From 5674d571f5b66b7f969d69d6ab2818ab614a9aa5 Mon Sep 17 00:00:00 2001 From: Wonkyu Kwon Date: Wed, 3 Jul 2013 21:53:14 +0900 Subject: [PATCH] Fix not working access control - declare virtual function for some overriding function. - fix the access control instance is passed null. - adjust log format - get rid of a parameter no longer used. Change-Id: I1baec4cbe898cbb4853ab25c7296759877c330b4 --- common/AccessCondition.cpp | 8 ++++---- common/include/AccessControlList.h | 10 +++++----- server/ServerResource.cpp | 21 +++++++++++++-------- server/include/ServerResource.h | 2 +- 4 files changed, 23 insertions(+), 18 deletions(-) diff --git a/common/AccessCondition.cpp b/common/AccessCondition.cpp index 865e5c0..44280b4 100644 --- a/common/AccessCondition.cpp +++ b/common/AccessCondition.cpp @@ -75,19 +75,19 @@ namespace smartcard_service_api { vector >::iterator item; - _DBG(" +---- Granted APDUs"); + _DBG(" +---- Granted APDUs"); for (item = listFilters.begin(); item != listFilters.end(); item++) { - _DBG(" +----- APDU : %s, Mask : %s", item->first.toString(), item->second.toString()); + _DBG(" +----- APDU : %s, Mask : %s", item->first.toString(), item->second.toString()); } } else { - _DBG(" +---- APDU Access ALLOW : %s", apduRule ? "ALWAYS" : "NEVER"); + _DBG(" +---- APDU Access ALLOW : %s", apduRule ? "ALWAYS" : "NEVER"); } - _DBG(" +---- NFC Access ALLOW : %s", nfcRule ? "ALWAYS" : "NEVER"); + _DBG(" +---- NFC Access ALLOW : %s", nfcRule ? "ALWAYS" : "NEVER"); } bool AccessRule::isAuthorizedNFCAccess(void) diff --git a/common/include/AccessControlList.h b/common/include/AccessControlList.h index b2af0d4..93c532c 100644 --- a/common/include/AccessControlList.h +++ b/common/include/AccessControlList.h @@ -57,16 +57,16 @@ namespace smartcard_service_api int updateACL(Channel *channel) { return loadACL(channel); } void releaseACL(); - bool isAuthorizedAccess(ByteArray &aid, + virtual bool isAuthorizedAccess(ByteArray &aid, ByteArray &certHash); - bool isAuthorizedAccess(unsigned char *aidBuffer, + virtual bool isAuthorizedAccess(unsigned char *aidBuffer, unsigned int aidLength, unsigned char *certHashBuffer, unsigned int certHashLength); - bool isAuthorizedAccess(ByteArray &aid, + virtual bool isAuthorizedAccess(ByteArray &aid, vector &certHashes); - bool isAuthorizedAccess(ByteArray &aid, + virtual bool isAuthorizedAccess(ByteArray &aid, vector &certHashes, ByteArray &command); - bool isAuthorizedNFCAccess(ByteArray &aid, + virtual bool isAuthorizedNFCAccess(ByteArray &aid, vector &certHashes); }; diff --git a/server/ServerResource.cpp b/server/ServerResource.cpp index e2fdb6b..79e5057 100644 --- a/server/ServerResource.cpp +++ b/server/ServerResource.cpp @@ -802,7 +802,7 @@ namespace smartcard_service_api return result; } - bool ServerResource::_isAuthorizedAccess(ServerChannel *channel, int pid, ByteArray aid, vector &hashes) + bool ServerResource::_isAuthorizedAccess(ServerChannel *channel, ByteArray aid, vector &hashes) { bool result = true; AccessControlList *acList = NULL; @@ -835,8 +835,7 @@ namespace smartcard_service_api } else { - _ERR("acList is null"); - result = false; + acList->loadACL(channel); } if (acList != NULL) @@ -949,8 +948,8 @@ namespace smartcard_service_api channel = service->getChannel(result); /* check */ - if (_isAuthorizedAccess(channel, service->getParent()->getPID(), - aid, service->getParent()->getCertificationHashes()) == true) + if (_isAuthorizedAccess(channel, aid, + service->getParent()->getCertificationHashes()) == true) { int rv = 0; @@ -1431,7 +1430,7 @@ namespace smartcard_service_api if (acl == NULL) { /* load access control defined by Global Platform */ - GPACE *acl = new GPACE(); + acl = new GPACE(); if (acl != NULL) { int ret; @@ -1449,12 +1448,18 @@ namespace smartcard_service_api acl->updateACL(channel); } - delete channel; - if (acl != NULL) { result = acl->isAuthorizedNFCAccess(aid, hashes); + } else { + _ERR("acl is null"); } + + delete channel; + } else { + _ERR("alloc failed"); } + } else { + _ERR("_openLogicalChannel failed"); } return result; diff --git a/server/include/ServerResource.h b/server/include/ServerResource.h index 5339576..547c34f 100644 --- a/server/include/ServerResource.h +++ b/server/include/ServerResource.h @@ -87,7 +87,7 @@ namespace smartcard_service_api int _openLogicalChannel(Terminal *terminal); int _closeLogicalChannel(Terminal *terminal, int channelNum); - bool _isAuthorizedAccess(ServerChannel *channel, int pid, ByteArray aid, vector &hashes); + bool _isAuthorizedAccess(ServerChannel *channel, ByteArray aid, vector &hashes); unsigned int _createChannel(Terminal *terminal, ServiceInstance *service, int channelType, unsigned int sessionID, ByteArray aid) throw(ExceptionBase &); -- 2.7.4