From: Jaemin Ryu Date: Wed, 27 Jul 2016 01:18:07 +0000 (+0900) Subject: Apply lazy construction to policies X-Git-Tag: accepted/tizen/common/20160802.160945^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F45%2F81545%2F2;p=platform%2Fcore%2Fsecurity%2Fdevice-policy-manager.git Apply lazy construction to policies Change-Id: If6a083065ac4c1b27be3734befb5778b4c4b35b9 Signed-off-by: Jaemin Ryu --- diff --git a/server/CMakeLists.txt b/server/CMakeLists.txt index c1eed42..a7d32eb 100644 --- a/server/CMakeLists.txt +++ b/server/CMakeLists.txt @@ -22,6 +22,7 @@ SET(FOUNDATION main.cpp launchpad.cpp packman.cpp policy.cpp + policy-builder.cpp policy-storage.cpp client-manager.cpp ) diff --git a/server/administration.cpp b/server/administration.cpp index c53cc98..e47d3c4 100644 --- a/server/administration.cpp +++ b/server/administration.cpp @@ -16,6 +16,7 @@ #include "administration.hxx" +#include "policy-builder.h" #include "client-manager.h" #include "audit/logger.h" @@ -60,6 +61,6 @@ int AdministrationPolicy::deregisterPolicyClient(const std::string& name, uid_t return 0; } -AdministrationPolicy adminPolicy(Server::instance()); +DEFINE_POLICY(AdministrationPolicy); } // namespace DevicePolicyManager diff --git a/server/application.cpp b/server/application.cpp index 6bcef93..c3b6731 100644 --- a/server/application.cpp +++ b/server/application.cpp @@ -24,7 +24,7 @@ #include "application.hxx" -#include "policy-helper.h" +#include "policy-builder.h" #include "packman.h" #include "launchpad.h" #include "audit/logger.h" @@ -163,6 +163,6 @@ int ApplicationPolicy::checkPrivilegeIsBlacklisted(int type, const std::string& return false; } -ApplicationPolicy applicationPolicy(Server::instance()); +DEFINE_POLICY(ApplicationPolicy); } // namespace DevicePolicyManager diff --git a/server/bluetooth.cpp b/server/bluetooth.cpp index 83405f4..0ffdc06 100644 --- a/server/bluetooth.cpp +++ b/server/bluetooth.cpp @@ -22,7 +22,7 @@ #include "restriction.hxx" #include "privilege.h" -#include "policy-helper.h" +#include "policy-builder.h" #include "audit/logger.h" #include "dbus/connection.h" @@ -276,6 +276,6 @@ bool BluetoothPolicy::isUuidRestricted() return IsPolicyEnabled(context, "bluetooth-uuid-restriction"); } -BluetoothPolicy bluetoothPolicy(Server::instance()); +DEFINE_POLICY(BluetoothPolicy); } // namespace DevicePolicyManager diff --git a/server/location.cpp b/server/location.cpp index a923416..a3d4b5c 100644 --- a/server/location.cpp +++ b/server/location.cpp @@ -19,7 +19,7 @@ #include "location.hxx" #include "privilege.h" -#include "policy-helper.h" +#include "policy-builder.h" #include "audit/logger.h" namespace DevicePolicyManager { @@ -50,6 +50,6 @@ int LocationPolicy::getLocationState() return IsPolicyAllowed(context, "location"); } -LocationPolicy locationPolicy(Server::instance()); +DEFINE_POLICY(LocationPolicy); } // namespace DevicePolicyManager diff --git a/server/main.cpp b/server/main.cpp index 679a608..448df58 100644 --- a/server/main.cpp +++ b/server/main.cpp @@ -20,17 +20,13 @@ #include #include #include +#include #include #include #include "server.h" -#include -#include -#include -#include - void signalHandler(int signum) { exit(0); @@ -43,7 +39,7 @@ int main(int argc, char *argv[]) ::umask(0); try { - Server& server = Server::instance(); + Server server; server.run(); } catch (std::exception &e) { std::cerr << e.what() << std::endl; diff --git a/server/password.cpp b/server/password.cpp index bb936a8..facb447 100644 --- a/server/password.cpp +++ b/server/password.cpp @@ -25,8 +25,8 @@ #include "password.hxx" +#include "policy-builder.h" #include "privilege.h" -#include "policy-helper.h" #include "auth/user.h" #include "audit/logger.h" @@ -721,6 +721,6 @@ std::vector PasswordPolicy::getForbiddenStrings() return ForbiddenStrings; } -PasswordPolicy passwordPolicy(Server::instance()); +DEFINE_POLICY(PasswordPolicy); } /* namespace DevicePolicyManager*/ diff --git a/server/policy-builder.cpp b/server/policy-builder.cpp new file mode 100644 index 0000000..ae9d047 --- /dev/null +++ b/server/policy-builder.cpp @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include "policy-builder.h" + +std::vector> policyBuilder; diff --git a/server/policy-helper.h b/server/policy-builder.h similarity index 67% rename from server/policy-helper.h rename to server/policy-builder.h index 9c4a9ea..260e91f 100644 --- a/server/policy-helper.h +++ b/server/policy-builder.h @@ -14,13 +14,30 @@ * limitations under the License */ -#ifndef __DPM_POLICY_STORAGE_ADAPTOR_H__ -#define __DPM_POLICY_STORAGE_ADAPTOR_H__ +#ifndef __POLICY_BUILDER_H__ +#define __POLICY_BUILDER_H__ +#include +#include +#include #include #include "policy-context.hxx" +extern std::vector> policyBuilder; + +template +struct PolicyBuilder { + PolicyBuilder() + { + policyBuilder.emplace_back([this](PolicyControlContext& context) { + instance.reset(new T(context)); + }); + } + + std::unique_ptr instance; +}; + inline bool IsPolicyAllowed(PolicyControlContext& context, const std::string& name) { return context.getPolicy(name) == "allowed" ? true : false; @@ -41,4 +58,14 @@ inline int SetPolicyEnabled(PolicyControlContext& context, const std::string& na return context.updatePolicy(name, enable ? "enabled" : "disabled"); } -#endif //! __DPM_POLICY_STORAGE_ADAPTOR_H__ +inline void PolicyBuild(PolicyControlContext& context) +{ + for (auto builder : policyBuilder) { + builder(context); + } +} + +#define DEFINE_POLICY(__policy__) \ + PolicyBuilder<__policy__> __policy__##_builder + +#endif //!__POLICY_BUILDER_H__ diff --git a/server/policy-storage.cpp b/server/policy-storage.cpp index 717f0b6..20aaa96 100644 --- a/server/policy-storage.cpp +++ b/server/policy-storage.cpp @@ -18,6 +18,8 @@ #include #include +#include "policy-context.hxx" + #include "policy-storage.h" #include "error.h" @@ -165,4 +167,4 @@ void PolicyStorage::remove() { if (::unlink(location.c_str()) == -1) ::unlink(location.c_str()); -} \ No newline at end of file +} diff --git a/server/restriction.cpp b/server/restriction.cpp index 07382f2..14c5929 100644 --- a/server/restriction.cpp +++ b/server/restriction.cpp @@ -19,7 +19,7 @@ #include "restriction.hxx" #include "privilege.h" -#include "policy-helper.h" +#include "policy-builder.h" #include "audit/logger.h" #include "dbus/connection.h" @@ -221,6 +221,6 @@ int RestrictionPolicy::getBrowserState() return IsPolicyAllowed(context, "browser"); } -RestrictionPolicy restrictionPolicy(Server::instance()); +DEFINE_POLICY(RestrictionPolicy); } // namespace DevicePolicyManager diff --git a/server/security.cpp b/server/security.cpp index bcf06a6..bb795b1 100755 --- a/server/security.cpp +++ b/server/security.cpp @@ -30,6 +30,7 @@ #include "security.hxx" #include "privilege.h" +#include "policy-builder.h" #include "launchpad.h" #include "process.h" #include "filesystem.h" @@ -154,6 +155,6 @@ int SecurityPolicy::isExternalStorageEncrypted() return false; } -SecurityPolicy securityPolicy(Server::instance()); +DEFINE_POLICY(SecurityPolicy); } // namespace DevicePolicyManager diff --git a/server/server.cpp b/server/server.cpp index 36e0187..4ba4caa 100644 --- a/server/server.cpp +++ b/server/server.cpp @@ -19,6 +19,7 @@ #include #include "server.h" +#include "policy-builder.h" using namespace std::placeholders; @@ -46,6 +47,8 @@ Server::~Server() void Server::run() { + PolicyBuild(*this); + // Prepare execution environment service->start(true); } @@ -122,10 +125,3 @@ bool Server::checkPeerPrivilege(const rmi::Credentials& cred, const std::string& return true; } - -Server& Server::instance() -{ - static Server _instance_; - - return _instance_; -} diff --git a/server/server.h b/server/server.h index 2ab2be1..224b93a 100644 --- a/server/server.h +++ b/server/server.h @@ -28,6 +28,9 @@ class Server { public: + Server(); + ~Server(); + void run(); void terminate(); @@ -74,12 +77,7 @@ public: bool checkPeerPrivilege(const rmi::Credentials& cred, const std::string& privilege); - static Server& instance(); - private: - Server(); - ~Server(); - std::string securityLabel; std::unique_ptr policyStorage; std::unique_ptr service; diff --git a/server/storage.cpp b/server/storage.cpp index d4c1aa7..6d4dcea 100644 --- a/server/storage.cpp +++ b/server/storage.cpp @@ -22,8 +22,7 @@ #include "storage.hxx" #include "privilege.h" -#include "policy-helper.h" - +#include "policy-builder.h" #include "exception.h" #include "process.h" #include "filesystem.h" @@ -146,6 +145,6 @@ int StoragePolicy::wipeData(int id) return 0; } -StoragePolicy storagePolicy(Server::instance()); +DEFINE_POLICY(StoragePolicy); } //namespace DevicePolicyManager diff --git a/server/wifi.cpp b/server/wifi.cpp index ed8f0e3..4b388dd 100644 --- a/server/wifi.cpp +++ b/server/wifi.cpp @@ -27,7 +27,7 @@ #include "wifi.hxx" #include "privilege.h" -#include "policy-helper.h" +#include "policy-builder.h" #include "app-bundle.h" #include "audit/logger.h" @@ -237,6 +237,6 @@ int WifiPolicy::removeSsidFromBlocklist(const std::string& ssid) return 0; } -WifiPolicy wifiPolicy(Server::instance()); +DEFINE_POLICY(WifiPolicy); } // namespace DevicePolicyManager diff --git a/server/zone.cpp b/server/zone.cpp index 04f4f01..bf8649d 100755 --- a/server/zone.cpp +++ b/server/zone.cpp @@ -27,7 +27,7 @@ #include "zone/zone.hxx" #include "privilege.h" - +#include "policy-builder.h" #include "error.h" #include "launchpad.h" #include "filesystem.h" @@ -132,28 +132,28 @@ int ZonePolicy::removeZone(const std::string& name) } /* [TBD] remove dependency with zoneManager like this */ -extern ZoneManager zoneManager; +extern ZoneManager* zoneManager; int ZonePolicy::lockZone(const std::string& name) { - return zoneManager.lockZone(name); + return zoneManager->lockZone(name); } int ZonePolicy::unlockZone(const std::string& name) { - return zoneManager.unlockZone(name); + return zoneManager->unlockZone(name); } int ZonePolicy::getZoneState(const std::string& name) { - return zoneManager.getZoneState(name); + return zoneManager->getZoneState(name); } std::vector ZonePolicy::getZoneList(int state) { - return zoneManager.getZoneList(state); + return zoneManager->getZoneList(state); } -ZonePolicy zonePolicy(Server::instance()); +DEFINE_POLICY(ZonePolicy); } // namespace DevicePolicyManager diff --git a/server/zone/app-proxy.cpp b/server/zone/app-proxy.cpp index dc9bb5d..841e11a 100644 --- a/server/zone/app-proxy.cpp +++ b/server/zone/app-proxy.cpp @@ -22,6 +22,7 @@ #include "zone/app-proxy.hxx" +#include "policy-builder.h" #include "error.h" #include "packman.h" #include "launchpad.h" @@ -252,6 +253,6 @@ bool ZoneAppProxy::isRunning(const std::string& name, const std::string& appid) return false; } -ZoneAppProxy zoneAppManager(Server::instance()); +DEFINE_POLICY(ZoneAppProxy); } // namespace DevicePolicyManager diff --git a/server/zone/package-proxy.cpp b/server/zone/package-proxy.cpp index 1313b7a..2daeea1 100644 --- a/server/zone/package-proxy.cpp +++ b/server/zone/package-proxy.cpp @@ -18,7 +18,7 @@ #include #include "zone/package-proxy.hxx" - +#include "policy-builder.h" #include "error.h" #include "packman.h" #include "auth/user.h" @@ -123,6 +123,6 @@ int ZonePackageProxy::uninstall(const std::string& name, const std::string& pkgi return 0; } -ZonePackageProxy zonePackageManager(Server::instance()); +DEFINE_POLICY(ZonePackageProxy); } // namespace DevicePolicyManager diff --git a/server/zone/zone.cpp b/server/zone/zone.cpp index eacaf87..4197576 100644 --- a/server/zone/zone.cpp +++ b/server/zone/zone.cpp @@ -28,7 +28,7 @@ #include #include "zone/zone.hxx" - +#include "policy-builder.h" #include "error.h" #include "process.h" #include "packman.h" @@ -483,6 +483,8 @@ void notiProxyCallback(void *data, notification_type_e type, notification_op *op } // namespace +ZoneManager* zoneManager = nullptr; + ZoneManager::ZoneManager(PolicyControlContext& ctx) : context(ctx) { @@ -507,12 +509,12 @@ ZoneManager::ZoneManager(PolicyControlContext& ctx) : runtime::User zone(name); notification_register_detailed_changed_cb_for_uid(notiProxyCallback, &name, zone.getUid()); } + + zoneManager = this; } ZoneManager::~ZoneManager() { - PackageManager& packageManager = PackageManager::instance(); - packageManager.unsetEventCallback(); } int ZoneManager::createZone(const std::string& name, const std::string& manifest) @@ -703,6 +705,6 @@ int ZoneManager::resetZonePassword(const std::string& name, const std::string& n return 0; } -ZoneManager zoneManager(Server::instance()); +DEFINE_POLICY(ZoneManager); } // namespace DevicePolicyManager