From 6b5a0c6f88bfc9bb3f4a5ee5b07c020a5ca99851 Mon Sep 17 00:00:00 2001
From: Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Date: Tue, 11 Oct 2016 13:23:01 -0700
Subject: [PATCH] [IOT-1441] Update DevOwner access policy to remove implicit
 access in RFPROV.

With this patch, the DevOwner now will only be able to access SVRs during
RFOTM or RESET states, unless of course there is an ACE installed allowing
explicit access to the DevOwner.

This behavior change is required by the Security Test Matrix v7, published
by the Security WG.

Patch 2: updated with JIRA ticket #

Patch 3: fixed logic bug found by Kevin

Patch 4: corrected commitmsg

Change-Id: I267c9eb78682bc810b7b2399f6606b8379d6e718
Signed-off-by: Nathan Heldt-Sheller <nathan.heldt-sheller@intel.com>
Reviewed-on: https://gerrit.iotivity.org/gerrit/13117
Reviewed-by: Kevin Kane <kkane@microsoft.com>
Reviewed-by: Greg Zaverucha <gregz@microsoft.com>
Tested-by: jenkins-iotivity <jenkins-iotivity@opendaylight.org>
Reviewed-by: Randeep Singh <randeep.s@samsung.com>
(cherry picked from commit 7958457e535a8a0d15f2a201109b137ba9bc6cf6)
Reviewed-on: https://gerrit.iotivity.org/gerrit/13137
---
 .../csdk/security/include/internal/doxmresource.h  |  8 +++++++
 resource/csdk/security/src/doxmresource.c          | 10 +++++++++
 resource/csdk/security/src/policyengine.c          | 25 +++++++++++++++-------
 3 files changed, 35 insertions(+), 8 deletions(-)

diff --git a/resource/csdk/security/include/internal/doxmresource.h b/resource/csdk/security/include/internal/doxmresource.h
index fb8843f..70cf357 100644
--- a/resource/csdk/security/include/internal/doxmresource.h
+++ b/resource/csdk/security/include/internal/doxmresource.h
@@ -103,6 +103,14 @@ OCStackResult SetDoxmDeviceID(const OicUuid_t *deviceID);
 OCStackResult GetDoxmDevOwnerId(OicUuid_t *devownerid);
 
 /**
+ * Gets the bool state of "isOwned" property on the doxm resource.
+ *
+ * @param isOwned a pointer to be assigned to isOwned property
+ * @return ::OC_STACK_OK if isOwned is assigned correctly, else ::OC_STACK_ERROR. 
+ */
+OCStackResult GetDoxmIsOwned(bool *isOwned);
+
+/**
  * Gets the OicUuid_t value for the rowneruuid of the doxm resource.
  *
  * @param rowneruuid a pointer to be assigned to the rowneruuid property
diff --git a/resource/csdk/security/src/doxmresource.c b/resource/csdk/security/src/doxmresource.c
index 4955acd..080450a 100644
--- a/resource/csdk/security/src/doxmresource.c
+++ b/resource/csdk/security/src/doxmresource.c
@@ -1189,6 +1189,16 @@ OCStackResult GetDoxmDeviceID(OicUuid_t *deviceID)
     return OC_STACK_ERROR;
 }
 
+OCStackResult GetDoxmIsOwned(bool *isOwned)
+{
+    if (isOwned && gDoxm)
+    {
+       *isOwned = gDoxm->owned;
+        return OC_STACK_OK;
+    }
+    return OC_STACK_ERROR;
+}
+
 OCStackResult SetDoxmDeviceID(const OicUuid_t *deviceID)
 {
     bool isPT = false;
diff --git a/resource/csdk/security/src/policyengine.c b/resource/csdk/security/src/policyengine.c
index 43b721e..2baf6f9 100644
--- a/resource/csdk/security/src/policyengine.c
+++ b/resource/csdk/security/src/policyengine.c
@@ -477,16 +477,25 @@ SRMAccessResponse_t CheckPermission(PEContext_t     *context,
         }
 
         // Before doing any ACL processing, check if request a) coming
-        // from DevOwner AND b) the device is not in Ready for Normal Operation
-        // state (which in IoTivity is equivalent to isOp == true) AND c)
-        // the request is for a SVR resource.  If all 3 are met, grant request.
-        if (IsRequestFromDevOwner(context) // if from DevOwner
-            && (GetPstatIsop() == false) // AND if isOp == false
-            && (context->resourceType != NOT_A_SVR_RESOURCE)) // AND if SVR type
+        // from DevOwner AND b) the device is in Ready for OTM or Reset state
+        // (which in IoTivity is equivalent to isOp == false && owned == false) 
+        // AND c) the request is for a SVR resource.  
+        // If all 3 conditions are met, grant request.
+        bool isDeviceOwned = true; // default to value that will not grant access
+        if (OC_STACK_OK == GetDoxmIsOwned(&isDeviceOwned)) // if runtime error, don't grant
         {
-            context->retVal = ACCESS_GRANTED;
+            // If we were able to get the value of doxm->isOwned, proceed with
+            // test for implicit access...
+            if (IsRequestFromDevOwner(context) // if from DevOwner
+            && (GetPstatIsop() == false) // AND if pstat->isOp == false
+            && (isDeviceOwned == false) // AND if doxm->isOwned == false
+            && (context->resourceType != NOT_A_SVR_RESOURCE)) // AND if SVR type
+            {
+                context->retVal = ACCESS_GRANTED;
+            }        
         }
-        // Then check if request is for a SVR and coming from rowner
+        // If not granted via DevOwner status, 
+        // then check if request is for a SVR and coming from rowner
         else if (IsRequestFromResourceOwner(context))
         {
             context->retVal = ACCESS_GRANTED;
-- 
2.7.4