From 5c78f31a2d4415c970f38db14e248bfef348a6b0 Mon Sep 17 00:00:00 2001
From: Jongmin Choi <jminl.choi@samsung.com>
Date: Wed, 12 Oct 2016 21:00:45 +0900
Subject: [PATCH] [IOT-1446] Fix discovery failure issue

Change logic in the Policy Engine in order to resolve
discovery failure issue

Patch #1: Initial upload
Patch #2: Error message changed

Change-Id: I08ab1dec15cb0f49374d42d97b65a23fe885db39
Signed-off-by: Jongmin Choi <jminl.choi@samsung.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/13173
Reviewed-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
---
 resource/csdk/security/src/policyengine.c | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/resource/csdk/security/src/policyengine.c b/resource/csdk/security/src/policyengine.c
index 2baf6f9..c3f0734 100644
--- a/resource/csdk/security/src/policyengine.c
+++ b/resource/csdk/security/src/policyengine.c
@@ -478,23 +478,24 @@ SRMAccessResponse_t CheckPermission(PEContext_t     *context,
 
         // Before doing any ACL processing, check if request a) coming
         // from DevOwner AND b) the device is in Ready for OTM or Reset state
-        // (which in IoTivity is equivalent to isOp == false && owned == false) 
-        // AND c) the request is for a SVR resource.  
+        // (which in IoTivity is equivalent to isOp == false && owned == false)
+        // AND c) the request is for a SVR resource.
         // If all 3 conditions are met, grant request.
         bool isDeviceOwned = true; // default to value that will not grant access
-        if (OC_STACK_OK == GetDoxmIsOwned(&isDeviceOwned)) // if runtime error, don't grant
+        if (OC_STACK_OK != GetDoxmIsOwned(&isDeviceOwned)) // if runtime error, don't grant
         {
-            // If we were able to get the value of doxm->isOwned, proceed with
-            // test for implicit access...
-            if (IsRequestFromDevOwner(context) // if from DevOwner
-            && (GetPstatIsop() == false) // AND if pstat->isOp == false
-            && (isDeviceOwned == false) // AND if doxm->isOwned == false
-            && (context->resourceType != NOT_A_SVR_RESOURCE)) // AND if SVR type
-            {
-                context->retVal = ACCESS_GRANTED;
-            }        
+            context->retVal = ACCESS_DENIED_POLICY_ENGINE_ERROR;
+        }
+        // If we were able to get the value of doxm->isOwned, proceed with
+        // test for implicit access...
+        else if (IsRequestFromDevOwner(context) // if from DevOwner
+        && (GetPstatIsop() == false) // AND if pstat->isOp == false
+        && (isDeviceOwned == false) // AND if doxm->isOwned == false
+        && (context->resourceType != NOT_A_SVR_RESOURCE)) // AND if SVR type
+        {
+            context->retVal = ACCESS_GRANTED;
         }
-        // If not granted via DevOwner status, 
+        // If not granted via DevOwner status,
         // then check if request is for a SVR and coming from rowner
         else if (IsRequestFromResourceOwner(context))
         {
-- 
2.7.4