ServerSerialization::serialize(response)); + } else if (0 == g_strcmp0(methodName, + AceServerApi::CHECK_ACCESS_INSTALL_METHOD().c_str())) + { + int widgetHandle; + std::string resource; + if (!DPL::DBus::ServerDeserialization::deserialize(parameters, + &widgetHandle, + &resource)) { + g_dbus_method_invocation_return_dbus_error( + invocation, + "org.tizen.AceCheckAccessInterface.UnknownError", + "Error in deserializing input parameters"); + return; + } + LogDebug("We got handle: " << widgetHandle); + LogDebug("We got resource: " << resource); + + Request request(widgetHandle, + WidgetExecutionPhase_WidgetInstall); + request.addDeviceCapability(resource); + + PolicyResult result(PolicyEffect::DENY); + CONTROLLER_POST_SYNC_EVENT( + SecurityController, + SecurityControllerEvents::CheckFunctionCallSyncEvent( + &result, + &request)); + + int response = PolicyResult::serialize(result); + g_dbus_method_invocation_return_value(invocation, + DPL::DBus::ServerSerialization::serialize(response)); + } else if (0 == g_strcmp0(methodName, + AceServerApi::UPDATE_POLICY_METHOD().c_str())) + { + LogDebug("Policy update DBus message received"); + CONTROLLER_POST_SYNC_EVENT( + SecurityController, + SecurityControllerEvents::UpdatePolicySyncEvent()); + g_dbus_method_invocation_return_value(invocation, NULL); + } else { + // invalid method name + g_dbus_method_invocation_return_value(invocation, NULL); + } +} + +} // namespace RPC diff --git a/src/services/ace/dbus/ace_server_dbus_interface.h b/src/services/ace/dbus/ace_server_dbus_interface.h new file mode 100644 index 0000000..d5957cb --- /dev/null +++ b/src/services/ace/dbus/ace_server_dbus_interface.h @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_service_dbus_interface.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief Class that handles ACE server API. + */ +#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_ +#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_ + +#include +#include "api/ace_server_dbus_api.h" + +namespace RPC { + +class AceServerDBusInterface : public DPL::DBus::InterfaceDispatcher { + public: + AceServerDBusInterface(): + DPL::DBus::InterfaceDispatcher(WrtSecurity::AceServerApi::INTERFACE_NAME()) + { + using namespace WrtSecurity; + + setXmlSignature("" + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + ""); + } + + virtual ~AceServerDBusInterface() + {} + + virtual void onMethodCall(const gchar* methodName, + GVariant* parameters, + GDBusMethodInvocation* invocation); +}; + +} // namespace RPC + +#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_INTERFACE_H_ diff --git a/src/services/ace/dbus/api/ace_server_dbus_api.h b/src/services/ace/dbus/api/ace_server_dbus_api.h new file mode 100644 index 0000000..9db4f05 --- /dev/null +++ b/src/services/ace/dbus/api/ace_server_dbus_api.h @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_server_api.h + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief This file contains definitions ACE server interface & methods specifically needed by DBUS. + */ +#ifndef WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_ +#define WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_ + +#include "ace_server_api.h" +#include + +namespace WrtSecurity{ +namespace AceServerApi{ + + // RPC test function + // IN std::string + // OUT std::string + inline const std::string ECHO_METHOD() + { + return "echo"; + } +}; +}; + + +#endif // WRT_SRC_RPC_SECURITY_DAEMON_ACE_SERVER_DBUS_API_H_ diff --git a/src/services/ace/logic/acf_consts.h b/src/services/ace/logic/acf_consts.h new file mode 100644 index 0000000..93ecfae --- /dev/null +++ b/src/services/ace/logic/acf_consts.h @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * This file contain consts for Signing Template and Policy Manager + * This values will be used to specified and identified algorithms in xml policy documents. + * Its consistent with BONDI 1.0 released requirements + * + * NOTE: This values should be verified when ACF will be updated to the latest version of BONDI requirements + * This values comes from widget digital signature 1.0 - required version of this doc is very important + * + **/ + +#ifndef ACF_CONSTS_TYPES_H +#define ACF_CONSTS_TYPES_H + +//Digest Algorithms +extern const char* DIGEST_ALG_SHA256; + +//Canonicalization Algorithms +extern const char* CANONICAL_ALG_C14N; + +//Signature Algorithms +extern const char* SIGNATURE_ALG_RSA_with_SHA256; +extern const char* SIGNATURE_ALG_DSA_with_SHA1; +extern const char* SIGNATURE_ALG_ECDSA_with_SHA256; + +#endif + diff --git a/src/services/ace/logic/attribute_facade.cpp b/src/services/ace/logic/attribute_facade.cpp new file mode 100644 index 0000000..2a988a7 --- /dev/null +++ b/src/services/ace/logic/attribute_facade.cpp @@ -0,0 +1,716 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * + * This file contains classes that implement WRT_INTERFACE.h interfaces, + * so that ACE could access WRT specific and other information during + * the decision making. + * + * @file attribute_.cpp + * @author Jaroslaw Osmanski (j.osmanski@samsung.com) + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @author Ming Jin(ming79.jin@samsung.com) + * @version 1.0 + * @brief Implementation file for attributes obtaining. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace // anonymous +{ +typedef std::list AttributeHandlerResponse; + +typedef AttributeHandlerResponse (*AttributeHandler)( + const WidgetExecutionPhase &phase, + const WidgetHandle &widgetHandle); +typedef AttributeHandlerResponse (*ResourceAttributeHandler)( + const WidgetExecutionPhase &phase, + const WidgetHandle &widgetHandle, + const Request &request); + +AttributeHandlerResponse AttributeClassHandler(const WidgetExecutionPhase & /*phase*/, + const WidgetHandle & /*widgetHandle*/) +{ + AttributeHandlerResponse response; + response.push_back("widget"); + return response; +} + +AttributeHandlerResponse AttributeInstallUriHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + std::string value = AceDB::AceDAOReadOnly::getShareHref(widgetHandle); + if(!value.empty()) + response.push_back(value); + return response; +} + +AttributeHandlerResponse AttributeVersionHandler(const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + + std::string value = AceDB::AceDAOReadOnly::getVersion(widgetHandle); + + if (!value.empty()) { + response.push_back(value); + } + + return response; +} + +AttributeHandlerResponse AttributeDistributorKeyCnHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle, + AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY); + return response; +} + +AttributeHandlerResponse AttributeDistributorKeyFingerprintHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle, + AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ENDENTITY); + return response; +} + +AttributeHandlerResponse AttributeDistributorKeyRootCnHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle, + AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT); + return response; +} + +AttributeHandlerResponse AttributeDistributorKeyRootFingerprintHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle, + AceDB::WidgetCertificateData::DISTRIBUTOR, AceDB::WidgetCertificateData::ROOT); + return response; +} + +AttributeHandlerResponse AttributeAuthorKeyCnHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle, + AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY); + return response; +} + +AttributeHandlerResponse AttributeAuthorKeyFingerprintHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle, + AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ENDENTITY); + return response; +} + +AttributeHandlerResponse AttributeAuthorKeyRootCnHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + response = AceDB::AceDAOReadOnly::getKeyCommonNameList(widgetHandle, + AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT); + return response; +} + +AttributeHandlerResponse AttributeAuthorKeyRootFingerprintHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + response = AceDB::AceDAOReadOnly::getKeyFingerprints(widgetHandle, + AceDB::WidgetCertificateData::AUTHOR, AceDB::WidgetCertificateData::ROOT); + return response; +} + +AttributeHandlerResponse AttributeNetworkAccessUriHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle & /*widgetHandle*/) +{ + AttributeHandlerResponse response; + return response; +} + +AttributeHandlerResponse AttributeIdHandler(const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + + std::string wGUID = AceDB::AceDAOReadOnly::getGUID(widgetHandle); + + if (!wGUID.empty()) { + response.push_back(wGUID); + } + return response; +} + +AttributeHandlerResponse AttributeAuthorNameHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle &widgetHandle) +{ + AttributeHandlerResponse response; + + std::string value = AceDB::AceDAOReadOnly::getAuthorName(widgetHandle); + + if (!value.empty()) { + response.push_back(value); + } + + return response; +} + +AttributeHandlerResponse AttributeRoamingHandler( + const WidgetExecutionPhase &phase, + const WidgetHandle & /*widgetHandle*/) +{ + AttributeHandlerResponse response; + + if (WidgetExecutionPhase_WidgetInstall == phase) { + // TODO undetermind value + response.push_back(std::string("")); + } else if (SimpleRoamingAgentSingleton::Instance().IsRoamingOn()) { + response.push_back(std::string("true")); + } else { + response.push_back(std::string("false")); + } + + return response; +} + +AttributeHandlerResponse AttributeBearerTypeHandler( + const WidgetExecutionPhase & /*phase*/, + const WidgetHandle & /*widgetHandle*/) +{ + AttributeHandlerResponse response; + + std::string bearerName = "undefined-bearer-name"; + + if (bearerName.empty()) { + LogWarning("Bearer-type is NOT SET or empty"); + } else { + response.push_back(bearerName); + } + + return response; +} + +struct AttributeHandlerContext +{ + std::string name; + WidgetExecutionPhase allowedPhaseMask; + AttributeHandler handler; +}; + +// Private masks +const WidgetExecutionPhase WidgetExecutionPhase_All = + static_cast( + WidgetExecutionPhase_WidgetInstall | + WidgetExecutionPhase_WidgetInstantiate | + WidgetExecutionPhase_WebkitBind | + WidgetExecutionPhase_Invoke); +const WidgetExecutionPhase WidgetExecutionPhase_NoWidgetInstall = + static_cast( + WidgetExecutionPhase_WidgetInstantiate | + WidgetExecutionPhase_WebkitBind | + WidgetExecutionPhase_Invoke); + +#define ALL_PHASE(name, handler) \ + { # name, WidgetExecutionPhase_All, handler }, + +#define NO_INSTALL(name, handler) \ + { # name, WidgetExecutionPhase_NoWidgetInstall, handler }, + +AttributeHandlerContext HANDLED_ATTRIBUTES_LIST[] = { + ALL_PHASE(Class, &AttributeClassHandler) + ALL_PHASE(install-uri, &AttributeInstallUriHandler) + ALL_PHASE(version, &AttributeVersionHandler) + ALL_PHASE(distributor-key-cn, &AttributeDistributorKeyCnHandler) + ALL_PHASE(distributor-key-fingerprint, + &AttributeDistributorKeyFingerprintHandler) + ALL_PHASE(distributor-key-root-cn, + &AttributeDistributorKeyRootCnHandler) + ALL_PHASE(distributor-key-root-fingerprint, + &AttributeDistributorKeyRootFingerprintHandler) + ALL_PHASE(author-key-cn, &AttributeAuthorKeyCnHandler) + ALL_PHASE(author-key-fingerprint, &AttributeAuthorKeyFingerprintHandler) + ALL_PHASE(author-key-root-cn, &AttributeAuthorKeyRootCnHandler) + ALL_PHASE(author-key-root-fingerprint, + &AttributeAuthorKeyRootFingerprintHandler) + ALL_PHASE(network-access-uri, &AttributeNetworkAccessUriHandler) + ALL_PHASE(id, &AttributeIdHandler) +// ALL_PHASE(name, &AttributeNameHandler) +// ALL_PHASE(widget-attr:name, &AttributeWidgetAttrNameHandler) + ALL_PHASE(author-name, &AttributeAuthorNameHandler) + /* Enviroment attributes*/ + NO_INSTALL(roaming, &AttributeRoamingHandler) + NO_INSTALL(bearer-type, &AttributeBearerTypeHandler) +}; + +#undef ALL_PHASE +#undef NO_INSTALL + +const size_t HANDLED_ATTRIBUTES_LIST_COUNT = + sizeof(HANDLED_ATTRIBUTES_LIST) / sizeof(HANDLED_ATTRIBUTES_LIST[0]); + +template +class lambdaCollectionPusher +{ + public: + std::list& m_collection; + lambdaCollectionPusher(std::list& collection) : m_collection(collection) + { + } + void operator()(const T& element) const + { + m_collection.push_back(element); + } +}; + +AttributeHandlerResponse AttributeDeviceCapHandler(const WidgetExecutionPhase & /*phase*/, + const WidgetHandle & /*widgetHandle*/, + const Request &request) +{ + AttributeHandlerResponse response; + + Request::DeviceCapabilitySet capSet = request.getDeviceCapabilitySet(); + LogDebug("device caps set contains"); + FOREACH(dc, capSet) + { + LogDebug("-> " << *dc); + } + + std::for_each( + capSet.begin(), + capSet.end(), + lambdaCollectionPusher(response)); + + return response; +} + +//class lambdaFeatureEquality : +// public std::binary_function +//{ +// public: +// bool operator()(const FeatureHandle& wFeature, +// const int& resurceId) const +// { +// return wFeature == resurceId; +// } +//}; +// +//class lambdaPushFeatureName : +// public std::binary_function +//{ +// void operator()(const WidgetFeature& wFeature, +// AttributeHandlerResponse& response) const +// { +// response.push_back(DPL::ToUTF8String(wFeature.name)); +// } +//}; + +AttributeHandlerResponse AttributeApiFeatureHandler( + const WidgetExecutionPhase & /* phase */, + const WidgetHandle & /* widgetHandle */, + const Request & /* request */) +{ + LogDebug("WAC 2.0 does not support api-feature and resource-id in policy."); + AttributeHandlerResponse response; + return response; +} + +AttributeHandlerResponse AttributeFeatureInstallUriHandler( + const WidgetExecutionPhase & /* phase */, + const WidgetHandle & /* widgetHandle */, + const Request & /* request */) +{ + LogDebug("WAC 2.0 does not support feature-install-uri is policy!"); + AttributeHandlerResponse response; + return response; +} + +AttributeHandlerResponse AttributeFeatureFeatureKeyCnHandler( + const WidgetExecutionPhase & /* phase */, + const WidgetHandle & /* widgetHandle */, + const Request & /* request */) +{ + LogDebug("WAC 2.0 does not support feature-key-cn is policy!"); + AttributeHandlerResponse response; + return response; +} + +AttributeHandlerResponse AttributeFeatureKeyRootCnHandler( + const WidgetExecutionPhase & /* phase */, + const WidgetHandle & /* widgetHandle */, + const Request & /* request */) +{ + LogDebug("WAC 2.0 does not support feature-key-root-cn is policy!"); + AttributeHandlerResponse response; + return response; +} + +AttributeHandlerResponse AttributeFeatureKeyRootFingerprintHandler( + const WidgetExecutionPhase & /* phase */, + const WidgetHandle & /* widgetHandle */, + const Request & /* request */) +{ + LogDebug("WAC 2.0 does not support" + " feature-key-root-fingerprint is policy!"); + AttributeHandlerResponse response; + return response; +} + +struct ResourceAttributeHandlerContext +{ + std::string name; + WidgetExecutionPhase allowedPhaseMask; + ResourceAttributeHandler handler; +}; + +#define ALL_PHASE(name, handler) \ + { # name, WidgetExecutionPhase_All, handler }, + +ResourceAttributeHandlerContext HANDLED_RESOURCE_ATTRIBUTES_LIST[] = { + ALL_PHASE(device-cap, &AttributeDeviceCapHandler) + ALL_PHASE(api-feature, &AttributeApiFeatureHandler) + // For compatiblity with older policies we tread resource-id + // identically as api-feature + ALL_PHASE(resource-id, &AttributeApiFeatureHandler) + + ALL_PHASE(feature-install-uri, &AttributeFeatureInstallUriHandler) + ALL_PHASE(feature-key-cn, &AttributeFeatureFeatureKeyCnHandler) + ALL_PHASE(feature-key-root-cn, &AttributeFeatureKeyRootCnHandler) + ALL_PHASE(feature-key-root-fingerprint, + &AttributeFeatureKeyRootFingerprintHandler) +}; + +#undef ALL_PHASE + +const size_t HANDLED_RESOURCE_ATTRIBUTES_LIST_COUNT = + sizeof(HANDLED_RESOURCE_ATTRIBUTES_LIST) / + sizeof(HANDLED_RESOURCE_ATTRIBUTES_LIST[0]); +} // namespace anonymous + +/* + * class WebRuntimeImpl + */ +int WebRuntimeImpl::getAttributesValuesLoop(const Request &request, + std::list* attributes, + WidgetExecutionPhase executionPhase) +{ + UNHANDLED_EXCEPTION_HANDLER_BEGIN + { + WidgetHandle widgetHandle = request.getWidgetHandle(); + + FOREACH(itr, *attributes) + { + // Get attribute name + std::string attribute = *itr->first; + + // Search for attribute handler + bool attributeFound = false; + + for (size_t i = 0; i < HANDLED_ATTRIBUTES_LIST_COUNT; ++i) { + if (HANDLED_ATTRIBUTES_LIST[i].name == attribute) { + // Check if execution phase is valid + if ((executionPhase & + HANDLED_ATTRIBUTES_LIST[i].allowedPhaseMask) == 0) { + // Attribute found, but execution state + // forbids to execute handler + LogWarning( + "Request for attribute: '" << + attribute << "' which is supported " << + "but forbidden at widget execution phase: " + << + executionPhase); + } else { + // Execution phase allows handler + AttributeHandlerResponse attributeResponse = + (*HANDLED_ATTRIBUTES_LIST[i].handler)( + executionPhase, + widgetHandle); + std::copy(attributeResponse.begin(), + attributeResponse.end(), + std::back_inserter(*itr->second)); + } + + attributeFound = true; + break; + } + } + + if (!attributeFound) { + LogWarning("Request for attribute: '" << + attribute << "' which is not supported"); + } + } + + return 0; + } + UNHANDLED_EXCEPTION_HANDLER_END +} + +int WebRuntimeImpl::getAttributesValues(const Request &request, + std::list* attributes) +{ + UNHANDLED_EXCEPTION_HANDLER_BEGIN + { + // Get current execution state + WidgetExecutionPhase executionPhase = + request.getExecutionPhase(); + + return getAttributesValuesLoop(request, attributes, executionPhase); + } + UNHANDLED_EXCEPTION_HANDLER_END +} + +std::string WebRuntimeImpl::getSessionId(const Request & /* request */) +{ + std::string result; + LogError("Not implemented!"); + return result; +} + +WebRuntimeImpl::WebRuntimeImpl() +{ +} + +/* + * class ResourceInformationImpl + */ + +int ResourceInformationImpl::getAttributesValuesLoop(const Request &request, + std::list* attributes, + WidgetExecutionPhase executionPhase) +{ + // Currently, we assume widgets have internal representation of integer IDs + WidgetHandle widgetHandle = request.getWidgetHandle(); + //TODO add resource id string analyzys + FOREACH(itr, *attributes) + { + // Get attribute name + std::string attribute = *itr->first; + LogDebug("getting attribute value for: " << attribute); + FOREACH(aaa, *itr->second) + { + LogDebug("its value is: " << *aaa); + } + + // Search for attribute handler + bool attributeFound = false; + + for (size_t i = 0; i < HANDLED_RESOURCE_ATTRIBUTES_LIST_COUNT; ++i) { + if (HANDLED_RESOURCE_ATTRIBUTES_LIST[i].name == attribute) { + // Check if execution phase is valid + if ((executionPhase & + HANDLED_RESOURCE_ATTRIBUTES_LIST[i].allowedPhaseMask) == + 0) { + // Attribute found, but execution state + // forbids to execute handler + LogDebug( + "Request for attribute: '" << + attribute << + "' which is supported but forbidden " << + "at widget execution phase: " << executionPhase); + itr->second = NULL; + } else { + // Execution phase allows handler + AttributeHandlerResponse attributeResponse = + (*HANDLED_RESOURCE_ATTRIBUTES_LIST[i].handler)( + executionPhase, + widgetHandle, + request); + std::copy(attributeResponse.begin(), + attributeResponse.end(), + std::back_inserter(*itr->second)); + + std::ostringstream attributeResponseFull; + + for (AttributeHandlerResponse::const_iterator + it = attributeResponse.begin(); + it != attributeResponse.end(); ++it) { + attributeResponseFull << + (it == attributeResponse.begin() ? "" : ", ") << + *it; + } + + LogDebug("Attribute(" << attribute << ") = " << + attributeResponseFull.str()); + } + + attributeFound = true; + break; + } + } + + if (!attributeFound) { + LogWarning("Request for attribute: '" << attribute << + "' which is not supported"); + } + } + return 0; +} + +int ResourceInformationImpl::getAttributesValues(const Request &request, + std::list* attributes) +{ + UNHANDLED_EXCEPTION_HANDLER_BEGIN + { + // Get current execution state + WidgetExecutionPhase executionPhase = + request.getExecutionPhase(); + return getAttributesValuesLoop(request, attributes, executionPhase); + } + UNHANDLED_EXCEPTION_HANDLER_END +} + +ResourceInformationImpl::ResourceInformationImpl() +{ +} + +/* + * class OperationSystemImpl + */ + +int OperationSystemImpl::getAttributesValues(const Request &request, + std::list* attributes) +{ + UNHANDLED_EXCEPTION_HANDLER_BEGIN + { + //FIXME: + //GetExecution name without widget name + WidgetExecutionPhase executionPhase = + request.getExecutionPhase(); + + FOREACH(itr, *attributes) + { + // Get attribute name + std::string attribute = *itr->first; + + // Search for attribute handler + bool attributeFound = false; + + for (size_t i = 0; i < HANDLED_ATTRIBUTES_LIST_COUNT; ++i) { + if (HANDLED_ATTRIBUTES_LIST[i].name == attribute) { + // Check if execution phase is valid + if ((executionPhase & + HANDLED_ATTRIBUTES_LIST[i].allowedPhaseMask) == 0) { + // Attribute found, but execution state forbids + // to execute handler + LogDebug("Request for attribute: '" << attribute << + "' which is supported but forbidden at " << + "widget execution phase: " << executionPhase); + itr->second = NULL; + } else { + // Execution phase allows handler + AttributeHandlerResponse attributeResponse = + (*HANDLED_ATTRIBUTES_LIST[i].handler)( + executionPhase, + 0); + std::copy(attributeResponse.begin(), + attributeResponse.end(), + std::back_inserter(*itr->second)); + + std::ostringstream attributeResponseFull; + + typedef AttributeHandlerResponse::const_iterator Iter; + FOREACH(it, attributeResponse) + { + attributeResponseFull << + (it == attributeResponse.begin() + ? "" : ", ") << *it; + } + + LogDebug("Attribute(" << attribute << + ") = " << attributeResponseFull.str()); + } + + attributeFound = true; + break; + } + } + + if (!attributeFound) { + LogWarning("Request for attribute: '" << attribute << + "' which is not supported"); + } + } + + return 0; + } + UNHANDLED_EXCEPTION_HANDLER_END +} + +OperationSystemImpl::OperationSystemImpl() +{ +} + +/* + * end of class OperationSystemImpl + */ + +int FunctionParamImpl::getAttributesValues(const Request & /*request*/, + std::list *attributes) +{ + FOREACH(iter, *attributes) + { + std::string attributeName = *(iter->first); + + ParamMap::const_iterator i; + std::pair jj = + paramMap.equal_range(attributeName); + + for (i = jj.first; i != jj.second; ++i) { + iter->second->push_back(i->second); + LogDebug("Attribute: " << attributeName << " Value: " << + i->second); + } + } + return 0; +} diff --git a/src/services/ace/logic/attribute_facade.h b/src/services/ace/logic/attribute_facade.h new file mode 100644 index 0000000..7b6898c --- /dev/null +++ b/src/services/ace/logic/attribute_facade.h @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file attribute_facade.h + * @author Jaroslaw Osmanski (j.osmanski@samsung.com) + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @version 1.0 + * @brief This file contains the declaration of WebRuntimeImpl, + * ResourceInformationImpl, OperationSystemImpl + */ + +#ifndef ATTRIBUTE_FACADE_H +#define ATTRIBUTE_FACADE_H + +#include +#include +#include + +#include + +class Request; + +class WebRuntimeImpl : public IWebRuntime +{ + public: + // Return current sessionId + int getAttributesValuesLoop(const Request &request, + std::list* attributes, + WidgetExecutionPhase executionPhase); + + int getAttributesValues(const Request &request, + std::list* attributes); + virtual std::string getSessionId(const Request &request); + WebRuntimeImpl(); +}; + +class ResourceInformationImpl : public IResourceInformation +{ + public: + int getAttributesValuesLoop(const Request &request, + std::list* attributes, + WidgetExecutionPhase executionPhase); + int getAttributesValues(const Request &request, + std::list* attributes); + ResourceInformationImpl(); +}; + +class OperationSystemImpl : public IOperationSystem +{ + public: + /** + * gather and set attributes values for specified attribute name + * @param attributes is a list of pairs( + * first: pointer to attribute name + * second: list of values for attribute (std::string) - + * its a list of string (BONDI requirement), but usually there + * will be only one string + */ + int getAttributesValues(const Request &request, + std::list* attributes); + OperationSystemImpl(); +}; + +class FunctionParamImpl : public IFunctionParam +{ + public: + virtual int getAttributesValues(const Request & /*request*/, + std::list *attributes); + void addAttribute(const std::string &key, + const std::string &value) + { + paramMap.insert(make_pair(key, value)); + } + virtual ~FunctionParamImpl() + { + } + + private: + typedef std::multimap ParamMap; + ParamMap paramMap; +}; + +typedef std::vector FunctionParams; + +#endif //ATTRIBUTE_FACADE_H diff --git a/src/services/ace/logic/security_controller.cpp b/src/services/ace/logic/security_controller.cpp new file mode 100644 index 0000000..32d9b4b --- /dev/null +++ b/src/services/ace/logic/security_controller.cpp @@ -0,0 +1,94 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * This class simply redirects the access requests to access control engine. + * The aim is to hide access control engine specific details from WRT modules. + * It also implements WRT_INTERFACE.h interfaces, so that ACE could access + * WRT specific and other information during the decision making. + * + * @file security_controller.cpp + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @author Ming Jin(ming79.jin@samsung.com) + * @version 1.0 + * @brief Implementation file for security controller + */ +#include +#include +#include +//#include +//#include +#include +#include +#include +#include + +IMPLEMENT_SINGLETON(SecurityController) + +struct SecurityController::Impl +{ + SecurityLogic logic; +}; + +SecurityController::SecurityController() +{ + m_impl.Reset(new Impl); +} + +SecurityController::~SecurityController() +{ +} + +void SecurityController::OnEventReceived( + const SecurityControllerEvents::InitializeSyncEvent & /* event */) +{ + SecurityCallerSingleton::Instance().Run(); + m_impl->logic.initialize(); +} + +void SecurityController::OnEventReceived( + const SecurityControllerEvents::UpdatePolicySyncEvent& /* event */) +{ + m_impl->logic.updatePolicy(); +} + +void SecurityController::OnEventReceived( + const SecurityControllerEvents::TerminateSyncEvent & /*event*/) +{ + SecurityCallerSingleton::Instance().Quit(); + m_impl->logic.terminate(); +} + +void SecurityController::OnEventReceived( + const SecurityControllerEvents::CheckFunctionCallSyncEvent &ev) +{ + *ev.GetArg0() = m_impl->logic.checkFunctionCall(ev.GetArg1()); +} + +void SecurityController::OnEventReceived( + const SecurityControllerEvents::CheckRuntimeCallSyncEvent &ev) +{ + *ev.GetArg0() = m_impl->logic.checkFunctionCall(ev.GetArg1(), ev.GetArg2()); +} + +void SecurityController::OnEventReceived( + const SecurityControllerEvents::ValidatePopupResponseEvent &ev) +{ + m_impl->logic.validatePopupResponse(ev.GetArg0(), + ev.GetArg1(), + ev.GetArg2(), + ev.GetArg3(), + ev.GetArg4()); +} diff --git a/src/services/ace/logic/security_controller.h b/src/services/ace/logic/security_controller.h new file mode 100644 index 0000000..68df770 --- /dev/null +++ b/src/services/ace/logic/security_controller.h @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * This class simply redirects the access requests to access control engine. + * The aim is to hide access control engine specific details from WRT modules. + * It also implements WRT_INTERFACE.h interfaces, so that ACE could access + * WRT specific and other information during the decision making. + * + * @file security_controller.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @author Ming Jin(ming79.jin@samsung.com) + * @version 1.0 + * @brief Header file for security controller + */ +#ifndef SECURITY_CONTROLLER_H +#define SECURITY_CONTROLLER_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace Jobs { +class Job; +} + +namespace SecurityControllerEvents { +DECLARE_GENERIC_EVENT_0(InitializeSyncEvent) +DECLARE_GENERIC_EVENT_0(TerminateSyncEvent) +DECLARE_GENERIC_EVENT_0(UpdatePolicySyncEvent) + +DECLARE_GENERIC_EVENT_2(CheckFunctionCallSyncEvent, + PolicyResult *, + Request * + ) + +DECLARE_GENERIC_EVENT_3(CheckRuntimeCallSyncEvent, + PolicyResult *, + Request *, + std::string //sessionId + ) + +DECLARE_GENERIC_EVENT_5(ValidatePopupResponseEvent, + Request *, + bool, //is allowed + Prompt::Validity, + std::string, //sessionId + bool* //check return value + ) + +} // namespace SecurityControllerEvents + +typedef DPL::TypeListDecl< + SecurityControllerEvents::InitializeSyncEvent, + SecurityControllerEvents::TerminateSyncEvent, + SecurityControllerEvents::UpdatePolicySyncEvent, + SecurityControllerEvents::ValidatePopupResponseEvent, + SecurityControllerEvents::CheckRuntimeCallSyncEvent, + SecurityControllerEvents::CheckFunctionCallSyncEvent>::Type +SecurityControllerEventsTypeList; + +class SecurityController : + public DPL::Event::Controller +{ + protected: + virtual void OnEventReceived( + const SecurityControllerEvents::InitializeSyncEvent &event); + virtual void OnEventReceived( + const SecurityControllerEvents::UpdatePolicySyncEvent &event); + virtual void OnEventReceived( + const SecurityControllerEvents::ValidatePopupResponseEvent &e); + virtual void OnEventReceived( + const SecurityControllerEvents::TerminateSyncEvent &event); + virtual void OnEventReceived( + const SecurityControllerEvents::CheckFunctionCallSyncEvent &e); + virtual void OnEventReceived( + const SecurityControllerEvents::CheckRuntimeCallSyncEvent &e); + + private: + class Impl; + DPL::ScopedPtr m_impl; + + SecurityController(); + //This desctructor must be in implementation file (cannot be autogenerated) + ~SecurityController(); + + friend class DPL::Singleton; +}; + +typedef DPL::Singleton SecurityControllerSingleton; + +#endif // SECURITY_CONTROLLER_H diff --git a/src/services/ace/logic/security_logic.cpp b/src/services/ace/logic/security_logic.cpp new file mode 100644 index 0000000..48d7f8e --- /dev/null +++ b/src/services/ace/logic/security_logic.cpp @@ -0,0 +1,386 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * This class simply redirects the access requests to access control engine. + * The aim is to hide access control engine specific details from WRT modules. + * It also implements WRT_INTERFACE.h interfaces, so that ACE could access + * WRT specific and other information during the decision making. + * + * @file security_controller.h + # @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @author Ming Jin(ming79.jin@samsung.com) + * @author Piotr Kozbial (p.kozbial@samsung.com) + * @version 1.0 + * @brief Header file for security logic + */ + +#include +#include +#ifdef WRT_SMACK_ENABLED +#include +#endif +#include +#include +#include +#include +#include + +namespace { + +Request::ApplicationType getAppType(const Request *request) { + AceDB::AppTypes appType = + AceDB::AceDAOReadOnly::getWidgetType(request->getWidgetHandle()); + switch (appType) { + case AceDB::AppTypes::Tizen: + LogDebug("==== Found Tizen application. ===="); + return Request::APP_TYPE_TIZEN; + case AceDB::AppTypes::WAC20: + LogDebug("==== Found Wac20 application. ===="); + return Request::APP_TYPE_WAC20; + default: + LogDebug("==== Unknown application type. ===="); + } + return Request::APP_TYPE_UNKNOWN; +} + +} // anonymous namespace + +void SecurityLogic::initialize() { + AceDB::AceDAO::attachToThreadRW(); + m_policyEnforcementPoint.initialize(new WebRuntimeImpl(), + new ResourceInformationImpl(), + new OperationSystemImpl()); +} + +void SecurityLogic::terminate() { + m_policyEnforcementPoint.terminate(); + AceDB::AceDAO::detachFromThread(); +} + + +void SecurityLogic::grantPlatformAccess(const Request& request) +{ + (void)request; +#ifdef WRT_SMACK_ENABLED + try { + unsigned long long id = + static_cast(request.getWidgetHandle()); + Request::DeviceCapabilitySet dc = request.getDeviceCapabilitySet(); + + size_t i,size = dc.size(); + std::unique_ptr array(new const char*[size+1]); + + array[size] = NULL; + auto it = dc.begin(); + + for(i=0; (ic_str(); + } + int ret = wrt_permissions_add(id, array.get()); + if (PC_OPERATION_SUCCESS != ret) { + LogError("smack rules couldn't be granted"); + } + } catch (std::bad_alloc&) { + LogError("smack rules couldn't be granted: memory allocation failed"); + } +#endif +} + +PolicyResult SecurityLogic::checkFunctionCall(Request* request) +{ + Assert(NULL != request); + + LogDebug("=== Check widget existance ==="); + Try { + request->setAppType(getAppType(request)); + } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) { + LogError("==== Couldn't find widget for handle: " << + request->getWidgetHandle() << ". Access denied. ===="); + return PolicyEffect::DENY; + } + + PolicyResult aceResult = m_policyEnforcementPoint.check(*request).policyResult; + + if (aceResult == PolicyEffect::PERMIT) { + grantPlatformAccess(*request); + return PolicyEffect::PERMIT; + } else if (aceResult == PolicyEffect::PROMPT_ONESHOT || + aceResult == PolicyEffect::PROMPT_SESSION || + aceResult == PolicyEffect::PROMPT_BLANKET || + aceResult == PolicyDecision::NOT_APPLICABLE || + aceResult == PolicyResult::UNDETERMINED) + { + // TODO: check stored user answers!!! + // if necessary, grant SMACK rules + // return appropriately - the following is a dummy: + return aceResult; + } else { + return PolicyEffect::DENY; + } +} + +PolicyResult SecurityLogic::checkFunctionCall(Request* request, const std::string &sessionId) +{ + Assert(NULL != request); + LogDebug("=== Check existance of widget === "); + Try { + request->setAppType(getAppType(request)); + } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) { + LogError("==== Couldn't find widget for handle: " << + request->getWidgetHandle() << ". Access denied. ===="); + return PolicyEffect::DENY; + } + + ExtendedPolicyResult exAceResult = m_policyEnforcementPoint.check(*request); + PolicyResult aceResult = exAceResult.policyResult; + + LogDebug("Result returned by policy " << aceResult << ". RuleID: " << exAceResult.ruleId); + + if (aceResult == PolicyEffect::PERMIT) { + LogDebug("Grant access."); + grantPlatformAccess(*request); + return PolicyEffect::PERMIT; + } + + if (aceResult == PolicyEffect::PROMPT_ONESHOT || + aceResult == PolicyEffect::DENY) + { + return aceResult; + } + + OptionalCachedPromptDecision decision = AceDB::AceDAOReadOnly::getPromptDecision( + request->getWidgetHandle(), + exAceResult.ruleId); + + if (decision.IsNull()) { + LogDebug("No CachedPromptDecision found."); + return aceResult; + } + + if (aceResult == PolicyEffect::PROMPT_BLANKET) { + if (decision->decision == PromptDecision::ALLOW_ALWAYS) { + LogDebug("Found user decision. Result changed to PERMIT. Access granted"); + grantPlatformAccess(*request); + return PolicyEffect::PERMIT; + } + if (decision->decision == PromptDecision::DENY_ALWAYS) { + LogDebug("Found user decision. Result changed to DENY."); + return PolicyEffect::DENY; + } + if (decision->decision == PromptDecision::ALLOW_FOR_SESSION + && !(decision->session.IsNull()) + && sessionId == DPL::ToUTF8String(*(decision->session))) + { + LogDebug("Result changed to PERMIT. Access granted."); + grantPlatformAccess(*request); + return PolicyEffect::PERMIT; + } + if (decision->decision == PromptDecision::DENY_FOR_SESSION + && !(decision->session.IsNull()) + && sessionId == DPL::ToUTF8String(*(decision->session))) + { + LogDebug("Found user decision. Result changed to DENY."); + return PolicyEffect::DENY; + } + return aceResult; + } + + if (aceResult == PolicyEffect::PROMPT_SESSION) { + if (decision->decision == PromptDecision::ALLOW_FOR_SESSION + && !(decision->session.IsNull()) + && sessionId == DPL::ToUTF8String(*(decision->session))) + { + LogDebug("Found user decision. Result changed to PERMIT. Access granted."); + grantPlatformAccess(*request); + return PolicyEffect::PERMIT; + } + if (decision->decision == PromptDecision::DENY_FOR_SESSION + && !(decision->session.IsNull()) + && sessionId == DPL::ToUTF8String(*(decision->session))) + { + LogDebug("Found user decision. Result changed to DENY."); + return PolicyEffect::DENY; + } + return aceResult; + } + + // This should not happend - all PolicyEffect values were supported before. + // This mean that someone has modyfied PolicyEffect enum. SPANK SPANK SPANK + LogError("Unsupported PolicyEffect!"); + return PolicyEffect::DENY; +} + +void SecurityLogic::validatePopupResponse(Request* request, + bool allowed, + Prompt::Validity validity, + const std::string& sessionId, + bool* retValue) +{ + Assert(NULL != retValue); + Assert(NULL != request); + + LogDebug("Start"); + LogDebug("User answered: " << allowed << " with validity: " << validity); + LogDebug("Check widget existance"); + Try { + request->setAppType(getAppType(request)); + } Catch (AceDB::AceDAOReadOnly::Exception::DatabaseError) { + LogError("==== Couldn't find widget for handle: " << + request->getWidgetHandle() << ". Access denied. ===="); + retValue = false; + return; + } + + *retValue = false; + OptionalExtendedPolicyResult extendedAceResult = + m_policyEnforcementPoint.checkFromCache(*request); + if (extendedAceResult.IsNull()) { + LogDebug("No cached policy result - but it should be here"); + LogDebug("returning " << *retValue); + return; + } + + PolicyResult aceResult = extendedAceResult->policyResult; + if (aceResult == PolicyEffect::DENY) { + LogDebug("returning " << *retValue); + return; + } + if (aceResult == PolicyEffect::PERMIT) { + // TODO we were asked for prompt validation + // but we got that no prompt should be opened - is this OK? + // (this is on the diagram in wiki) + *retValue = true; + } else if (aceResult == PolicyEffect::PROMPT_ONESHOT || + aceResult == PolicyEffect::PROMPT_SESSION || + aceResult == PolicyEffect::PROMPT_BLANKET) + { + Request::DeviceCapabilitySet devCaps = + request->getDeviceCapabilitySet(); + + FOREACH (it, devCaps) { + Request::DeviceCapability resourceId = *it; + LogDebug("Recheck: " << *it); + // 1) check if per-widget settings permit + AceDB::PreferenceTypes wgtPref = + AceDB::AceDAOReadOnly::getWidgetDevCapSetting( + resourceId, + request->getWidgetHandle()); + if (AceDB::PreferenceTypes::PREFERENCE_DENY == wgtPref) { + LogDebug("returning " << *retValue); + return; + } + // 2) check if per-dev-cap settings permit + AceDB::PreferenceTypes resPerf = + AceDB::AceDAOReadOnly::getDevCapSetting(resourceId); + if (AceDB::PreferenceTypes::PREFERENCE_DENY == resPerf) { + LogDebug("returning " << *retValue); + return; + } + + // 3) check for stored propmt answer - should not be there + // TODO - is this check necessary? + AceDB::BaseAttributeSet attributes; + AceDB::AceDAOReadOnly::getAttributes(&attributes); + Request req(request->getWidgetHandle(), + request->getExecutionPhase()); + req.addDeviceCapability(resourceId); + PolicyInformationPoint *pip = + m_policyEnforcementPoint.getPip(); + + Assert(NULL != pip); + + pip->getAttributesValues(&req, &attributes); + auto attrHash = AceDB::AceDaoConversions::convertToHash(attributes); + + // 4) validate consistency of answer with policy result + Prompt::Validity clampedValidity = + clampPromptValidity(validity, *(aceResult.getEffect())); + + // 5) store answer in database if appropriate + // TODO how about userParam? sessionId? + DPL::String userParam = DPL::FromUTF8String(sessionId); + DPL::OptionalString sessionOptional = + DPL::FromUTF8String(sessionId); + + switch (clampedValidity) { + case Prompt::Validity::ALWAYS: { + AceDB::AceDAO::setPromptDecision( + request->getWidgetHandle(), + extendedAceResult->ruleId, + sessionOptional, + allowed ? + PromptDecision::ALLOW_ALWAYS : + PromptDecision::DENY_ALWAYS); + break; } + case Prompt::Validity::SESSION: { + AceDB::AceDAO::setPromptDecision( + request->getWidgetHandle(), + extendedAceResult->ruleId, + sessionOptional, + allowed ? + PromptDecision::ALLOW_FOR_SESSION : + PromptDecision::DENY_FOR_SESSION); + break; } + + case Prompt::Validity::ONCE: { + LogInfo("Validity ONCE, not saving prompt decision to cache"); + break; } + } + + } + // access granted! + *retValue = allowed; + } + if (*retValue) { + // 6) grant smack label if not granted yet + grantPlatformAccess(*request); + } + LogDebug("Finish"); + LogDebug("returning " << *retValue); +} + +void SecurityLogic::updatePolicy() +{ + LogDebug("SecurityLogic::updatePolicy"); + m_policyEnforcementPoint.updatePolicy(); +} + +Prompt::Validity SecurityLogic::clampPromptValidity( + Prompt::Validity validity, + PolicyEffect effect) +{ + switch (effect) { + case PolicyEffect::PROMPT_BLANKET: { + return validity; } + case PolicyEffect::PROMPT_SESSION: { + if (Prompt::Validity::ALWAYS == validity) { + LogInfo("ALWAYS returned from prompt in PROMPT_SESSION"); + return Prompt::Validity::SESSION; + } + return validity; } + case PolicyEffect::PROMPT_ONESHOT: { + if (Prompt::Validity::ONCE != validity) { + LogInfo("Not ONCE returned from prompt in PROMPT_ONESHOT"); + } + return Prompt::Validity::ONCE; } + case PolicyEffect::DENY: + case PolicyEffect::PERMIT: + default: {// other options - should not happen + LogError("This kind of policy effect does not deal with prompts"); + return Prompt::Validity::ONCE; } + } +} + diff --git a/src/services/ace/logic/security_logic.h b/src/services/ace/logic/security_logic.h new file mode 100644 index 0000000..71f8bae --- /dev/null +++ b/src/services/ace/logic/security_logic.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * This class simply redirects the access requests to access control engine. + * The aim is to hide access control engine specific details from WRT modules. + * It also implements WRT_INTERFACE.h interfaces, so that ACE could access + * WRT specific and other information during the decision making. + * + * @file security_controller.h + * @author Przemyslaw Dobrowolski (p.dobrowolsk@samsung.com) + * @author Ming Jin(ming79.jin@samsung.com) + * @author Piotr Kozbial (p.kozbial@samsung.com) + * @version 1.0 + * @brief Header file for security logic + */ +#ifndef SECURITY_LOGIC_H +#define SECURITY_LOGIC_H + +#include +#include +#include +#include +#include +#include + +/* SecurityLogic + * May only be created and used by SecurityController. + * There may be only one instance. + */ +class SecurityLogic { + public: + SecurityLogic() {} + ~SecurityLogic() {} + // initialize/terminate + /** */ + void initialize(); + /** */ + void terminate(); + + /** */ + PolicyResult checkFunctionCall(Request*); + PolicyResult checkFunctionCall(Request*, const std::string &session); + + void validatePopupResponse(Request* request, + bool allowed, + Prompt::Validity validity, + const std::string& sessionId, + bool* retValue); + + /** + * Updates policy and clears policy cache + */ + void updatePolicy(); + + private: + PolicyEnforcementPoint m_policyEnforcementPoint; + + Prompt::Validity clampPromptValidity(Prompt::Validity validity, + PolicyEffect effect); + void grantPlatformAccess(const Request& request); +}; + +#endif // SECURITY_CONTROLLER_H diff --git a/src/services/ace/logic/simple_roaming_agent.cpp b/src/services/ace/logic/simple_roaming_agent.cpp new file mode 100755 index 0000000..19e2b39 --- /dev/null +++ b/src/services/ace/logic/simple_roaming_agent.cpp @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file simple_roaming_agent.cpp + * @author Pawel Sikorski (p.sikorski@samsung.com) + * @author Lukasz Marek (l.marek@samsung.com) + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief roaming agent + */ + +#include "simple_roaming_agent.h" +#include +#include +#include +#include +IMPLEMENT_SINGLETON(SimpleRoamingAgent) + +SimpleRoamingAgent::SimpleRoamingAgent() +{ + if (vconf_notify_key_changed( + VCONFKEY_TELEPHONY_SVC_ROAM, + vConfChagedCallback, this) < 0) + { + LogError("Cannot add vconf callback [" << + VCONFKEY_TELEPHONY_SVC_ROAM << "]"); + Assert(false && "Cannot add vconf callback"); + } + + int result = 0; + if (vconf_get_int(VCONFKEY_TELEPHONY_SVC_ROAM, &result) != 0) { + LogError("Cannot get current roaming status"); + Assert(false && "Cannot get current roaming status"); + } else { + bool type = (result == VCONFKEY_TELEPHONY_SVC_ROAM_ON); + m_networkType = type ? ROAMING : HOME; + LogInfo("Network type is " << (type ? "ROAMING" : "HOME")); + } + +} + +SimpleRoamingAgent::~SimpleRoamingAgent() +{ + if (vconf_ignore_key_changed( + VCONFKEY_TELEPHONY_SVC_ROAM, + vConfChagedCallback) < 0) + { + LogError("Cannot rm vconf callback [" << + VCONFKEY_TELEPHONY_SVC_ROAM << "]"); + Assert(false && "Cannot remove vconf callback"); + } + +} + +void SimpleRoamingAgent::vConfChagedCallback(keynode_t *keyNode, void *data) +{ + LogInfo("SimpleRoamingAgent::vConfChagedCallback "); + char *key = vconf_keynode_get_name(keyNode); + + if (NULL == key) { + LogWarning("vconf key is null."); + return; + } + std::string keyString = key; + if (VCONFKEY_TELEPHONY_SVC_ROAM != keyString) { + LogError("Wrong key found"); + Assert(false && "Wrong key found in vconf callback"); + return; + } + SimpleRoamingAgent *agent = static_cast(data); + if (NULL == agent) { + LogError("Bad user arg from vconf lib"); + Assert(false && "Bad user arg from vconf lib"); + return; + } + int result = 0; + if (vconf_get_int(VCONFKEY_TELEPHONY_SVC_ROAM, &result) != 0) { + LogError("Cannot get current roaming status"); + Assert(false && "Cannot get current roaming status"); + } else { + bool type = (result == VCONFKEY_TELEPHONY_SVC_ROAM_ON); + agent->m_networkType = type ? ROAMING : HOME; + LogInfo("Network type is " << (type ? "ROAMING" : "HOME")); + } +} diff --git a/src/services/ace/logic/simple_roaming_agent.h b/src/services/ace/logic/simple_roaming_agent.h new file mode 100755 index 0000000..65b0bbe --- /dev/null +++ b/src/services/ace/logic/simple_roaming_agent.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file simple_roaming_agent.h + * @author Pawel Sikorski (p.sikorski@samsung.com) + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief simple roaming agent + */ + +#ifndef WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_ +#define WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_ + +#include +#include +#include +#include + +class SimpleRoamingAgent : DPL::Noncopyable +{ + public: + bool IsRoamingOn() const + { + return ROAMING == m_networkType; + } + + private: + enum NetworkType {ROAMING, HOME}; + + NetworkType m_networkType; + + SimpleRoamingAgent(); + virtual ~SimpleRoamingAgent(); + + static void vConfChagedCallback(keynode_t *keyNode, void *userParam); + + friend class DPL::Singleton; +}; + +typedef DPL::Singleton SimpleRoamingAgentSingleton; + +#endif//WRT_SRC_ACCESS_CONTROL_COMMON_SIMPLE_ROAMING_AGENT_H_ diff --git a/src/services/ace/socket/ace_service_callbacks.cpp b/src/services/ace/socket/ace_service_callbacks.cpp new file mode 100644 index 0000000..ac3f6cf --- /dev/null +++ b/src/services/ace/socket/ace_service_callbacks.cpp @@ -0,0 +1,133 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_service_callbacks.cpp + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Implementation of Ace Service callbacks + */ +#include +#include +#include +#include "ace_service_callbacks.h" +#include +#include +#include +#include +#include +#include + +namespace RPC { + +void AceServiceCallbacks::checkAccess(SocketConnection * connector){ + + int widgetHandle = 0; + std::string subject, resource, sessionId; + std::vector paramNames, paramValues; + Try { + connector->read(&widgetHandle, + &subject, + &resource, + ¶mNames, + ¶mValues, + &sessionId); + } Catch (SocketConnection::Exception::SocketConnectionException){ + LogError("Socket Connection read error"); + ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, + "Socket Connection read error"); + } + + if (paramNames.size() != paramValues.size()) { + ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, "Varying sizes of parameter names and parameter values"); + } + LogDebug("We got subject: " << subject); + LogDebug("We got resource: " << resource); + + FunctionParamImpl params; + for (size_t i = 0; i < paramNames.size(); ++i) { + params.addAttribute(paramNames[i], paramValues[i]); + } + + Request request(widgetHandle, + WidgetExecutionPhase_Invoke, + ¶ms); + request.addDeviceCapability(resource); + + PolicyResult result(PolicyEffect::DENY); + SecurityCallerSingleton::Instance().SendSyncEvent( + SecurityControllerEvents::CheckRuntimeCallSyncEvent( + &result, + &request, + sessionId)); + + int response = PolicyResult::serialize(result); + + Try{ + connector->write(response); + } Catch (SocketConnection::Exception::SocketConnectionException){ + LogError("Socket Connection write error"); + ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, + "Socket Connection write error"); + } +} + +void AceServiceCallbacks::checkAccessInstall(SocketConnection * connector){ + + int widgetHandle; + std::string resource; + + Try { + connector->read(&widgetHandle, + &resource); + } Catch (SocketConnection::Exception::SocketConnectionException){ + LogError("Socket Connection read error"); + ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, + "Socket Connection read error"); + } + + LogDebug("We got handle: " << widgetHandle); + LogDebug("We got resource: " << resource); + + Request request(widgetHandle, + WidgetExecutionPhase_WidgetInstall); + request.addDeviceCapability(resource); + + PolicyResult result(PolicyEffect::DENY); + SecurityCallerSingleton::Instance().SendSyncEvent( + SecurityControllerEvents::CheckFunctionCallSyncEvent( + &result, + &request)); + + int response = PolicyResult::serialize(result); + + Try{ + connector->write(response); + } Catch (SocketConnection::Exception::SocketConnectionException){ + LogError("Socket Connection write error"); + ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, + "Socket Connection write error"); + } +} + +void AceServiceCallbacks::updatePolicy(SocketConnection * /*connector*/){ + + + LogDebug("Policy update socket message received"); + SecurityCallerSingleton::Instance().SendSyncEvent( + SecurityControllerEvents::UpdatePolicySyncEvent()); +} + +} //namespace RPC diff --git a/src/services/ace/socket/ace_service_callbacks.h b/src/services/ace/socket/ace_service_callbacks.h new file mode 100644 index 0000000..e5ebc18 --- /dev/null +++ b/src/services/ace/socket/ace_service_callbacks.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_service_callbacks.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Header of Ace Service callbacks + */ + +#ifndef ACE_SERVICE_CALLBACKS_H_ +#define ACE_SERVICE_CALLBACKS_H_ + +#include +#include +#include + +namespace RPC { + +namespace AceServiceCallbacks { + + // IN string subject + // IN string resource + // IN vector function param names + // IN vector function param values + // OUT int allow, deny, popup type + void checkAccess(SocketConnection * connector); + + // IN string subject + // IN string resource + // OUT int allow, deny, popup type + void checkAccessInstall(SocketConnection * connector); + + // Policy update trigger + void updatePolicy(SocketConnection * connector); + +}; + +} //namespace RPC + +#endif /* ACE_SERVICE_CALLBACKS_H_ */ diff --git a/src/services/ace/socket/api/ace_service_callbacks_api.h b/src/services/ace/socket/api/ace_service_callbacks_api.h new file mode 100644 index 0000000..dfd136b --- /dev/null +++ b/src/services/ace/socket/api/ace_service_callbacks_api.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ace_service_callbacks_api.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Header with api of implemented Ace Service callbacks + */ +#ifndef ACE_SERVICE_CALLBACKS_API_H_ +#define ACE_SERVICE_CALLBACKS_API_H_ + +#include +#include +#include "ace_server_api.h" +#include "ace_service_callbacks.h" +#include "callback_api.h" + +namespace WrtSecurity{ +namespace AceServiceCallbacksApi{ + +inline const std::pair CHECK_ACCESS_METHOD_CALLBACK() { + return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_METHOD(), + RPC::AceServiceCallbacks::checkAccess); +} + +inline const std::pair CHECK_ACCESS_INSTALL_METHOD_CALLBACK() { + return std::make_pair(WrtSecurity::AceServerApi::CHECK_ACCESS_INSTALL_METHOD(), + RPC::AceServiceCallbacks::checkAccessInstall); +} + +inline const std::pair UPDATE_POLICY_METHOD_CALLBACK() { + return std::make_pair(WrtSecurity::AceServerApi::UPDATE_POLICY_METHOD(), + RPC::AceServiceCallbacks::updatePolicy); +} + +} // namespace AceServiceCallbacksApi +} // namespace WrtSecurity + + +#endif // ACE_SERVICE_CALLBACKS_API_H_ diff --git a/src/services/caller/security_caller.cpp b/src/services/caller/security_caller.cpp new file mode 100644 index 0000000..8fab788 --- /dev/null +++ b/src/services/caller/security_caller.cpp @@ -0,0 +1,26 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file popup_service_callbacks.cpp + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief Implementation of Security Caller Thread singleton + */ + +#include +#include + +IMPLEMENT_SINGLETON(SecurityCallerThread) diff --git a/src/services/caller/security_caller.h b/src/services/caller/security_caller.h new file mode 100644 index 0000000..e1b68d0 --- /dev/null +++ b/src/services/caller/security_caller.h @@ -0,0 +1,189 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file popup_service_callbacks.cpp + * @author Lukasz Wrzosek (l.wrzosek@samsung.com) + * @version 1.0 + * @brief Header of Security Caller class used by services socket callbacks + */ + +#ifndef SECURITY_CALLER_H__ +#define SECURITY_CALLER_H__ + +#include +#include +#include + +#include + +#include + +class IEventHolder +{ + public: + virtual void FinalizeSending() = 0; + virtual ~IEventHolder() {}; +}; + +template +class EventHolderImpl : public IEventHolder +{ + EventType event; + + public: + EventHolderImpl(const EventType& e) : event(e) {} + virtual void FinalizeSending() + { + LogDebug("sending real sync event"); + CONTROLLER_POST_SYNC_EVENT(SecurityController, event); + } +}; + +/* + * Because Security Controller is a DPL::Controler class, its events + * can be send only from a DPL managed thread. SecurityCallerTread class + * has been implemented as a workaround of that constraint. + * This class is a DPL managed thread that waits for requests + * from non DPL managed threads and when receives one it posts event + * to the Security Controler in charge of the calling thread. + */ + + +class SecurityCallerThread : public DPL::Thread +{ + private: + pthread_mutex_t m_mutex2; + pthread_mutex_t m_mutex; + pthread_cond_t m_cond; + pthread_cond_t m_cond2; + bool m_continue; + bool m_finished; + IEventHolder* m_eventHolder; + pthread_mutex_t m_syncMutex; + + + SecurityCallerThread() : + Thread(), + m_mutex2(PTHREAD_MUTEX_INITIALIZER), + m_mutex(PTHREAD_MUTEX_INITIALIZER), + m_cond(PTHREAD_COND_INITIALIZER), + m_cond2(PTHREAD_COND_INITIALIZER), + m_continue(true), + m_finished(false), + m_eventHolder(NULL), + m_syncMutex(PTHREAD_MUTEX_INITIALIZER) + { + LogDebug("constructor"); + } + + virtual ~SecurityCallerThread() + { + pthread_mutex_unlock(&m_syncMutex); + pthread_cond_destroy(&m_cond); + pthread_cond_destroy(&m_cond2); + pthread_mutex_destroy(&m_mutex2); + pthread_mutex_destroy(&m_mutex); + pthread_mutex_destroy(&m_syncMutex); + } + + protected: + /* main routine of the SecurityCallerThread */ + virtual int ThreadEntry() + { + LogDebug("SecurityCallerThread start"); + pthread_mutex_lock(&m_mutex); // lock shared data + + while (m_continue) // main loop + { + if (m_eventHolder) // if m_eventHolder is set, the request has been received + { + m_eventHolder->FinalizeSending(); // send actual event in charge of calling thread + delete m_eventHolder; + m_eventHolder = NULL; + LogDebug("setting finished state"); + pthread_mutex_lock(&m_syncMutex); // lock m_finished + m_finished = true; + pthread_mutex_unlock(&m_syncMutex); // unlock m_finished + LogDebug("finished"); + pthread_cond_signal(&m_cond2); // signal a calling thread that event has been posted. + } + LogDebug("waiting for event"); + // atomically: + // unlock m_mutex, wait on m_cond until signal received, lock m_mutex + pthread_cond_wait(&m_cond, &m_mutex); + LogDebug("found an event"); + } + + pthread_mutex_unlock(&m_mutex); + + return 0; + } + + public: + void Quit() + { + LogDebug("Quit called"); + pthread_mutex_lock(&m_mutex); // lock shared data + m_continue = false; // main loop condition set to false + pthread_mutex_unlock(&m_mutex); // unlock shard data + pthread_cond_signal(&m_cond); + } + + template + void SendSyncEvent(const EventType& event) + { + // prevent SendSyncEvent being called by multiple threads at the same time. + pthread_mutex_lock(&m_mutex2); + LogDebug("sending sync event"); + bool correct_thread = false; + Try { + LogDebug("Checking if this is unmanaged thread"); + DPL::Thread::GetCurrentThread(); + } Catch (DPL::Thread::Exception::UnmanagedThread) { + correct_thread = true; + } + Assert(correct_thread && + "This method may not be called from DPL managed thread or main thread"); + LogDebug("putting an event to be posted"); + pthread_mutex_lock(&m_mutex); // lock shared data + Assert(m_eventHolder == NULL && "Whooops"); + m_eventHolder = new EventHolderImpl(event); // put an event to be posted + pthread_mutex_unlock(&m_mutex); // unlock shared data + LogDebug("Signal caller thread that new event has been created"); + pthread_cond_signal(&m_cond); // signal SecurityCallerThread to wake up because new + // event is waiting to be posted + + LogDebug("waiting untill send completes"); + pthread_mutex_lock(&m_syncMutex); /* wait until send completes */ + while (!m_finished) + { + pthread_cond_wait(&m_cond2, &m_syncMutex); // wait until event is posted + } + LogDebug("done"); + m_finished = false; + pthread_mutex_unlock(&m_syncMutex); + pthread_mutex_unlock(&m_mutex2); + } + + private: + friend class DPL::Singleton; +}; + +typedef DPL::Singleton SecurityCallerSingleton; + + + +#endif //SECURITY_CALLER_H__ diff --git a/src/services/ocsp/dbus/api/ocsp_server_dbus_api.h b/src/services/ocsp/dbus/api/ocsp_server_dbus_api.h new file mode 100644 index 0000000..df9817b --- /dev/null +++ b/src/services/ocsp/dbus/api/ocsp_server_dbus_api.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ocsp_server_api.h + * @author + * @version 1.0 + * @brief This file contains definitions OCSP server interface & methods specifically needed by DBus. + */ +#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_ +#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_ + +#include "ocsp_server_api.h" +#include + +namespace WrtSecurity{ +namespace OcspServerApi{ + + +// RPC test function +// IN std::string +// OUT std::string +inline const std::string ECHO_METHOD() +{ + return "echo"; +} + + + +} +}; + +#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_API_H_ diff --git a/src/services/ocsp/dbus/ocsp_server_dbus_interface.cpp b/src/services/ocsp/dbus/ocsp_server_dbus_interface.cpp new file mode 100644 index 0000000..2acc5d8 --- /dev/null +++ b/src/services/ocsp/dbus/ocsp_server_dbus_interface.cpp @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ocsp_service_dbus_interface.cpp + * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) + * @version 1.0 + * @brief Implementation of OCSP server API. + */ +#include "ocsp_server_dbus_interface.h" + +namespace RPC { + +using namespace WrtSecurity; + +OcspServerDBusInterface::OcspServerDBusInterface(): + DPL::DBus::InterfaceDispatcher(OcspServerApi::INTERFACE_NAME()) +{ + setXmlSignature("" + " " + " " + " " + " " + " " + " " + " " + " " + " " + " " + ""); +} + + +void OcspServerDBusInterface::onMethodCall( + const gchar* argMethodName, + GVariant* argParameters, + GDBusMethodInvocation* argInvocation) +{ + if (OcspServerApi::ECHO_METHOD() == argMethodName){ + // TODO: Deserialization should use + // DBus::SErverDeserialization::deserialize() + const gchar* arg = NULL; + g_variant_get(argParameters, "(&s)", &arg); + // TODO: Serialization should use + // DBus::SErverDeserialization::serialize() + gchar* response = g_strdup_printf(arg); + g_dbus_method_invocation_return_value(argInvocation, + g_variant_new ("(s)", response)); + g_free (response); + } else if (OcspServerApi::CHECK_ACCESS_METHOD() == argMethodName) { + gint32 value; + g_variant_get(argParameters, "(i)", &value); + + // TODO: this is making OCSP service a stub! this HAS to be moved + // with proper implementation to cert-svc daemon + gint32 response = 0; // Certificates are valid for now + + GVariant* varResponse = g_variant_new ("(i)", response); + //This function will unref invocation and it will be freed + LogDebug("OCSP dbus interface tries to send result"); + g_dbus_method_invocation_return_value(argInvocation, varResponse); + } +} + +} // namespace RPC diff --git a/src/services/ocsp/dbus/ocsp_server_dbus_interface.h b/src/services/ocsp/dbus/ocsp_server_dbus_interface.h new file mode 100644 index 0000000..748c0bd --- /dev/null +++ b/src/services/ocsp/dbus/ocsp_server_dbus_interface.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ocsp_service_dbus_interface.h + * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) + * @version 1.0 + * @brief Class that handles OCSP server API. + */ +#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_ +#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_ + +#include +#include +#include "api/ocsp_server_dbus_api.h" + +namespace RPC { + +class OcspServerDBusInterface : + public DPL::DBus::InterfaceDispatcher +{ + public: + OcspServerDBusInterface(); + + virtual ~OcspServerDBusInterface() + {} + + virtual void onMethodCall(const gchar* method_name, + GVariant* parameters, + GDBusMethodInvocation* invocation); +}; + +} // namespace RPC + +#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_DBUS_INTERFACE_H_ diff --git a/src/services/ocsp/ocsp_server_api.h b/src/services/ocsp/ocsp_server_api.h new file mode 100644 index 0000000..61be515 --- /dev/null +++ b/src/services/ocsp/ocsp_server_api.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ocsp_server_api.h + * @author + * @version 1.0 + * @brief This file contains definitions OCSP server interface & methods. + */ +#ifndef WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_ +#define WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_ + +#include "ocsp_server_api.h" +#include + +namespace WrtSecurity{ +namespace OcspServerApi{ + +// DBus interface name +inline const std::string INTERFACE_NAME() +{ + return "org.tizen.OcspCheck"; +} + +// Function checks WidgetStatus for installed widget. +// https://106.116.37.24/wiki/WebRuntime/Security/Widget_Signatures +// IN WidgetHandle Widget ID in Database +// OUT WidgetStatus GOOD/REVOKED +inline const std::string CHECK_ACCESS_METHOD() +{ + return "OcspCheck"; +} + +} +}; + +#endif // WRT_SRC_RPC_SECURITY_DAEMON_OCSP_SERVER_API_H_ diff --git a/src/services/ocsp/ocsp_service.cpp b/src/services/ocsp/ocsp_service.cpp new file mode 100644 index 0000000..34d3499 --- /dev/null +++ b/src/services/ocsp/ocsp_service.cpp @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file ocsp_service.cpp + * @author Piotr Marcinkiewicz (p.marcinkiew@samsung.com) + * @version 1.0 + * @brief This is implementation file of Ocsp service + */ + +#include "security_daemon.h" + +namespace OcspService { + +class OcspService : public SecurityDaemon::DaemonService +{ + private: + virtual void initialize() + { + } + + virtual void start() + { + } + + virtual void stop() + { + } + + virtual void deinitialize() + { + } + +}; + +DAEMON_REGISTER_SERVICE_MODULE(OcspService) + +}//namespace OcspService + diff --git a/src/services/ocsp/socket/api/ocsp_service_callbacks_api.h b/src/services/ocsp/socket/api/ocsp_service_callbacks_api.h new file mode 100644 index 0000000..fd9bf3e --- /dev/null +++ b/src/services/ocsp/socket/api/ocsp_service_callbacks_api.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ocsp_service_callbacks_api.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Header with api of implemented Ocsp Service callbacks + */ + +#ifndef OCSP_SERVICE_CALLBACKS_API_H_ +#define OCSP_SERVICE_CALLBACKS_API_H_ + +#include +#include +#include "SocketConnection.h" +#include "ocsp_server_api.h" +#include "ocsp_service_callbacks.h" +#include "callback_api.h" + +namespace WrtSecurity{ +namespace OcspServiceCallbacksApi{ + +inline const std::pair CHECK_ACCESS_METHOD_CALLBACK(){ + return std::make_pair(WrtSecurity::OcspServerApi::CHECK_ACCESS_METHOD(), + RPC::OcspServiceCallbacks::checkAccess); +} + +} // namespace OcspServiceCallbacksApi +} // namespace WrtSecurity + +#endif // OCSP_SERVICE_CALLBACKS_API_H_ diff --git a/src/services/ocsp/socket/ocsp_service_callbacks.cpp b/src/services/ocsp/socket/ocsp_service_callbacks.cpp new file mode 100644 index 0000000..8ff588a --- /dev/null +++ b/src/services/ocsp/socket/ocsp_service_callbacks.cpp @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ocsp_service_callbacks.cpp + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Implementation of Ocsp Service callbacks + */ + +#include "ocsp_service_callbacks.h" +#include + +namespace RPC { + +void OcspServiceCallbacks::checkAccess(SocketConnection * connector){ + int response = 0; + Try { + connector->write(response); + } Catch (SocketConnection::Exception::SocketConnectionException){ + LogError("Socket Connection write error"); + ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, + "Socket Connection write error"); + } +} + +} // namespace RPC diff --git a/src/services/ocsp/socket/ocsp_service_callbacks.h b/src/services/ocsp/socket/ocsp_service_callbacks.h new file mode 100644 index 0000000..df77a80 --- /dev/null +++ b/src/services/ocsp/socket/ocsp_service_callbacks.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file ocsp_service_callbacks.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Header of Ocsp Service callbacks class + */ + +#ifndef OCSP_SERVICE_CALLBACKS_H_ +#define OCSP_SERVICE_CALLBACKS_H_ + +#include + +namespace RPC { + +namespace OcspServiceCallbacks { + void checkAccess(SocketConnection * connector); +}; + +} // namespace RPC +#endif /* OCSP_SERVICE_CALLBACKS_H_ */ diff --git a/src/services/popup/dbus/popup_response_dbus_interface.cpp b/src/services/popup/dbus/popup_response_dbus_interface.cpp new file mode 100644 index 0000000..f897eeb --- /dev/null +++ b/src/services/popup/dbus/popup_response_dbus_interface.cpp @@ -0,0 +1,108 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file popup_response_dispatcher.cpp + * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com) + * @version 1.0 + * @brief + */ + +#include "popup_response_dbus_interface.h" +#include +#include +#include +#include +#include +#include +#include "popup_ace_data_types.h" +//#include "access-control/engine/PromptModel.h" +#include "attribute_facade.h" +//#include "Request.h" +#include "security_controller.h" + +namespace RPC +{ + +void PopupResponseDBusInterface::onMethodCall(const gchar* methodName, + GVariant* parameters, + GDBusMethodInvocation* invocation) +{ + using namespace WrtSecurity; +#if 1 + if (0 == g_strcmp0(methodName, + PopupServerApi::VALIDATION_METHOD().c_str())) + { + // popup answer data + bool allowed = false; + int serializedValidity = 0; + + // ACE data + AceUserdata acedata; + + if (!DPL::DBus::ServerDeserialization::deserialize( + parameters, + &allowed, + &serializedValidity, + &(acedata.handle), + &(acedata.subject), + &(acedata.resource), + &(acedata.paramKeys), + &(acedata.paramValues), + &(acedata.sessionId))) + { + g_dbus_method_invocation_return_dbus_error( + invocation, + "org.tizen.PopupResponse.UnknownError", + "Error in deserializing input parameters"); + return; + } + + if (acedata.paramKeys.size() != acedata.paramValues.size()) { + g_dbus_method_invocation_return_dbus_error( + invocation, + "org.tizen.PopupResponse.UnknownError", + "Varying sizes of parameter names and parameter values"); + return; + } + + FunctionParamImpl params; + for (size_t i = 0; i < acedata.paramKeys.size(); ++i) { + params.addAttribute(acedata.paramKeys[i], acedata.paramValues[i]); + } + Request request(acedata.handle, + WidgetExecutionPhase_Invoke, + ¶ms); + request.addDeviceCapability(acedata.resource); + + Prompt::Validity validity = static_cast(serializedValidity); + + bool response = false; + SecurityControllerEvents::ValidatePopupResponseEvent ev( + &request, + allowed, + validity, + acedata.sessionId, + &response); + CONTROLLER_POST_SYNC_EVENT(SecurityController, ev); + + g_dbus_method_invocation_return_value( + invocation, + DPL::DBus::ServerSerialization::serialize(response)); + } +#endif +} + +} diff --git a/src/services/popup/dbus/popup_response_dbus_interface.h b/src/services/popup/dbus/popup_response_dbus_interface.h new file mode 100644 index 0000000..19e9494 --- /dev/null +++ b/src/services/popup/dbus/popup_response_dbus_interface.h @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file popup_response_dbus_interface.h + * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com) + * @author Tomasz Swierczek (t.swierczek@samsung.com) + * @version 1.0 + * @brief + */ + +#ifndef WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H +#define WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H + +#include +#include "popup_response_server_api.h" + +namespace RPC { + +class PopupResponseDBusInterface : public DPL::DBus::InterfaceDispatcher +{ +public: + PopupResponseDBusInterface(): + DPL::DBus::InterfaceDispatcher( + WrtSecurity::PopupServerApi::INTERFACE_NAME()) + { + using namespace WrtSecurity; + + setXmlSignature("" + " " + " " + // popup answer data + " " + " " + // this is copied from ace_server_dbus_interface + " " + " " + " " + " " + " " + " " + " " + " " + " " + ""); + + } + + virtual ~PopupResponseDBusInterface() + {} + + virtual void onMethodCall(const gchar* methodName, + GVariant* parameters, + GDBusMethodInvocation* invocation); +}; + +} + +#endif // WRT_SRC_RPC_DAEMON_POPUP_RESPONSE_DBUS_INTERFACE_H diff --git a/src/services/popup/popup_ace_data_types.h b/src/services/popup/popup_ace_data_types.h new file mode 100644 index 0000000..1b5f734 --- /dev/null +++ b/src/services/popup/popup_ace_data_types.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file popup_ace_data_types.h + * @author Pawel Sikorski (p.sikorski@samsung.com) + * @version 1.0 + * @brief + */ + +#ifndef POPUP_ACE_DATA_TYPES_H_ +#define POPUP_ACE_DATA_TYPES_H_ + +#include +#include + +// additional data needed by PolicyEvaluaor to recognize Popup Response +struct AceUserdata +{ + //TODO INVALID_WIDGET_HANDLE is defined in wrt_plugin_export.h. + // I do not want to include that file here... + AceUserdata(): handle(-1) {} + + int handle; + std::string subject; + std::string resource; + std::vector paramKeys; + std::vector paramValues; + std::string sessionId; +}; + +typedef bool SecurityStatus; + +#endif /* POPUP_ACE_DATA_TYPES_H_ */ diff --git a/src/services/popup/popup_response_server_api.h b/src/services/popup/popup_response_server_api.h new file mode 100644 index 0000000..47dd4d3 --- /dev/null +++ b/src/services/popup/popup_response_server_api.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file popup_response_server_api.h + * @author Zbigniew Kostrzewa (z.kostrzewa@samsung.com) + * @version 1.0 + * @brief + */ + +#ifndef WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H +#define WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H + +#include + +namespace WrtSecurity{ +namespace PopupServerApi{ + +inline const std::string INTERFACE_NAME() +{ + return "org.tizen.PopupResponse"; +} + +inline const std::string VALIDATION_METHOD() +{ + return "validate"; +} + +} +} + +#endif // WRT_SRC_RPC_SECURITY_DAEMON_API_POPUP_RESPONSE_SERVER_API_H + diff --git a/src/services/popup/socket/api/popup_service_callbacks_api.h b/src/services/popup/socket/api/popup_service_callbacks_api.h new file mode 100644 index 0000000..d22b9c7 --- /dev/null +++ b/src/services/popup/socket/api/popup_service_callbacks_api.h @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file popup_service_callbacks_api.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Header with api of Popup Service callbacks + */ + +#ifndef POPUP_SERVICE_CALLBACKS_API_H_ +#define POPUP_SERVICE_CALLBACKS_API_H_ + +#include +#include +#include "SocketConnection.h" +#include "popup_response_server_api.h" +#include "popup_service_callbacks.h" +#include + +namespace WrtSecurity{ +namespace PopupServiceCallbacksApi{ + +inline std::pair VALIDATION_METHOD_CALLBACK(){ + return std::make_pair(WrtSecurity::PopupServerApi::VALIDATION_METHOD(), RPC::PopupServiceCallbacks::validate); +} + +} // namespace PopupServiceCallbacksApi +} // namespace WrtSecurity + +#endif /* POPUP_SERVICE_CALLBACKS_API_H_ */ diff --git a/src/services/popup/socket/popup_service_callbacks.cpp b/src/services/popup/socket/popup_service_callbacks.cpp new file mode 100644 index 0000000..d3e88e0 --- /dev/null +++ b/src/services/popup/socket/popup_service_callbacks.cpp @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file popup_service_callbacks.cpp + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Implementation of Popup Service callbacks + */ + +#include "popup_service_callbacks.h" +#include +#include +#include +#include +#include "attribute_facade.h" +#include "popup_ace_data_types.h" +#include "security_controller.h" +#include + +namespace RPC { + +void PopupServiceCallbacks::validate(SocketConnection * connector){ + + bool allowed = false; + int serializedValidity = 0; + + AceUserdata acedata; + + Try { + connector->read(&allowed, + &serializedValidity, + &(acedata.handle), + &(acedata.subject), + &(acedata.resource), + &(acedata.paramKeys), + &(acedata.paramValues), + &(acedata.sessionId)); + } Catch (SocketConnection::Exception::SocketConnectionException){ + LogError("Socket connection read error"); + ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, + "Socket connection read error"); + } + + if (acedata.paramKeys.size() != acedata.paramValues.size()) { + ThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, + "Varying sizes of parameter names vector and parameter values vector"); + } + FunctionParamImpl params; + for (size_t i = 0; i < acedata.paramKeys.size(); ++i) { + params.addAttribute(acedata.paramKeys[i], acedata.paramValues[i]); + } + Request request(acedata.handle, + WidgetExecutionPhase_Invoke, + ¶ms); + request.addDeviceCapability(acedata.resource); + + Prompt::Validity validity = static_cast(serializedValidity); + + bool response = false; + SecurityControllerEvents::ValidatePopupResponseEvent ev( + &request, + allowed, + validity, + acedata.sessionId, + &response); + SecurityCallerSingleton::Instance().SendSyncEvent(ev); + + Try { + connector->write(response); + } Catch (SocketConnection::Exception::SocketConnectionException){ + LogError("Socket connection write error"); + ReThrowMsg(ServiceCallbackApi::Exception::ServiceCallbackException, + "Socket connection write error"); + } +} + +} // namespace RPC diff --git a/src/services/popup/socket/popup_service_callbacks.h b/src/services/popup/socket/popup_service_callbacks.h new file mode 100644 index 0000000..e7d30f2 --- /dev/null +++ b/src/services/popup/socket/popup_service_callbacks.h @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file popup_service_callbacks.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief Header of Popup Service callbacks + */ + +#ifndef POPUP_SERVICE_CALLBACKS_H_ +#define POPUP_SERVICE_CALLBACKS_H_ + +#include +#include + +namespace RPC { + +namespace PopupServiceCallbacks { + void validate(SocketConnection * connector); +}; + +} // namespace RPC +#endif /* POPUP_SERVICE_CALLBACKS_H_ */ diff --git a/wrt_ocsp/CMakeLists.txt b/wrt_ocsp/CMakeLists.txt new file mode 100644 index 0000000..e03d379 --- /dev/null +++ b/wrt_ocsp/CMakeLists.txt @@ -0,0 +1 @@ +ADD_SUBDIRECTORY(src) \ No newline at end of file diff --git a/wrt_ocsp/include/wrt_ocsp_api.h b/wrt_ocsp/include/wrt_ocsp_api.h new file mode 100644 index 0000000..856d97b --- /dev/null +++ b/wrt_ocsp/include/wrt_ocsp_api.h @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * @file wrt_oscp_api.h + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief This is C api for WRT OCSP + */ +#ifndef WRT_OCSP_API_H +#define WRT_OCSP_API_H + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum{ + WRT_OCSP_OK, + WRT_OCSP_INVALID_ARGUMENTS, + WRT_OCSP_INTERNAL_ERROR +}wrt_ocsp_return_t; + +typedef int wrt_ocsp_widget_handle_t; +typedef enum { + //The certificate has not been revoked. + WRT_OCSP_WIDGET_VERIFICATION_STATUS_GOOD, + + //The certificate has been revoked. + WRT_OCSP_WIDGET_VERIFICATION_STATUS_REVOKED + + +}wrt_ocsp_widget_verification_status_t; + +//-------------Initialization and shutdown------------------- +/* + * Establishes connection to security server. Must be called only once. + * Returns WRT_OCSP_OK or error + */ +wrt_ocsp_return_t wrt_ocsp_initialize(void); + +/* + * Deinitializes internal structures. Must be called only once. + * Returns WRT_OCSP_OK or error + */ + +wrt_ocsp_return_t wrt_ocsp_shutdown(void); + +//-------------Widget verification------------------------------ +/* + * Requests verification for widget identified with 'handle'. + * 'status holds server response. + * Returns WRT_OCSP_OK or error + */ + +wrt_ocsp_return_t wrt_ocsp_verify_widget(wrt_ocsp_widget_handle_t handle, + wrt_ocsp_widget_verification_status_t* status); + + +#ifdef __cplusplus +} +#endif +#endif //WRT_OCSP_API_H diff --git a/wrt_ocsp/src/CMakeLists.txt b/wrt_ocsp/src/CMakeLists.txt new file mode 100644 index 0000000..01c746a --- /dev/null +++ b/wrt_ocsp/src/CMakeLists.txt @@ -0,0 +1,60 @@ +include(FindPkgConfig) + +PKG_CHECK_MODULES(WRT_OCSP_DEPS + dpl-efl + dpl-dbus-efl + REQUIRED + ) + +SET(WRT_OCSP_DIR + ${PROJECT_SOURCE_DIR}/wrt_ocsp + ) + +SET(WRT_OCSP_SRC_DIR + ${WRT_OCSP_DIR}/src + ) + +SET(WRT_OCSP_INCLUDE_DIR + ${WRT_OCSP_DIR}/include + ) + +SET(WRT_OCSP_SOURCES + ${COMMUNICATION_CLIENT_SOURCES} + ${WRT_OCSP_SRC_DIR}/wrt_ocsp_api.cpp + ) + +SET(WRT_OCSP_INCLUDES + ${WRT_OCSP_DEPS_INCLUDE_DIRS} + ${WRT_OCSP_INCLUDE_DIR} + ${COMMUNICATION_CLIENT_INCLUDES} + ${PROJECT_SOURCE_DIR}/src/services/ocsp + ${PROJECT_SOURCE_DIR}/src/services/ocsp/dbus/api + ${PROJECT_SOURCE_DIR}/src/daemon/dbus + ) + +ADD_DEFINITIONS(${WRT_OCSP_DEPS_CFLAGS}) +ADD_DEFINITIONS(${WRT__CFLAGS_OTHER}) + +INCLUDE_DIRECTORIES(${WRT_OCSP_INCLUDES}) + +ADD_LIBRARY(${TARGET_WRT_OCSP_LIB} SHARED ${WRT_OCSP_SOURCES}) + +SET_TARGET_PROPERTIES(${TARGET_WRT_OCSP_LIB} PROPERTIES + SOVERSION ${API_VERSION} + VERSION ${VERSION}) + +SET_TARGET_PROPERTIES(${TARGET_WRT_OCSP_LIB} PROPERTIES + COMPILE_FLAGS -fPIC) + +TARGET_LINK_LIBRARIES(${TARGET_WRT_OCSP_LIB} + ${WRT_OCSP_DEPS_LIBRARIES} + ${WRT_OCSP_DEPS_LDFLAGS} + ) + +INSTALL(TARGETS ${TARGET_WRT_OCSP_LIB} + DESTINATION lib) + +INSTALL(FILES + ${WRT_OCSP_INCLUDE_DIR}/wrt_ocsp_api.h + DESTINATION include/wrt-ocsp + ) diff --git a/wrt_ocsp/src/wrt_ocsp_api.cpp b/wrt_ocsp/src/wrt_ocsp_api.cpp new file mode 100644 index 0000000..5ab9f85 --- /dev/null +++ b/wrt_ocsp/src/wrt_ocsp_api.cpp @@ -0,0 +1,80 @@ +/* + * Copyright (c) 2012 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file wrt_ocsp_api.cpp + * @author Zofia Abramowska (z.abramowska@samsung.com) + * @version 1.0 + * @brief This file contains implementation of WRT OCSP api + */ + +#include +#include +#include "ocsp_server_api.h" +#include "SecurityCommunicationClient.h" + +#include "wrt_ocsp_api.h" + +static WrtSecurity::Communication::Client *communicationClient = NULL; + +wrt_ocsp_return_t wrt_ocsp_initialize(void){ + if (NULL != communicationClient) { + LogError("wrt_ocsp_api already initialized"); + return WRT_OCSP_INTERNAL_ERROR; + } + + Try { + communicationClient = new WrtSecurity::Communication::Client(WrtSecurity::OcspServerApi::INTERFACE_NAME()); + } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { + LogError("Can't connect to daemon"); + return WRT_OCSP_INTERNAL_ERROR; + } + LogInfo("Initialized"); + return WRT_OCSP_OK; +} + +wrt_ocsp_return_t wrt_ocsp_shutdown(void){ + if (NULL == communicationClient) { + LogError("wrt_ocsp_api not initialized"); + return WRT_OCSP_INTERNAL_ERROR; + } + delete communicationClient; + communicationClient = NULL; + LogInfo("Shutdown"); + return WRT_OCSP_OK; +} + +wrt_ocsp_return_t wrt_ocsp_verify_widget(wrt_ocsp_widget_handle_t handle, + wrt_ocsp_widget_verification_status_t* status){ + + LogInfo("Verifying"); + if (NULL == status) { + LogError("Invalid arguments"); + return WRT_OCSP_INVALID_ARGUMENTS; + } + int intResponse; + + Try { + communicationClient->call(WrtSecurity::OcspServerApi::CHECK_ACCESS_METHOD(), + handle, + &intResponse); + } Catch (WrtSecurity::Communication::Client::Exception::SecurityCommunicationClientException) { + LogError("Problem with connection to daemon"); + return WRT_OCSP_INTERNAL_ERROR; + } + (*status) = static_cast(intResponse); + LogInfo("Widget verified with response " << intResponse); + return WRT_OCSP_OK; +}